Select language

Blog

Filter By






Can we rely on the access to IS and the receipt of e-services?

Year Published: 2022

Language: English (Summary)

Sector: Government eServices

Issue: Accessibility of eServices
CUBE analysis available

Download

The requirements for the attainable level of accessibility for the integrated national IS, state integrator and e-services have been set in regulations, but it is not clear what and how to measure and
Read More...
The requirements for the attainable level of accessibility for the integrated national IS, state integrator and e-services have been set in regulations, but it is not clear what and how to measure and there is no calculation methodology either. Auditors did not get an unequivocal answer because the information provided by the institutions about the level of access to information systems and e-services was mostly based on opinions, not facts. Institutions understand the IS accessibility achieved in different ways, as they do not measure anything and do not even highlight IS accessibility as a necessity, they only measure the accessibility of databases (which is one of the components for IS and e-service to function), interpret IS security incidents in different ways.
Read Less...

Report

Database access management

Year Published: 2023

Language: English (Summary)

Sector: Government eServices

Issue: Public database
CUBE analysis available

Download

Does database access management ensure that only authorised individuals can access data? The report provides insights into the implementation of access management practices regarding public administra
Read More...
Does database access management ensure that only authorised individuals can access data? The report provides insights into the implementation of access management practices regarding public administration databases in Estonia. The document emphasizes the importance of establishing robust information security processes, including risk assessment, access management, data protection, incident response, security monitoring, and compliance management, to safeguard sensitive data and IT resources from unauthorized access and security breaches.
Read Less...

Report

Does the country ensure effective use of the official electronic address in communication with individuals and businesses?

Year Published: 2021

Language: English (Summary)

Sector: Government eServices

Issue: Electronic Address
CUBE analysis available

Download

The eAddress solution was designed and the laws and regulations were approved to stipulate its operating principles, but the implementation of the solution caused difficulties by resulting in the non
Read More...
The eAddress solution was designed and the laws and regulations were approved to stipulate its operating principles, but the implementation of the solution caused difficulties by resulting in the non achieved goals of the eAddress. The eAddress aims at providing official electronic communication between the state and an individual; which is not achieved as individuals rarely use it. The eAddress solution is new and unknown, and other, more familiar channels are available for electronic communication with the state. The principles of eAddress (security, guaranteed delivery, and convenience) do not ensure sufficient motivation to change existing communication habits.
Read Less...

Report

Examination of development and operation of the public key infrastructure

Year Published: 2023

Language: German (Original report)

Sector: Government eServices

Issue: Management of the public key infrastructure
CUBE analysis available

Download

Although the Swiss public key infrastructure related service achieved a high level of security, there are still areas for improvement such as system monitoring, log management, and decision-making pro
Read More...
Although the Swiss public key infrastructure related service achieved a high level of security, there are still areas for improvement such as system monitoring, log management, and decision-making processes. In addition, there are areas where transparency and coordination can be increased, such as in change, release, and life-cycle management. Finally, the costs and risks associated with transitioning to a commercially provided PKI should be considered.
Read Less...

Report

Critical Infrastructure Protection: Agencies Need to Assess Adoption of Cybersecurity Guidance

Year Published: 2022

Language: English

Sector: Infrastructure

Issue: Protecting Cybersecurity of Critical Infrastructure

Download

The U.S. has 16 critical infrastructure sectors that provide clean water, gas, banking, and other essential services. To help protect them, in 2014 the National Institute of Standards and Technology d
Read More...
The U.S. has 16 critical infrastructure sectors that provide clean water, gas, banking, and other essential services. To help protect them, in 2014 the National Institute of Standards and Technology developed cybersecurity standards and procedures that organizations within these sectors may voluntarily use. Federal agencies are charged with leading efforts to improve sector security. We found agencies have measured the adoption of these standards and procedures for 3 of 16 sectors and have identified improvements across 2 sectors. For example, the EPA found a 32% increase in the use of recommended cybersecurity controls at 146 water utilities.
Read Less...

Report

2018 Senate Accounts Certification

Year Published: 2019

Language: French

Sector: Institution

Issue: Information system

Download

La Cour des comptes rend public, le 16 mai 2019, le rapport de certification des comptes du Sénat pour l’exercice 2018. Pour la sixième année consécutive, la Cour a réalisé un audit en vue de
Read More...
La Cour des comptes rend public, le 16 mai 2019, le rapport de certification des comptes du Sénat pour l’exercice 2018. Pour la sixième année consécutive, la Cour a réalisé un audit en vue de la certification des comptes du Sénat. Cette mission, qui vise à apprécier la conformité des états financiers au référentiel comptable, ne porte pas sur la gestion des moyens, matériels et humains, mobilisés pour assurer son fonctionnement. Ce rapport est publié par la Cour après avoir été mis en ligne par le Sénat.
Read Less...

Report

Monitoring compliance with European law on public subsidies for social housing

Year Published: 2019

Language: French

Sector: Public administration

Issue: Monitoring compliance with European law on public subsidies for social housing

Download

Lors de l’examen de la gestion de l’Agence nationale de contrôle du logement social (Ancols) pour les exercices 2015-2017, la Cour a constaté que celle-ci avait commencé à exercer ses missions
Read More...
Lors de l’examen de la gestion de l’Agence nationale de contrôle du logement social (Ancols) pour les exercices 2015-2017, la Cour a constaté que celle-ci avait commencé à exercer ses missions dans des conditions plutôt satisfaisantes, à l’exception de sa mission de contrôle de la conformité au droit européen des aides publiques octroyées au logement social. Ce contrôle, obligatoire en droit européen pour tout service d’intérêt économique général, a été légalement confié à l’Ancols en matière de logement social. Mais le conseil d’administration de cette agence n’avait pas été en mesure d’adopter une méthodologie de mise en œuvre du contrôle. Cette inaction prolongée, liée aux positions peu conciliables des acteurs concernés, créait un risque juridique et financier pour l’État. La Cour a donc adressé un référé au Premier ministre, le 3 décembre 2018, en lui recommandant que l’Ancols et les ministères de tutelle adoptent, en conseil d’administration de l’agence et dans les meilleurs délais, une méthode de contrôle et que celle-ci soit la présentée à la Commission européenne. Le Premier ministre indique, dans sa réponse datée du 18 février 2019, qu’à la suite du référé de la Cour, le conseil d’administration de l’Ancols a adopté, le 23 janvier 2019, une « méthode de vérification de l'absence de surcompensation dans les organismes de logement social » qui sera progressivement mise en œuvre et doit désormais être portée à la connaissance de la Commission européenne.
Read Less...

Report

Management of state information resources at the Ministry of Justice

Year Published: 2014

Language: English

Sector: Justice, Internal Affairs, Defence

Issue: Assessment of general controls of Information Systems at the Ministry of Justice, in particular - strategic planning, data architecture, investment management. Maturity assessment of key governance/ management processes.

Download

The purpose of the audit was to evaluate the management of the information resources at the Ministry of justice. The Ministry lacks a coherent and comprehensive IT management strategy. The control me
Read More...
The purpose of the audit was to evaluate the management of the information resources at the Ministry of justice. The Ministry lacks a coherent and comprehensive IT management strategy. The control measures at the Ministry of Justice that help to ensure legally-defined confidentiality, consistency and availability of electronic information (data) are insufficient. The investment planning and allocation system is insufficient in solving the issues of IT investments, because the allocation criteria for investments into information systems and registers are applied improperly. Eight recommendations were provided.
Read Less...

Report

Audit on the National Transplant System (SNT) database

Year Published: 2013

Language: Portuguese

Sector: Health

Issue: Database management

Download

Database management of the National Transplant System.
Database management of the National Transplant System.

Report

Aviation Cybersecurity: FAA Should Fully Implement Key Practices to Strengthen Its Oversight of Avionics Risks

Year Published: 2020

Language: English

Sector: Protecting Cybersecurity of Critical Infrastructure

Issue: Modern commercial airplanes use avionics systems and networks to share data—for GPS, weather, and communications—with pilots, maintenance crews, other aircraft, and air traffic controllers. Protection from cyberattacks is critical to safety. Airplane manufacturers have cybersecurity controls in place and there haven't been reports of successful cyberattacks on commercial airplane IT systems to date. But evolving cyber threats and increasing connectivity between airplanes and other systems could put future flight safety at risk if the FAA doesn't prioritize oversight. We recommended that the FAA strengthen cybersecurity oversight for airplanes.

Download

Modern commercial airplanes use avionics systems and networks to share data—for GPS, weather, and communications—with pilots, maintenance crews, other aircraft, and air traffic controllers. Protec
Read More...
Modern commercial airplanes use avionics systems and networks to share data—for GPS, weather, and communications—with pilots, maintenance crews, other aircraft, and air traffic controllers. Protection from cyberattacks is critical to safety. Airplane manufacturers have cybersecurity controls in place and there haven't been reports of successful cyberattacks on commercial airplane IT systems to date. But evolving cyber threats and increasing connectivity between airplanes and other systems could put future flight safety at risk if the FAA doesn't prioritize oversight. We recommended that the FAA strengthen cybersecurity oversight for airplanes.
Read Less...

Report

Science and Technology Spotlight: Quantum Technologies

Year Published: 2020

Language: English

Sector: Security of Emerging Technologies

Issue: Quantum technologies could revolutionize sensors, computation, and communication. These technologies build on the study of the smallest particles of energy and matter to collect, generate, and process information in ways existing technologies can’t. For example, quantum sensors may be able to locate stealth targets or determine an object’s location and speed without GPS. Quantum computers may dramatically accelerate computing for some applications, such as decrypting information. Quantum communications may also allow completely secure information sharing. These technologies may need many years of development to reach their full potential.

Download

Quantum technologies could revolutionize sensors, computation, and communication. These technologies build on the study of the smallest particles of energy and matter to collect, generate, and process
Read More...
Quantum technologies could revolutionize sensors, computation, and communication. These technologies build on the study of the smallest particles of energy and matter to collect, generate, and process information in ways existing technologies can’t. For example, quantum sensors may be able to locate stealth targets or determine an object’s location and speed without GPS. Quantum computers may dramatically accelerate computing for some applications, such as decrypting information. Quantum communications may also allow completely secure information sharing. These technologies may need many years of development to reach their full potential.
Read Less...

Report

Software Development: DOD Faces Risks and Challenges in Implementing Modern Approaches and Addressing Cybersecurity Practices

Year Published: 2021

Language: English

Sector: Information Systems

Issue: Weaknesses in Federal Agency Information Security Programs

Download

The Department of Defense plans to spend $12 billion on its 29 largest business information technology systems during FYs 2019-2022. 
The Department of Defense plans to spend $12 billion on its 29 largest business information technology systems during FYs 2019-2022. 

Report

COVID-19: Selected Agencies Overcame Challenges to Support Telework but Need to Fully Assess Security Controls

Year Published: 2021

Language: English

Sector: Public Administration

Issue: Weaknesses in Federal Agency Information Security Programs

Download

Telework is essential to the continuity of federal operations in emergencies—but it also brings added cybersecurity risks. We examined federal agencies' preparedness to support expanded telework dur
Read More...
Telework is essential to the continuity of federal operations in emergencies—but it also brings added cybersecurity risks. We examined federal agencies' preparedness to support expanded telework during the COVID-19 pandemic. We looked at 12 agencies and found that they all had the technology to support remote access for telework. But not all agencies had fully addressed relevant guidance for securing their remote access systems. For instance, four agencies had not fully documented what they planned to do to mitigate weaknesses they had found in their IT security controls
Read Less...

Report

Electricity Grid Cybersecurity: DOE Needs to Ensure Its Plans Fully Address Risks to Distribution Systems

Year Published: 2021

Language: English

Sector: Cybersecurity

Issue: Protecting Cybersecurity of Critical Infrastructure

Download

The U.S. electricity grid's distribution systems—the parts of the grid that carry electricity to consumers—are becoming more vulnerable to cyberattacks, in part because of the introduction of and
Read More...
The U.S. electricity grid's distribution systems—the parts of the grid that carry electricity to consumers—are becoming more vulnerable to cyberattacks, in part because of the introduction of and reliance on monitoring and control technologies. 
Read Less...

Report

Facial Recognition Technology: Federal Law Enforcement Agencies Should Better Assess Privacy and Other Risks

Year Published: 2021

Language: English

Sector: Data Protection

Issue: Protecting Privacy and Sensitive Data

Download

We surveyed 42 federal agencies that employ law enforcement officers about their use of facial recognition technology. 20 reported owning such systems or using systems owned by others, 6 reported usi
Read More...
We surveyed 42 federal agencies that employ law enforcement officers about their use of facial recognition technology. 20 reported owning such systems or using systems owned by others, 6 reported using the technology to help identify people suspected of violating the law during the civil unrest, riots, or protests following the death of George Floyd in May 2020, 3 acknowledged using it on images of the U.S. Capitol attack on Jan. 6, and 15 reported using non-federal systems We recommended that the 13 agencies track employee use of non-federal systems and assess the risks these systems can pose regarding privacy, accuracy, and more.
Read Less...

Report

Exposure Notification: Benefits and Challenges of Smartphone Applications to Augment Contact Tracing

Year Published: 2021

Language: English

Sector: Data Protection

Issue: Protection of privacy of sensitive data

Download

If you were near a person who later tests positive for an infectious disease, an exposure notification app can let you know. These apps allow for more rapid and broader contact tracing—ideally helpi
Read More...
If you were near a person who later tests positive for an infectious disease, an exposure notification app can let you know. These apps allow for more rapid and broader contact tracing—ideally helping to slow disease spread. About half of the U.S. states had their own COVID-19 exposure notification apps as of June 2021. A national app wasn't available. We found 5 challenges related to exposure notification apps, such as privacy concerns and a dearth of evidence showing that the apps are effective. To address challenges, we identified 4 policy options, e.g., collaborating on a national strategy for these apps.
Read Less...

Report

DHS Privacy: Selected Component Agencies Provided Oversight of Contractors, but Further Actions Are Needed to Address Gaps

Year Published: 2021

Language: English

Sector: Data Protection

Issue: Protecting Privacy and Sensitive Data

Download

The Department of Homeland Security and its contractors collect and maintain large amounts of personally identifiable information (PII)—such as a person's date of birth and social security number. D
Read More...
The Department of Homeland Security and its contractors collect and maintain large amounts of personally identifiable information (PII)—such as a person's date of birth and social security number. DHS has developed policies to ensure that its contractors protect PII. These policies include providing privacy training, and overseeing IT systems operated by contractors. However, DHS didn't fully comply with all of its own policies. For example, DHS headquarters didn't provide all necessary privacy training to contractors. We made a number of recommendations to DHS to improve its oversight of contractors who handle PII.
Read Less...

Report

Critical Infrastructure Protection: TSA is Taking Steps to Address Some Pipeline Security Program Weaknesses

Year Published: 2021

Language: English

Sector: Cybersecurity and Infrastructure

Issue: Protecting Cybersecurity of Critical Infrastructure

Download

The U.S. depends on pipelines to deliver the natural gas, oil, and other hazardous liquids that power vehicles, heat homes, and more. But cyberattacks, such as an attack on Colonial Pipeline's IT netw
Read More...
The U.S. depends on pipelines to deliver the natural gas, oil, and other hazardous liquids that power vehicles, heat homes, and more. But cyberattacks, such as an attack on Colonial Pipeline's IT networks in May 2021, threaten pipeline security. We testified that TSA—which is primarily responsible for pipeline security—is making new requirements for pipeline owners to improve their cybersecurity and prevent attacks. We also testified about previous recommendations that TSA has and has not fully addressed.
Read Less...

Report

Critical Infrastructure Protection: Education Should Take Additional Steps to Protect K-12 Schools from Cyber Threats

Year Published: 2021

Language: English

Sector: Cybersecurity and Infrastructure

Issue: Protecting Cybersecurity of Critical Infrastructure

Download

As the COVID-19 pandemic has led to increased use of remote education, K-12 schools across the nation have increasingly reported ransomware and other types of cyberattacks. Federal agencies offer prod
Read More...
As the COVID-19 pandemic has led to increased use of remote education, K-12 schools across the nation have increasingly reported ransomware and other types of cyberattacks. Federal agencies offer products and services to help schools prevent and respond to cyberattacks. Are these offerings tailored to current threats? The Department of Education's plan for addressing risks to schools was issued in 2010 and needs an update to deal with changing cybersecurity risks.
Read Less...

Report

Critical Infrastructure Protection: CISA Should Assess Effectiveness of its Actions to Support the Communications Sector

Year Published: 2021

Language: English

Sector: Cybersecurity and Infrastructure

Issue: Protecting Cybersecurity of Critical Infrastructure

Download

The communications sector—comprising mostly private broadcast, cable, satellite, wireless, and wired systems and networks—is vital to national security. The Cybersecurity and Infrastructure Securi
Read More...
The communications sector—comprising mostly private broadcast, cable, satellite, wireless, and wired systems and networks—is vital to national security. The Cybersecurity and Infrastructure Security Agency supports the security and resilience of this sector, primarily through incident management and information-sharing activities. For instance, the agency coordinates federal activities during severe weather events, and manages cybersecurity programs. However, the agency has not assessed the effectiveness of its programs and services to support this sector.
Read Less...

Report

Defense Contractor Cybersecurity: Stakeholder Communication and Performance Goals Improve Certification Framework

Year Published: 2021

Language: English

Sector: Cybersecurity

Issue: Protecting Cybersecurity of Critical Infrastructure

Download

Defense contractors are targets for hackers who are trying to access sensitive data. The Department of Defense is working on a framework to certify that contractors have proper cybersecurity practices
Read More...
Defense contractors are targets for hackers who are trying to access sensitive data. The Department of Defense is working on a framework to certify that contractors have proper cybersecurity practices in place to protect data. DOD worked with industry and experts on the framework. However, its plans to start certifying contractors are delayed, and DOD hasn't communicated key details for defense contractors, such as reciprocity between its certification and others. In addition, DOD won't know how effective the certification is until it sets performance goals.
Read Less...

Report

CISA: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity of Our Nation

Year Published: 2021

Language: English

Sector: Cybersecurity

Issue: National Cybersecurity and Global Cyberspace

Download

A 2018 federal law established the Cybersecurity and Infrastructure Security Agency (CISA) to help protect critical infrastructure from cyber and other threats- but it isn't fully up and running yet.
Read More...
A 2018 federal law established the Cybersecurity and Infrastructure Security Agency (CISA) to help protect critical infrastructure from cyber and other threats- but it isn't fully up and running yet. CISA completed 2/3 phases in its organization plan, including defining an organizational structure. Until CISA updates its milestones and fully implements its plans, it may be difficult for it to identify and respond to cybersecurity incidents, such as the major cyberattack reported in December 2020 that affected both government and private industry.
Read Less...

Report

Weapon Systems Cybersecurity: Guidance Would Help DOD Programs Better Communicate Requirements to Contractors

Year Published: 2021

Language: English

Sector: Information Systems

Issue: Weaknesses in Federal Agency Information Security Programs

Download

The Department of Defense has struggled to ensure its weapons systems can withstand cyberattacks.
The Department of Defense has struggled to ensure its weapons systems can withstand cyberattacks.

Report

Management Report: Internal Revenue Service Needs to Improve Financial Reporting and Information System Controls

Year Published: 2021

Language: English

Sector: Information Systems

Issue: Weaknesses in Federal Agency Information Security Programs

Download

Corrective actions were not complete for 114 recommendations GAO made to address previously reported deficiencies in IRS's financial reporting and related information systems. GAO also identified new
Read More...
Corrective actions were not complete for 114 recommendations GAO made to address previously reported deficiencies in IRS's financial reporting and related information systems. GAO also identified new deficiencies related to system access controls, security management, and tax credits.
Read Less...

Report

Defense Cybersecurity: Defense Logistics Agency Needs to Address Risk Management Deficiencies in Inventory Systems

Year Published: 2021

Language: English

Sector: Information Systems

Issue: Weaknesses in Federal Agency Information Security Programs

Download

A Department of Defense task force concluded in 2018 that DOD's inventory management systems were potentially vulnerable to attack. These systems, run by the Defense Logistics Agency, are used to mana
Read More...
A Department of Defense task force concluded in 2018 that DOD's inventory management systems were potentially vulnerable to attack. These systems, run by the Defense Logistics Agency, are used to manage the defense supply chain.
Read Less...

Report

Cybersecurity: HHS Defined Roles and Responsibilities, but Can Further Improve Collaboration

Year Published: 2021

Language: English

Sector: Health and Information Systems

Issue: Weaknesses in Federal Agency Information Security Programs

Download

Health care organizations' IT systems are critical to the nation's well-being. The Department of Health and Human Services coordinates with health care organizations and others to support cybersecurit
Read More...
Health care organizations' IT systems are critical to the nation's well-being. The Department of Health and Human Services coordinates with health care organizations and others to support cybersecurity efforts. However, there are areas where HHS could improve collaboration
Read Less...

Report

2020 Census: Innovations Helped with Implementation, but Bureau Can Do More to Realize Future Benefits

Year Published: 2021

Language: English

Sector: Public Administration

Issue: Weaknesses in Federal Agency Information Security Programs

Download

This report examines 2020 Census innovations designed to save money and boost data quality.
This report examines 2020 Census innovations designed to save money and boost data quality.

Report

Veterans Affairs: Systems Modernization, Cybersecurity, and IT Management Issues Need to Be Addressed

Year Published: 2021

Language: English

Sector: Cybersecurity

Issue: Weaknesses in Federal Agency Information Security Programs

Download

VA needs to do more to strengthen cybersecurity, such as determining and addressing the areas that pose the greatest risks. Although VA has implemented many of our recommendations, risks to sensitive
Read More...
VA needs to do more to strengthen cybersecurity, such as determining and addressing the areas that pose the greatest risks. Although VA has implemented many of our recommendations, risks to sensitive information remain.
Read Less...

Report

Defined Contribution Plans: Federal Guidance Could Help Mitigate Cybersecurity Risks in 401(k) and Other Retirement Plans

Year Published: 2021

Language: English

Sector: Data Protection

Issue: Protecting Privacy and Sensitive Data

Download

In 2018, about 106 million people participated in employer-sponsored defined contribution retirement plans, such as 401(k) plans. Assets in these plans were worth about $6.3 trillion. A host of plan a
Read More...
In 2018, about 106 million people participated in employer-sponsored defined contribution retirement plans, such as 401(k) plans. Assets in these plans were worth about $6.3 trillion. A host of plan administrators share the personal information used to administer these plans via the internet, which can lead to significant cybersecurity risks. In some cases, there is no federal guidance about how to mitigate these risks.
Read Less...

Report

Cyber Insurance: Insurers and Policyholders Face Challenges in an Evolving Market

Year Published: 2021

Language: English

Sector: Cybersecurity

Issue: Protecting Cybersecurity of Critical Infrastructure

Download

Cyber insurance can help offset the costs of responding to and recovering from cyberattacks. Malicious cyber activity poses significant risk to the federal government and the nation's businesses and c
Read More...
Cyber insurance can help offset the costs of responding to and recovering from cyberattacks. Malicious cyber activity poses significant risk to the federal government and the nation's businesses and critical infrastructure, and it costs the U.S. billions of dollars each year. Threat actors are becoming increasingly capable of carrying out attacks, highlighting the need for a stable cyber insurance market.
Read Less...

Report

Cyber Diplomacy: State Should Use Data and Evidence to Justify Its Proposal for a New Bureau of Cyberspace Security and Emerging Technologies

Year Published: 2021

Language: English

Sector: Public Administration

Issue: National Cybersecurity and Global Cyberspace

Download

Department of State establishes new bureau Cyberspace Security and Emerging Technologies (CSET) but needs to develop data in order to support their proposal for this new bureau.
Department of State establishes new bureau Cyberspace Security and Emerging Technologies (CSET) but needs to develop data in order to support their proposal for this new bureau.

Report

Cybersecurity and Infrastructure Security Agency: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation

Year Published: 2021

Language: English

Sector: Cybersecurity and Infrastructure

Issue: National Cybersecurity and Global Cyberspace

Download

CISA's efforts to protect critical infrastructure from cyber threats.
CISA's efforts to protect critical infrastructure from cyber threats.

Report

Cybersecurity: Federal Agencies Need to Implement Recommendations to Manage Supply Chain Risks

Year Published: 2021

Language: English

Sector: Cybersecurity

Issue: Response to Cyber Incidents

Download

The supply chain for information and communication technologies can be an access point for hackers. GAO testified about the government's SolarWinds response and agency efforts to reduce supply chain v
Read More...
The supply chain for information and communication technologies can be an access point for hackers. GAO testified about the government's SolarWinds response and agency efforts to reduce supply chain vulnerability.
Read Less...

Report

Internet of Things: Information on Use by Federal Agencies

Year Published: 2020

Language: English

Sector: Security of Emerging Technologies

Issue: "Internet of Things" technology refers to devices collecting information, communicating it to a network and, in some cases, completing a task—like unlocking doors using a smartphone application. Many agencies use this technology to control equipment, monitor building systems, or perform other tasks. There are benefits to this technology, however, some agencies do not use the technology due to cybersecurity challenges and other concerns.

Download

"Internet of Things" technology refers to devices collecting information, communicating it to a network and, in some cases, completing a task—like unlocking doors using a smartphone application.
Read More...
"Internet of Things" technology refers to devices collecting information, communicating it to a network and, in some cases, completing a task—like unlocking doors using a smartphone application. Many agencies use this technology to control equipment, monitor building systems, or perform other tasks. For example, the Environmental Protection Agency uses sensors on buoys to monitor water quality and detect substances that could be harmful to humans and fish. There are benefits to this technology—such as freeing up staff to do other work. However, some agencies do not use the technology due to cybersecurity challenges and other concerns.
Read Less...

Report

Privacy: Federal Financial Regulators Should Take Additional Actions to Enhance Their Protection of Personal Information

Year Published: 2022

Language: English

Sector: Data Protection

Issue: Protecting Privacy and Sensitive Data

Download

Federal financial regulatory agencies collect and maintain a large amount of consumers' personally identifiable information (PII) for the oversight of banks and credit unions. Protecting PII—which i
Read More...
Federal financial regulatory agencies collect and maintain a large amount of consumers' personally identifiable information (PII) for the oversight of banks and credit unions. Protecting PII—which is often shared with other agencies, law enforcement, and contractors—is critical. The 5 financial regulators we reviewed have processes to protect PII that meet most recommended key practices. But 4 of the regulators didn't fully follow key practices in certain areas, such as documenting how they minimized IT systems' collection and use of PII. We recommended that financial regulators better ensure the protection of PII they collect, use, and share.
Read Less...

Report

5G Wireless: Capabilities and Challenges for an Evolving Network

Year Published: 2020

Language: English

Sector: Security of Emerging Technologies

Issue: Fifth-generation (5G) wireless promises not just to increase speeds but to enable new applications like automated cars and smart factories. GAO reviewed U.S. 5G development.

Download

Fifth-generation (5G) wireless promises not just to increase speeds but to enable new applications like automated cars and smart factories. We reviewed U.S. 5G development. It's still early, with e
Read More...
Fifth-generation (5G) wireless promises not just to increase speeds but to enable new applications like automated cars and smart factories. We reviewed U.S. 5G development. It's still early, with efforts focusing on increasing speed and connecting more devices. Technologies that enable 5G's full potential are expected within the next decade. We also highlight key challenges to 5G and present policy options to address them. For example, 5G is expected to greatly increase data transmission, which would require more radio frequency spectrum—a scarce resource. To help, policymakers could promote research into more efficient use of radio spectrum.
Read Less...

Report

Cybersecurity: Internet Architecture is Considered Resilient, but Federal Agencies Continue to Address Risks

Year Published: 2022

Language: English

Sector: Cybersecurity

Issue: Protecting Cybersecurity of Critical Infrastructure

Download

The internet is a vast system of interconnected networks used by billions of people. Its architecture—the backbone of the internet—is owned and governed by organizations around the world. No one o
Read More...
The internet is a vast system of interconnected networks used by billions of people. Its architecture—the backbone of the internet—is owned and governed by organizations around the world. No one organization is responsible for its policy, operation, or security. Generally, internet architecture is considered resilient, in part because of its decentralized nature. But reports we reviewed and subject matter experts have identified risks to key internet operations. Many federal agencies are involved in addressing these risks, taking actions such as disseminating threat information and participating in global internet governance groups.
Read Less...

Report

Facial Recognition Technology: Privacy and Accuracy Issues Related to Commercial Uses

Year Published: 2020

Language: English

Sector: Protecting Privacy and Sensitive Data

Issue: Businesses can use facial recognition technology to verify or identify people and provide them with access to buildings or online accounts. They can also use the technology to authorize payments, identify shoplifters, and even monitor the spread of COVID-19. But advocacy groups and others have raised privacy and accuracy concerns

Download

Businesses can use facial recognition technology to verify or identify people and provide them with access to buildings or online accounts. They can also use the technology to authorize payments, iden
Read More...
Businesses can use facial recognition technology to verify or identify people and provide them with access to buildings or online accounts. They can also use the technology to authorize payments, identify shoplifters, and even monitor the spread of COVID-19. But advocacy groups and others have raised privacy and accuracy concerns, like: Loss of anonymity Lack of consent Better performance on men with lighter skin and worse on women with darker skin, which could lead to misidentification or profiling Our 2013 recommendation to update the consumer privacy framework to reflect technology and marketplace changes still stands.
Read Less...

Report

Cybersecurity: Federal Response to SolarWinds and Microsoft Exchange Incidents

Year Published: 2022

Language: English

Sector: Cybersecurity

Issue: Response to Cyber Incidents

Download

This report describes the federal response to 2 high-profile cybersecurity incidents that affected the U.S. government. The Russian Foreign Intelligence Service hacked SolarWinds network management so
Read More...
This report describes the federal response to 2 high-profile cybersecurity incidents that affected the U.S. government. The Russian Foreign Intelligence Service hacked SolarWinds network management software, which is widely used in the U.S. government. Also, Chinese government affiliates likely exploited a vulnerability in the Microsoft Exchange Server, according to the White House. Federal agencies worked with each other and industry after these incidents. Agencies received emergency directives on how to respond and more.
Read Less...

Report

Data Security: Recent K-12 Data Breaches Show That Students Are Vulnerable to Harm

Year Published: 2020

Language: English

Sector: Protecting Privacy and Sensitive Data

Issue: "Schools and school districts collect and store a lot of personal information about their students. GAO found that thousands of K-12 students had their personal information compromised in data breaches between 2016 and 2020. Compromised data included grades, bullying reports, and Social Security numbers—leaving students vulnerable to emotional, physical, and financial harm. Breaches were accidental and intentional—with a variety of responsible actors and motives. Wealthier, larger, and suburban school districts were more likely to have a reported breach. "

Download

Schools and school districts collect and store a lot of personal information about their students. But are K-12 institutions adequately securing student data? We found: Thousands of K-12 students h
Read More...
Schools and school districts collect and store a lot of personal information about their students. But are K-12 institutions adequately securing student data? We found: Thousands of K-12 students had their personal information compromised in data breaches between 2016 and 2020 Compromised data included grades, bullying reports, and Social Security numbers—leaving students vulnerable to emotional, physical, and financial harm Breaches were accidental and intentional—with a variety of responsible actors and motives Wealthier, larger, and suburban school districts were more likely to have a reported breach
Read Less...

Report

Consumer Privacy: Better Disclosures Needed on Information Sharing by Banks and Credit Unions

Year Published: 2020

Language: English

Sector: Protecting Privacy and Sensitive Data

Issue: GAO reviewed personal information banks and credit unions collect on consumers and share with others, and what they tell consumers about this. GAO found the form institutions use to provide privacy notices to consumers does not give a complete picture of the information collected and shared.

Download

We reviewed personal information banks and credit unions collect on consumers and share with others, and what they tell consumers about this. Some institutions collect information on credit card tr
Read More...
We reviewed personal information banks and credit unions collect on consumers and share with others, and what they tell consumers about this. Some institutions collect information on credit card transactions, social media and browsing activity, and more. The law allows for sharing this information with retailers, marketers, government agencies, and others. We found the form institutions use to provide privacy notices to consumers does not give a complete picture of the information collected and shared. We recommended that the Consumer Financial Protection Bureau update the privacy notice form and consider including additional information.
Read Less...

Report

Information Security and Privacy: HUD Needs a Major Effort to Protect Data Shared with External Entities

Year Published: 2020

Language: English

Sector: Protecting Privacy and Sensitive Data

Issue: The Department of Housing and Urban Development collects huge amounts of sensitive personal information for its housing, community investment, and mortgage loan programs. HUD often shares this information with affiliated agencies; contractors; and state, local, and tribal groups. HUD isn't taking enough action to protect information exchanged with others. 

Download

The Department of Housing and Urban Development collects huge amounts of sensitive personal information for its housing, community investment, and mortgage loan programs. HUD often shares this informa
Read More...
The Department of Housing and Urban Development collects huge amounts of sensitive personal information for its housing, community investment, and mortgage loan programs. HUD often shares this information with affiliated agencies; contractors; and state, local, and tribal groups. HUD isn't taking enough action to protect information exchanged with others. The agency expects external entities to have security and privacy controls for processing, storing, or sharing information outside of HUD systems but hasn't put policies in place to ensure that they protect data. Our recommendations address the issue to better protect sensitive shared data.
Read Less...

Report

Cybersecurity: NIH Needs to Take Further Actions to Resolve Control Deficiencies and Improve Its Program

Year Published: 2022

Language: English

Sector: Cybersecurity

Issue: Weaknesses in Federal Agency Information Security Programs

Download

The National Institutes of Health's duties include researching infectious diseases and administering over $30 billion a year in research grants. NIH uses IT systems containing sensitive data to carry
Read More...
The National Institutes of Health's duties include researching infectious diseases and administering over $30 billion a year in research grants. NIH uses IT systems containing sensitive data to carry out its mission. This report is a public version of our June 2021 report on NIH cybersecurity. The agency has taken actions intended to safeguard the confidentiality, integrity, and availability of its systems. However, we found many weaknesses related to identifying risks, protecting systems, and more. We have made 219 recommendations for improvements. NIH has partially implemented more than half and fully implemented about a third of them.
Read Less...

Report

2020 Census: Lessons Learned from Planning and Implementing the 2020 Census Offer Insights to Support 2030 Preparations

Year Published: 2022

Language: English

Sector: Information Technology

Issue: Weaknesses in Federal Agency Information Security Programs

Download

Our work on the 2020 Census could help the Census Bureau as it prepares for the 2030 Census. Budget uncertainties in the 2020 Census—such as funding changes—delayed or canceled activities, includi
Read More...
Our work on the 2020 Census could help the Census Bureau as it prepares for the 2030 Census. Budget uncertainties in the 2020 Census—such as funding changes—delayed or canceled activities, including some related to verifying the Bureau's national inventory of addresses. We recommended developing a plan to protect key 2030 Census research and testing from budget disruptions.
Read Less...

Report

Cybersecurity: OMB Should Update Inspector General Reporting Guidance to Increase Rating Consistency and Precision

Year Published: 2022

Language: English

Sector: Cybersecurity

Issue: Weaknesses in Federal Agency Information Security Programs

Download

We reviewed how 23 civilian federal agencies implemented the Federal Information Security Modernization Act of 2014. Results were mixed in whether and how agencies implemented required security progra
Read More...
We reviewed how 23 civilian federal agencies implemented the Federal Information Security Modernization Act of 2014. Results were mixed in whether and how agencies implemented required security programs. For example, most reported meeting goals for detecting and preventing incidents. However, inspectors general found that only 7 of 23 agencies had effective security programs in FY 2020. We also found that the guidance provided for inspectors general reviews was not always clear and resulted in imprecise effectiveness ratings.
Read Less...

Report

Critical Infrastructure Protection: Additional Actions Needed to Identify Framework Adoption and Resulting Improvements

Year Published: 2020

Language: English

Sector: Protecting Cybersecurity of Critical Infrastructure

Issue: Cyber threats to the nation's critical infrastructure (e.g., financial services and energy sectors) continue to increase and represent a significant national security challenge. To better address such threats, NIST developed, as called for by federal law, a voluntary framework of cybersecurity standards and procedures. The Cybersecurity Enhancement Act of 2014 included provisions for GAO to review aspects of the framework.

Download

Q: How does the government help keep banks, water systems, and other critical infrastructure from getting hacked? A: A federal agency that issues standards and procedures—NIST—has a cybersecuri
Read More...
Q: How does the government help keep banks, water systems, and other critical infrastructure from getting hacked? A: A federal agency that issues standards and procedures—NIST—has a cybersecurity framework that critical infrastructure organizations can adopt. All 12 organizations in our review were voluntarily using the framework, and told us they’ve seen benefits. For example, one organization said that the framework allowed it to better identify and address cybersecurity risks. However, the agencies with lead roles in protecting critical infrastructure are not collecting or reporting on improvements from using the framework as we recommended.
Read Less...

Report

Defense Cybersecurity: Protecting Controlled Unclassified Information Systems

Year Published: 2022

Language: English

Sector: Cybersecurity

Issue: Weaknesses in Federal Agency Information Security Programs

Download

The Department of Defense (DOD) has reported implementing more than 70 percent of four selected cybersecurity requirements for controlled unclassified information (CUI) systems, based on GAO's analysi
Read More...
The Department of Defense (DOD) has reported implementing more than 70 percent of four selected cybersecurity requirements for controlled unclassified information (CUI) systems, based on GAO's analysis of DOD reports (including a June 2021 report to Congress) and data from DOD's risk management tools. These selected requirements include (1) categorizing the impact of loss of confidentiality, integrity, and availability of individual systems as low, moderate, or high; (2) implementing specific controls based in part on the level of system impact; and (3) authorizing these systems to operate. As of January 2022, the extent of implementation varied for each of the four requirement areas. 
Read Less...

Report

Critical Infrastructure Protection: Actions Needed to Enhance DHS Oversight of Cybersecurity at High-Risk Chemical Facilities

Year Published: 2020

Language: English

Sector: Protecting Cybersecurity of Critical Infrastructure

Issue: Terrorists and others may pose a cyber-threat to high-risk chemical facilities. Control systems, for example, could be manipulated to release hazardous chemicals. The Department of Homeland Security started a program more than a decade ago to help address these security risks.

Download

Terrorists and others may pose a cyber-threat to high-risk chemical facilities. Control systems, for example, could be manipulated to release hazardous chemicals. The Department of Homeland Security s
Read More...
Terrorists and others may pose a cyber-threat to high-risk chemical facilities. Control systems, for example, could be manipulated to release hazardous chemicals. The Department of Homeland Security started a program more than a decade ago to help address these security risks. We reviewed the program. DHS guidance designed to help about 3,300 facilities comply with cybersecurity and other standards has not been updated in over 10 years. Also, its cybersecurity training program for its inspectors does not follow some key training practices. We made 6 recommendations, including that DHS review and update guidance and improve training.
Read Less...

Report

Artificial Intelligence: Status of Developing and Acquiring Capabilities for Weapon Systems

Year Published: 2022

Language: English

Sector: Artificial Intelligence

Issue: Security of emerging technologies

Download

DOD is working to develop AI capabilities—computer systems capable of tasks that normally require human intelligence. We found that DOD's efforts to acquire AI come with some challenges that DOD usu
Read More...
DOD is working to develop AI capabilities—computer systems capable of tasks that normally require human intelligence. We found that DOD's efforts to acquire AI come with some challenges that DOD usually faces, such as DOD's long acquisition processes and shortages of skilled staff, as well as AI-specific challenges like having enough usable data to train the AI. For example, AI for detecting an adversary's submarines requires gathering many images of various submarines and labeling them so the AI can learn to identify one on its own. DOD has initiated efforts to address such challenges, but it is too soon to assess their effectiveness.
Read Less...

Report

Critical Infrastructure Protection: Treasury Needs to Improve Tracking of Financial Sector Cybersecurity Risk Mitigation Efforts

Year Published: 2020

Language: English

Sector: Protecting Cybersecurity of Critical Infrastructure

Issue: The financial services sector, a critical component of the nation's infrastructure that holds over $108 trillion in assets, is an increasingly attractive target for cyber-based attacks. The sector includes banks, mutual funds, and securities dealers. The Treasury Department and other federal agencies are taking steps to reduce risks and bolster the sector's efforts to improve its cybersecurity

Download

The financial services sector, a critical component of the nation's infrastructure that holds over $108 trillion in assets, is an increasingly attractive target for cyber-based attacks. The sector inc
Read More...
The financial services sector, a critical component of the nation's infrastructure that holds over $108 trillion in assets, is an increasingly attractive target for cyber-based attacks. The sector includes banks, mutual funds, and securities dealers The Treasury Department and other federal agencies are taking steps to reduce risks and bolster the sector's efforts to improve its cybersecurity. We recommended that the Treasury work with other federal agencies and sector partners to better measure progress and to prioritize efforts in line with sector cybersecurity goals. Ensuring the nation's cybersecurity is a topic on our High Risk List.
Read Less...

Report

Cybersecurity: Selected Federal Agencies Need to Coordinate on Requirements and Assessments of States

Year Published: 2020

Language: English

Sector: National Cybersecurity and Global Cyberspace

Issue: States need to follow cybersecurity requirements while using Federal data.

Download

States must follow numerous cybersecurity requirements when using federal data. These requirements may vary by federal agency. State information security officials we surveyed told us, among other
Read More...
States must follow numerous cybersecurity requirements when using federal data. These requirements may vary by federal agency. State information security officials we surveyed told us, among other things, that the differing requirements cost states additional time and money, and could ultimately detract from security efforts. Among the 4 federal agencies we examined, 49% to 79% of security requirement parameters—the number of log-on attempts allowed, for example—were in conflict. We made 12 recommendations, including that the Office of Management and Budget improve coordination of cybersecurity requirements among federal agencies.
Read Less...

Report

Cybersecurity: Clarity of Leadership Urgently Needed to Fully Implement the National Strategy

Year Published: 2020

Language: English

Sector: National Cybersecurity and Global Cyberspace

Issue: Need to define clear leadership roles in order to manage and bolster the cybersecurity of key government systems and the nation's cybersecurity

Download

Increasingly sophisticated threats underscore the need to bolster the cybersecurity of the nation—a topic on our High Risk List. We and others have noted an urgent need to clearly define a centra
Read More...
Increasingly sophisticated threats underscore the need to bolster the cybersecurity of the nation—a topic on our High Risk List. We and others have noted an urgent need to clearly define a central leadership role to coordinate government efforts. Despite the issuance of a National Cyber Strategy in 2018, it is still unclear which executive branch official is ultimately responsible for not only coordinating implementation of the strategy, but also holding federal agencies accountable once activities are implemented. We recommended ways to better oversee the strategy and suggested that Congress consider legislation to designate a leader.
Read Less...

Report

Information Technology: DHS Directives Have Strengthened Federal Cybersecurity, but Improvements Are Needed

Year Published: 2020

Language: English

Sector: Improving Implementation of Cybersecurity Initiatives

Issue: The Department of Homeland Security issues mandatory cybersecurity directives for most federal agencies. If the actions specified in these directives are not addressed, agency systems can remain at risk.

Download

The Department of Homeland Security issues mandatory cybersecurity directives for most federal agencies. For example, one directive requires agencies to better secure their websites and email systems.
Read More...
The Department of Homeland Security issues mandatory cybersecurity directives for most federal agencies. For example, one directive requires agencies to better secure their websites and email systems. If the actions specified in these directives are not addressed, agency systems can remain at risk. We found that these directives have often been effective in strengthening federal cybersecurity. However, agencies and DHS didn’t always complete the directives’ actions on time. DHS also did not consistently ensure that agencies fully complied with the directives. We recommended that DHS address these issues.
Read Less...

Report

Cybersecurity: DHS and Selected Agencies Need to Address Shortcomings in Implementation of Network Monitoring Program

Year Published: 2020

Language: English

Sector: Improving Implementation of Cybersecurity Initiatives

Issue: Department of Homeland Security (DHS) gives agencies cybersecurity tools that identify the hardware and software on their networks and check for vulnerabilities and insecure configurations.

Download

DHS gives agencies cybersecurity tools that identify the hardware and software on their networks and check for vulnerabilities and insecure configurations. We reviewed how 3 agencies—the Federal
Read More...
DHS gives agencies cybersecurity tools that identify the hardware and software on their networks and check for vulnerabilities and insecure configurations. We reviewed how 3 agencies—the Federal Aviation Administration, Indian Health Service, and the Small Business Administration—used these tools. These agencies' hardware inventories were missing information and contained duplicates. For example, one agency's tools provided at least 2 identifiers for about 40% of the hardware on its network—leading to inventory duplicates. Our recommendations include one for DHS to ensure that contractors configure tools to provide unique hardware identifiers.
Read Less...

Report

Information Technology: Federal Agencies Need to Take Urgent Action to Manage Supply Chain Risks

Year Published: 2020

Language: English

Sector: Global Supply Chain Risks

Issue: Federal Agencies rely on information and communications technology products to carry out their operations. The global supply chain for this technology faces threats

Download

Federal agencies rely on information and communications technology products and services to carry out their operations. The global supply chain for this technology faces threats, including from intell
Read More...
Federal agencies rely on information and communications technology products and services to carry out their operations. The global supply chain for this technology faces threats, including from intelligence services and others who may seek to steal intellectual property, compromise integrity of the systems, and more. We identified 7 practices for providing an agency-wide approach to managing these supply chain risks. For example, agencies should develop a process for reviewing potential suppliers. Of the 23 agencies we examined: Few implemented the practices None had fully implemented all practices 14 hadn’t implemented any practices
Read Less...

Report

Automated Technologies: DOT Should Take Steps to Ensure Its Workforce Has Skills Needed to Oversee Safety

Year Published: 2020

Language: English

Sector: Cybersecurity Workforce Management Challenges

Issue: Automated technologies in planes, trains, and passenger vehicles can perform tasks without the need for human operators—like crash avoidance systems that automatically slow cars down to avoid a collision. The Department of Transportation needs a workforce with skills related to these technologies in order to ensure the technologies are safe to use.

Download

Automated technologies in planes, trains, and passenger vehicles can perform tasks without the need for human operators—like crash avoidance systems that automatically slow cars down to avoid a coll
Read More...
Automated technologies in planes, trains, and passenger vehicles can perform tasks without the need for human operators—like crash avoidance systems that automatically slow cars down to avoid a collision. The Department of Transportation needs a workforce with skills related to these technologies in order to ensure the technologies are safe to use. The department has made some progress hiring people with these skills but hasn't evaluated its recruitment strategies. Officials also haven't fully assessed whether current staff in key areas like cybersecurity have the skills they need. Our recommendations address these issues.
Read Less...

Report

Cybersecurity High-Risk Series: Challenges in Protecting Privacy and Sensitive Data

Year Published: 2023

Language: English

Sector: Cybersecurity

Issue: Data privacy and protection

Download

Federal systems are vulnerable to cyberattacks. Our High Risk report identified 10 critical actions for addressing federal cybersecurity challenges. In this report, the last in a series of four, we
Read More...
Federal systems are vulnerable to cyberattacks. Our High Risk report identified 10 critical actions for addressing federal cybersecurity challenges. In this report, the last in a series of four, we cover the 2 actions related to Protecting Privacy and Sensitive Data: Improve federal efforts to protect privacy and sensitive data, such as reducing the cybersecurity risks in retirement plans and improve the protection of federally collected and maintained personal and sensitive data.
Read Less...

Report

Federal Management: Selected Reforms Could Be Strengthened By Following Additional Planning, Communication, and Leadership Practices

Year Published: 2020

Language: English

Sector: Cybersecurity Workforce Management Challenges

Issue: In 2018, the administration released its government-wide reform plan aimed at making the federal government more efficient and effective. The Office of Management and Budget oversees the proposals with support from other lead agencies. This report looks at 5 different reform proposals.

Download

In 2018, the administration released its government-wide reform plan aimed at making the federal government more efficient and effective. The Office of Management and Budget oversees the proposals wit
Read More...
In 2018, the administration released its government-wide reform plan aimed at making the federal government more efficient and effective. The Office of Management and Budget oversees the proposals with support from other lead agencies. We reviewed 5 reform proposals, including addressing the cybersecurity workforce shortage and establishing a Government Effectiveness Advanced Research Center. Planning and implementation have progressed since 2018, but some reform proposals are still missing key details. We recommended that OMB and lead agencies follow reform practices related to planning, communicating, and leading major reforms.
Read Less...

Report

Cybersecurity High-Risk Series: Challenges in Protecting Cyber Critical Infrastructure

Year Published: 2023

Language: English

Sector: Cybersecurity

Issue: Cyber risks

Download

Federal systems are vulnerable to cyberattacks. Our High Risk report identified 10 critical actions for addressing federal cybersecurity challenges. In this report, the third in a series of four, we
Read More...
Federal systems are vulnerable to cyberattacks. Our High Risk report identified 10 critical actions for addressing federal cybersecurity challenges. In this report, the third in a series of four, we cover the action related to protecting cyber critical infrastructure—specifically, strengthening the federal role in cybersecurity for critical infrastructure. For example, the Department of Energy needs to address cybersecurity risks to the U.S. power grid.
Read Less...

Report

Critical Infrastructure: Time Frames to Complete DHS Efforts Would Help SRMA Implement Statutory Responsibilities

Year Published: 2023

Language: English

Sector: Infrastructure

Issue: Protection of critical infrastructure

Download

Protecting critical infrastructure—like water supplies, electricity grids, and food production—is a national priority. Events like natural disasters or cyberattacks can disrupt services that Ameri
Read More...
Protecting critical infrastructure—like water supplies, electricity grids, and food production—is a national priority. Events like natural disasters or cyberattacks can disrupt services that Americans need for daily life. Many federal agencies are tasked with protecting the nation's critical infrastructure and look to the Cybersecurity and Infrastructure Security Agency for leadership on how to do it. A 2021 law expanded these agencies' responsibilities and added some new ones. CISA is working on guidance and more to help agencies implement these responsibilities.
Read Less...

Report

2020 Census: Further Actions Needed to Reduce Key Risks to a Successful Enumeration

Year Published: 2019

Language: English

Sector: Weaknesses in Federal Agency Information Security Programs

Issue: In an effort to control rising costs, the Census Bureau plans to implement several innovations for the 2020 Census, including new IT systems. GAO has made 97 recommendations on the 2020 Census. As of April 2019, 72 had been implemented. This testimony also makes 2 new recommendations to improve Bureau cybersecurity efforts.

Download

In an effort to control rising costs, the Census Bureau plans to implement several innovations for the 2020 Census, including new IT systems. This testimony describes why the 2020 Census, which we
Read More...
In an effort to control rising costs, the Census Bureau plans to implement several innovations for the 2020 Census, including new IT systems. This testimony describes why the 2020 Census, which we added to our High Risk List in February 2017, remains there today. It also covers the steps the Commerce Department and Census Bureau need to take to reduce risk. These include completing IT system development and testing and addressing cybersecurity issues. We have made 97 recommendations on the 2020 Census. As of April 2019, 72 had been implemented. This testimony also makes 2 new recommendations to improve Bureau cybersecurity efforts.
Read Less...

Report

Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges

Year Published: 2019

Language: English

Sector: Weaknesses in Federal Agency Information Security Programs

Issue: To protect against cyber threats, federal agencies should incorporate key practices in their cybersecurity risk management programs. All but one of the 23 agencies we reviewed designated a risk executive. However, none of these agencies fully incorporated the other key practices into their programs. GAO made 58 recommendations to federal agencies to help improve their cybersecurity risk management programs.

Download

To protect against cyber threats, federal agencies should incorporate key practices in their cybersecurity risk management programs. These key practices include: Designating a cybersecurity risk
Read More...
To protect against cyber threats, federal agencies should incorporate key practices in their cybersecurity risk management programs. These key practices include: Designating a cybersecurity risk executive Developing a risk management strategy and policies Assessing cyber risks Coordinating between cybersecurity and enterprise-wide risk management functions All but one of the 23 agencies we reviewed designated a risk executive. However, none of these agencies fully incorporated the other key practices into their programs. We made 58 recommendations to federal agencies to help improve their cybersecurity risk management programs.
Read Less...

Report

Management Report: Improvements Needed in IRS’s Financial Reporting and Information System Controls

Year Published: 2023

Language: English

Sector: Information Systems

Issue: weaknesses in federal agency information security programs

Download

Each year, we audit the financial statements of the IRS and issue opinions regarding these statements and related internal controls (i.e., processes in place to ensure the proper authorization and r
Read More...
Each year, we audit the financial statements of the IRS and issue opinions regarding these statements and related internal controls (i.e., processes in place to ensure the proper authorization and recording of transactions). Our FY 2022 audit identified new issues related to IT systems, tax refunds, and safeguarding assets. For example, IRS did not adequately correct certain tax return errors according to its own procedures. We recommended that IRS address these new issues.
Read Less...

Report

Cybersecurity: DOT Defined Roles and Responsibilities, but Additional Oversight Needed

Year Published: 2023

Language: English

Sector: Cybersecurity

Issue: weaknesses in federal agency information security programs

Download

The Department of Transportation has established cybersecurity roles and responsibilities for officials that manage cybersecurity at agencies within the department. DOT's Chief Information Officer reg
Read More...
The Department of Transportation has established cybersecurity roles and responsibilities for officials that manage cybersecurity at agencies within the department. DOT's Chief Information Officer regularly communicates with staff about cyber threats, and provides cybersecurity tools and technical assistance. However, we found that DOT could improve how it implements cybersecurity policies. For example, DOT reviewed component agency cybersecurity programs for agencies within the department, but didn't use the reviews to address longstanding cyber issues.
Read Less...

Report

Consumer Data Protection: Actions Needed to Strengthen Oversight of Consumer Reporting Agencies

Year Published: 2019

Language: English

Sector: Protecting Privacy and Sensitive Data

Issue: Consumer reporting agencies are companies that collect, maintain, and sell vast amounts of sensitive data. In 2017, a breach at Equifax, one of the largest of these companies, compromised at least 145.5 million consumers' data. Consumers have little control over what information these companies have, so federal oversight is important—and it could be improved. GAO recommended improving federal enforcement of data safeguards and oversight of these companies' security practices.

Download

Consumer reporting agencies are companies that collect, maintain, and sell vast amounts of sensitive data. In 2017, a breach at Equifax, one of the largest of these companies, compromised at least 145
Read More...
Consumer reporting agencies are companies that collect, maintain, and sell vast amounts of sensitive data. In 2017, a breach at Equifax, one of the largest of these companies, compromised at least 145.5 million consumers' data. Consumers have little control over what information these companies have, so federal oversight is important—and it could be improved. For example, the Consumer Financial Protection Bureau doesn't routinely consider data security risk when prioritizing its examinations of these companies. We recommended improving federal enforcement of data safeguards and oversight of these companies' security practices.
Read Less...

Report

Science and Tech Spotlight: Securing Data for a Post-Quantum World

Year Published: 2023

Language: English

Sector: Information Technology

Issue: Security of emerging technologies

Download

Cryptography uses math to secure or "encrypt" data—helping governments, businesses, and others protect sensitive information. While current encryption methods are nearly impossible for normal comput
Read More...
Cryptography uses math to secure or "encrypt" data—helping governments, businesses, and others protect sensitive information. While current encryption methods are nearly impossible for normal computers to break, quantum computers could quickly and easily break certain encryptions and put data at risk. This spotlight looks at how to better secure data before quantum computers capable of breaking those encryption methods are ready in possibly 10-20 years. Researchers have developed and are standardizing encryption methods capable of withstanding the threat. The longer it takes to implement these new methods, the higher the risk to data security.
Read Less...

Report

Taxpayer Information: IRS Needs to Improve Oversight of Third-Party Cybersecurity Practices

Year Published: 2019

Language: English

Sector: Protecting Privacy and Sensitive Data

Issue: Each year, about 90% of people file their taxes using commercial software or a paid tax return preparer. If these "third parties" that handle your tax information are hacked, your personal information could be exposed—leaving you vulnerable to identity theft.

Download

Each year, about 90% of people file their taxes using commercial software or a paid tax return preparer. If these "third parties" that handle your tax information are hacked, your personal information
Read More...
Each year, about 90% of people file their taxes using commercial software or a paid tax return preparer. If these "third parties" that handle your tax information are hacked, your personal information could be exposed—leaving you vulnerable to identity theft. Some of these third parties may not know how to keep your information safe. Also, IRS doesn't have the same information security requirements for all software companies or for all paid preparers, so taxpayer information isn't consistently protected from hackers. We recommended that IRS make its information security standards for third parties more consistent.
Read Less...

Report

Information Technology: DOD Needs to Fully Implement Foundational Practices to Manage Supply Chain Risks

Year Published: 2023

Language: English

Sector: Information Technology

Issue: Global supply chain risks

Download

IT and communications technologies use parts and services from around the globe. Emerging threats in the supply chain for these technologies can put federal agencies—including DOD—at risk. Of our
Read More...
IT and communications technologies use parts and services from around the globe. Emerging threats in the supply chain for these technologies can put federal agencies—including DOD—at risk. Of our practices for managing agency-wide supply chain risks, DOD addressed 4 and partially addressed the other 3. Specifically, DOD still needs to update and finalize an agency-wide strategy and implement processes for reviewing potential suppliers and detecting counterfeits. We recommended committing to a time frame for addressing these issues.
Read Less...

Report

Consumer Reporting Agencies: CFPB Should Define Its Supervisory Expectations

Year Published: 2019

Language: English

Sector: Protecting Privacy and Sensitive Data

Issue: Consumer reporting agencies collect vast amounts of information on people, such as their debt and work histories. They package the information into reports and sell it. GAO looked at inaccuracies in those reports, which can have real consequences—especially for job seekers or people who need credit.

Download

Consumer reporting agencies collect vast amounts of information on people, such as their debt and work histories. They package the information into reports and sell it. We looked at inaccuracies in
Read More...
Consumer reporting agencies collect vast amounts of information on people, such as their debt and work histories. They package the information into reports and sell it. We looked at inaccuracies in those reports, which can have real consequences—especially for job seekers or people who need credit. Government and industry representatives said errors can happen in several ways. For example, agencies might match data to the wrong people if they share common names. We recommended the Consumer Financial Protection Bureau tell agencies what it considers reasonable procedures for assuring accuracy and investigating disputes.
Read Less...

Report

Cyber High-Risk: Challenges in Establishing Comprehensive Cybersecurity Strategy, Performing Effective Oversight

Year Published: 2023

Language: English

Sector: Cybersecurity

Issue: cybersecurity risks

Download

Federal IT systems and our nation's critical infrastructure are at risk of attack from malicious actors, including those acting on behalf of other nations. Such attacks could result in serious harm to
Read More...
Federal IT systems and our nation's critical infrastructure are at risk of attack from malicious actors, including those acting on behalf of other nations. Such attacks could result in serious harm to human safety, national security, the environment, and the economy. The federal government should: establish a comprehensive cybersecurity strategy, mitigate global supply chain risks, address the federal cybersecurity worker shortage, and ensure the security of emerging technologies.
Read Less...

Report

Critical Infrastructure Protection: Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid

Year Published: 2019

Language: English

Sector: Protecting Cybersecurity of Critical Infrastructure

Issue: The nation’s electric grid is becoming more vulnerable to cyberattacks—particularly those involving industrial control systems that support grid operations. Recent federal assessments indicate that cyberattacks could cause widespread power outages in the United States, but the scale of such outages is uncertain.

Download

The nation’s electric grid is becoming more vulnerable to cyberattacks—particularly those involving industrial control systems that support grid operations. Recent federal assessments indicate tha
Read More...
The nation’s electric grid is becoming more vulnerable to cyberattacks—particularly those involving industrial control systems that support grid operations. Recent federal assessments indicate that cyberattacks could cause widespread power outages in the United States, but the scale of such outages is uncertain. The Department of Energy (DOE) plays a key role in helping address cybersecurity risks in each component of the electric grid’s infrastructure. However, DOE has not developed plans for electric grid cybersecurity that address the key characteristics needed for a national strategy. We recommended that it do so.
Read Less...

Report

"2020 Census: Bureau Needs to Take Additional Actions to Address Key Risks to a Successful Enumeration"

Year Published: 2019

Language: English

Sector: Improving Implementation of Cybersecurity Initiatives

Issue: In an effort to control rising costs, the Census Bureau plans to implement several innovations for the 2020 Census, including new IT systems.

Download

In an effort to control rising costs, the Census Bureau plans to implement several innovations for the 2020 Census, including new IT systems. This testimony describes why we added the 2020 Census t
Read More...
In an effort to control rising costs, the Census Bureau plans to implement several innovations for the 2020 Census, including new IT systems. This testimony describes why we added the 2020 Census to our High Risk List in February 2017, and steps the Bureau must take to reduce risk and count people cost-effectively. These include completing IT system development and testing and addressing cybersecurity issues. As of July 2019, we made 107 recommendations on the 2020 Census, 74 of which were implemented.
Read Less...

Report

High Risk Series: Efforts Made to Achieve Progress Need to Be Maintained and Expanded to Fully Address All Areas

Year Published: 2023

Language: English

Sector: Cybersecurity

Issue: Protection of confidentiality, integrity, and availability of their systems and effectively respond to cyberattacks.

Download

Federal agencies and our nation’s critical infrastructures—such as energy, transportation systems, communications, and financial services—depend on technology systems to carry out operations and
Read More...
Federal agencies and our nation’s critical infrastructures—such as energy, transportation systems, communications, and financial services—depend on technology systems to carry out operations and process, maintain, and report essential information. The security of these systems and data is vital to protecting individual privacy and national security, prosperity, and well-being. However, risks to technology systems are increasing. In particular, malicious actors are becoming more willing and capable of carrying out cyberattacks. Such attacks could result in serious harm to human safety, the environment, and the economy. Agencies and critical infrastructure owners and operators must protect the confidentiality, integrity, and availability of their systems and effectively respond to cyberattacks.
Read Less...

Report

2020 Census: Actions Needed to Address Key Risks to a Successful Enumeration

Year Published: 2019

Language: English

Sector: Improving Implementation of Cybersecurity Initiatives

Issue: In an effort to control rising costs, the Census Bureau plans to implement several innovations for the 2020 Census, including new IT systems. This testimony describes why GAO added the 2020 Census to its High Risk List in February 2017, and steps the Bureau must take to reduce risk and count people cost-effectively. These include completing IT system development and testing and addressing cybersecurity issues.

Download

In an effort to control rising costs, the Census Bureau plans to implement several innovations for the 2020 Census, including new IT systems. This testimony describes why we added the 2020 Census t
Read More...
In an effort to control rising costs, the Census Bureau plans to implement several innovations for the 2020 Census, including new IT systems. This testimony describes why we added the 2020 Census to our High Risk List in February 2017, and steps the Bureau must take to reduce risk and count people cost-effectively. These include completing IT system development and testing and addressing cybersecurity issues. As of June 2019, we made 106 recommendations on the 2020 Census, 74 of which were implemented.
Read Less...

Report

Global Cybercrime: Federal Agency Efforts to Address International Partners' Capacity to Combat Crime

Year Published: 2022

Language: English

Sector: Cybersecurity

Issue: Cyber crime

Download

The Departments of State, Justice, and Homeland Security are working with foreign nations to help combat these technology-driven crimes. Collaboration activities include information sharing with forei
Read More...
The Departments of State, Justice, and Homeland Security are working with foreign nations to help combat these technology-driven crimes. Collaboration activities include information sharing with foreign partners on current threats and providing cyber training to foreign law enforcement. But as the lead agency responsible for foreign assistance, State hasn't fully evaluated whether these activities have been effective in helping foreign nations combat cybercrime.
Read Less...

Report

Information Technology: DOD Needs to Fully Implement Program for Piloting Open Source Software

Year Published: 2019

Language: English

Sector: Improving Implementation of Cybersecurity Initiatives

Issue: Open source software is code released under a license that grants users the right to modify, share, and reuse the software. Making code available for reuse as open source can have major benefits such as reducing costs and improving efficiency. Congress required the Department of Defense to start an open source software pilot program in accordance with requirements from the Office of Management and Budget. GAO found DOD hasn’t fully implemented a program that meets these requirements. GAO also found concerns among some DOD officials over open source cybersecurity.

Download

Open source software is code released under a license that grants users the right to modify, share, and reuse the software. Making code available for reuse as open source can have major benefits such
Read More...
Open source software is code released under a license that grants users the right to modify, share, and reuse the software. Making code available for reuse as open source can have major benefits such as reducing costs and improving efficiency. Congress required the Department of Defense to start an open source software pilot program in accordance with requirements from the Office of Management and Budget. We found DOD hasn’t fully implemented a program that meets these requirements. We also found concerns among some DOD officials over open source cybersecurity. We made 4 recommendations on how DOD could fully implement the pilot program.
Read Less...

Report

Information Management: Agencies Need to Streamline Electronic Services

Year Published: 2022

Language: English

Sector: Information Management

Issue: Appropriately limit collection and use of personal information and ensure it is obtained with appropriate knowledge or consent

Download

Federal agencies must obtain written consent from individuals before disclosing their personal information. The Office of Management and Budget issued guidance that outlined agencies' responsibilities
Read More...
Federal agencies must obtain written consent from individuals before disclosing their personal information. The Office of Management and Budget issued guidance that outlined agencies' responsibilities for accepting digital access and consent forms. Agencies were to implement the requirements in this guidance by November 2021. We found that, as of August 2022, only 1 of the 17 agencies that we reviewed had done so (the Securities and Exchange Commission). The others faced technical issues and competing priorities that have caused delays.
Read Less...

Report

Electronic Health Records: VA Needs to Identify and Report System Costs

Year Published: 2019

Language: English

Sector: Improving Implementation of Cybersecurity Initiatives

Issue: The VA’s health information system is more than 30 years old and is costly to maintain. Over nearly 2 decades, VA’s multiple modernization efforts have continually fallen short. In June 2017, VA announced it would buy the same system DOD is implementing. VA plans to continue using its current system during a decade-long transition. GAO reviewed the early stages of this transition. Among other things, GAO found VA lacked insight into the total costs for the current system. This could make it more difficult to make decisions during the transition to the new system. GAO recommended VA more reliably identify and report system costs.

Download

The VA’s health information system is more than 30 years old and is costly to maintain. Over nearly 2 decades, VA’s multiple modernization efforts have continually fallen short. In June 2017, V
Read More...
The VA’s health information system is more than 30 years old and is costly to maintain. Over nearly 2 decades, VA’s multiple modernization efforts have continually fallen short. In June 2017, VA announced it would buy the same system DOD is implementing. VA plans to continue using its current system during a decade-long transition. We reviewed the early stages of this transition. Among other things, we found VA lacked insight into the total costs for the current system. This could make it more difficult to make decisions during the transition to the new system. We recommended VA more reliably identify and report system costs.
Read Less...

Report

Privacy: Dedicated Leadership Can Improve Programs and Address Challenges

Year Published: 2022

Language: English

Sector: Data Privacy

Issue: Protection of privacy of sensitive data

Download

Federal agencies that collect personally identifiable information—such as birthplaces and Social Security numbers—are required to establish programs to protect it. The 24 agencies we examined had
Read More...
Federal agencies that collect personally identifiable information—such as birthplaces and Social Security numbers—are required to establish programs to protect it. The 24 agencies we examined had designated a senior agency official for privacy, as required. However, these officials may have numerous other duties and may not bring a needed focus on privacy. They generally delegated many aspects of privacy programs to less-senior officials. We recommended that Congress consider legislation to designate dedicated, senior-level privacy officials.
Read Less...

Report

Information Technology: Implementation of GAO Recommendations Would Strengthen Federal Agencies' Acquisitions, Operations, and Cybersecurity

Year Published: 2019

Language: English

Sector: Improving Implementation of Cybersecurity Initiatives

Issue: The federal government has spent billions on information technology projects that have failed or performed poorly. Some agencies have had massive cybersecurity failures. These IT efforts often suffered from ineffective management.

Download

The federal government has spent billions on information technology projects that have failed or performed poorly. Some agencies have had massive cybersecurity failures. These IT efforts often suffere
Read More...
The federal government has spent billions on information technology projects that have failed or performed poorly. Some agencies have had massive cybersecurity failures. These IT efforts often suffered from ineffective management. We testified about 2 issues on our High Risk List: management of IT acquisitions and operations, and cybersecurity. Since 2010, agencies have implemented - 60% of our 1,277 recommendations on IT acquisitions and operations - 78% of our 3,058 recommendations on cybersecurity Much remains to be done. For example, most agencies have not, as required, assigned key IT responsibilities to the chief information officer.
Read Less...

Report

Cyber Insurance: Action Needed to Assess Potential Federal Response to Catastrophic Attacks

Year Published: 2022

Language: English

Sector: Cybersecurity

Issue: Cyber insurance; Protecting the cybersecurity of critical infrastructure

Download

Cyber insurance can help offset costs of some common cyber risks, like data breaches or ransomware. But cyber risks are growing, and cyberattacks targeting critical infrastructure—like utilities or
Read More...
Cyber insurance can help offset costs of some common cyber risks, like data breaches or ransomware. But cyber risks are growing, and cyberattacks targeting critical infrastructure—like utilities or financial services—could affect entire systems and result in catastrophic financial loss. Insurers and the government's terrorism risk insurance may not be able to cover such losses. For example, the government's insurance may only cover cyberattacks if they can be considered "terrorism" under its defined criteria. We recommended that Treasury and Homeland Security jointly assess if a federal response is needed to address the situation.
Read Less...

Report

Information Technology: Agencies Need to Develop Modernization Plans for Critical Legacy Systems

Year Published: 2019

Language: English

Sector: Improving Implementation of Cybersecurity Initiatives

Issue: The U.S. government plans to spend over $90 billion this fiscal year on information technology. Most of that will be used to operate and maintain existing systems, including aging (also called legacy) systems. These systems can be more costly to maintain and vulnerable to hackers. GAO analyzed 65 federal legacy systems and identified the 10 most critical at 10 agencies ranging from Defense to Treasury. The systems were 8 to 51 years old. Three agencies had no documented plans to modernize. Two had plans that included key practices for success.

Download

The U.S. government plans to spend over $90 billion this fiscal year on information technology. Most of that will be used to operate and maintain existing systems, including aging (also called legacy)
Read More...
The U.S. government plans to spend over $90 billion this fiscal year on information technology. Most of that will be used to operate and maintain existing systems, including aging (also called legacy) systems. These systems can be more costly to maintain and vulnerable to hackers. We analyzed 65 federal legacy systems and identified the 10 most critical at 10 agencies ranging from Defense to Treasury. The systems were 8 to 51 years old. Three agencies had no documented plans to modernize. Two had plans that included key practices for success.
Read Less...

Report

Ransomware: Federal Coordination and Assistance Challenges Snapshot

Year Published: 2022

Language: English

Sector: Cybersecurity

Issue: Protecting the cybersecurity of critical infrastructure

Download

Ransomware is software that makes data and systems unusable unless ransom payments are made. State, local, tribal, and territorial government organizations—including schools—have been targeted by
Read More...
Ransomware is software that makes data and systems unusable unless ransom payments are made. State, local, tribal, and territorial government organizations—including schools—have been targeted by ransomware. This can affect vital government operations and services. Ransomware attacks on schools can cause learning loss as well as monetary loss. Several federal agencies provide direct assistance to these organizations in preventing and responding to ransomware attacks. We discuss three areas where the federal government could improve this assistance: interagency coordination, awareness, outreach, and communication, and coordination with schools.
Read Less...

Report

VA Health IT: Use of Acquisition Best Practices Can Improve Efforts to Implement a System to Support the Family Caregiver Program

Year Published: 2019

Language: English

Sector: Improving Implementation of Cybersecurity Initiatives

Issue: The Veterans Administration established the Family Caregiver Program in 2011 to help families provide care to seriously injured veterans. It developed an IT system to help it run this program but the system has many problems.

Download

The Veterans Administration established the Family Caregiver Program in 2011 to help families provide care to seriously injured veterans. It developed an IT system to help it run this program but the
Read More...
The Veterans Administration established the Family Caregiver Program in 2011 to help families provide care to seriously injured veterans. It developed an IT system to help it run this program but the system has many problems. We reported on these problems in 2014. For example, the system does not provide VA with data that would enable the agency to monitor how the Family Caregiver Program affects its medical centers' resources. We recommended the VA address these problems. We testified about our prior and ongoing work related to this system. We also testified about steps VA has taken to fix the system and the problems with it that persist.
Read Less...

Report

Information Technology: Effective Practices Have Improved Agencies' FITARA Implementation

Year Published: 2019

Language: English

Sector: Improving Implementation of Cybersecurity Initiatives

Issue: To reform government-wide information technology management, Congress enacted the Federal Information Technology Acquisition Reform Act (commonly referred to as FITARA) in 2014. GAO reviewed nine agencies and found 12 practices officials said helped them to effectively implement one or more of the FITARA provisions.

Download

To reform government-wide information technology management, Congress enacted the Federal Information Technology Acquisition Reform Act (commonly referred to as FITARA) in 2014. What practices have
Read More...
To reform government-wide information technology management, Congress enacted the Federal Information Technology Acquisition Reform Act (commonly referred to as FITARA) in 2014. What practices have federal agencies put in place to implement the law? We reviewed nine agencies and found 12 practices officials said helped them to effectively implement one or more of the FITARA provisions. For example, five of the agencies said that centralizing the management of software licenses was essential to meeting the software purchasing provision of the law. By doing so, agencies were able to make agency-wide purchasing decisions that saved them money.
Read Less...

Report

Data Center Optimization: Additional Agency Actions Needed to Meet OMB Goals

Year Published: 2019

Language: English

Sector: Improving Implementation of Cybersecurity Initiatives

Issue: Federal agencies operate thousands of data centers and since 2010 have been required to close unneeded facilities and improve the performance of the remaining centers. Across the government, agencies have closed 6,250 centers to date and saved $2.7 billion. However, only 2 agencies in GAO's review planned to meet September 2018 government-wide optimization goals that include, for example, a target for how much time data servers sit unused. GAO recommended that agencies improve data centers' operational efficiency and identify further savings

Download

Federal agencies operate thousands of data centers and since 2010 have been required to close unneeded facilities and improve the performance of the remaining centers. Across the government, agencies
Read More...
Federal agencies operate thousands of data centers and since 2010 have been required to close unneeded facilities and improve the performance of the remaining centers. Across the government, agencies have closed 6,250 centers to date and saved $2.7 billion. However, only 2 agencies in our review planned to meet September 2018 government-wide optimization goals that include, for example, a target for how much time data servers sit unused. We recommended that agencies improve data centers' operational efficiency and identify further savings.
Read Less...

Report

Offshore Oil and Gas: Strategy Urgently Needed to Address Cybersecurity Risks to Infrastructure

Year Published: 2022

Language: English

Sector: Infrastructure

Issue: Weakness in the federal role in protecting the cybersecurity of critical infrastructure

Download

A network of over 1,600 offshore facilities produce a significant portion of U.S. domestic oil and gas. These facilities, which rely on technology to remotely monitor and control equipment, face a gro
Read More...
A network of over 1,600 offshore facilities produce a significant portion of U.S. domestic oil and gas. These facilities, which rely on technology to remotely monitor and control equipment, face a growing risk of cyberattacks. A cyberattack on these facilities could cause physical, environmental, and economic harm. And disruptions to oil and gas production and transmission could affect supplies and markets. The Department of the Interior—which is responsible for overseeing the infrastructure—has taken few steps to address cybersecurity risks.
Read Less...

Report

FEMA Grants Modernization: Improvements Needed to Strengthen Program Management and Cybersecurity

Year Published: 2019

Language: English

Sector: Improving Implementation of Cybersecurity Initiatives

Issue: FEMA awarded more than $22 billion in grants for four major disasters in 2017 alone. It manages these and other grants in numerous, disparate information technology systems that it has been attempting to modernize. GAO reviewed FEMA's Grants Management Modernization program.

Download

FEMA awarded more than $22 billion in grants for four major disasters in 2017 alone. It manages these and other grants in numerous, disparate information technology systems that it has been attempting
Read More...
FEMA awarded more than $22 billion in grants for four major disasters in 2017 alone. It manages these and other grants in numerous, disparate information technology systems that it has been attempting to modernize. We reviewed FEMA's Grants Management Modernization program. Among other things, we found The program's cost estimate in 2017 appeared to be sound but now must be updated Its schedule is not realistic It addressed some key cybersecurity practices but needs to improve how it assesses security controls and addresses known vulnerabilities We made 8 recommendations, including that FEMA improve its schedule.
Read Less...

Report

Electronic Health Information: HHS Needs to Improve Communications for Breach Reporting

Year Published: 2022

Language: English

Sector: Health and Information Systems

Issue: cyber incidents targeting federal systems

Download

Health IT systems can enhance health care delivery and empower providers to make informed decisions about patient health. But these systems may be vulnerable to breaches. The Department of Health and
Read More...
Health IT systems can enhance health care delivery and empower providers to make informed decisions about patient health. But these systems may be vulnerable to breaches. The Department of Health and Human Services sets standards for protecting electronic health information and enforces compliance with them. Health care providers, health plans, their business associates, and other entities are required to report breaches to HHS. The HHS Office of Civil Rights manages the breach reporting process, but it lacks a way for entities to provide feedback on it.
Read Less...

Report

Cloud Computing: Agencies Have Increased Usage and Realized Benefits, but Cost and Savings Data Need to Be Better Tracked

Year Published: 2019

Language: English

Sector: Improving Implementation of Cybersecurity Initiatives

Issue: Each year, federal agencies spend $90 billion on IT. Cloud computing services—on-demand access to shared resources such as networks, servers, and data storage—can help agencies deliver better IT services for less money. However, agencies don't consistently track cloud-related savings, making it hard for them to make informed decisions on whether to use cloud services. GAO recommended that agencies improve their savings tracking.

Download

Each year, federal agencies spend $90 billion on IT. Cloud computing services—on-demand access to shared resources such as networks, servers, and data storage—can help agencies deliver better IT s
Read More...
Each year, federal agencies spend $90 billion on IT. Cloud computing services—on-demand access to shared resources such as networks, servers, and data storage—can help agencies deliver better IT services for less money. For example, the Department of Homeland Security migrated its network for information sharing and collaboration to the cloud, ensuring it remains continuously available for law enforcement and emergency response. However, agencies don't consistently track cloud-related savings, making it hard for them to make informed decisions on whether to use cloud services. We recommended that agencies improve their savings tracking.
Read Less...

Report

DOD Cybersecurity: Enhanced Attention Needed to Ensure Cyber Incidents Are Appropriately Reported and Shared

Year Published: 2022

Language: English

Sector: Cybersecurity

Issue: cyber incidents targeting federal systems

Download

Cyber attacks threaten national security—but hackers continue to target DOD as well as private companies and others involved in the nation's military operations. DOD has taken steps to combat these
Read More...
Cyber attacks threaten national security—but hackers continue to target DOD as well as private companies and others involved in the nation's military operations. DOD has taken steps to combat these attacks and has reduced the number of cyber incidents in recent years. But we found that DOD: Hasn't fully implemented its processes for managing cyber incidents, doesn't have complete data on cyber incidents that staff report, and doesn't document whether it notifies individuals whose personal data is compromised in a cyber incident.
Read Less...

Report

Federal Information Security: Agencies and OMB Need to Strengthen Policies and Practices

Year Published: 2019

Language: English

Sector: Improving Implementation of Cybersecurity Initiatives

Issue: Federal Agencies are required to have information security programs. The Office of Management and Budget oversees these efforts. This report found that most agencies sampled had weaknesses in most security control areas, and 18/24 agencies had ineffective programs.

Download

A 2014 law requires federal agencies to have information security programs. The Office of Management and Budget oversees these efforts. We looked at how agencies and OMB have implemented the law and f
Read More...
A 2014 law requires federal agencies to have information security programs. The Office of Management and Budget oversees these efforts. We looked at how agencies and OMB have implemented the law and found: Of our sample of 16 agencies, most had weaknesses in most security control areas Inspectors General reported ineffective programs at 18 of 24 major agencies OMB coordinated cybersecurity review meetings with 3 agencies in fiscal year 2018, compared to 24 in 2016 Our recommendations to OMB include holding those meetings at more agencies that need them. Federal information security has been a topic on our High Risk List since 1997.
Read Less...

Report

Nuclear Weapons Cybersecurity: NNSA Should Fully Implement Cybersecurity Risk Management Practices

Year Published: 2022

Language: English

Sector: Cybersecurity

Issue: Weaknesses in federal agency information security programs

Download

The National Nuclear Security Administration (NNSA) is increasingly relying on advanced computers and integrating digital systems into weapons and manufacturing equipment. But, these systems could be
Read More...
The National Nuclear Security Administration (NNSA) is increasingly relying on advanced computers and integrating digital systems into weapons and manufacturing equipment. But, these systems could be hacked. Federal laws and policies suggest 6 key practices to set up a cybersecurity management program, such as assigning risk management responsibilities. However, NNSA and its contractors haven't fully implemented these practices. Additionally, NNSA and its contractors rely on subcontractors for services and equipment, but we found that oversight of subcontractors' cybersecurity was inconsistent. Our recommendations address these issues.
Read Less...

Report

Cloud Computing Security: Agencies Increased Their Use of the Federal Authorization Program, but Improved Oversight and Implementation Are Needed

Year Published: 2019

Language: English

Sector: Improving Implementation of Cybersecurity Initiatives

Issue: Federal agencies are increasingly using cloud computing services. Cloud computing offers benefits but also poses cybersecurity risks. Office of Management and Budget (OMB) requires agencies to use the Federal Risk and Authorization Management Program to authorize their use of cloud services. The 4 case study agencies GAO looked at, didn’t fully implement key elements of the authorization process. OMB didn’t monitor use of the program.

Download

Federal agencies are increasingly using cloud computing services. Cloud computing offers benefits but also poses cybersecurity risks. OMB requires agencies to use the Federal Risk and Authorization Ma
Read More...
Federal agencies are increasingly using cloud computing services. Cloud computing offers benefits but also poses cybersecurity risks. OMB requires agencies to use the Federal Risk and Authorization Management Program to authorize their use of cloud services. Although agencies increased their program use—authorizations were up 137% from 2017 to 2019—15 of the 24 agencies we surveyed reported that they didn’t always use the program. Our 4 case study agencies didn’t fully implement key elements of the authorization process. Also, OMB didn’t monitor use of the program. We made 24 recommendations to 4 agencies, plus one to OMB to improve oversight.
Read Less...

Report

Information Environment: Opportunities and Threats to DOD’s National Security Mission

Year Published: 2022

Language: English

Sector: Information Security

Issue: Weaknesses in federal agency information security programs

Download

To offset U.S. conventional warfighting advantages, opponents try to use the information environment, including information technology and social media. Actions can range from trying to plant malware
Read More...
To offset U.S. conventional warfighting advantages, opponents try to use the information environment, including information technology and social media. Actions can range from trying to plant malware in weapons to spreading disinformation on social media. This report describes DOD's use and protection of the information environment. We profile 6 areas—such as threats and emerging technologies—and offer questions for further oversight. For example, DOD components identified threats like collecting intelligence, influencing decision-making, degrading electromagnetic spectrum capabilities, and cyberattacks.
Read Less...

Report

Cybersecurity: Secret Service Has Made Progress Toward Zero Trust Architecture, but Work Remains

Year Published: 2022

Language: English

Sector: Cybersecurity

Issue: Weaknesses in federal agency information security programs

Download

With the ever-increasing threat of cyberattacks, the Secret Service is adopting a "zero trust" approach to cybersecurity. This "zero trust architecture" requires constant verification of everything th
Read More...
With the ever-increasing threat of cyberattacks, the Secret Service is adopting a "zero trust" approach to cybersecurity. This "zero trust architecture" requires constant verification of everything that's trying to connect to an organization's IT systems. The Secret Service developed a plan to implement this with 4 milestones, such as assessing agency IT systems against federal guidance and implementing cloud services. But the agency created this plan before federal "zero trust" guidance was issued and hasn't updated its plan to reflect this guidance. We recommended that the Secret Service address this issue and more.
Read Less...

Report

Veterans Affairs: Addressing IT Management Challenges Is Essential to Effectively Supporting the Department's Mission

Year Published: 2019

Language: English

Sector: Cybersecurity Workforce Management Challenges

Issue: This testimony discusses our work on information technology challenges at the Department of Veterans Affairs. The Department of Veterans Affairs (VA) has made limited progress toward addressing information technology (IT) system modernization challenges.

Download

This testimony discusses our work on information technology challenges at the Department of Veterans Affairs. Despite spending over $4 billion annually on IT: VA still doesn't have IT systems th
Read More...
This testimony discusses our work on information technology challenges at the Department of Veterans Affairs. Despite spending over $4 billion annually on IT: VA still doesn't have IT systems that fully support critical services—e.g., veterans health care, the Family Caregiver Program, and disability benefits. Some VA IT management processes do not effectively implement federal IT acquisition law, making congressional oversight of IT acquisitions more difficult. Cybersecurity management has weaknesses, which increase vulnerability to cyber threats. VA health care and federal IT acquisitions are also on our High Risk List.
Read Less...

Report

Cloud Computing: Federal Agencies Face Four Challenges

Year Published: 2022

Language: English

Sector: Cloud Computing

Issue: Agencies face challenges in: ensuring cybersecurity, procuring cloud services, maintaining a skilled workforce, and tracking cost and savings.

Download

Federal agencies plan to spend billions of dollars each year to support their IT and cybersecurity efforts. These efforts include transitioning their IT resources to secure, cost-effective commercial
Read More...
Federal agencies plan to spend billions of dollars each year to support their IT and cybersecurity efforts. These efforts include transitioning their IT resources to secure, cost-effective commercial cloud services. We have identified challenges in four areas that agencies must overcome to fully realize the benefits of transitioning to cloud services.
Read Less...

Report

Cybersecurity Workforce: Agencies Need to Accurately Categorize Positions to Effectively Identify Critical Staffing Needs

Year Published: 2019

Language: English

Sector: Cybersecurity Workforce Management Challenges

Issue: The federal government needs a qualified, well-trained cybersecurity workforce to protect vital IT systems. 

Download

The federal government needs a qualified, well-trained cybersecurity workforce to protect vital IT systems. Not having enough of these workers is one reason why securing federal systems is on our High
Read More...
The federal government needs a qualified, well-trained cybersecurity workforce to protect vital IT systems. Not having enough of these workers is one reason why securing federal systems is on our High Risk list. To help agencies identify their critical workforce needs, they were required to identify and categorize all of their IT and cyber-related positions. However, most of the agencies we reviewed likely miscategorized the work involved in many positions. For example, 22 of 24 agencies assigned a "non-IT" code to 15,779 (about 19%) of their IT positions. We recommended agencies improve how they track and code their IT and cyber workforce.
Read Less...

Report

Information Technology/Cybersecurity: Evolving the Scorecard Remains Important for Monitoring Agencies’ Progress

Year Published: 2022

Language: English

Sector: Cybersecurity

Issue: Implementation of government wide cybersecurity initiatives

Download

The federal government annually spends more than $100 billion on IT and cyber investments—many of which have been ineffectively managed. Congress passed laws to address these issues, including provi
Read More...
The federal government annually spends more than $100 billion on IT and cyber investments—many of which have been ineffectively managed. Congress passed laws to address these issues, including provisions such as the Federal Information Technology Acquisition Reform Act (FITARA). We testified that, since 2015, Congress has issued scorecards to monitor agencies' implementation of FITARA and key IT topics. The scorecards have evolved and served as effective oversight tools. Both IT management and cybersecurity are on our High Risk list. About 76% of the 5,400 recommendations we've made in these areas since 2010 have been implemented.
Read Less...

Report

Information Technology: Agencies Need to Fully Implement Key Workforce Planning Activities

Year Published: 2019

Language: English

Sector: Cybersecurity Workforce Management Challenges

Issue: Identifying skill gaps and staffing needs is key to addressing the federal government’s IT workforce challenges.

Download

Identifying skill gaps and staffing needs is key to addressing the federal government’s IT workforce challenges. We evaluated how major executive agencies implemented the 8 IT workforce planning
Read More...
Identifying skill gaps and staffing needs is key to addressing the federal government’s IT workforce challenges. We evaluated how major executive agencies implemented the 8 IT workforce planning practices in our framework, like recognizing key skills employees will need and planning for them. Agencies made the most progress with 3 practices, including assessing gaps in skills and staffing. We recommended that three-quarters of the agencies fully implement the practices to anticipate and respond to changing staffing needs and to control risks with critical IT systems. We made the same recommendation to the remaining agencies in 2016 and 2018.
Read Less...

Report

Critical Infrastructure: Actions Needed to Better Secure Internet-Connected Devices

Year Published: 2022

Language: English

Sector: Infrastructure

Issue: Security of emerging technologies

Download

The nation's 16 critical infrastructure sectors rely on internet-connected devices and systems to deliver essential services, such as electricity and health care. These sectors face increasing cyberse
Read More...
The nation's 16 critical infrastructure sectors rely on internet-connected devices and systems to deliver essential services, such as electricity and health care. These sectors face increasing cybersecurity threats—an issue on our High Risk list. Federal agencies that have leadership roles in 3 sectors we reviewed have taken some steps to manage the cybersecurity risks posed by internet-connected devices and systems. But they've not assessed risks to the sectors as a whole. Without a holistic assessment, the agencies can't know what additional cybersecurity protections might be needed. Our recommendations address this and more.
Read Less...

Report

Technology Assessment: Artificial Intelligence: Emerging Opportunities, Challenges, and Implications

Year Published: 2018

Language: English

Sector: Security of Emerging Technologies

Issue: Artificial intelligence (AI) could improve human life and economic competitiveness—but it also poses new risks.

Download

Artificial intelligence (AI) could improve human life and economic competitiveness—but it also poses new risks. The Comptroller General convened the Forum on AI to consider the policy and researc
Read More...
Artificial intelligence (AI) could improve human life and economic competitiveness—but it also poses new risks. The Comptroller General convened the Forum on AI to consider the policy and research implications of AI’s use in 4 areas with the potential to significantly affect daily life—cybersecurity, automated vehicles, criminal justice, and financial services. The forum highlighted the fact that AI will have far-reaching effects on society—even if AI capabilities stopped advancing today. We looked at the prospects for AI in the near future, and identified areas where changes in policy and research may be needed.
Read Less...

Report

Cybersecurity Workforce: Actions Needed to Improve Cybercorps Scholarship for Service Program

Year Published: 2022

Language: English

Sector: Cybersecurity

Issue: Cybersecurity workforce management challenges

Download

The CyberCorps Scholarship for Service Program—managed by the National Science Foundation, Office of Personnel Management, and Department of Homeland Security—requires recipients to work in govern
Read More...
The CyberCorps Scholarship for Service Program—managed by the National Science Foundation, Office of Personnel Management, and Department of Homeland Security—requires recipients to work in government jobs for a period of time after graduation. We found: NSF and OPM fully complied with 13 legal requirements for managing the program and partially complied with 6, and NSF hasn't implemented a strategy to effectively manage risks and challenges, such as ensuring recipients meet their service obligation. Our recommendations address these issues.
Read Less...

Report

Critical Infrastructure Protection: Actions Needed to Address Significant Weaknesses in TSA's Pipeline Security Program Management

Year Published: 2018

Language: English

Sector: Infrastructure

Issue: Protecting Cybersecurity of Critical Infrastructure

Download

The nation depends on the interstate pipeline system to deliver oil, natural gas, and more. This increasingly computerized system is an attractive target for hackers and terrorists.
The nation depends on the interstate pipeline system to deliver oil, natural gas, and more. This increasingly computerized system is an attractive target for hackers and terrorists.

Report

Military Cyber Personnel: Opportunities Exist to Improve Service Obligation Guidance and Data Tracking

Year Published: 2022

Language: English

Sector: Cybersecurity

Issue: Cybersecurity workforce management challenges

Download

Military personnel who complete advanced cyber training—which may take a year or more and costs DOD hundreds of thousands of dollars—may not remain in the military for a significant time after tra
Read More...
Military personnel who complete advanced cyber training—which may take a year or more and costs DOD hundreds of thousands of dollars—may not remain in the military for a significant time after training. We found that 2 of the 4 military services are not positioned to ensure adequate return on their investment in advanced cyber training. While the Navy and Air Force require 3 years of active duty, the Marine Corps has no guidance for this area and Army guidance does not clearly define active duty service obligations. We recommended clarifying these service obligations and more.
Read Less...

Report

Cybersecurity: Kick-Starting the Office of the National Cyber Director

Year Published: 2022

Language: English

Sector: Cybersecurity

Issue: Comprehensive National Strategy for Cybsecurity

Download

The federal government needs to develop and implement a comprehensive strategy to overcome the cyber threats facing our nation. Cybersecurity has been on our high risk list since 1997. in 2021, Congre
Read More...
The federal government needs to develop and implement a comprehensive strategy to overcome the cyber threats facing our nation. Cybersecurity has been on our high risk list since 1997. in 2021, Congress created the Office of the National Cyber Director to lead the nation's cybersecurity efforts. Our overview looks at the Office's strategic statement, which summarizes its vision and path to improve the nation's cybersecurity. For example, the Office plans to coordinate the federal defense from and response to cyberattacks. The Office noted that it's currently developing its national strategy and getting feedback from other federal agencies.
Read Less...

Report

Information Security: Supply Chain Risks Affecting Federal Agencies

Year Published: 2018

Language: English

Sector: Global Supply Chain Risks

Issue: Reliance on a global supply chain introduces multiple risks to federal information systems. Supply chain threats are present during the various phases of an information system's development life cycle and could create an unacceptable risk to federal agencies.

Download

Reliance on a global supply chain introduces multiple risks to federal information systems. Supply chain threats are present during the various phases of an information system’s development life cyc
Read More...
Reliance on a global supply chain introduces multiple risks to federal information systems. Supply chain threats are present during the various phases of an information system’s development life cycle and could create an unacceptable risk to federal agencies. Information technology (IT) supply chain-related threats are varied and can include: • installation of intentionally harmful hardware or software (i.e., containing “malicious logic”); • installation of counterfeit hardware or software; • failure or disruption in the production or distribution of critical products; • reliance on malicious or unqualified service providers for the performance of technical services; and • installation of hardware or software containing unintentional vulnerabilities, such as defective code. These threats can have a range of impacts, including allowing adversaries to take control of systems or decreasing the availability of materials needed to develop systems. These threats can be introduced by exploiting vulnerabilities that could exist at multiple points in the supply chain. Examples of such vulnerabilities include the acquisition of products or parts from unauthorized distributors; inadequate testing of software updates and patches; and incomplete information on IT suppliers. Malicious actors could exploit these vulnerabilities, leading to the loss of the confidentiality, integrity, or availability of federal systems and the information they contain.
Read Less...

Report

Database access management

Year Published: 2023

Language: Estonian

Sector: Public Administration

Issue: Access Management

Download

National Audit Office audited whether access management is organised based on the established requirements and best practice, whether measures have been implemented in the audited databases that ensur
Read More...
National Audit Office audited whether access management is organised based on the established requirements and best practice, whether measures have been implemented in the audited databases that ensure access to the database by authorised persons and exclude access by unauthorised persons, and whether the implemented measures are functional. The audit of the National Audit Office showed that, although access management ensures that only authorised persons can access the data in the audited databases, in the case of two databases, the access rights that these persons have are too broad. Institutions must address analysing log data and checking the validity of data queries more than before in order to prevent incidents or reduce the impact of incidents that have already occurred. The mandatory information security implementation audit for national databases was carried out in four of the five audited databases.
Read Less...

Report

Effectiveness of establishing Internet access networks

Year Published: 2022

Language: Estonian

Sector: Public Administration

Issue: High Speed Internet issues

Download

he National Audit Office audited whether the state has made every effort to ensure that everyone can have unlimited access to fast internet connection by 2020. The National Audit Office also analysed
Read More...
he National Audit Office audited whether the state has made every effort to ensure that everyone can have unlimited access to fast internet connection by 2020. The National Audit Office also analysed whether the network of fibre-optical cables or the basic broadband network, which is built with European Union support and should guarantee high-speed internet connection, has helped to achieve this goal.
Read Less...

Report

ACYCUDA system Audit

Year Published: 2023

Language: Dari

Sector: Public Administration

Issue: IT Controls

Download

IT Audit of ACYCUDA system Audit in Customs and Revenue Department
IT Audit of ACYCUDA system Audit in Customs and Revenue Department

Report

Use of IT in the valuation of the Import duties

Year Published: 2022

Language: English

Sector: Information Systems

Issue: Lack of DRP and BCP, Password Policy, User Access Management, System Documentation

Download

IT general controls, automated controls of E-Valuator (price uplifting tool)
IT general controls, automated controls of E-Valuator (price uplifting tool)

Report

Maldives Post Limited IS Audit of Express Money

Year Published: 2019

Language: English

Sector: Communication

Issue: Express Money: -User Agreement -Insurance General IT Controls: -Server Users -Backup -Disaster Recovery Planning -Information Technology Policy

Download

Assess the controls related to Express Money and general it controls of MPL
Assess the controls related to Express Money and general it controls of MPL

Report

Development and maintenance of COVID-19 Contact-Confirming Application (COCOA)

Year Published: 2021

Language: Japanese

Sector: Heath

Issue: COVID-19, Mobile contact tracing application

Download

A significant part of the budget was spent for measures related to COVID 19, which were decided in FY2019 and FY2020. Ministries/agencies should provide sufficient information to the public on the
Read More...
A significant part of the budget was spent for measures related to COVID 19, which were decided in FY2019 and FY2020. Ministries/agencies should provide sufficient information to the public on the large amounts of carry over and unused amounts in order to push forward with measures related to COVID 19 , ensuring the understanding and cooperation of the people. Ministries/agencies should analyze the causes of the large amounts of carried over and unused amounts of the projects related to COVID 19 , make an effort to execute the projects in a timely and appropriate manner , and provide the public with informationon the implementation status of budgets for the projects.
Read Less...

Report

2020 Census: Further Actions Needed to Reduce Key Risks to a Successful Enumeration

Year Published: 2019

Language: English

Sector: Public Administration

Issue: In an effort to control rising costs, the Census Bureau plans to implement several innovations for the 2020 Census, including new IT systems. GAO has made 97 recommendations on the 2020 Census. As of April 2019, 72 had been implemented. This testimony also makes 2 new recommendations to improve Bureau cybersecurity efforts.

Download

The 2020 Decennial Census is on GAO’s list of high-risk programs primarily because the Census Bureau (Bureau) (1) is using innovations that are not expected to be fully tested, (2) continues to face
Read More...
The 2020 Decennial Census is on GAO’s list of high-risk programs primarily because the Census Bureau (Bureau) (1) is using innovations that are not expected to be fully tested, (2) continues to face challenges in implementing information technology (IT) systems, and (3) faces significant cybersecurity risks to its systems and data. Although the Bureau has taken initial steps to address risk, additional actions are needed as these risks could adversely impact the cost, quality, schedule, and security of the enumeration. GAO is making two recommendations to the Bureau to (1) better ensure that cybersecurity weaknesses are addressed within prescribed time frames, and (2) improve its process for addressing cybersecurity weaknesses identified by DHS.
Read Less...

Report

Information Security: Supply Chain Risks Affecting Federal Agencies

Year Published: 2018

Language: English

Sector: Science & Technology

Issue: Reliance on a global supply chain introduces multiple risks to federal information systems. Supply chain threats are present during the various phases of an information system's development life cycle and could create an unacceptable risk to federal agencies.

Download

Reliance on a global supply chain introduces multiple risks to federal information systems. Reliance on a global supply chain introduces multiple risks to federal information systems. These threats ca
Read More...
Reliance on a global supply chain introduces multiple risks to federal information systems. Reliance on a global supply chain introduces multiple risks to federal information systems. These threats can have a range of impacts, including allowing adversaries to take control of systems or decreasing the availability of materials needed to develop systems.
Read Less...

Report

Status of Development, Operation and Use of Government Information Systems

Year Published: 2021

Language: English

Sector: Government Information Systems

Issue: A high proportion of appropriation was left unused or carried-over in some projects, in particular regarding development cost. The percentage of single bidding in competitive-bid contracts was high. Some systems were found to be underutilized, to have no targets set for grasping the utilization status, or to have no monitoring system in place. There was a considerable gap between the actual reduction in FY2020 in the operational cost and the target.

Download

A high proportion of appropriation was left unused or carried-over in some projects, in particular regarding development cost. The percentage of single bidding in competitive-bid contracts was h
Read More...
A high proportion of appropriation was left unused or carried-over in some projects, in particular regarding development cost. The percentage of single bidding in competitive-bid contracts was high. Some systems were found to be underutilized, to have no targets set for grasping the utilization status, or to have no monitoring system in place. There was a considerable gap between the actual reduction in FY2020 in the operational cost and the target.
Read Less...

Report

National Critical Infrastructure Protection Program: CISA Should Improve Priority Setting, Stakeholder Involvement, and Threat Information Sharing

Year Published: 2022

Language: English

Sector: Infrastructure

Issue: Protecting Cybersecurity of Critical Infrastructure

Download

The National Critical Infrastructure Prioritization Program is intended to identify the critical infrastructure assets in most need of protection. Nearly all federal and state officials we spoke with
Read More...
The National Critical Infrastructure Prioritization Program is intended to identify the critical infrastructure assets in most need of protection. Nearly all federal and state officials we spoke with questioned the program's relevance and usefulness. For example, they said it doesn't consider the most prevalent infrastructure threats, such as cyberattacks. CISA (the agency running the program) has started shifting its focus from simply protecting a set of critical assets to improving the resilience of critical functions—e.g., supplying water. But, it could do more to communicate this shift.
Read Less...

Report

Technology Assessment: Artificial Intelligence: Emerging Opportunities, Challenges, and Implications

Year Published: 2018

Language: English

Sector: Security of Emerging Technologies

Issue: Artificial intelligence (AI) could improve human life and economic competitiveness—but it also poses new risks.

Download

Performance and financing of obligations assigned to local authorities in relation to national databases

Year Published: 2013

Language: Report in Estonian, summary in English

Sector: Public Administration

Issue: National databases

Download

Maintenance and development of information systems in area of government of Estonian Ministry of the Environment

Year Published: 2013

Language: Report in Estonian, summary in English

Sector: Public Administration

Issue: Maintenance of information systems, development of information systems

Download

Maintenance of information systems, development of information systems
Maintenance of information systems, development of information systems

Report

Effectiveness of the development of a broadband network or high-speed Internet

Year Published: 2015

Language: Report in Estonian, summary in English

Sector: Public Administration

Issue: Broadband network, high-speed internet

Download

Usability of public e-services

Year Published: 2016

Language: Report in Estonian, summary in English

Sector: Public Administration

Issue: Usability of public e-services

Download

Implementation of system of IT security measures in local governments

Year Published: 2018

Language: Report in Estonian, summary in English

Sector: Public Administration

Issue: Development of information systems

Download

Guaranteeing security and preservation of critical state databases of Estonia

Year Published: 2018

Language: Report in Estonian, summary in English

Sector: Public Administration

Issue: System security, critical databases

Download

Overview of information technology expenditure and investments in Ministries and their authorities

Year Published: 2019

Language: Report in Estonian, summary in English

Sector: Public Administration

Issue: Financing of IT sector

Download

Management of software development projects in public sector

Year Published: 2019

Language: Report in Estonian, summary in English

Sector: Public Administration

Issue: Software development in public sector

Download

Administration and reliability of X-Road

Year Published: 2021

Language: Report in Estonian, summary in English

Sector: Public Administration

Issue: secure data exchange layer for information systems

Download

Is Cybercrime Combated Effectively

Year Published: 2020

Language: English

Sector: Defense

Issue: Cyber crimes

Download

Assessment whether existing investigation and preventive cybercrime activities ensure a safe environment for the public in the cyberspace.
Assessment whether existing investigation and preventive cybercrime activities ensure a safe environment for the public in the cyberspace.

Report

Smart Tax Administration system

Year Published: 2019

Language: English

Sector: Tax Administration

Issue: Achievement of objectives

Download

Assessment whether solutions developed (under development) will ensure that the objectives of smart tax administration system (iMAS) are achieved.
Assessment whether solutions developed (under development) will ensure that the objectives of smart tax administration system (iMAS) are achieved.

Report

Management of Critical State Information Resources

Year Published: 2018

Language: English

Sector: Public Administration

Issue: General Controls

Download

Assessment of general control and maturity of IT governance/management in 12 public sector organisations, focusing at strategic planning;information architecture; IT risk management; change management
Read More...
Assessment of general control and maturity of IT governance/management in 12 public sector organisations, focusing at strategic planning;information architecture; IT risk management; change management; assurance of uninterrupted services; system security; data management; monitoring and evaluation of IT activities; assurance.
Read Less...

Report

Creation of an electronic health system

Year Published: 2017

Language: English

Sector: Health

Issue: Achievement of objectives

Download

Evaluation whether the goals set for the creation of the e-health system are achieved and whether conditions are met to receive quality services. This is the 3-rd IT audit related to e-health system (
Read More...
Evaluation whether the goals set for the creation of the e-health system are achieved and whether conditions are met to receive quality services. This is the 3-rd IT audit related to e-health system (previous audits in 2008, 2011).
Read Less...

Report

Development of the State Electronic Communications Infrastructure

Year Published: 2017

Language: English

Sector: Communication

Issue: Infrastructure

Download

Evaluation of state-controlled model of electronic communications infrastructure (networks, services, pricing , security).
Evaluation of state-controlled model of electronic communications infrastructure (networks, services, pricing , security).

Report

Management of Information Resources in the Ministry of the Interior

Year Published: 2016

Language: English

Sector: Internal Affairs

Issue: General Controls

Download

Assessment of general controls of Information Systems at the Ministry of Interior, in particular - planning and organisation, monitoring, assessment and coordination. Maturity assessment of key gover
Read More...
Assessment of general controls of Information Systems at the Ministry of Interior, in particular - planning and organisation, monitoring, assessment and coordination. Maturity assessment of key governance/ management processes.
Read Less...

Report

Whether Disclosure of the Public Sector Data is Ensured

Year Published: 2016

Language: English

Sector: Public Administration

Issue: Open data

Download

Aim of audit was to assess whether the public data has been disclosed to the public and business : * is data disclosure policy is efficiently shaped and implemented? * is legal regulation of data di
Read More...
Aim of audit was to assess whether the public data has been disclosed to the public and business : * is data disclosure policy is efficiently shaped and implemented? * is legal regulation of data disclosure sufficient? * was an appropriate technological environment created for data disclosure? * are the public sector institutions ready to disclose their data?
Read Less...

Report

Production of biometric identity documents

Year Published: 2015

Language: English

Sector: Internal Affairs

Issue: data security

Download

The goal of the international audit (together with SAIs of Belgium, Latvia, Lithuania, Norway, Portugal and Switzerland) was to evaluate management and control of production of personal identificatio
Read More...
The goal of the international audit (together with SAIs of Belgium, Latvia, Lithuania, Norway, Portugal and Switzerland) was to evaluate management and control of production of personal identification documents - whether the document production process in Lithuania is appropriate and ensure that these documents are reliable and secure.
Read Less...

Report

Control procedure of electronic commerce

Year Published: 2015

Language: English

Sector: Public Administration

Issue: Control procedures

Download

Assessment organisation of e-commerce control procedures and provide insights, which would help to improve e-commerce control measures (for example, control of VAT, received for telecommunications, ra
Read More...
Assessment organisation of e-commerce control procedures and provide insights, which would help to improve e-commerce control measures (for example, control of VAT, received for telecommunications, radio and television broadcasting and electronic services)
Read Less...

Report

Management of Police Information Resources

Year Published: 2015

Language: English

Sector: Public Administration

Issue: Information resources

Download

The audit focused on the activities and actions of the Police Department; key issues - startegic planning, information architecture, data security, key project controls.
The audit focused on the activities and actions of the Police Department; key issues - startegic planning, information architecture, data security, key project controls.

Report

Environment of cyber security in Lithuania

Year Published: 2015

Language: English

Sector: Public Administration

Issue: Cybersecurity

Download

Assessment whether cyber security is being ensured in Lithuania : (1) at central level - whether an effective cyber security system has been set up; (2) at institutional level - whether cyber security
Read More...
Assessment whether cyber security is being ensured in Lithuania : (1) at central level - whether an effective cyber security system has been set up; (2) at institutional level - whether cyber security is ensured in public entities. 
Read Less...

Report

Implementation of Single Window e-services

Year Published: 2014

Language: English

Sector: Public Administration

Issue: e-services

Download

Assessment of efficiency of the application of the principle of single window by transferring the public and administrative services into the electronic space and analysis of provision of e-services o
Read More...
Assessment of efficiency of the application of the principle of single window by transferring the public and administrative services into the electronic space and analysis of provision of e-services on both state and municipal levels.
Read Less...

Report

Management of the State Information Resources

Year Published: 2013

Language: English

Sector: Internal Affairs

Issue: General Controls

Download

Assessment of effectiveness of the governance of the state information resources - suitability of the chosen governance model and rationality of the use of the state budget.
Assessment of effectiveness of the governance of the state information resources - suitability of the chosen governance model and rationality of the use of the state budget.

Report

General and Creation Control of Information Systems of the Ministry of Foreign Affairs

Year Published: 2013

Language: English

Sector: Foreign Affairs

Issue: General Controls

Download

Assessment of general controls of Information Systems at the Ministry of Foreign Affairs. Maturity assessment of key governance/ management processes of Ministry of Foreign Affairs Information Syste
Read More...
Assessment of general controls of Information Systems at the Ministry of Foreign Affairs. Maturity assessment of key governance/ management processes of Ministry of Foreign Affairs Information Systems.
Read Less...

Report

Protection of automatically processed personal data

Year Published: 2013

Language: English

Sector: Internal Affairs

Issue: data security

Download

Audit at the State Data Protection Inspectorate (SDPI) was aimed to assess efficiency of the protection and supervision of automatically processed personal data.
Audit at the State Data Protection Inspectorate (SDPI) was aimed to assess efficiency of the protection and supervision of automatically processed personal data.

Report

Management of information resources of the Ministry of Agriculture

Year Published: 2013

Language: English

Sector: Agriculture

Issue: General Controls

Download

Assessment of general controls of Information Systems at the Ministry of Agriculture. Maturity assessment of key governance/ management processes of Ministry of Agriculture Information Systems.
Assessment of general controls of Information Systems at the Ministry of Agriculture. Maturity assessment of key governance/ management processes of Ministry of Agriculture Information Systems.

Report

General and Creation Control of Information Systems of the Ministry of Finances

Year Published: 2012

Language: English

Sector: Public Finance

Issue: General Controls

Download

Assessment of general controls of Information Systems at the Ministry of Finance. Assessment of development of VSAKIS (Public sector accounting and reports consolidation information system). Maturity
Read More...
Assessment of general controls of Information Systems at the Ministry of Finance. Assessment of development of VSAKIS (Public sector accounting and reports consolidation information system). Maturity assessment of key governance/ management processes of Ministry of Finance Information Systems.
Read Less...

Report

Electronic Ticketing in Public Transport of Lithuania

Year Published: 2011

Language: English

Sector: Transportation

Issue: Information System development, Integration

Download

Development of Electronic ticketing (e-ticketing) in public transport of Lithuania with a view to assess the effectiveness of the development and integration of e-ticketing systems.
Development of Electronic ticketing (e-ticketing) in public transport of Lithuania with a view to assess the effectiveness of the development and integration of e-ticketing systems.

Report

Development of Electronic Health Information System and Implementation of Audit Recommendations

Year Published: 2011

Language: Lithuanian

Sector: Health

Issue: Information System development

Download

Results of the development of the National Electronic Health System (NESS). Monitoring the implementation of previous audit recommendations.
Results of the development of the National Electronic Health System (NESS). Monitoring the implementation of previous audit recommendations.

Report

Integration and Reform of Information Systems of Education and Studies Bodies and Organizations in Lithuania

Year Published: 2010

Language: Lithuanian

Sector: Education

Issue: Integration

Download

Integration and transformation of information systems of Lithuanian science and studies and organizations - development and using of LieMSIS.
Integration and transformation of information systems of Lithuanian science and studies and organizations - development and using of LieMSIS.

Report

Information Systems Control in the State Tax Inspectorate

Year Published: 2010

Language: Lithuanian

Sector: Tax Administration

Issue: General Controls

Download

Assessment of Information Systems general controls at the State Tax Inspectorate. Assessment of development of the Tax Accounting Information System (MAIS). Maturity assessment of key governance/ mana
Read More...
Assessment of Information Systems general controls at the State Tax Inspectorate. Assessment of development of the Tax Accounting Information System (MAIS). Maturity assessment of key governance/ management processes.
Read Less...

Report

Use of Certificates of Civil Servants in Electronic Space

Year Published: 2010

Language: Lithuanian

Sector: Public Administration

Issue: Legality of data exchange, data security

Download

Administration of civil servants' certificates and legality of data exchange. Supervision of certification service providers and ensuring data security. Adaptation of public and administrative service
Read More...
Administration of civil servants' certificates and legality of data exchange. Supervision of certification service providers and ensuring data security. Adaptation of public and administrative services for the use of certificates in the electronic space.
Read Less...

Report

Central Electoral Commission Information Systems Control

Year Published: 2009

Language: English

Sector: Public Administration

Issue: General Controls

Download

Assessment of Information Systems general controls at the Central Electoral Commission (CEC). Maturity assessment of key governance/ management processes.
Assessment of Information Systems general controls at the Central Electoral Commission (CEC). Maturity assessment of key governance/ management processes.

Report

General Control assessment of Information Systems in Public Entity Centre of Registers

Year Published: 2009

Language: Lithuanian

Sector: Internal Affairs

Issue: General Controls

Download

Assessment of Information Systems general controls at state enterprise "Centre of Registers". Assessment of development of the Public electronic service for real estate transactions (NETSVEP). Maturit
Read More...
Assessment of Information Systems general controls at state enterprise "Centre of Registers". Assessment of development of the Public electronic service for real estate transactions (NETSVEP). Maturity assessment of key governance/ management processes.
Read Less...

Report

Assessment of general controls of information systems in Lithuanian Geological Survey under the Ministry of Environment

Year Published: 2009

Language: Lithuanian

Sector: Environment

Issue: General Controls

Download

Assessment of general controls of Information Systems at Lithuanian Geological Survey under the Ministry of Environment. Maturity assessment of key governance/ management processes.
Assessment of general controls of Information Systems at Lithuanian Geological Survey under the Ministry of Environment. Maturity assessment of key governance/ management processes.

Report

Assessment of General Control of Information Systems at the State Road Transport Inspectorate under the Ministry of Transport and Communications

Year Published: 2009

Language: Lithuanian

Sector: Transportation

Issue: General Controls

Download

Assessment of Information Systems general controls at the State Road Transport Inspectorate under the Ministry of Transport and Communications. Maturity assessment of key governance/ management proces
Read More...
Assessment of Information Systems general controls at the State Road Transport Inspectorate under the Ministry of Transport and Communications. Maturity assessment of key governance/ management processes.
Read Less...

Report

Assessment of General Control of the Information Systems in the Office of the Seimas

Year Published: 2009

Language: Lithuanian

Sector: Public Administration

Issue: General Controls

Download

Assessment of Information Systems general controls at the Office of the Seimas (the Parliament). Maturity assessment of key governance/ management processes.
Assessment of Information Systems general controls at the Office of the Seimas (the Parliament). Maturity assessment of key governance/ management processes.

Report

Strategic Information Security

Year Published: 2009

Language: Lithuanian

Sector: National Security

Issue: Information security

Download

Assessment of Electronic Information Security at the Crisis Management Center under the Ministry of National Defense of the Republic of Lithuania. Monitoring security of strategic electronic informati
Read More...
Assessment of Electronic Information Security at the Crisis Management Center under the Ministry of National Defense of the Republic of Lithuania. Monitoring security of strategic electronic information, identification, prevention and elimination of threats and vulnerabilities.
Read Less...

Report

Evaluation of Information Systems General Control in the State Service for Protected Areas

Year Published: 2008

Language: Lithuanian

Sector: Environment

Issue: General Controls

Download

Assessment of general controls of Information Systems at the State Service for Protected Areas. Management of Cadastre of Protected Areas and maturity assessment of key governance/ management processe
Read More...
Assessment of general controls of Information Systems at the State Service for Protected Areas. Management of Cadastre of Protected Areas and maturity assessment of key governance/ management processes.
Read Less...

Report

Evaluation of information system in the State Social Insurance Board under the Ministry of Social Security and Labour

Year Published: 2008

Language: Lithuanian

Sector: Social Security

Issue: General Controls

Download

Assessment of general controls of Information Systems at the State Social Insurance Board under the Ministry of Social Security and Labour and maturity assessment of key governance/ management process
Read More...
Assessment of general controls of Information Systems at the State Social Insurance Board under the Ministry of Social Security and Labour and maturity assessment of key governance/ management processes.
Read Less...

Report

Audit of Development of Electronic Health Information System

Year Published: 2008

Language: Lithuanian

Sector: Health

Issue: General Controls

Download

Assessment of general controls of Health information system at the Ministry of Health. Maturity assessment of key governance/ management processes and also covers assessment of development of Electro
Read More...
Assessment of general controls of Health information system at the Ministry of Health. Maturity assessment of key governance/ management processes and also covers assessment of development of Electronic Health Information System.
Read Less...

Report

Evaluation of Information Systems General Control in the Publlic Procurement Office under the Government of the Republic of Lithuania

Year Published: 2008

Language: Lithuanian

Sector: Public Procurement

Issue: General Controls

Download

Assessment of Information Systems general controls at the Publlic Procurement Office under the Government of the Republic of Lithuania. Maturity assessment of key governance/ management processes.
Assessment of Information Systems general controls at the Publlic Procurement Office under the Government of the Republic of Lithuania. Maturity assessment of key governance/ management processes.

Report

Management of Information Society Development Projects Financed by European Union Structural Funds

Year Published: 2008

Language: Lithuanian

Sector: Public Finance

Issue:

Download

Assessment of selection, development, monitoring and assessment of Information Society Development Projects financed from European Union Structural Funds.
Assessment of selection, development, monitoring and assessment of Information Society Development Projects financed from European Union Structural Funds.

Report

Evaluation of Information Systems General Control of AB Rytų skirstomieji tinklai

Year Published: 2007

Language: Lithuanian

Sector: Energy

Issue: General Controls

Download

Assessment of general controls of information systems at the joint stock company "Eastern distribution Networks". Maturity assessment of key governance/ management processes.
Assessment of general controls of information systems at the joint stock company "Eastern distribution Networks". Maturity assessment of key governance/ management processes.

Report

Evaluation of the Information Systems General Control of the Ministry of the Interior of the Republic of Lithuania

Year Published: 2007

Language: Lithuanian

Sector: Internal Affairs

Issue: General Controls

Download

Assessment of general controls of Information Systems at the Ministry of Internal Affairs . Maturity assessment of governance/ management processes. Assessment of development controls of Schengen IS.
Assessment of general controls of Information Systems at the Ministry of Internal Affairs . Maturity assessment of governance/ management processes. Assessment of development controls of Schengen IS.

Report

Evaluation of the General Control of the information system of the Customs Department under the Ministry of Finance of the Republic of Lithuania

Year Published: 2007

Language: Lithuanian

Sector: Internal Affairs

Issue: General and application controls

Download

Assessment of general controls of information systems of Customs Department (under the Ministry of Finance); assessment of application controls of MAKIS (Tax Accounting and Control IS).
Assessment of general controls of information systems of Customs Department (under the Ministry of Finance); assessment of application controls of MAKIS (Tax Accounting and Control IS).

Report

Management of Information Systems of Public Institutions in the Context of E-Governance

Year Published: 2007

Language: Lithuanian

Sector: Public Administration

Issue: Strategy, investment and project management, risk and security management, lifecycle of IS

Download

Assessment of key processes of IT governance/management at the state level
Assessment of key processes of IT governance/management at the state level

Report

Assessment of the Public IT Model of the Federal Public Administration

Year Published: 2019

Language: Portuguese

Sector: Public Administration

Issue: IT Policies and Structures

Download

IT Policies and Structures of the Federal Public Administration
IT Policies and Structures of the Federal Public Administration

Report

Inspection of information usage when managing public policies

Year Published: 2019

Language: Portuguese

Sector: Public Administration

Issue: Data usage

Download

Information usage when managing public policies
Information usage when managing public policies

Report

Assessment of digital technology usage when providing public services

Year Published: 2017

Language: Portuguese

Sector: Public Administration

Issue: Digital Government

Download

Use of eGovernance for providing public services
Use of eGovernance for providing public services

Report

IT Governance Survey - Round 2016

Year Published: 2017

Language: Portuguese

Sector: Public Administration

Issue: IT Governance

Download

Information Technology Governance
Information Technology Governance

Report

Audit on the Federal Government's open data policy

Year Published: 2016

Language: Portuguese

Sector: Public Administration

Issue: Open data

Download

Federal Government's open data policy
Federal Government's open data policy

Report

Audit on Data Openness and public sector transparency in Education

Year Published: 2015

Language: Portuguese

Sector: Education

Issue: Open data

Download

Data Openness and public sector transparency in Education
Data Openness and public sector transparency in Education

Report

Audit on the e-Government services provided by Social Security

Year Published: 2015

Language: Portuguese

Sector: Social Security

Issue: e-services

Download

e-Government services provided by Social Security
e-Government services provided by Social Security

Report

Audit Survey on Open Data and Big Data

Year Published: 2014

Language: Portuguese

Sector: Public Administration

Issue: Open data

Download

Open Data and Big Data
Open Data and Big Data

Report

Inspection of Centralized Guidance on IT Governance: Results and Risks

Year Published: 2013

Language: Portuguese

Sector: Public Administration

Issue: IT Governance

Download

Centralized Guidance on IT Governance
Centralized Guidance on IT Governance

Report

IT trends survey: agile methods within the Federal Public Administration

Year Published: 2013

Language: Portuguese

Sector: Public Administration

Issue: System Development Methodology

Download

Agile methods within the Federal Public Administration
Agile methods within the Federal Public Administration

Report

Audit on the Management System of Government Agreements and Transfer Contracts

Year Published: 2013

Language: Portuguese

Sector: Contract Management

Issue:

Download

Management System of Government Agreements and Transfer Contracts
Management System of Government Agreements and Transfer Contracts

Report

Audit on the National Transplant System

Year Published: 2012

Language: Protuguese

Sector: Health

Issue:

Download

National Transplant system
National Transplant system

Report

Audit Survey on the Management Systems of State-Owned Companies

Year Published: 2010

Language: Portuguese

Sector: Information Systems

Issue: IT systems

Download

Management Systems of State-Owned Companies
Management Systems of State-Owned Companies

Report

Audit on the Integrated System of Tax Debt

Year Published: 2010

Language: Portuguese

Sector: Finance, Tax

Issue: Integrated System of Tax Debt

Download

Integrated System of Tax Debt
Integrated System of Tax Debt

Report

Inspection on Information security within the National Government Gazette

Year Published: 2009

Language: Portuguese

Sector: National Government Gazette

Issue: Information security

Download

Information Security within the National Government Gazette
Information Security within the National Government Gazette

Report

Audit on the Computerized System of Death Control

Year Published: 2009

Language: Portuguese

Sector: Social Security and Health

Issue: Computerized System of Death Control

Download

Computerized System of Death Control
Computerized System of Death Control

Report

Audit on Air Traffic Control System - X 4000

Year Published: 2008

Language: Portuguese

Sector: Transportation

Issue: Air Traffic Control System

Download

Air Traffic Control System
Air Traffic Control System

Report

Control evaluation of salary loans within the Integrated Personnel Management System

Year Published: 2007

Language: Portuguese

Sector: Personnel management

Issue: Salary loan module

Download

Salary loan module of the Integrated Personnel Management System
Salary loan module of the Integrated Personnel Management System

Report

Survey on IT Governance within the Federal Public Administration

Year Published: 2014

Language: Portuguese

Sector: Public Administration

Issue: IT Governance

Download

IT Governance in Public Administration
IT Governance in Public Administration

Report

General Control of State Information Systems

Year Published: 2006

Language: Lithuanian

Sector: Information Systems

Issue: Strategy, investment and project management, risk and security management, lifecycle of IS

Download

Assessment of key processes of IT governance/management at the state level (strategy, investment and project management, risk and security management, lifecycle of IS)
Assessment of key processes of IT governance/management at the state level (strategy, investment and project management, risk and security management, lifecycle of IS)

Report

Cyber Security Strategies of Non-Corporate Commonwealth Entities

Year Published: 2021

Language: English

Sector: Governance

Issue: Cyber Security Strategies

Download

The Australian Government has identified malicious cyber activity as one of the most significant threats affecting government entities, businesses and individuals. Previous ANAO audits have identified
Read More...
The Australian Government has identified malicious cyber activity as one of the most significant threats affecting government entities, businesses and individuals. Previous ANAO audits have identified low levels of compliance with mandatory cyber security requirements under the PSPF. The JCPAA has expressed its concern about entity implementation of mandatory cyber security requirements.
Read Less...

Report

Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2020

Year Published: 2020

Language: English

Sector: Public Finance

Issue: IT Controls and Cyber Security Risks

Download

This report complements the Interim Report on Key Financial Controls of Major Entities financial statement audit report published in May 2020. It provides a summary of the final results of the audits
Read More...
This report complements the Interim Report on Key Financial Controls of Major Entities financial statement audit report published in May 2020. It provides a summary of the final results of the audits of the Consolidated Financial Statements for the Australian Government and the financial statements of Australian Government entities for the period ended 30 June 2020.
Read Less...

Report

Interim Report on Key Financial Controls of Major Entities

Year Published: 2021

Language: English

Sector: Key Internal Controls

Issue: Safeguarding financial information from cyber threats

Download

Focuses on the results of the interim audits, including an assessment of entities’ key internal controls, supporting the 2020–21 financial statements audits. This report examines 25 entities, incl
Read More...
Focuses on the results of the interim audits, including an assessment of entities’ key internal controls, supporting the 2020–21 financial statements audits. This report examines 25 entities, including all departments of state and a number of major Australian government entities. The entities included in the report are selected on the basis of their contribution to the income, expenses, assets and liabilities of the 2019–20 Consolidated Financial Statements.
Read Less...

Report

General Control of Information Systems of the Ministry of Finance of the Republic of Lithuania

Year Published: 2006

Language: Lithuanian

Sector: Public Fund

Issue: General Control, Data Security and Integrity, Governance and management of processes

Download

Control of Computerised Information Management and Supervision System of the European Union Structural Funds and European Union Cohesion Fund
Control of Computerised Information Management and Supervision System of the European Union Structural Funds and European Union Cohesion Fund

Report

National Institute of Statistics of Los Lagos Audit of Information and Communication Technologies

Year Published: 2019

Language: Spanish

Sector: Economy

Issue:

Download

{:en}The purpose of the audit was to carry out an audit of the Information and Communication Technologies macroprocess, at the National Statistics Institute of the Los Lagos Region, hereinafter INE of
Read More...
{:en}The purpose of the audit was to carry out an audit of the Information and Communication Technologies macroprocess, at the National Statistics Institute of the Los Lagos Region, hereinafter INE of the Los Lagos Region, in order to review the infrastructure of the information technologies, computer systems and their respective contracts, considering aspects related to the licenses of the software in use and its ownership; as well as compliance with the control policies, rules, practices and procedures in the period from January 1 to June 30, 2019.
Read Less...

Report

Coquimbo regional government audit of information technology macroprocess

Year Published: 2020

Language: Spanish

Sector: Regiona Government

Issue:

Download

University of La Serena on the macroprocess of IT

Year Published: 2019

Language: Spanish

Sector: Education

Issue:

Download

Municipality of Vallenar - Audit to Information Technologies

Year Published: 2019

Language: Spanish

Sector: Municipalities

Issue:

Download

{:en}The purpose of the audit was to verify the IT infrastructure, computer systems and their respective contracts, considering the aspects related to the software licenses in use and their ownership
Read More...
{:en}The purpose of the audit was to verify the IT infrastructure, computer systems and their respective contracts, considering the aspects related to the software licenses in use and their ownership and the compliance with the control policies, rules, practices and procedures, in the period from January 1 to December 31, 2018. In addition, Compliance with IT-related regulations was evaluated, in accordance with the provisions of Decree No. 83 of 2004 of the Ministry of the General Secretariat of the Presidency, which approves the Technical Standard for the State Administration Bodies on Security and Confidentiality of Electronic Documents, and the Chilean standard NCh-ISO 27.002, of 2009, on Information Security, of the National Institute for Standardization.
Read Less...

Report

Municipality of Iquique on control aspects in information technologies

Year Published: 2019

Language: Spanish

Sector: Municipalities

Issue:

Download

National Fisheries And Aquaculture Service Audit Of Information And Communication Technologies

Year Published: 2019

Language: Spanish

Sector: Economy

Issue:

Download

{:en}The purpose of the audit was to carry out an audit of the macroprocess of Information and Communication Technologies (ICTs) at the National Fisheries Service of the Los Lagos Region, with the aim
Read More...
{:en}The purpose of the audit was to carry out an audit of the macroprocess of Information and Communication Technologies (ICTs) at the National Fisheries Service of the Los Lagos Region, with the aim of reviewing the information technology infrastructure, computer systems and their respective contracts, considering the aspects related to the licenses of the software in use and its ownership; as well as compliance with control policies, standards, practices and procedures, in the period from January 1 to June 30, 2019. Likewise, compliance with the regulations related to ICTs was evaluated, in accordance with the provisions of Decree No. 83, of 2004, of the Ministry General Secretariat of the Presidency, which approves Technical Standard for the Organs of the State Administration on Security and Confidentiality of Electronic Documents.{:}{:es}La fiscalización tuvo por objeto, efectuar una auditoría al macroproceso de tecnologías de la información y comunicación, en el Servicio Nacional de Pesca de la Región de Los Lagos, con la finalidad de revisar la infraestructura de tecnologías de la información, los sistemas informáticos y sus respectivos contratos, considerando los aspectos relacionados con las licencias de los software en uso y su propiedad; así como el cumplimiento de las políticas, normas, prácticas y procedimientos de control, en el período comprendido entre el 1 de enero y el 30 de junio de 2019. Asimismo, se evaluó el cumplimiento de la normativa relacionada con las TIC, de conformidad con lo dispuesto en el decreto No 83, de 2004, del Ministerio Secretaría General de la Presidencia, que Aprueba Norma Técnica para los Órganos de la Administración del Estado Sobre Seguridad y Confidencialidad de los Documentos Electrónicos.{:}
Read Less...

Report

Valparaíso legal medical service on auditing computer controls

Year Published: 2019

Language: Spanish

Sector: Justice

Issue:

Download

Santo Tomás de Limache Hospital on computer controls audit

Year Published: 2019

Language: Spanish

Sector: Health

Issue:

Download

Municipality of Porvenir Audit of institutional functions and procedures

Year Published: 2019

Language: Spanish

Sector: Municipalities

Issue:

Download

Regional Directorate Of The National Institute Of Statistics Of Magellan And Chilean Antarctica-Audit Of The Information Technology Infrastructure, Computer Systems And Their Respective Contract-December 2019

Year Published: 2019

Language: Spanish

Sector: Economy

Issue:

Download

Strengthening Information Security Measures of Local Governments by the Government

Year Published: 2019

Language: English

Sector: Public Administration of Prefectures and municipalities

Issue: IT Security

Download

In 2015, Japan Pension Service was faced with massive data leakage exposing 1.25 million cases of contributors or beneficiaries caused by a series of targeted attacks. In the aftermath, people’s con
Read More...
In 2015, Japan Pension Service was faced with massive data leakage exposing 1.25 million cases of contributors or beneficiaries caused by a series of targeted attacks. In the aftermath, people’s concern spread over the security of upcoming Social Security and Tax Number System. The Government urged local governments to upgrade security levels of computer systems so that people’s “My Numbers” (social security numbers) are secure. Subsidies were broadly distributed to prefectures and municipalities. SAI Japan audited prefectures and municipalities to examine if the security levels were enhanced effectively by the subsidies, and submitted the report to the Diet and the Cabinet in January 2020. This Paper will give a briefing on the findings of the audit report which are composed of 1) if two-factor authentication system and restriction on take-out of information work well; 2) if My Numbers are securely handled in a separated system; 3) if the common gateway offered to municipalities is effectively operated; and 4) if local governments are ready to maintain the enhanced information security level.
Read Less...

Report

Information Security Measures of Japan Pension Service

Year Published: 2016

Language: English

Sector: Operation of Quasi governmental body

Issue: IT Security

Download

Japan has national compulsory pension system with 67 million contributors and 40 million beneficiaries. The data of national pension is managed by Japan Pension Service (JPS), a quasi-governmental age
Read More...
Japan has national compulsory pension system with 67 million contributors and 40 million beneficiaries. The data of national pension is managed by Japan Pension Service (JPS), a quasi-governmental agency. The cyber incident triggered by a series of targeted attacks on JPS in 2015 undermined confidence in information security of Japanese pension system. This paper explains SAI Japan’s special audit report on 1) information security management and operations by JPS before the incident; 2) information security management after the incident; 3) negative impact on JPS’s operations in the aftermath of the incident; and 4) other findings.
Read Less...

Report

Accounting and Budgetory Control System

Year Published: 2015

Language: English

Sector: Public Administration

Issue: Business Needs Identification, IT Security, Business Continuity Plan

Download

DIRECTORATE GENERAL OF CIVIL AERONAUTICS - SYSTEMS AUDIT

Year Published: 2019

Language: Spanish

Sector: Air force

Issue:

Download

{:en}The purpose of the audit was to carry out an examination of the Aeronautical Personnel Computer System, SlPA, and the Aeronautical Medical Computer System, SlMA, together with the computer contra
Read More...
{:en}The purpose of the audit was to carry out an examination of the Aeronautical Personnel Computer System, SlPA, and the Aeronautical Medical Computer System, SlMA, together with the computer contracts of the providers of said systems, and of the communications that support their operations, between 2 January and December 31, 2017. The purpose of the review was to verify the aspects related to the provision of information, the policies, standards, practices and control procedures that emanate from the processes of medical certification and health accreditation of aeronautical personnel, the granting and issuance of aeronautical licenses. Also, verify its reliability, security, integrity and availability of data, such as the interoperability of systems. In the same way, compliance with the regulations related to ICT was evaluated, in accordance with the provisions of Decrees No. 83, of 2004, of the Ministry General Secretariat of the Presidency, which approves the Technical Standard for the organs of the State Administration on Security and Confidentiality of Electronic Documents; and 181, of 2002, which Approves Regulation of Law No. 19,799, on Electronic-Documents, Electronic Signature and the certification of said Firm, of the then Ministry of Economy, Development and Reconstruction, current Ministry of Economy, Development and Tourism.{:}{:es}La fiscalización tuvo por objetivo practicar un examen al Sistema informático de Personal Aeronáutico, SlPA, y al Sistema informático Médico Aeronáutico, SlMA, junto con los contratos informáticos de los proveedores de dichos sistemas, y de las comunicaciones que sustentan sus operaciones, entre el 2 de enero y el 31 de diciembre de2017. La finalidad de la revisión fue constatar los aspectos relacionados con el suministro de información, las políticas, normas, prácticas y procedimientos de control que emanan de los procesos de certificación médica y acreditación de salud del personal aeronáutico, el otorgamiento y emisión de licencias aeronáuticas. Asimismo, verificar su confiabilidad, seguridad, integridad y disponibilidad de los datos, como la interoperabilidad de los sistemas. De igual manera se evaluó el cumplimiento de la normativa relacionada con las TIC, de conformidad con lo dispuesto en los decretos Nos 83, de 2004, del Ministerio Secretaría General de la Presidencia, que Aprueba Norma Técnica para los órganos de la Administración del Estado sobre Seguridad y Confidencialidad de los Documentos Electrónicos; y 181, de 2002, que Aprueba Reglamento de la Ley N° 19.799, sobre Documentos-Electrónicos, Firma Electrónica y la certificación de dicha Firma, del entonces Ministerio de Economía, Fomento y Reconstrucción, actual Ministerio de Economía, Fomento y Turismo.{:}
Read Less...

Report

NATIONAL HEALTH FUND - SYSTEMS AUDIT

Year Published: 2019

Language: Spanish

Sector: Health

Issue:

Download

{:en}The purpose of the audit was to carry out an examination of the computer systems for the sale of health care vouchers for the beneficiaries, both in person and via the web, whether they are medic
Read More...
{:en}The purpose of the audit was to carry out an examination of the computer systems for the sale of health care vouchers for the beneficiaries, both in person and via the web, whether they are medical consultations or procedures with a provider that is in agreement, through free choice, including the functionality of medical licenses; and computer contracts related to the management and disbursement of benefits by 'FONASA, for the period from January 2 to December 31, 2017. The purpose of the review was to verify the aspects related to the policies , norms, practices and control procedures that emanate from said processes. Also, verify the reliability, integrity and availability of the data, such as the interoperability of the systems. In the same order of ideas, the number of transactions carried out on the platform and the hours in which they are carried out were analyzed in the Integrated Insurance Information System. In addition, the falls reported by time and conditions of degradation, intermittency and unavailability of the systems were validated based on the technical reports of incident records for the years 2017 and 2018. Additionally, Compliance with the regulations related to ICT was evaluated, in accordance with the provisions of decrees NOS 83, of 2004, of the Ministry General Secretariat of the Presidency, which Approves Technical Standard for the organs of the State Administration on Security and Confidentiality of Electronic Documents; and 181, of 2002, which Approves Regulation of Law No. 19,799, on Electronic Documents, Electronic Signature and the Certification of said Firm, of the then Ministry of Economy, Development and Reconstruction, current Ministry of Economy, Development and Tourism.{:}{:es}La fiscalización tuvo por objetivo practicar un examen a los sistemas informáticos destinados a la venta de bonos de atención de salud para los beneficiarios, tanto presencial como vía web, sean éstas consultas o procedimientos médicos con un prestador que se encuentre en convenio, a través de libre elección, incluyendo la funcionalidad de licencias médicas; y contratos informáticos relacionados con la gestión y desembolsos de las prestaciones por parte del 'FONASA, para el período comprendido entre el 2 de enero y el 31 de diciembre de 2017. La finalidad de la revisión fue constatar los aspectos que se relacionan con las políticas, normas, prácticas y procedimientos de control que emanan de dichos procesos. Asimismo, verificar la confiabilidad, integridad y disponibilidad de los datos, como la interoperabilidad de los sistemas. En el mismo orden de ideas, se analizó en el Sistema de Información Integrado del Seguro, la cantidad de transacciones realizadas en la plataforma y el horario en que se efectúan. Además, se validaron las caídas reportadas por tiempo y condiciones de degradación, intermitencia e indisponibilidad de los sistemas 'en base a los informes técnicos de registros de incidencias de los años 2017 y 2018. Adicionalmente, se evaluó el Cumplimiento de la normativa relacionada con las TIC, de conformidad con lo dispuesto en los decretos NOS 83, de2004, del Ministerio Secretaría General de la Presidencia, que Aprueba Norma Técnica para los órganos de la Administración del Estado sobre Seguridad y Confidencialidad de los Documentos Electrónicos; y 181, de 2002, que Aprueba Reglamento de la Ley N° 19.799, sobre Documentos Electrónicos, Firma Electrónica y la Certificación de dicha Firma, del entonces Ministerio de Economía, Fomento y Reconstrucción, actual Ministerio de Economía, Fomento y Turismo.{:}
Read Less...

Report

REGIONAL CUSTOMS DIRECTORATE OF IQUIQUE - SYSTEMS AUDIT

Year Published: 2019

Language: Spanish

Sector: Customs

Issue:

Download

Inspection of Information Technologies of the Municipality of Bulnes

Year Published: 2019

Language: Spanish

Sector: Municipalities

Issue:

Download

Hospital Clínico de Magallanes Doctor Lautaro Navarro Avaria - Audit To The Infrastructure Of Information Technologies, Computer Systems And Their Respective Contracts

Year Published: 2019

Language: Spanish

Sector: Health

Issue:

Download

{:en}The purpose of the audit was to verify the information technology infrastructure, computer systems and their respective contracts, at the Hospital Clínico de Magallanes Doctor Lautaro Navarro Av
Read More...
{:en}The purpose of the audit was to verify the information technology infrastructure, computer systems and their respective contracts, at the Hospital Clínico de Magallanes Doctor Lautaro Navarro Avaria, considering the aspects related to software licenses in use and their ownership and compliance. of the control policies, standards, practices and procedures, in the period from August 1, 2018 to July 31, 2019. All of the above, in accordance with Law No. 10,336, of the Office of the Comptroller General of the Republic.{:}{:es}La fiscalización tuvo por objeto, verificar la infraestructura de tecnología de la información, sistemas informáticos y sus respectivos contratos, en el Hospital Clínico de Magallanes Doctor Lautaro Navarro Avaria, considerando los aspectos relacionados con las licencias de software en uso y su propiedad y el cumplimiento de las políticas, normas, prácticas y procedimientos de control, en el período comprendido entre el 1 de agosto de 2018 y el 31 de julio de 2019. Todo lo anterior, en concordancia con la ley N° 10.336, de la Contraloría General de la República.{:}
Read Less...

Report

Regional Directorate INE - Auditing The Macroprocess Of Information and Communication Technologies

Year Published: 2019

Language: Spanish

Sector: Economy

Issue:

Download

{:es}El objeto de la auditoría fue efectuar una fiscalización sobre tecnologías de la información en la Dirección Regional del Instituto Nacional de Estadísticas de Arica y Parinacota, verifican
Read More...
{:es}El objeto de la auditoría fue efectuar una fiscalización sobre tecnologías de la información en la Dirección Regional del Instituto Nacional de Estadísticas de Arica y Parinacota, verificando la infraestructura de los sistemas, el resguardo y seguridad, licencias de los programas computacionales en uso, el cumplimiento de las políticas, normas, prácticas y procedimientos de control, para el período comprendido entre el 1 de enero de 2018 y el 31 de agosto de 2019. {:}
Read Less...

Report

Tarapacá University - Audit of the Macroprocess of Information and Communication Technologies

Year Published: 2019

Language: Spanish

Sector: Education

Issue:

Download

Regional Directorate Social Welfare Institute Information Technology Audit

Year Published: 2019

Language: Spanish

Sector: Social welfare

Issue:

Download

CARABINEROS DE CHILE - SYSTEMS AUDIT

Year Published: 2019

Language: Spanish

Sector: Security

Issue:

Download

{:en}The purpose of the audit was to carry out an examination of the security of the computer platform, as well as the automation system for police units, called "Aupol Digital". Likewise, review t
Read More...
{:en}The purpose of the audit was to carry out an examination of the security of the computer platform, as well as the automation system for police units, called "Aupol Digital". Likewise, review the disbursements related to the "Acquisition and Development and Implementation of a Police Units Automation System" contract, hereinafter "Aupol2.0", during the period from January 1 to December 31, 2017. The review included verifying compliance with the supervisory functions of the procedures and operations carried out in that context, to verify that they comply with the provisions of the regulations that regulate the matter and the principles of control, efficiency and effectiveness. Likewise, compliance with the regulations related to the TlC was evaluated, in accordance with the provisions of Decrees No. 83, of 2004, of the Ministry of the General Secretariat of the Presidency, which Approves Technical Standard for the Organs of the State Administration on Security and Confidentiality of Electronic Documents; and 181, of 2002, which Approves Regulation of Law No. 19,799, on Electronic Documents, Electronic Signature and the Certification of said Firm, of the then Ministry of Economy, Development and Reconstruction, current Ministry of Economy, Development and Tourism.{:}{:es}La fiscalización tuvo por objetivo efectuar un examen a la seguridad de la plataforma computacional, así como al sistema de automatización de unidades policiales, denominado "Aupol Digital". Asimismo, revisar los desembolsos relacionados con el contrato de "Adquisición y Desarrollo e Implementación de un Sistema de Automatización de Unidades Policiales", en adelante "Aupol2.0", durante el período comprendido entre el1 de enero y 31 de diciembre de 2017. La revisión incluyó la verificación del cumplimiento de las funciones de supervisión de los procedimientos y operaciones que se realizan en dicho contexto, para comprobar que estos cumplan con lo dispuesto en las normativas que regulan la materia y los principios de control, eficiencia y eficacia. Asimismo, se evaluó el acatamiento de la normativa relacionada con las TlC, de conformidad con lo dispuesto en los decretos Nos 83, de 2004, del Ministerio Secretaría General de la Presidencia, que Aprueba Norma Técnica para los Órganos de la Administración del Estado sobre Seguridad y Confidencialidad de los Documentos Electrónicos; y 181, de 2002, que Aprueba Reglamento de la Ley N° 19.799, sobre Documentos Electrónicos, Firma Electrónica y la Certificación de dicha Firma, del entonces Ministerio de Economía, Fomento y Reconstrucción, actual Ministerio de Economía, Fomento y Turismo.{:}
Read Less...

Report

UNDER SECRETARY OF SOCIAL EVALUATION - SYSTEMS AUDIT

Year Published: 2019

Language: Spanish

Sector: Social development

Issue:

Download

{:en}The purpose of the audit was to review and evaluate aspects related to information security of those mechanisms and systems that capture, process and store the data managed by the Household Partn
Read More...
{:en}The purpose of the audit was to review and evaluate aspects related to information security of those mechanisms and systems that capture, process and store the data managed by the Household Partner Registry, in order to corroborate that said elements operate efficiently and ensure the integrity, confidentiality and availability of the information, during the period from January 1 to December 31, 2017. In addition, compliance with related regulations related to IT was evaluated, in accordance with the provisions of Decrees No. 83 of 2004 of the Ministry of the General Secretariat of the Presidency, which approves the Technical Standard for the State Administration Bodies on Security and Confidentiality of Electronic Documents; and 181, of 2002, which approves Regulation of Law No. 19,799, on Electronic Documents, Electronic Signature and the Certification of said Signature, of the then Ministry of Economy, Development and Reconstruction, current Ministry of Economy, Development and Tourism, as appropriate .{:}{:es}La fiscalización tuvo por finalidad la revisión y evaluación de aspectos relativos a la seguridad de la información de aquellos mecanismos y sistemas que capturan, procesan y almacenan los datos gestionados por el Registro Socia de Hogares, con el propósito de corroborar que dichos elementos operen eficientemente y aseguren la integridad, confidencialidad y disponibilidad de la información, durante el periodo comprendido entre el 1 de enero y el 31 de diciembre de 2017. Además, se evaluó el cumplimiento de la normativa relacionada relacionada con las TI, de conformidad con lo dispuesto en los decretos Nos 83, de 2004, del Ministerio Secretaría General de la Presidencia, que Aprueba Norma Técnica para los Órganos de la Administración del Estado sobre Seguridad y Confidencialidad de los Documentos Electrónicos; y 181, de 2002, que Aprueba Reglamento de la Ley N° 19.799, sobre Documentos Electrónicos, Firma Electrónica y la Certificación de dicha Firma, del entonces Ministerio de Economía, Fomento y Reconstrucción, actual Ministerio de Economía, Fomento y Turismo, según corresponda.{:}
Read Less...

Report

DEPUTY SECRETARIAT FOR HOUSING AND URBANISM - SYSTEMS AUDIT

Year Published: 2019

Language: Spanish

Sector: Housing and urbanism

Issue:

Download

{:en}The objective was to carry out an audit of the Integrated Subsidy System, called RUKAN 1, and the IT contracts related to the management and disbursement of benefits by the Undersecretariat for H
Read More...
{:en}The objective was to carry out an audit of the Integrated Subsidy System, called RUKAN 1, and the IT contracts related to the management and disbursement of benefits by the Undersecretariat for Housing and Urban Development, for the period between January 1 and December 31, 2017, in order to verify the security and integrity of the data associated with the housing subsidy delivery processes and the interoperability of the systems associated with them. In addition, what was stated by the former Undersecretary for Housing and Urban Development, Mr. lván Leonhardt Cárdenas, through official letter No. 62 of 2018, of that Undersecretariat, regarding possible breaches in the authorization of the J Boss BPM platform of Red Hat2 was considered. Compliance with ICT-related regulations was also evaluated, in accordance with the provisions of Decrees No. 5 83 of 2004 of the Ministry of the General Secretariat of the Presidency; and 181, of 2002, which approves Regulation of Law No. 1 9,799, on Electronic Documents, Electronic Signature and the Certification of said Signature.{:}{:es}El objetivo fue efectuar una auditoría al Sistema Integrado de Subsidios, denominado RUKAN 1, y a los contratos informáticos relacionados con la gestión y desembolsos de los beneficios por parte de la Subsecretaría de Vivienda y Urbanismo, para el período comprendido entre el 1 de enero y el 31 de diciembre de 2017, de manera de constatar la seguridad e integridad de los datos asociados a los procesos de entrega de los subsidios habitacionales y la interoperabilidad de los sistemas asociados a ellos. Además, se contempló lo manifestado por el ex Subsecretario de Vivienda y Urbanismo, señor lván Leonhardt Cárdenas, mediante oficio N o 62 de 2018, de esa Subsecretaría, sobre eventuales incumplimientos en la habilitación de la plataforma J Boss BPM de Red Hat2. También se evaluó el cumplimiento de la normativa relacionada con las TIC, de conformidad con lo d is puesto en los decretos N °5 83, de 2004, del Ministerio Secretaría General de la Presidencia; y 181, de 2002, que Aprueba Reglamento de la Ley No 1 9.799, sobre Documentos Electrónicos, Firma Electrónica y la Certificación de dicha Firma.{:}
Read Less...

Report

MUNICIPALITY OF PROVIDENCE - SYSTEM AUDITS

Year Published: 2018

Language: Spanish

Sector: Municipalities

Issue:

Download

{:es}La fiscalización tuvo por finalidad ejecutar una auditoría a los sistemas y contratos informáticos para los procesos de patentes comerciales y permisos de circulación, implementados por la Mu
Read More...
{:es}La fiscalización tuvo por finalidad ejecutar una auditoría a los sistemas y contratos informáticos para los procesos de patentes comerciales y permisos de circulación, implementados por la Municipalidad de Providencia, para el período comprendido entre el 1 de enero y el 31 de diciembre de 2017. En dicho proceso se consideraron aspectos administrativos; técnicos vinculados con políticas, normas y prácticas; y procedimientos de control relacionados con los sistemas basados en las Tecnologías de la Información, TI , incluidas aquellas actividades de tipo manual o automatizado. {:}
Read Less...

Report

GENERAL TREASURY OF THE REPUBLIC - SYSTEMS AUDIT

Year Published: 2019

Language: Spanish

Sector: Treasury

Issue:

Download

{:en}The purpose of the audit was to carry out an examination of the implementation of the computer systems used in the process of managing the financial investments of the Public Treasury, in order t
Read More...
{:en}The purpose of the audit was to carry out an examination of the implementation of the computer systems used in the process of managing the financial investments of the Public Treasury, in order to manage investment portfolios of individuals, companies, investment funds, mutual funds, investment companies, insurance and other financial institutions, which correspond to the so-called Investment Administration Plans, PLANES, and Investment Portfolio Management, RealAlS, for the period from July 1, 2017 to September 30, 2018. Likewise, review the disbursements related to the contracts related to the provision, implementation and other associates, for the same period with respect to the RealAlS 'software and those made between 2015 and 2018, for the PLANES system, The examination included verifying compliance with the supervisory functions of the procedures and operations carried out in that context, to verify that they comply with the provisions; in the regulations that regulate the matter and the principles of control, efficiency and effectiveness, for the indicated period, in the General Treasury of the Republic. Also, evaluate compliance with the regulations related to the TlC, in accordance with the provisions of Decrees No. 83, of 2004, of the General Secretary Ministry of the Presidency, which Approves Technical Standard for the Organs of the State Administration, on Security and Confidentiality of Electronic Documents; and 181, of 2002, which approves Regulation of Law No. 19,799; on Electronic Documents, Electronic Signature and the Certification of said Signature, of the then Ministry of Economy, Development and Reconstruction, current. Ministry of Economy, Development and Tourism.{:}{:es}La fiscalización tuvo por finalidad practicar un examen a la implementación de los sistemas informáticos utilizados en el proceso de gestión de las inversiones financieras del Tesoro Público, a fin de administrar carteras de inversión de individuos, empresas, fondos de inversión, fondos mutuos, compañías de seguros y otras instituciones financieras, los que corresponden a los denominados Planes de Administración de Inversiones, PLANES, y Manejo de Carteras de Inversiones, RealAlS, para el período comprendido entre el 1 de julio de 2017 y el 30 de septiembre de 2018. Asimismo, revisar los .desembolsos relacionados con los contratos vinculados con la provisión, implementación y otros asociados, para igual periodo respecto del software RealAlS 'y los efectuados entre los años 2015 y 2018, para el sistema PLANES, El examen incluyó la verificación del cumplimiento de las funciones de supervisión de los procedimientos y operaciones que se realizan en dicho contexto, para comprobar que estos cumplan con lo dispuesto; en las normativas que regulan la materia y los principios de control, eficiencia y eficacia, para el período señalado, en la Tesorería General de la República., También, evaluar el cumplimiento de la normativa relacionada con las TlC, de conformidad con lo dispuesto en los decretos Nos 83, de 2004, del Ministerio Secretaria General de la Presidencia, que Aprueba Norma Técnica para los Órganos de la Administración del Estado, sobre Seguridad y Confidencialidad de los Documentos Electrónicos; y 181, de.2002, que Aprueba Reglamento de la Ley N° 19.799; sobre Documentos Electrónicos, Firma Electrónica y la Certificación de dicha Firma, del entonces Ministerio de Economía, Fomento y Reconstrucción, actual. Ministerio de Economía, Fomento y Turismo.{:}
Read Less...

Report

Special examination of the processes of development, implementation and use of the Public Media Registration System (RPM) and Integrated Frequency Systems (SIF)

Year Published: 2019

Language: Spanish

Sector: Public Administration

Issue:

Download

Special examination of pre-contractual, contractual, execution, settlement and use contracts 4300000799 and 4300001508, with their complementary and / or modifications, signed with Motorola

Year Published: 2019

Language: Spanish

Sector: Service - Telecommunications

Issue:

Download

‘Sajala’ Revenue Billing & Collection System in Bangalore Water Supply and Sewerage Board

Year Published: 2018

Language: English

Sector: Billing System

Issue: 1. Design of the system and mapping of business rules 2. Non-maintenance of Data dictionary 3. Information security issues like password management and audit trail 4. Weakness in input, processing control 5. Inconsistencies in data

Download

Computerisation of Motor Vehicles Department

Year Published: 2016

Language: English

Sector: Transport

Issue: 1. Non-formulaton of IT Policy 2. Lack of Data integrity 3. Lack of monitoring and inadequate training 4. Physical Access to IT facilites and poor maintenance.

Download

Audit of Pension Management System of the Directorate of Pension

Year Published: 2017

Language: English

Sector: Finance

Issue: 1. Inadequate Training of Users 2. Issues on Segreaton of duties and data access 3. Lack of BCP/DRP 4. System design deficiencies 5. Absence of input controls and validation checks led to incomplete data

Download

Sikkim Integrated Financial Management System (SIFMS)(2017)

Year Published: 2018

Language: English

Sector: Finance

Issue: 1. Inadequate System Security & Control Mechanism 2. System Design deficiencies 3. Business rules not mapped

Download

"Information Technology Audit on Works and Accounting Management Information System (WAMIS) (2017)"

Year Published: 2018

Language: English

Sector: Office Automation

Issue: 1. Partial implementatoin of WAMIS 2. Non-prepartion of Software Design Document 3. Deficiencies in Change Management process 4. Inefficient user management 5. Lack of Input and Validation controls 6. Deficient MIS module

Download

Information System Audit on ‘Enhanced Advanced Billing, Accounting and Collection Utility System’ (eABACUS) in Kerala Water Authority(2017)

Year Published: 2018

Language: English

Sector: Office Automation

Issue: 1. Deficiencies in System Design 2. Bypassing Segregation of duties 3. Inaccurate mapping of business rules 4. Weak process controls in the system

Download

Information Systems Audit on Computerisation of District Employment Offices

Year Published: 2016

Language: English

Sector: Office Automation

Issue: 1. Delay in completon of modules 2. non-establishment of Disaster Recovery site 3. lack of input and processing control 4. Discrepencies in Migration of Legacy data

Download

Citizen Friendly Services in Transport Department (CFST)

Year Published: 2015

Language: English

Sector: Service

Issue: 1. Adhoc approach while Acquiring Hardware 2. Extra charges paid of data migration 3. Application functionalities deficiencies 4. non-mapping of business rules

Download

Information Technology Audit of Drug Distribution Management System in Tamil Nadu Medical Services Corporation

Year Published: 2017

Language: English

Sector: Office Automation

Issue: 1. Deficiencies in Tender Processing system in the application 2. Inconsistencies in data 3. Incorrect mapping of business rules leading to excess procurement 4. Change Management Control and documention 5. Lack of third-party security assessment

Download

Information Technology Audit on e-Procurement Project

Year Published: 2017

Language: English

Sector: Procurement

Issue: 1. non-mapping of Busines rules 2. Inadequate validation controls in the registration of users 3.Non-supply of Software Design Document, Functional Requirement Specifications Document, Back up policy and Disaster Recovery Plan

Download

Information Technology Audit of SAP Enterprise Resource Planning System at Research Centre Imarat, Hyderabad

Year Published: 2015

Language: English

Sector: ERP System

Issue: 1. Weak logical access control 2. Lack of Segregation of duties 3. Inadequate BCP/DRP 4. Business rules not mapped into the system 5. Inaccurate and unreliable data

Download

IT Audit on implementation of Oracle e-Business Suite (EBS) in Hindustan Copper Limited

Year Published: 2015

Language: English

Sector: ERP System

Issue: 1. Non-formulation of Information Security Policy 2. Inadequate Logical Access control 3. Fraudulent accounting activities

Download

Indian Customs Electronic Data Interchange System (ICES 1.5)

Year Published: 2014

Language: English

Sector: Revenue

Issue: 1. Lack of IT Strategic Plan 2. Inadequate Training Policy 3. Lack of IS Security, User Password Management 4. Inadequate Change Management Policy

Download

Working of Automation of   Central Excise and Service Tax

Year Published: 2015

Language: English

Sector: Revenue

Issue: 1. Non-conforming to provision of IT Act 2. Inadequate Process designing 3. Duplicity of work (manually as well as through system)

Download

IT audit of Computerisation of Salary Accounts

Year Published: 2016

Language: English

Sector: Office Automation

Issue: 1. Non-integratoin with Treasury software 2. Insufficient training leading to non-use of modules 3. lack of Logical Access contols, Password policy

Download

IT audit of Computerisation of Treasury Operation System

Year Published: 2016

Language: English

Sector: Finance

Issue: 1. Non-prepartion of User requirement specification( URS) and Detailed Project Report (DPR) 2. Inadequate application controls 3. Lack of IT Security 4. Inadequate documentation

Download

IT Audit of Hospital Management Information System and Stores Management Information System

Year Published: 2014

Language: English

Sector: Office Automation

Issue: 1. Non-running/Partial running of the application and non-functional modules 2. Inadequate logical access control and password policy 3. Lack of Physical Access Control 4. Improper application control

Download

Online Management, Monitoring and Accounting System in PMGSY

Year Published: 2016

Language: English

Sector: Service

Issue: 1- Non-implemenation of modules 2. Tardy application of database 3. Lack of Application controls 4. Incorrect data entries and unreliable MIS

Download

Information Technology Support System of Revenue Billing in Kanpur Electricity Supply Company Limited, Kanpur

Year Published: 2015

Language: English

Sector: Billing System

Issue: 1. Non-consitution of Steering Committee 2. Inadequate input controls and validation checks 3.lack of BCP/DRP 4. Incorrect mapping of business rules 5. Inadequate change/modification procedure

Download

Information System Audit of “End-to-End Computerisation of Targeted Public Distribution System Operations

Year Published: 2017

Language: English

Sector: Service

Issue: 1. Delay in Project Planning, implementation 2. Deficiencies in digitization of database 3. Supply Chain management was not fully functional 4.Absence of system certification and security audit

Download

Audit of E-Stamping and Property Evaluation and Registration Application ( PRERNA) software in Stamp and Registration Department

Year Published: 2016

Language: English

Sector: Revenue

Issue: 1. Unplanned and delayed implementation of scheme 2. Absence of SRS and non-execution of Software Development Agreement (SDA) 3.Business rules not mapped 4. Improper valuation of deeds. 5. IT Security and Internal Control mechanism

Download

Information Technology Audit Report on Billing Systems in Northern Power Distribution Company of Telangana Limited (TSNPDCL)

Year Published: 2017

Language: English

Sector: Billing System

Issue: 1. lack of IT and Security Policies 2. Lack of interface between various applications 3. Non-migration of legacy data 4. Master table-Design error and incomplete data 5. Lack of Data Security

Download

Information Technology Audit on implementation of e-Panchayat in Telangana

Year Published: 2016

Language: English

Sector: Public Administration

Issue: 1. Slow-implemenation and insufficient non-monitoring of project 2. Procurement of hardware and hiring of services at higher cost 3. Inconsistencies in database

Download

Performance Audit on IT support to Panchayat Accounts including Accounting of Major Schemes

Year Published: 2016

Language: English

Sector: Public Administration

Issue: 1.Unutilization of Hardware procured 2. Incorrect mapping of business rules 3. Improper User Access and Role 4.Inadequate application control

Download

Information Systems Audit on Computerised activities of five Municipal Corporations

Year Published: 2014

Language: English

Sector: Public Administration

Issue: 1. Incomplete and incorrect database 2. Acquisition/ Deficiencies in System Design 3. Ineffective linking of modules 4. Non-segregation of duties 5. Absence of Disaster Recovery Management System

Download

Implementation of e-Governance Initiatives in Chennai Metropolitan Development Authority

Year Published: 2014

Language: English

Sector: Public Administration

Issue: 1. Non-integration of the System 2. Inadequate validation control 3. System Design Deficiencies

Download

Performance Audit (IT) on Computerisation of ticketing system

Year Published: 2016

Language: English

Sector: Service

Issue: 1. Absence of IT Policy, IT Security Policy, Password Policy, Change Management Policy 2. Deficient Project monitoring and evaluation 3. System Design Deficiencies

Download

Performance Audit (IT) on Computerisation of Commercial activities by Rajasthan State Ganganagar Sugar Mills Limited

Year Published: 2016

Language: English

Sector: Office Automation

Issue: 1. Lack of IT Policy and IT Security Policy 2. Deficiencies in System Design 3. lack in mapping of business rules 4.Deficient Input Controls and Validation Checks

Download

Arogya Online in Sawai Man Singh Hospital, Jaipur

Year Published: 2017

Language: English

Sector: Office Automation

Issue: 1. Delay in Project Implementation 2. Inadequate input and output controls 3. Ineffective BCP/DRP

Download

e-Procurement System in Public Works Department (Buildings and Roads)

Year Published: 2017

Language: English

Sector: Procurement

Issue:

Download

e-Procurement System (2014)

Year Published: 2014

Language: English

Sector: Procurement

Issue: 1. non-impementation of modules of e-Procurement 2. Lack of Input control 3. weak access controls and lack of segregation of duties 4. no third party audit 5. Inadequate BCP/DRP

Download

Human Resources Management System (HRMS)

Year Published: 2014

Language: English

Sector: Office Automation

Issue: 1. Data integrity issues 2. Ineffective application controls 3. Inadequate Mapping of business rules

Download

Implementation of Bhagyalakshmi Scheme

Year Published: 2014

Language: English

Sector: Service

Issue: Incomplete data entries of beneficiaries, Delay in processing of applications

Download

e-Procurement - Himachal Pradesh

Year Published: 2018

Language: English

Sector: Procurement

Issue:

Download

GARVI

Year Published: 2016

Language: English

Sector: Revenue

Issue:

Download

e-Procurement

Year Published: 2016

Language: English

Sector: Procurement

Issue:

Download

IFMS (Integrated Financial Management System)

Year Published: 2017

Language: English

Sector: Finance

Issue:

Download

WAMIS (Works and Accounts Management Information System)

Year Published: 2018

Language: English

Sector: Office Automation

Issue:

Download

Mojini – Survey activities

Year Published: 2014

Language: English

Sector: Computerisation in Land Records

Issue:

Download

CCTNS(Crime and Criminal Tracking Network System) - Bihar

Year Published: 2015

Language: English

Sector: Office Automation

Issue:

Download

CCTNS(Crime and Criminal Tracking Network System) - UP

Year Published: 2016

Language: English

Sector: Office Automation

Issue:

Download

IFMS (Integrated Financial Management System)

Year Published: 2016

Language: English

Sector: Finance

Issue:

Download

Police IT 2000

Year Published: 2014

Language: English

Sector: Office Automation

Issue:

Download

SAP ERP in MSPGCL

Year Published: 2017

Language: English

Sector: ERP System

Issue:

Download

e Aushidhi(2015)

Year Published: 2015

Language: English

Sector: Office Automation

Issue:

Download

e-Sishu maintained by Odisha Primary Education Programme Authority (OPEPA)(2014)

Year Published: 2014

Language: English

Sector: Education

Issue:

Download

eRegistration System(2014)

Year Published: 2014

Language: English

Sector: Revenue

Issue:

Download

Implementation of the Integrated Mines and Minerals Management System (i3MS)(2015)

Year Published: 2016

Language: English

Sector: Office Automation

Issue:

Download

Implementation of Odisha Secretariat Workflow Automation System(2015)

Year Published: 2015

Language: English

Sector: Office Automation

Issue:

Download

iSarita(2015)

Year Published: 2015

Language: English

Sector: Revenue

Issue:

Download

e Reservation System in MSRTC(2015)

Year Published: 2015

Language: English

Sector: Service

Issue:

Download

e Tendering(2016)

Year Published: 2017

Language: English

Sector: Procurement

Issue:

Download

EIMS of Water Resource Department(2015)

Year Published: 2015

Language: English

Sector: Office Automation

Issue:

Download

Prisoner Management System(2015)

Year Published: 2016

Language: English

Sector: Office Automation

Issue:

Download

Sampada - E-Registration(2016)

Year Published: 2016

Language: English

Sector: Revenue

Issue:

Download

LT Billing in Kerala State Electricity Board- Open Resource Utility Management Application(ORUMA)(2014)

Year Published: 2015

Language: English

Sector: Billing System

Issue:

Download

FRIENDS Citizen facility for other utility payments(2014)

Year Published: 2015

Language: English

Sector: Service

Issue:

Download

Panchatantra

Year Published: 2015

Language: English

Sector: Public Administration

Issue:

Download

e Procurement(2015)

Year Published: 2016

Language: English

Sector: Procurement

Issue:

Download

PELsoft(2016)

Year Published: 2016

Language: English

Sector: Revenue

Issue:

Download

Systems for collection of Baseline Data and Applications for Energy Accounting in Jharkhand Bijli Vitran Nigam Limited under R-APDRP(2015)

Year Published: 2015

Language: English

Sector: Energy Accounting

Issue:

Download

HT/LT Billing(2015)

Year Published: 2016

Language: English

Sector: Billing System

Issue:

Download

Haryana Registration Information System (HARIS) (2014)

Year Published: 2015

Language: English

Sector: Revenue

Issue:

Download

Drug Logistics Information and Management System(2014)

Year Published: 2015

Language: English

Sector: Office Automation

Issue:

Download

SAP System in GSPC (2014)

Year Published: 2015

Language: English

Sector: ERP System

Issue:

Download

VAT Information System (2015)

Year Published: 2015

Language: English

Sector: Revenue

Issue:

Download

CCTNS in AP (2014)

Year Published: 2015

Language: English

Sector: Office Automation

Issue:

Download

Computer Aided Administration in Registration Department (2014)

Year Published: 2014

Language: English

Sector: Revenue

Issue:

Download

Ministry of Finance and Planning

Year Published: 2018

Language: Arabic

Sector: Public Administration

Issue: IT Controls

Download

Ministry of Awqaf and Religious Affairs

Year Published: 2018

Language: Arabic

Sector: Public Administration

Issue: IT Controls

Download

Ministry of National Economy

Year Published: 2017

Language: Arabic

Sector: Public Administration

Issue: IT Controls

Download

Ministry of Local Government

Year Published: 2017

Language: Arabic

Sector: Public Administration

Issue: IT Controls

Download

Jerusalem Water Undertaking

Year Published: 2017

Language: Arabic

Sector: Public Administration

Issue: IT Controls

Download

Land Authority

Year Published: 2017

Language: Arabic

Sector: Public Administration

Issue: IT Controls

Download

Ministry of Health

Year Published: 2017

Language: Arabic

Sector: Public sector - Health

Issue: IT Controls

Download

High Tension Billing in APSPDCL and APEPDCL (2014)

Year Published: 2014

Language: English

Sector: Billing System

Issue:

Download

VAT Information System (2015)

Year Published: 2015

Language: English

Sector: Revenue

Issue:

Download

E-Panchayat (2016)

Year Published: 2017

Language: English

Sector: Public Administration

Issue:

Download

SNCF Réseau

Year Published: 2018

Language: French

Sector: Public Sector - Transport

Issue: Information systems/ Digital

Download

In order to restore its financial balance on a sustainable basis, SNCF Réseau must undertake recovery measures by generating real productivity gains and controlling its operating costs. The digital r
Read More...
In order to restore its financial balance on a sustainable basis, SNCF Réseau must undertake recovery measures by generating real productivity gains and controlling its operating costs. The digital revolution is spreading too slowly, however, with strong productivity gains.
Read Less...

Report

Certification of Government Accounts for Fiscal Year 2014

Year Published: 2015

Language: French

Sector: Public Administration

Issue: The financial information system

Download

The Court renewed a substantial reservation relating to the financial reporting system of the State, which was still insufficiently adapted to general accounting and audit audits. More than 300 applic
Read More...
The Court renewed a substantial reservation relating to the financial reporting system of the State, which was still insufficiently adapted to general accounting and audit audits. More than 300 applications across all departments form the information system that enables government management in many areas (accounting, taxation, payroll, operating expenses, real estate, treasury, etc.). The main observations concerning the IS can be summarised as follows: The current methods of using Chorus pose a significant risk to the reliability of accounting records, which are not compensated by sufficient automatic or manual controls. The manual entry of accounting entries in Chorus is a frequently used recording method which is, by nature, a source of errors. The clearance controls performed by each department suffer from a lack of centralized oversight to ensure their effectiveness. The complexity of the transfer arrangements in Chorus of accounting entries generated upstream by several applications places a significant risk of errors on the State’s accounts that are not sufficiently offset by the controls put in place. In the tax field, the Médoc application, used for the collection of professional taxes, produces very significant entries by implementing processes insufficiently described and complex to be checked by the Court.
Read Less...

Report

The National Education Human Resources Information System

Year Published: 2020

Language: French

Sector: Public Administration

Issue: Information system

Download

Ambitious program, SIRHEN has experienced a colliding conduct causing numerous drifts. Despite an attempt to restart in 2017, critical failures led to its shutdown. Today, after thirteen years and €
Read More...
Ambitious program, SIRHEN has experienced a colliding conduct causing numerous drifts. Despite an attempt to restart in 2017, critical failures led to its shutdown. Today, after thirteen years and €400 million invested in a tool that is destined to disappear, the department has come back to the starting point to modernize its human resources information system.
Read Less...

Report

Certification of the accounts of the general social security scheme 2014

Year Published: 2015

Language: French

Sector: Public Administration

Issue: Risks relating to the information system

Download

Little progress has been made in information systems and the increasing use of electronic data exchanges has revealed new risks of inaccurate data being recorded and recorded in the accounts.
Little progress has been made in information systems and the increasing use of electronic data exchanges has revealed new risks of inaccurate data being recorded and recorded in the accounts.

Report

The deployment of the Human Resources Information System of economic and financial departments

Year Published: 2015

Language: French

Sector: Public Administration

Issue: Human resources information system

Download

This is a reference from the First President of the Court of Auditors addressed to the Ministry of Finance and Public Accounts concerning the deployment of the Human Resources Information System of Ec
Read More...
This is a reference from the First President of the Court of Auditors addressed to the Ministry of Finance and Public Accounts concerning the deployment of the Human Resources Information System of Economic and Financial Ministries (SIRHIUS). Thus, the SIRHIUS project remains unfulfilled ten years after its launch. The chosen mode of governance explains for a large part the delay noted. While nearly €140 million should be spent on this project, the expected return on investment is now largely hypothetical.
Read Less...

Report

The financial autonomy of universities: a reform to be pursued

Year Published: 2015

Language: French

Sector: Public Administration

Issue: Gaps in information systems

Download

The upgrading of university information systems has not led to the transition to extended responsibilities and competences and the delays observed, in particular in the analysis and reporting function
Read More...
The upgrading of university information systems has not led to the transition to extended responsibilities and competences and the delays observed, in particular in the analysis and reporting functions, deprive university presidents and the ministry of the necessary steering tools. Some functions are not yet properly performed and are characterized by a variety of implemented solutions. While a large number of institutions operate in the same regulatory context, the heterogeneity of information systems found today in universities penalizes them.
Read Less...

Report

Modernizing hospital information systems: a contribution to the efficiency of the healthcare system to be strengthened

Year Published: 2016

Language: French

Sector: Public Administration

Issue: Efficiency of hospital information systems

Download

The ongoing modernisation of hospital information systems, particularly medical information systems, which the Court and the Regional Audit Chambers have analysed, is likely to make an important contr
Read More...
The ongoing modernisation of hospital information systems, particularly medical information systems, which the Court and the Regional Audit Chambers have analysed, is likely to make an important contribution to this essential progress. Under the impetus of successive national plans, in particular the most structuring Digital Hospital programme in force, hospital computing is in fact gradually modernizing. The awareness of the issues it is carrying through the hospital communities, especially the medical profession, is the major fact of recent years. It has helped to redefine hospital IT development strategies.
Read Less...

Report

The information technology function in social security: an indispensable reinforcement

Year Published: 2016

Language: French

Sector: Public Administration

Issue: Economy and efficiency gains not achieved

Download

However, the IT function of the three main social security schemes, which employs 9,000 employees for an annual expenditure of more than €1 billion, is insufficiently used to achieve efficiency gain
Read More...
However, the IT function of the three main social security schemes, which employs 9,000 employees for an annual expenditure of more than €1 billion, is insufficiently used to achieve efficiency gains. Despite reorganisations, the institutional, geographical and functional fragmentation of activities on a very high number of sites and the statutory obstacles to mobility affect the exercise of tasks.
Read Less...

Report

Social security 2016

Year Published: 2016

Language: French

Sector: Public Administration

Issue:

Download

Local organisations cover functional needs not provisionally or sustainably supported by national information systems by developing local applications. They cover extremely diverse realities. National
Read More...
Local organisations cover functional needs not provisionally or sustainably supported by national information systems by developing local applications. They cover extremely diverse realities. National organizations sometimes generalize some later on. The Court observed in the case of the family class that they do not systematically comply with national standards of design and documentation and that they can, therefore present certain risks for the integration of data in central information systems and, where appropriate, for the security of the latter. Lack of national approval of local applications can sometimes lead to risks of deviations from existing legislation.
Read Less...

Report

Certification of the accounts of the general social security scheme 2015

Year Published: 2016

Language: French

Sector: Public Administration

Issue: Security of information systems

Download

The risks related to changes in IT applications, operational incidents and the security of information systems are insufficiently covered by the control devices.
The risks related to changes in IT applications, operational incidents and the security of information systems are insufficiently covered by the control devices.

Report

Report on the application of Social Security financing laws

Year Published: 2015

Language: French

Sector: Public Administration

Issue: The fragilities of information systems

Download

Despite the support, methodological and financial, provided by the financial and health authorities, information systems still pose significant risks for the certification of the accounts of many inst
Read More...
Despite the support, methodological and financial, provided by the financial and health authorities, information systems still pose significant risks for the certification of the accounts of many institutions.
Read Less...

Report

Overseas Issuing Institutes Overseas Issuing Institute (IEDOM) and Overseas Issuing Institute (IEOM)

Year Published: 2020

Language: French

Sector: Economy

Issue: IT trajectory

Download

The IEDOM implements, on behalf of the Banque de France, the central bank tasks in the overseas departments, whose currency is the euro, while the IEOM acts as the central bank in the overseas authori
Read More...
The IEDOM implements, on behalf of the Banque de France, the central bank tasks in the overseas departments, whose currency is the euro, while the IEOM acts as the central bank in the overseas authorities, whose currency is the Pacific franc. It appears necessary to launch a new stage in the realisation of IT synergies between the IEDOM and the Bank of France, leading in particular to the elaboration of a complete roadmap for the rationalisation of the IEDOM application portfolio.
Read Less...

Report

Town of Maubeuge (North)

Year Published: 2019

Language: French

Sector: Public Administration

Issue: IT management - the process of computerized management of collective catering

Download

The municipality has carried out groupings of schools and restoration satellites, as well as the modernization of management by computerizing from end to end since 2015 the registrations, the attendan
Read More...
The municipality has carried out groupings of schools and restoration satellites, as well as the modernization of management by computerizing from end to end since 2015 the registrations, the attendance counts, the billing and the payment, thus streamlining the service and significantly improving the rate of recovery of revenues under management.The audit of the information systems shows a good general functioning despite the lack of interface with accounting management, an area of risk of errors that generates a time-consuming re-entry in the event of unpaid payments. Optimization of the process by grooming access rights and locking settings, initiated during the instruction, should be continued. secure the process of computerized management of collective restoration by updating user access rights and settings. The management process has been computerized from end to end since 2015 (excluding early childhood).
Read Less...

Report

S.A. Air Austral (Reunion Island)

Year Published: 2019

Language: French

Sector: Economy

Issue: Deploy a computer schema

Download

Composed of 12 staff and attached to the General Secretariat, the IT department has as its essential mission the maintenance of the IT network and the management of the technical architecture. One of
Read More...
Composed of 12 staff and attached to the General Secretariat, the IT department has as its essential mission the maintenance of the IT network and the management of the technical architecture. One of the weaknesses of the information system is a lack of integration of this service in the supervision of the various business applications, which are mostly managed directly by the departments. The company does not have a map showing the fragilities of the applications, as recommended by the National Agency for Information Systems Security (ANSSI), as well as the different data flows exchanged between the price management systems, billing and accounting. Applications are heterogeneous and each based on a specific and isolated platform.
Read Less...

Report

Access to higher education: first assessment of the law

Year Published: 2020

Language: French

Sector: Education

Issue: Data exploitation

Download

The Student Guidance and Success Act of 2018 aims to improve the three basic stages of the path of young people who are going to higher education: support and guidance at the high school, assignment i
Read More...
The Student Guidance and Success Act of 2018 aims to improve the three basic stages of the path of young people who are going to higher education: support and guidance at the high school, assignment in a training course, success in the first years of study. The creation of the Parcoursup platform in particular, which has had to cope with many imperatives, has been made without noticeable difficulties, but its security and its sustainability must be ensured, and its data could be exploited to the tune of the stakes.
Read Less...

Report

Safety of ships and their crews

Year Published: 2020

Language: French

Sector: Transports

Issue: Information Systems

Download

The State shall verify the correct application of the rules governing the safety of ships and their crews, whether French-flag vessels or foreign vessels calling at French ports. The assessment carrie
Read More...
The State shall verify the correct application of the rules governing the safety of ships and their crews, whether French-flag vessels or foreign vessels calling at French ports. The assessment carried out by the Court in 2012 showed that, following these disasters, the control system had been strengthened, but without overall consistency and with shortcomings in the coordination and steering of the services concerned, related in particular to deficiencies in their information systems. It points to an incomplete improvement in controls, in particular due to the still inadequate management of the departments responsible for them, since the recommendations formulated on this point by the Court in 2012 have not yet been implemented. While the French model for monitoring the safety of ships and their crews is going to undergo profound changes, the State must measure all the consequences for its future role and positioning.
Read Less...

Report

The Ecole Polytechnique

Year Published: 2020

Language: French

Sector: Education

Issue: Digital Solutions

Download

For example, the School is a recipient of a PIA project entitled “Territories of Educational Innovation: Digital Solutions for Higher Education Orientation”. This project aims to diversify and dem
Read More...
For example, the School is a recipient of a PIA project entitled “Territories of Educational Innovation: Digital Solutions for Higher Education Orientation”. This project aims to diversify and democratize applications to the competition through digital tools for guidance, upgrading and evaluation.
Read Less...

Report

Digital infrastructures for higher education and research.

Year Published: 2020

Language: French

Sector: Public Administration

Issue: Digital Infrastructures

Download

Digital infrastructures are thus the lowest layer of information systems. It is this hardware equipment, excluding software infrastructures, which allows the processing of data (supercomputers, server
Read More...
Digital infrastructures are thus the lowest layer of information systems. It is this hardware equipment, excluding software infrastructures, which allows the processing of data (supercomputers, server clusters, etc.), their transport (optical fibres, wifi terminals, computer routers, etc.) and their storage (computer servers, data centres, etc.). Data exploitation and ultimately the delivery of digital services are based on their level of performance, accessibility and robustness. The quality of these infrastructures is therefore a major challenge of competitiveness for the French scientific and pedagogical supply.
Read Less...

Report

Data from the Ministry of Agriculture and Food

Year Published: 2020

Language: French

Sector: Public Administration

Issue: Data

Download

Since the Digital Republic Act of 2016, data have been considered a central element of the Statebase approach. The Ministry of Agriculture and Food and its operators are both producers and users of da
Read More...
Since the Digital Republic Act of 2016, data have been considered a central element of the Statebase approach. The Ministry of Agriculture and Food and its operators are both producers and users of data (on agricultural holdings and foodstuffs, on European agricultural aid, on crops and livestock, etc.). At the heart of information systems, these data are both tools for public policy and the raw material for new uses (scientific or commercial operations, new services)
Read Less...

Report

The dematerialisation of the issuance of securities by the prefectures

Year Published: 2020

Language: French

Sector: Public Administration

Issue: Digital Procedures

Download

In this context, the “New Generation Prefecture Plan” (NGP) has focused on making better use of digital technologies to redeploy a portion of the workforce to understaffed missions and advancing t
Read More...
In this context, the “New Generation Prefecture Plan” (NGP) has focused on making better use of digital technologies to redeploy a portion of the workforce to understaffed missions and advancing them in skills. As a result, reception at the counter and processing of files were replaced by digital procedures for the application and issuance of four main titles that had so far involved approximately 4,000 agents. The restructuring objectives of the prefectural services were generally achieved despite insufficient preparation and difficult implementation of the IT projects. The lessons of this experience should make it possible to make better use of the potential opened up by dematerialisation and to put at the centre of future reforms the quality of service provided to users.
Read Less...

Report

Fixed broadband and very high-speed networks: a first assessment

Year Published: 2017

Language: French

Sector: Technologies

Issue: Digital Transformation

Download

In 2013, the State committed to cover the entire territory in ten years under the “Plan France très haut débit” to reach in 2022 100% of the 35 million homes and premises for professional use, 8
Read More...
In 2013, the State committed to cover the entire territory in ten years under the “Plan France très haut débit” to reach in 2022 100% of the 35 million homes and premises for professional use, 80% of which are fibre optics up to the customer. For this first review, the Court and the regional audit chambers examined 47 territorial projects covering half the population and one third of the territory. Financial jurisdictions therefore call for updated targets, better consideration of alternative fibre-to-the-subscriber technologies, in order to build a less costly “technology mix”, and to integrate a minimum broadband target for all. In general, the Plan focused on the construction of fixed infrastructures common to all audiences, without thinking about uses, whereas these are only one facet of digital transformation.
Read Less...

Report

The service relationship of social security funds with insured persons in the digital age: transformations to be amplified

Year Published: 2019

Language: French

Sector: Health

Issue: IT Staff

Download

The digital transformation of the service relationship of social security funds with insured persons is clearly under way. However, the offer of teleservices remains incomplete. In addition, policyhol
Read More...
The digital transformation of the service relationship of social security funds with insured persons is clearly under way. However, the offer of teleservices remains incomplete. In addition, policyholders still make extensive use of traditional methods of contact and sometimes carry out redundant procedures. The dematerialisation of the procedures must be continued while ensuring the support of insured persons who need it most in their use of digital tools. It is also necessary to improve the quality of the service provided and to share more widely the teleservices and data of insured persons between social organizations in orderuse of entitlements and improve the payment of benefits in a timely manner.
Read Less...

Report

The Sirhen program

Year Published: 2017

Language: French

Sector: Public Administration

Issue: The replacement of information systems

Download

The aim of the Sirhen programme is to replace the information and human resources management systems of the Ministry of National Education, Higher Education and Research. Launched in 2007 without a pr
Read More...
The aim of the Sirhen programme is to replace the information and human resources management systems of the Ministry of National Education, Higher Education and Research. Launched in 2007 without a precise technical and financial framework, the project encountered difficulties that were poorly mastered and hindered its smooth operation until it led to a fivefold increase in the final cost (from €60 million to €323 million), a stretch until 2023 of the overall schedule and a blocking of the program, the service provider not being able to deliver a version of the tool of a quality suitable for the support of the first agents. The Court noted recent but insufficient improvements to redress the project and stressed the absolute need to secure the programme’s conduct in order to achieve full deployment in 2020 within a strict financial framework.
Read Less...

Report

Digital public service for education

Year Published: 2019

Language: French

Sector: Education

Issue: Digital

Download

In 2013, the Law of Refoundation of the School of the Republic created the «public service of digital education», to teach students the digital techniques for their civic and professional integratio
Read More...
In 2013, the Law of Refoundation of the School of the Republic created the «public service of digital education», to teach students the digital techniques for their civic and professional integration, improve pedagogy through the use of digital services and resources in the classroom, but also promote equal opportunities. The aim was also to modernise the management of the educational service by facilitating relations between teachers, pupils and parents. The connection of schools and schools is still insufficient and, in many cases, non-existent; strong inequalities in the equipment of classes and students remain between the territories; the supply of digital resources, abundant and often innovative, is not organised; without sufficient initial and in-service training, only a minority of teachers are comfortable with digital-based pedagogy.
Read Less...

Report

Very Large Research Infrastructure (TGIR)

Year Published: 2019

Language: French

Sector: Research

Issue: Digital

Download

At the request of the Senate, the Court investigated the Very Large Research Infrastructure (RITF). Between 2012 and 2017, these companies generated €4.2 billion in resources. While positive momentu
Read More...
At the request of the Senate, the Court investigated the Very Large Research Infrastructure (RITF). Between 2012 and 2017, these companies generated €4.2 billion in resources. While positive momentum has been set in motion and continued since the Court’s last recommendations in 2009, there are still room for progress in establishing a national strategy and adapting the steering of the Irts, while the new European Horizon Europe programme is emerging. Three areas have been identified: rethinking the definition of research infrastructures, strengthening their strategic and operational management, and improving financial information to enable informed choices.
Read Less...

Report

DGFIP and DGDDI information systems

Year Published: 2019

Language: French

Sector: Public Administration

Issue: Information Systems

Download

These two directorates alone account for more than a quarter of the government’s IT expenditure and staff outside the Ministry of the Armed Forces. They have extensive information systems, managed w
Read More...
These two directorates alone account for more than a quarter of the government’s IT expenditure and staff outside the Ministry of the Armed Forces. They have extensive information systems, managed with reliability and reliability, but the seniority of certain equipment and applications limits their evolution. Significant structural weaknesses, particularly in governance, strategy and human resource management, are also forcing their digital transformation. The digital transition of the two directorates must now accelerate in order to improve the service provided and increase its performance.
Read Less...

Report

The Dgfip, ten years after the merger

Year Published: 2018

Language: French

Sector: Public Administration

Issue: IT budgets

Download

The creation in 2008 of the Directorate-General for Public Finance (Dgfip) was one of the emblematic reforms of the general revision of public policies. The balance sheet makes it essential for Dgfip
Read More...
The creation in 2008 of the Directorate-General for Public Finance (Dgfip) was one of the emblematic reforms of the general revision of public policies. The balance sheet makes it essential for Dgfip to undergo a genuine transformation by defining a strategy for change and by identifying the main factors that hinder, or even block, its implementation. The sharp decline in IT budgets over the past ten years has weakened already old information systems. The Dgfip has thus accumulated a “technical debt” that focuses on its modernization. The Court recommends taking advantage of digital technology to modernize service to taxpayers.
Read Less...

Report

2018 National Assembly Accounts Certification

Year Published: 2019

Language: French

Sector: Institution

Issue: Information System

Download

The Court of Auditors shall publish the Certification Report of the Accounts of the Senate for the financial year 2018 on 16 May 2019. For the sixth consecutive year, the Court conducted an audit for
Read More...
The Court of Auditors shall publish the Certification Report of the Accounts of the Senate for the financial year 2018 on 16 May 2019. For the sixth consecutive year, the Court conducted an audit for the certification of the Senate’s accounts. This mission, which aims to assess the compliance of the financial statements with the accounting framework, does not concern the management of the resources, material and human, mobilized to ensure its functioning. This report is published by the Court after being posted online by the Senate.
Read Less...

Report

Have qualified staff to succeed in digital transformation

Year Published: 2020

Language: French

Sector: Public Administration

Issue: IT Staff

Download

The Court’s survey of the competent digital personnel resources of economic and financial departments builds on the public reporting in 2018 on the information systems of the budget ministry directo
Read More...
The Court’s survey of the competent digital personnel resources of economic and financial departments builds on the public reporting in 2018 on the information systems of the budget ministry directorates and, in 2016, to user relations and state modernisation. It takes into account the digital transformation strategy adopted by the State in April 2019, titled “TECH.GOUV”, one of the challenges of which is to attract talent to the State-and the Action Plan for Digital and Information and Communication Systems, adopted in May 2019, in order to attract, recruit and retain skills in this field. Implementation of this plan runs until December 2021. The Court noted that the Ministries of Economic and Financial Affairs had difficulties in recruiting and retaining IT staff. To succeed in their digital transformation, they must implement new recruitment methods and strengthen existing ones but also develop their attractiveness.
Read Less...

Report

The digitization of the demand for social housing

Year Published: 2020

Language: French

Sector: Housing

Issue: Digital Transformation

Download

Since the 1990s, the State and its partners have sought to improve the application process. Local IT processing systems have been developed in some departments on the joint initiative of social donors
Read More...
Since the 1990s, the State and its partners have sought to improve the application process. Local IT processing systems have been developed in some departments on the joint initiative of social donors and local authorities. These local arrangements were maintained after the creation in 2009 of the national registration system, the management of which was entrusted in 2014 to a public interest group financed by the State and the Social Rental Housing Guarantee Fund. Over the years, this national system has become the receptacle for all applications for social housing, whether they are filed in paper form with lessors' offices, which is still the majority of cases in 2019, or made online, since 2015, via a public portal. The digitisation of the demand for social housing has led to real progress that can still be expanded; However, there are weaknesses in digital demand management and the development of digital demand management will need to be strengthened to ensure that both users and those responsible for and partners in housing policy benefit fully.
Read Less...

Report

Digital transformation at the Ministry of Ecological and Inclusive Transition: a commitment to be confirmed

Year Published: 2020

Language: French

Sector: Public Administration

Issue: Digital Transformation

Download

The digital transformation, resulting from the generalisation and further development of digital tools and information systems, entails a profound change in the administrative organisation; it introdu
Read More...
The digital transformation, resulting from the generalisation and further development of digital tools and information systems, entails a profound change in the administrative organisation; it introduces new working methods and changes the relationship between users, citizens and agents through tools, products and services based on innovative IT solutions. If it sees a real willingness of the Ministry of Ecological and Solidarity Transition and its main operators to engage in digital transformation, it considers that such a transformation requires a more assertive investment of the Ministry.
Read Less...

Report

The digital services of Pôle emploi: a strategic transformation, major challenges

Year Published: 2020

Language: French

Sector: Public Administration

Issue: Digital Transformation

Download

Facing a sharp rise in unemployment since the economic crisis of 2008, Pôle emploi, the national employment agency, has made digital transformation one of its main levers for adapting to this mass ma
Read More...
Facing a sharp rise in unemployment since the economic crisis of 2008, Pôle emploi, the national employment agency, has made digital transformation one of its main levers for adapting to this mass management and implementing its strategic orientations: to differentiate and personalise the services offered to job seekers and businesses, to increase the means in favor of the public by having the most need, to create the conditions for the autonomy of the public least in difficulty. In 2018, the budget for IT and digital expenditures was €455 million and the Information Systems Directorate had 1,551 full-time equivalent employees. The Court’s investigations into the 2019, which the digital transformation initiated by Pôle emploi in 2015 has profoundly changed the nature and modalities of the service provided by the operator and is now one of its main strategic axes. If the transformation of the business lines and the organisation could have been initiated over a short period, the operator must now face major technical weaknesses.
Read Less...

Report

The pharmaceutical record

Year Published: 2020

Language: French

Sector: Public Health

Issue: Security of personal data

Download

The Court pointed out the potential of the pharmaceutical dossier, while pointing out the lack of an assessment of its impact, both in terms of savings and in preventing adverse drug reactions. It als
Read More...
The Court pointed out the potential of the pharmaceutical dossier, while pointing out the lack of an assessment of its impact, both in terms of savings and in preventing adverse drug reactions. It also highlighted the performance of its IT system, despite certain risks to the security of personal data, and recalled that its conditions for integration into the personal medical file were not yet met. It is necessary to continue developing the pharmaceutical dossier by generalising its use, in particular in health establishments, consolidating its new functionalities and ensuring its articulation with the shared medical record and the digital health space.
Read Less...

Report

Public Housing Board Domanys (Yonne)

Year Published: 2018

Language: French

Sector: Public Administration

Issue: Monitoring

Download

In its review of the management of the National Agency for the Control of Social Housing (Ancols) for the financial years 2015-2017, the Court found that it had begun to carry out its tasks under rath
Read More...
In its review of the management of the National Agency for the Control of Social Housing (Ancols) for the financial years 2015-2017, the Court found that it had begun to carry out its tasks under rather satisfactory conditions, with the exception of its task of monitoring compliance with European law of public aid to social housing.
Read Less...

Report

The agricultural aid payment chain

Year Published: 2018

Language: French

Sector: Agriculture

Issue: Payment chain

Download

Late payments are expected to be settled by the end of 2018, but risk of refusal of discharge remains. The years 2015-2017 were marked in France by significant difficulties in the implementation of th
Read More...
Late payments are expected to be settled by the end of 2018, but risk of refusal of discharge remains. The years 2015-2017 were marked in France by significant difficulties in the implementation of the Common Agricultural Policy (CAP). These dysfunctions are due to the complexity of the agricultural aid payment chain and the proliferation of schemes.
Read Less...

Report

Valuation of data from the IGN, Météo-France and Cerema

Year Published: 2019

Language: French

Sector: Environment

Issue: The opening of public data

Download

The Court examined the issue of the opening of public data of three operators of the Ministry of Ecological and Solidarity Transition: the National Institute of Geographic and Forestry Information (IG
Read More...
The Court examined the issue of the opening of public data of three operators of the Ministry of Ecological and Solidarity Transition: the National Institute of Geographic and Forestry Information (IGN), Weather forecast -France and the Centre for Risk Studies and Expertise, environment, mobility and development (CEREMA), public administrative establishments producing and holding large amounts of data. These operators are required by the law of 7 October 2016 to make their databases and data open, that is to say listed, accessible to the public and reusable free of charge, but recurring application difficulties and insufficient control of this opening limit the exploitation of their data. The State asked those operators to develop their own resources through the sale of their data while proceeding to the free and free dissemination of them. It is essential that the State clarify the rules on data opening and accompany the redefinition of the economic models of its operators to put an end to the paradoxical injunction that threatens the economic equilibrium of these establishments.
Read Less...

Report

The Effective Use of Tablets in State, Church and Independent Primary Schools

Year Published: 2019

Language: English

Sector: Public Sector - Education

Issue: One Tablet per Child Scheme

Download

The use of IT systems to identify skills and professional development needs within the Public Service

Year Published: 2018

Language: English

Sector: Public Administration

Issue: Human Resources Systems

Download

Cyer Security Across Government Entities

Year Published: 2017

Language: English

Sector: Cybersecurity

Issue: Data Management and Data Governance, User Education and Awareness, Malware Protection, Disaster Recovery, Asset Management and Access Controls

Download

Mater Dei Hospital

Year Published: 2016

Language: English

Sector: Public sector - Health

Issue: IT Management, IT Applications, Information Security including Identity and Access Management, IT Operations including Risk Management - Business Impact Analysis, Risk Assessment and Business Continuity Plan and Disaster Recovery Plan

Download

Housing

Year Published: 2015

Language: English

Sector: Social Policy - Housing

Issue: IT Management, IT Applications, Data Management, Information Security and IT Operations including Security Management, Business Continuity - Business Impact Analysis, Risk Assessment Exercise, Business Continuity and Disaster Recovery Plans

Download

Commerce Department

Year Published: 2015

Language: English

Sector: Public Sector - Commerce

Issue: IT Management, IT Applications, Information Security including Security Management, IT Operations including Risk Management

Download

Employment and Training Corporation

Year Published: 2014

Language: English

Sector: Public Sector - Employment

Issue: IT Management, E-Government, IT Applications, IT Operations, Information Security including Business Impact Analysis, Risk Assessment Exercise, Business Continuity and Disaster Recovery Plans, Security Awareness Training

Download

Armed Forces of Malta

Year Published: 2014

Language: English

Sector: Public Sector - Home Affairs

Issue: IT Management, IT Applications, Information Security including Identity and Access Management, IT Operations including Risk Management

Download

Institute of Tourism Studies

Year Published: 2013

Language: English

Sector: Public Sector - Tourism

Issue: IT Management, IT Applications, IT Operations, Information Security including Business Impact Analysis; Risk Assessment Exercise; Business Continuity and Disaster Recovery, Security Awareness Training

Download

Primary and Secondary State Schools

Year Published: 2013

Language: English

Sector: Public Sector - Education

Issue: IT Management, IT Applications, Protection of Information Assets, Information Security, IT Operations including Access Controls, Risk Management, Business Continuity and Recovery

Download

Health - Medicines Authority

Year Published: 2012

Language: English

Sector: Public sector - Health

Issue: IT Management, IT Applications, Protection of Information Assets, Risk Management, Business Continuity and Recovery

Download

Culture and heritage - Heritage Malta

Year Published: 2012

Language: English

Sector: Public sector - Culture

Issue: IT Management, IT Applications, Protection of Information Assets, Information Security including Identity and Access Management, IT Operations including Access Controls, Risk Management, Business Continuity and Recovery

Download

Taxation - Inland Revenue Department

Year Published: 2011

Language: English

Sector: Public Administration

Issue: IT Management, IT Applications, Protection of Information Assets, Risk Management, Business Continuity and Recovery

Download

IT Audit Report on IT Systems in RMA

Year Published: 2019

Language: English

Sector: Central Bank

Issue: Central Bank

Download

IT Audit Report on the Efficiency and Effectiveness in Public Service Delivery through G2C Platform

Year Published: 2019

Language: English

Sector: E-government

Issue: e-government service delivey, g2c, e-goverance, Strategic controls and IT Controls

Download

IT Audit on Core Banking System, Bhutan Development Limited

Year Published: 2019

Language: English

Sector: Financial Institute

Issue: Core Banking System, IT controls

Download

IT Audit on Core Banking System, Bank of Bhutan Limited

Year Published: 2017

Language: English

Sector: Financial Institute

Issue: Core Banking System, IT controls

Download

The Public Accounting System on the SAP ECC 6.0 Platform Audit Report

Year Published: 2016

Language: English

Sector: Public Accounting

Issue: Effectiveness of the IT system

Download

System implementation failing to meet objectives, system configuration not being able to deliver for the requirements, insufficient human resource capacity to sustain the system effectively
System implementation failing to meet objectives, system configuration not being able to deliver for the requirements, insufficient human resource capacity to sustain the system effectively

Report

Making it easier to start a business - joint report by SAI's of Faroe Islands, Finland, Iceland, Norway and Sweden

Year Published: 2019

Language: English

Sector: Public sector digitalisation

Issue: Ease of doing business

Download

Digitalisation of government in Iceland - starting a business - restaurants

Year Published: 2019

Language: Icelandic

Sector: Public sector digitalisation

Issue: Digitalisation of government in Iceland - starting a business - restaurants

Download

Report on the access to IT systems that support the provision of essential services to the Danish society

Year Published: 2015

Language: Danish

Sector: Public Administration

Issue: Protect IT systems and data that support the infrastructure of the Danish society

Download

Report on the Danish government’s tendering of IT operations and maintenance

Year Published: 2016

Language: Danish

Sector: Public Administration

Issue: Tendering of IT operations and maintenance

Download

Report on the protection of IT systems and health data in three Danish regions

Year Published: 2017

Language: Danish

Sector: Public Administration

Issue: IT systems and health data

Download

Report on protection against ransomware attacks

Year Published: 2018

Language: Danish

Sector: Public Administration

Issue: Email-based ransomware attacks

Download

Report on the protection of research data at the Danish universities

Year Published: 2019

Language: Danish

Sector: Public Administration

Issue: Protecting their research data against unknown IT equipment

Download

Has Public Administration Used All Opportunities for Efficient Management of ICT Infrastructure?

Year Published: 2019

Language: Latvian

Sector: E-government

Issue: ICT governance and optimization, and ICT security
CUBE analysis available

Download

ICT governance andoptimization: - the objectives of ICT optimisation in policy planning documents are more defined in “a form of desires”, without specified deadlines and results to be achieved;
Read More...
ICT governance andoptimization: - the objectives of ICT optimisation in policy planning documents are more defined in “a form of desires”, without specified deadlines and results to be achieved; - there is no long-term vision of ICT development and optimisation neither in the country nor in the ministries; - ministries and their subordinated institutions optimise ICT infrastructure corresponding to their understanding and capacity. ICT security: - unified security requirements of ICT infrastructure and data centers are not established for processing information of equal importance; - security threats exist in most server rooms – data centers are not sufficiently protected from physical access and environmental risks; - important information systems are hosted even in low level data centers.
Read Less...

Report

Solutions for the Automation, Monitoring, Oversight and Control of the Operation Conditions of Storage, Pipelines and Terminals for the Transportation of Hydrocarbons

Year Published: 2018

Language: Spanish

Sector: hydrocarbons

Issue: SCADA Systems

Download

Cybersecurity audit of Electronic Banking and payment methods of the Mexican government financial system

Year Published: 2019

Language: Spanish

Sector: Financial system

Issue: Payment Systems

Download

Does the state administration effectively use the stored information?

Year Published: 2017

Language: Latvian

Sector: E-government

Issue: Data exchange between institutions and open data policy

Download

Data exchange between institutions: - state administration institutions do not have sufficient cooperation and not exchange the data electronically. Some institutions still choose the easiest way - t
Read More...
Data exchange between institutions: - state administration institutions do not have sufficient cooperation and not exchange the data electronically. Some institutions still choose the easiest way - they request that a resident should submit to one institution statements issued by another institution. The resident becomes a "courier" and does just that instead of one information system communicating with another to obtain the information necessary for decision-making. State administration could use the accumulated information more effectively without requesting the resident to provide data already available to institutions. - Planning and cooperation organisation of data exchange is fundamentally impeded by a fact that state administration still has not unified information and records on data, mutual movement and access conditions of 178 state and municipal information systems. Data circulation flow is not sufficiently transparent and traceable in order for institutions to have full information for the purposes of planning development of their own information systems and improvement of interoperability. As a result, institutions have difficulty in identifying whether specific information is already accumulated by state administration. In such situations, the institutions usually choose the easiest way: to request the information from the person; - A significant obstacle for establishment of data exchange is the issue of payment. Even though mostly information exchange between the state administration institutions takes place free of charge, yet there are exceptions based on the fact that these institutions are funded not only by the state budget means but also by revenue from services and state fees, including for a simple verification of information in registers. Open data policy: - One of the ways to use data effectively is to create open data clusters by providing access of public data in a machine-readable form, free of charge and without restrictions to accessibility; - However, the list of priority data clusters to be opened has not been developed in this area as well, even though policy planning documents have identified significance and necessity of open data; - Even though one open data portal is planned, it may not be enough if it is not clear what new data clusters will be opened.
Read Less...

Report

Do Archives Ensure the Storage of e-documents?

Year Published: 2016

Language: Latvian

Sector: Public sector - Culture

Issue: Storage of e-documents and data

Download

Storage of e-documents and data: - there is no understanding concerning constantly in data bases stored information and their attributes form an electronic document and are to be selected for transfe
Read More...
Storage of e-documents and data: - there is no understanding concerning constantly in data bases stored information and their attributes form an electronic document and are to be selected for transferring to the archives; - archive information system not introduced - e-documents can’t be transferred electronically to archive; - data from information systems are not transferred to archive.
Read Less...

Report

Efficiency of the process of issuing of biometric passports and supporting information systems

Year Published: 2015

Language: Latvian

Sector: Internal Affairs

Issue: Process of issuance and quality of bio-metric data

Download

The process of issuance of personal identification documents: - the system of issuance of personal identification documents is safe, traceable and compliant, however there is a potential to improve
Read More...
The process of issuance of personal identification documents: - the system of issuance of personal identification documents is safe, traceable and compliant, however there is a potential to improve the system so that it would more focused on needs of people, cheaper and faster. In order to receive a passport sooner than within 10 working days a user is paying double amount of state fee, although judging by its internal resources and employee work load the Office of Citizenship is able to prepare documents within 4 days. This means that the state fee for expedited issuance of passport is unjustified, since Office is able to perform this service within its normal mode of operations. - The internal control developed by Office is insufficient and there are potential risks of fraud. According to the audit findings, in several cases documents were issued during a shorter term by levying the standard tariff for preparation of documents, as well as in some cases document applications were admitted and documents were issued during holidays, outside the office hours of Office departments. The quality of biometric data: - One of the benefits of biometric documents is the possibility to include biometric data which facilitates personal identity check and reduced the potential of fraudulent actions performed by using a document that belongs to another person. The quality of biometric data included in passport is low, this may become an obstacle during border crossing, when data included in the passport are compared with the actual fingerprints. According to the audit findings, the results of the quality control of personal biometric data indicated to significant deficiencies, which Office should eliminate urgently.
Read Less...

Report

Software management assessment in local governments and local government educational institutions

Year Published: 2013

Language: Latvian

Sector: Local Government

Issue: Using of unlicensed software and computer security management

Download

Using of unlicensed software: - 24% of cases the software, whose right to use cannot be proved by the source documents, is used; - 15% of cases the free software, the use of which in a local gover
Read More...
Using of unlicensed software: - 24% of cases the software, whose right to use cannot be proved by the source documents, is used; - 15% of cases the free software, the use of which in a local government or local government educational institution is prohibited in accordance with the software licensing terms, is used. Computer security management: - computer hardware users are granted unlimited rights or administrator rights to work with the computer hardware, which allow users to perform installation of software independently; - the access to every third computer is not restricted by the need of a password and unique user name; - in 10% of cases no antivirus software was installed on the computer hardware, or the license period of the antivirus software has expired, or the latest update of the antivirus database has not been received for over a month
Read Less...

Report

Evaluation of the effectiveness of implementation and compliance with regulatory enactments and the legal framework of the project “E-government Portfolio”

Year Published: 2010

Language: Latvian

Sector: E-government

Issue: Project “E-government Portfolio” implementation

Download

Project “E-government Portfolio” implementation: - availability of information regarding ongoing IT projects in State administration has not improved, developed for it the project management syst
Read More...
Project “E-government Portfolio” implementation: - availability of information regarding ongoing IT projects in State administration has not improved, developed for it the project management system is not being used; - e-services developed are not frequently used and required, the majority of e-services developed are used at a rate of less than 50 times a month, and eight e-services were not available at the time of the audit inspection; - system for electronic circulation of documents and for task control has not been implemented - integration of system with the record management systems in ministries and other State institutions has not been implemented and the exchange of electronic documents has not been automated.
Read Less...

Report

The Common External Relations Information System (CRIS)

Year Published: 2012

Language: 23 EU languages

Sector: EU External Action

Issue: Audit questions: (a) Is CRIS designed to effectively respond to the Commission’s needs? (b) Is the information provided by CRIS reliable? (c) Did the Commission sufficiently secure CRIS and its data?

Download

Lessons from the European Commission’s development of the second generation Schengen information system (SIS II)

Year Published: 2014

Language: 23 EU languages

Sector: Border Control

Issue: Audit questions: (a) Did the Commission deliver SIS II on time? (b) Did the Commission deliver SIS II in line with initial cost estimates? (c) Was there a robust business case for SIS II throughout the project which took into account major changes to the costs and expected benefits? (d) Did the Commission learn and apply lessons from its management of the SIS II development project?

Download

The Land Parcel Identification System: a useful tool to determine the eligibility of agricultural land – but its management could be further improved

Year Published: 2016

Language: 23 EU languages

Sector: Agriculture

Issue: Audit question: Is the Land Parcel Identification System (LPIS) well managed? (LPIS - IT system based on photographs of agricultural parcels used to check payments made under the Common Agricultural Policy).

Download

EU fisheries controls: more efforts needed

Year Published: 2017

Language: 23 EU languages

Sector: Fisheries

Issue: One of the audit questions was "Is the data needed for fisheries management complete and reliable?

Download

A series of delays in Customs IT systems: what went wrong?

Year Published: 2018

Language: 23 EU languages

Sector: Customs

Issue: Audit assessed whether the Customs 2020 programme, together with the related customs legislation, are likely to deliver the IT systems necessary for improving customs operations in the EU. Audit focused on the development of the Union components of new IT systems.

Download

Challenges to effective EU cybersecurity policy (Briefing Paper, not an Audit Report)

Year Published: 2019

Language: 23 EU languages

Sector: Cybersecurity

Issue: The objective was to provide an overview of the EU’s complex cybersecurity policy landscape and identify the main challenges to effective policy delivery.

Download

EU information systems supporting border control - a strong tool, but more focus needed on timely and complete data

Year Published: 2019

Language: 23 EU languages

Sector: Border Control

Issue: Audit questions: (a) Are the EU information systems for internal security well designed to facilitate efficient border checks? (b) Are the EU information systems for internal security providing border guards with relevant, timely and complete information during border checks?

Download

Special audit of information security of the data centers of the Ministry of Finance

Year Published: 2019

Language: Spanish

Sector: Public Sector - Treasury

Issue: Information Security of Data Centers

Download

Audit of special character on the quality and security of the information for the making of management decisions of the substantive processes of the Ministry of Finance

Year Published: 2018

Language: Spanish

Sector: Public Sector - Treasury

Issue: Information quality and security for the management decision making of the primary processes

Download

Report of the Special Audit on the Integration, Quality Management and Security of the Information Systems related to the processes of Administration of the Salary Schedule of the Ministry Of Public Education

Year Published: 2018

Language: Spanish

Sector: Public Sector - Education

Issue: Information integration, quality and security

Download

Special Audit on the Strategic Alignment of Information Technologies and the Continuity of Services Supported in Information Systems of the Ministry of Public Education (MEP)

Year Published: 2018

Language: Spanish

Sector: Public Sector - Education

Issue: Strategic alignment of information technologies and continuity of services supported in information systems

Download

Special audit on the Functionality and Sufficiency of the Automated Systems of the National Pension Directorate

Year Published: 2019

Language: Spanish

Sector: Public Sector - Retirements

Issue: Systems functionality and sufficiency

Download

Report with adjustments, of the Audit of a special character on the Quality and Security of the Information for the making of Management Decisions of the Substantive Processes of the Directorate General of Migration and Foreigners

Year Published: 2017

Language: Spanish

Sector: Public Sector - Migration

Issue: Information quality and security

Download

Special Audit on Technological Controls in the CCSS Collection System

Year Published: 2019

Language: Spanish

Sector: Public sector - Health

Issue: System´s technological controls

Download

The Quality of the Information on Housing Bonds contained in the BANHVI Automated System

Year Published: 2019

Language: Spanish

Sector: Public sector - Bank for Housing

Issue: Information Quality

Download

Special Audit on the Strategic Planning of the Information Technologies in the Legislative Assembly

Year Published: 2017

Language: Spanish

Sector: Legislative Congress

Issue: Strategic planning of information technologies

Download

PA on National Government Financial Management Information System

Year Published: 2015

Language: English

Sector: Public Administration

Issue: IT System- Financial System, IT controls, implementation of feature or modules

Download

Public Procurement Monitoring Office, E-GP

Year Published: 2018

Language: English

Sector: Public Administration

Issue:

Download

This IT audit covers the Public Procurement Monitoring Office’s software package, Electronic Government Procurement (e-GP) with a focus on strategic, operational and administrative controls.
This IT audit covers the Public Procurement Monitoring Office’s software package, Electronic Government Procurement (e-GP) with a focus on strategic, operational and administrative controls.

Report

IT Audit of Public Expenditure Management System (PEMS)

Year Published: 2016

Language: English

Sector: Finance

Issue: ICT System, IT controls, Validations

Download

The Royal Audit Authority (RAA) conducted the audit with an audit objective to determine the existence, adequacy, and effectiveness of controls in Public Expenditure Management System (PEMS) in relati
Read More...
The Royal Audit Authority (RAA) conducted the audit with an audit objective to determine the existence, adequacy, and effectiveness of controls in Public Expenditure Management System (PEMS) in relation to public financial management. The audit also aimed to identify potential security risks that might open vulnerabilities in the system The RAA noted certain improvements brought about in public financial management with the introduction of PEMS in terms of improved efficiency in preparing the Annual Financial Statements of the Royal Government and contributed towards bringing certain consistency in reporting between Department of Public Accounts (DPA) and budgetary agencies. Moreover, mobility of the system was also achieved as the system is now available online as opposed to earlier legacy system.
Read Less...

Report

Performance Audit on Crew Management System Union Government, Railways

Year Published: 2015

Language: English

Sector: Transport

Issue: Information Management

Download

Federal Information Security: Actions Needed to Address Challenges

Year Published: 2016

Language: English

Sector: Law and order

Issue: Cybersecurity

Download

Agencies Need to Improve Controls over Selected High-Impact Systems

Year Published: 2016

Language: English

Sector: Cross-government

Issue: Cybersecurity

Download

Protecting information across government

Year Published: 2016

Language: English

Sector: Cross-government, Public administration

Issue: Information Security

Download

Digital Britain 2: Putting users at the heart of government’s digital services

Year Published: 2013

Language: English

Sector: Cross Government

Issue: E-Governance

Download

Audit of e-Procurement

Year Published: 2014

Language: English

Sector: Cross Government , Public Administration

Issue: E-Governance

Download

Cybersecurity Follow-up Audit

Year Published: 2017

Language: English

Sector: Revenue and Taxation, Personnel Administration and Training, Borders and immigration

Issue: Cybersecurity

Download

myGov Digital Services

Year Published: 2017

Language: English

Sector: Cross Government, Revenue and Taxation

Issue: E-Governance

Download

Cyber Resilience

Year Published: 2016

Language: English

Sector: Agriculture, Industry, Science & Technology

Issue: Cybersecurity

Download

Cyber Attacks: Securing Agencies' ICT Systems

Year Published: 2014

Language: English

Sector: Revenue and Taxation, Personnel Administration and Training, Borders and immigration

Issue: Cybersecurity

Download