office of the auditor general – zambia 7th performance auditing seminar of intosai working group...

Office of theAuditor General – Zambia

7th Performance Auditing Seminar of INTOSAI Working Group on

IT Audit ‘Role of SAI's in Promoting Policy for IT

Improvement & Value For Money’

1

Presentation Overview Background and evolution of computing in Government Information Technology Auditing in OAG-Z Adoption of Generally Accepted IT Policies in other Government Agencies

Recommendations issued by OAG and implemented by auditees OAG Recommendations that have improved the process of Acquisition of IT

Services Challenges Conclusion

April 2013 Specialised Audit Department 2

Background Information Communication Technology (ICT) in Zambia started in

the 1980s.

Advancements in technology enhanced efficiency and effectiveness of business processes and service delivery.

Government implemented some systems

10 April 2023 Specialised Audit Department 3

Background continued…… Systems implemented were;

Payroll Management Establishment Control (PMEC) System Land Information Management System (LIMS) Revenue Systems (ITAS, ASYCUDA) Transport Information System – Zambia Transport Information

Systems (ZAMTIS) Utilities System Banking Systems - (National Savings and Credit Bank), and

more recently; Integrated Financial Management Information System (IFMIS)


Background continued…….

Initially, country had no appropriate policy to guide ICT in the country

Government later enacted: Telecommunication Act of 1994 Formulated ICT policy (in April 2006) Information and Communications Technology Act of 2009 The Electronic, Communication and Transport Act of 2009


IT Auditing in OAG-Z OAG-Z restructured in 2005 and established:

MIS section IT Audit section

The IT Audits Section is responsible for carrying out information technology audits.

Produced seventeen (17) IT audits reports, out of which nine (9) have been tabled in Parliament.


Adoption of Generally Accepted IT Policies in Government Agencies

Adopted ISACA standards Integrated auditing approach

As a result: The audit scope and recommendations have been enhanced.


Participation at meetings of international and regional groupings

Recommendations made resulted in clients making improvements

to their systems or they have acquired and implemented new systems using these standards.

Realization of value for money for the clients’ operations.


What recommendations has the Office Issued on IT and seen Implemented

IT Governance IT Security Audit Trail Change Management Business continuity and backup procedures


IT Governance Implementation of ICT Policy and Strategic Plans. e.g. The Ministry

of Finance and the National Savings and Credit Bank

Adoption of internationally recognized standards e.g. ZESCO Limited, Zambia Revenue Authority have adopted the COBIT Framework

Elevation of ICT to policy making level. E.g Some MPSAs and water utility companies have restructured their organizations and ICT functions and in addition, segregation of duties has been enhanced.


Security

Physical and environmental, logical and network controls have either been implemented or strengthened in institutions such as Road Transport and Safety Agency, Payroll Management Establish Control and water utility companies (billing systems).


Audit Trail

The LIMS, PMEC and NATSAVE have implemented audit trails.


Change Management

Implementation of documented Change Management procedures e.g. Ministry responsible for Finance (IFMIS), Zambia Revenue Authoriry (ITAS), University of Zambia and NATSAVE have documented and implemented change management procedures.


Business Continuity Plans and Backup Procedures

Development and implementation of the business continuity plans and backup procedures. e.g ZESCO Limited, Zambia Revenue Authority, University of Zambia, Ministry of Lands and NATSAVE Bank


Recommendations that have been Issued by the Office that have improved the Acquisition of IT Services

Alignment of IT Strategic Plan with overall Strategic Plan to ensure that acquisition of IT systems are in line with business objectives

Establishment of IT Steering or Technical Committee to ensure good governance of the IT projects and resources


Continued….

IT representation at the Decision Making Level to ensure that management recognizes IT opportunities and risks that exist in organization’s operations.

Clients/IT units entering into Service Level Agreements with end users and vendors to ensure services are delivered to desired expectations.


Challenges

The high costs associated with IT auditing training and tools,

Inadequate awareness and appreciation of IT audits by some stakeholders and clients.


Way forward

Continuous IT training (both short and long term)

Sensitization of stakeholders


Conclusion With the above developments and the Office’s close collaboration

and coordination with INTOSAI, ISACA, Cooperating Partners and key stakeholders’ great strides have been achieved in IT auditing.

The Office sensitization campaigns of Cabinet Ministers, Members of Parliament, Chief Executive Officers and senior Government officials has had an impact in promoting policy for IT improvement within the public sector in Zambia.


Continued…. There has been a remarkable increase in the response rate to audit

queries and management letters by Controlling Officers, Chief Executive Officers and Heads of Departments.

The IT audit work plans have been executed timely and the audit reports produced, tabled and discussed by Parliament and most of the recommendations have been implemented by the clients.

Our clients have appreciated our work such that they have invited us to be part of the technical committees responsible for Acquisition of IT systems and interviewing panels.


Thank you


office of the auditor general – zambia 7th performance auditing seminar of intosai working group...

Documents

audit section

audit scope

audit trails

information technology

university of zambia

new systems

zambia revenue authority

formulated ict policy