Report to the 46th Governing Board of the INTOSAI
Report of Mr. V. K. Shunglu, Comptroller and Auditor General of India and Chairman of the INTOSAI Standing Committee on EDP Audit to the 46th Meeting of the INTOSAI Governing Board.
Vienna, Austria: May1999
Mr. Chairman and distinguished colleagues,
I have the honour to present this report on the INTOSAI Standing Committee on EDP Audit.
My last report to the Governing Board was made on the eve of the XVI INCOSAI held in November 1998 at Montevideo. The report focussed on the workplan for the next three years that the committee proposed to place before the Congress.
In the present report I propose to focus on the main issues that arose out of the discussions on the work and plans of the INTOSAI EDP Audit Committee.
The work of the committee was discussed in two sessions during the XVI INCOSAI. Delegates' comments and suggestions were as follows:
Approval of the products featured on the CD, especially the Electronic Compilation of SAI mandates.
IT audit courseware was seen as a timely product by SAIs which were planning courses for themselves or for other SAIs
In the context of plans to share software, the cost and effort in maintaining the software needed to be given proper consideration.
The Year 2000 problem was seen as a critical issue on which the committee was urged to remain focussed.
A close liaison between the EDP committee and the Internal Controls standards committee was suggested.
The work plan which, is a mix of continuing projects, follow up on completed projects and some new projects, was fully endorsed by the delegates as appropriate. Some other suggestions on the workplan were as follows:
The new projects relating to Detection and Prevention of IT related Fraud and Computer related Communications Security might require the assistance of experts in these fields.
Auditing of IT systems should not be seen as different from the normal audit in view of the wide prevalence of IT in most auditee organizations. However it was recognized that these audits required special skills. There was thus a related need for the EDP audit Committee to collaborate with the Committee on Auditing Standards so that the Standards for EDP Audit eventually become a part of Auditing Standards.
- The identified need to provide assistance, in terms of financing and deputing of experts and designing specific products for their use, to SAIs where the IT and IT audit functions were not well established.
The committee concluded its presentation to the plenary of the XVI INCOSAI by seeking its endorsement for the products and activities of the Committee in the past three years and for its workplan, for the next three years.
I also take this opportunity to also keep my colleagues on the Governing Board abreast of the activities of the committee in the few months that have elapsed since the Governing Board last met in November 1998.
In the field of "Information Interchange" the Committee has brought out the 9th issue of intoIT. This issue contains a country focus article on Slovenia, a report on the Performance Audit Seminar held at Stockholm, an article on the Committee's work-plan upto 2001; an update on the Year 2000 issue and an article on the Committee's website. The intoIT is also featured on the Committee Website. We have been informed recently that SAI, Oman has begun hosting an Arabic version of the Committee's Website and I am confident that this gesture would be emulated by other SAIs possessing capabilities in other INTOSAI languages. I would also like to report that SAI, Sweden has since circulated the proceedings of the Seminar on Performance Audit of the use of IT to all SAIs.
In the field of "Knowledge and Skill Development" the Committee included the entire IT Audit Courseware in the CD distributed by the Committee during the XVI INCOSAI. Further, the IT Audit Courseware was used by SAI India for a course on IT Audit for several SAIs from the Asian, African and Pacific regions in January-February 1999.
In the area of "Knowledge Development and Transfer" the Year 2000 issue is the subject of a follow up article in the 9th Issue of the intoIT. Preparatory work on the new projects have begun.
Members of the Governing Board will be aware that at our 45th Meeting at Montevideo, we had accepted a proposal made by the US delegation that a group comprised of the chairs of the Committees and Working Groups be constituted to study issues such as ways to disseminate and promote the use of committee products, standardize formats for products, and update the Committee Handbook. In pursuance of this a meeting of the Committee has been scheduled for tomorrow afternoon.
The deliberations of this Committee will presumably deal with certain technical aspects of information technology involving dissemination of information through electronic means such as CDs or internet or through paper outputs that would also involve word processing and desktop publishing. As chair of the EDP Audit Committee, some steps have been taken in my office to identify and examine the different options that are available so that in its next meeting, to be held in Zimbabwe on 7th and 8th October this year, the EDP Audit Committee where a number of subject matter specialists assemble , could discuss the various alternatives and formulate certain appropriate technical options. During this meeting the Committee would also review its work and take forward its plan of action for the next three years.
On behalf of my colleagues in the Committee and myself , I thank the Chairman and my distinguished colleagues for their guidance, encouragement and support to this committee.