Report to the Theme II Plenary
XVI INTERNATIONAL CONGRESS OF SUPREME AUDIT INSTITUTIONS
Montevideo, Uruguay: 13th November 1998
Report of the Chairman of the INTOSAI Standing Committee on EDP Audit to the Theme II Plenary.
At the outset, on behalf of the EDP audit committee, I wish to express my most sincere gratitude to all of you for the support to this committee’s work and plans and also for the amount and quality of the discussions on the theme.
The committee held two discussion sessions in the five INTOSAI languages. The overall objective was to provide the committee with an opportunity to consult with the SAIs for finalising the workplan for the period till the XVII INCOSAI .
On the status of work in the three areas of "Information Interchange", "Knowledge Development and Transfer" and "Knowledge and Skill Development" the discussions noted,
- The products featured on the CD, especially the Electronic Compilation of SAI mandates, were appreciated.
- In the context of plans to share software, the cost and effort in maintaining the software need to be given proper consideration.
- IT audit courseware was seen as a timely product by SAIs which were planning courses for themselves or for other SAIs.
- In view of the varying EDP environment in various SAIs a view was expressed to adapt standards and methods to particular needs.
- The Year 2000 problem was seen as a critical issue on which the committee was urged to remain focussed.
- A close liaison between the EDP committee and the Internal Controls standards committee was suggested.
The planned activities, as before, would relate to Information Interchange, Knowledge and Skill Development, Knowledge Development and Transfer. The plan is a mix of continuing projects, follow up on completed projects and some new projects. The plan was fully endorsed by the delegates as appropriate. Some other suggestions on the workplan were as follows:
- The new projects relating to Detection and Prevention of IT related Fraud and Computer related Communications Security might require the assistance of experts in these fields.
- Auditing of IT systems, both regularity and performance, should not be seen as different from the normal audit in view of the wide prevalence of IT in most auditee organisations. However it was recognised that these audits do require special skills. There was thus a related need for the EDP audit Committee to collaborate with the Committee on Auditing Standards so that the Standards for EDP Audit eventually become a part of Auditing Standards. The committee finds this suggestion useful and relevant.
- The identified need to provide assistance, in terms of financing and deputing of experts and designing specific products for their use, to SAIs where both the IT and IT audit functions were not well established.
The committee recommends to the plenary of the XVI INCOSAI the following:
- The Congress endorse the products and activities of the Committee in the past three years.
- The Congress endorse the workplan, for the next three years, of the Committee already circulated at the Congress.
Let me conclude by lauding the work of SAI Netherlands-who have so ably and cogently prepared the summary report for Theme II. Thanks are also due to Mr.Griffith , Head of SAI of Barbados and Mr.Doussari of SAI Kuwait for their valuable assistance in conducting the discussion sessions for the Sub theme.