ICT & IT Auditing

8/10/2019 ICT & IT Auditing

1/18

ROYAL AUDIT AUTHORITY,

SAI of BHUTAN

19th Working Group on IT Audit

Presentation on ICT & IT Auditingin Bhutan

1


2/18

OVERVIEW OF THE PRESENTATION

I CT Policies & Regulatory Frameworks;

Royal Governments initiatives in the development

of I CT;

Auditing F rameworks;

I T Auditing in Bhutan;

CurrentAchievements in I T Audit; and

Way Forward.

2


3/18

Bhutans Development Philosophy

Gross National Happiness as the middle path for development

4 Pillarsof

GNH

Promotion ofequitable and

sustainablesocio-economicdevelopment

Conservationof the

NaturalEnvironment

Preservationand

promotion ofcultural

values

Establishmentof good

governance

ICT is used as an

enabler as well as a

tool to enhance the

elements of good

governance

ICT is also used in

preserving and

promoting cultural

heritage3


4/18

4

ICT POLICIES & REGULATORY FRAMEWORKS

Constitution of the Kingdom of Bhutan

There shall be freedom of press, radio and television and other forms

of dissemination of information including electronic.

A Bhutanese citizen shall have the right to information.


5/18

5

ICT POLICIES & REGULATORY FRAMEWORKS

Bhutan Information,Communication & Media Act,2006;

Telecommunication Act;

Bhutan ICT Policy & Strategies(BIPS);

Information Sharing Policy;

Information & media Policy;

Information Management SecurityPolicy;


6/18

ROYAL GOVERNMENTS

INITIATIVES

Policy measures

Infrastructure development

E-governance

Content application development

6


7/18

7

AUDITING FRAMEWORKS

There shall be a RoyalAudit Authority to audit

and report on the

Economy, Efficiency

and Effectiveness in the

use of PublicResources

Article 25.1, Constitution of

the Kingdom of Bhutan &

Article 3, of the Audit Act of

Bhutan 2006

Our Vision A premier audit institution that

promotes value for money in

government operations and contribute

towards good governance

Our MissionTo audit without fear or favor or

prejudice and effective use of public

resources and report to the

Parliament and stakeholders for

enhancing transparency and

accountability in the government


8/18

8

IT Auditing in Bhutan

Article 38 (a), Audit Act

The RAA shall carry out financial,

propriety, compliance, special audits and

any other form of audits that the Auditor

General may consider significant and

necessary.

IT related

audits are

conducted

by

IT Audit Section

under Thematic

Audit Division

(established in

July 2007)


9/18

9

Audit on

Budget &

Accounting

System

Audit on

Dzongkhag Local

Area Network

Internet

Connection

ProjectAudit on

Electricity Billing

& Collection

System

OUR ACHIEVEMENTS IN IT AUDIT

Audit on IDRC

Project "improving

rural livelihoods in

Bhutan through

addressing identified

information needs" Audit onInformation

Security


10/18

10

OUR RECENT ACHIEVEMENTS IN IT AUDIT

Audit was conductedamong others to:

To ascertain whether the

rural communities were

benefited from the access to

the Information Centres;

To assess the content &

application system and

ascertain whether it is able

to meet communities

identified information

needs;

To assess the completeness,

adequacy and timeliness of

the information provided by

the Information Centres;

Our Significant impacts :

Extensive deliberation in the

Parliament;

Extensive media coverage;

Proper study and planning

were carried out;

Trained the beneficiaries in the

use of the centers;

Developed comprehensive plan

to revitalize the established

Information Centers and to

address the issues of

sustainability.

Audit on IDRC Project

"improving rurallivelihoods in Bhutan

through addressing

identified information

needs"


11/18

11

OUR RECENT ACHIEVEMENTS IN IT AUDIT

Audit was conductedamong others to:

To determine whether the

IT-related internal control

environment, including

documented policies and

procedures, provide

reasonable assurance ofsafeguarding the

information and IT assets;

To assess whether the

auditee agencies exercise

due care and diligence in

the protection ofinformation and IT assets

from unauthorized access,

disclosure, destruction,

modification, disruption

and other applicable risks

Our Significant impacts :

Deliberated extensively in the

Parliament;

Extensive media coverage;

Endorsed Information Security &

Management Policy;

Created awareness amongst the

top management in terms of the

prevailing security situations.

Audit on

Information

Security


12/18

12

WAY FORWARD

Elevating the present IT Audit Section to fullfledge Division;

Enhance IT Audit Functions in the RAA by

strengthening the staff of IT Audit Section; Build the professional capabilities of the IT

Auditors by infusing relevant skills;

Keep abreast with the advancement intechnologies;

Enhance the use of Audit Tools like IDEA


13/18

13

WAY FORWARD

Automate the audit process (introduction of ERPSystem);

Establish professional institutional relationship

with IT related agencies like Ministry ofInformation & Communication and otherorganizations;

Establish systemic follow-up in IT audits andimpact assessment;

Extend relationship with other SAIs for sharingbest practices and expertise in IT Auditing.


14/18

TASHI DELEG

& THANK YOU

14


15/18

POLICY MEASURES

Exemption of import duties on ICT

equipments;

Declared tax holidays for ICT firms from 3to 5 years;

To provide 75 percent of services online by

2010;

The vision concept of Bhutanese

Information Society

15


16/18

16

INFRASTRUCTURE DEVELOPMENT

Establishment of Community Information

Centers;

Established Local Area Network in all 20

districts;

Installed Thimphu W ide Area Network;

Provided computers and Internet connection in

schools;

Commitment to One Laptop per Child OLPC)

Project;

Video Conferencing On-going);

National broadband Network Plan On-going)


17/18

E-GOVERNANCE INITIATIVES

Developed E-Platform to deliver services online (e.g.

Audit Clearances);

Developed online Asset Declaration;

Online agriculture Marketing information to

provide prompt and reliable market information onagriculture produce (ongoing);

Government Portal (single window/ e-office) forgovernment offices to share information (ongoing);

Online Digital library (ongoing);

Started telemedicine;

17


18/18

18

CONTENT & APPLICATION

DEVELOPMENT

Developed Bhutan Civil Registration System

to facilitate Citizenship ID Cards;

Developed passport system with machine

readable passports;

Developed DZONGKHA LINUX- an

operating system with Dzongkha Desktop;

Hospital Information System Ongoing);

Common Integrated Police Application

Ongoing)

Documents

ICT & IT Auditing