The project strengthen capacity of the SAO to implement ISSAI-based IT audits and develop e-governance.
Project Outcomes:
Improved institutional capacity:
- IT audit was introduced and Big Data analysis was started
- Audit coverage increased up to 85%
- Audits were fully integrated into the AMS system
Upgraded infrastructure and audit tools
- Material and technical base of IT Audit Division has been updated
- Data center for processing and analyzing large volume of data was set up
- Case Analysis Software (CaseWare IDEA) was introduced
- Vulnerability assessment software (RAPID 7 Nexpose and Metasploit Pro) was launched during the audit
- Implementation and administration of the Audit Management System (AMS) started
Improved professional opportunities
- IT Audit Division was set up
- 6 independent IT audits were conducted, 3 internal IT audits, 3 internal security assessment and 21 integrated audits
- IT audit planning methodology, IT audit quality control and assurance guidelines (QC&QA), IT Auditors Professional Development Plan (PDP) were developed
- SAO became a member of INTOSAI IT Audit Working Group (WGITA), EUROSAI IT Working Group (ITWG), and the Subcommittee on Electronic Governance Control
- Collaboration with the US Government Accountability Office (GAO) commenced, 2 pilot audits, information systems audit training and a study visit were conducted
- The auditors of the IT Audit Division were trained in various fields, including:
- BSI ISO / IEC 27001: 2013
- Implementing Cisco Cybersecurity Operations (SECOPS)
- CISSP Course
- ISACA Cyber Security Nexus courses
- RAPID 7 Nexpose and Metasploit Pro courses
- ITIL V3 Foundation
- DataCamp Data Analysis Courses
- IT auditors get internationally recognized certificates:
- CISAs
- CISM
- CSX Audit & Fundamentals
- CISSP
- CEH
- ITIL V3 Foundation
- COBIT 5
- BS ISO / IEC 27001: LA
- BS ISO / IEC 27001: LI
