1 / 12

A broader view of internal audit for NSIs

A broader view of internal audit for NSIs. - application in Ireland and issues to consider Keith McSweeney, Central Statistics Office (CSO), Ireland Q2008 Conference, Rome, 11July08. Introduction - context for presentation . Internal Audit - useful for NSIs

inigo
Download Presentation

A broader view of internal audit for NSIs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A broader view of internal audit for NSIs - application in Ireland and issues to consider Keith McSweeney, Central Statistics Office (CSO), Ireland Q2008 Conference, Rome, 11July08

  2. Introduction - context for presentation • Internal Audit - useful for NSIs • Gap in IT Controls and End-User Computing ? User Confidence in Data quality SOX ESS Code of Practice Public corporations NSIs

  3. Modern IA - what is it? • IA development • TOTALITY OF RISKS that an organisation faces in the achievement of its objectives • Risk-based auditing • Reputational risk (particularly important for NSIs) All risks Financial only

  4. CSO - our IA/Quality structure • Risk-based auditing (Corporate Risk Register) • Q: What other developments are out there in the IA world and what are the implications for NSIs? Private sector Civil Service Strategic Reputational Operational Financial Data quality Quality & Audit function

  5. SOX (Sarbanes-Oxley) • Why SOX ? - User Confidence (ENRON, WORLDCOM) Auditor independence Corporate responsibility Internal controls Fraud accountability White collar crime penalty Accounting policies Anti-fraud programmes IT controls Overall control environment Access to systems & data Programme development & change by end-users Computer operations IT control environment

  6. End User computing (EUC) - what risks to NSIs? • The IT issues to manage are common to all types of systems. More prevalent with EUC ? Question to ponder. Access control? Testing / peer review before ‘go live’? Staff trained to set up and maintain systems? Documentation ? System development done to standard? Change & version control?

  7. Implications for NSIs of End-User Computing Questions NSIs should answer: • Scale of EUC issue - what and where • What controls are in place to manage EUC? • Testing of systems before ‘go live’? • Code written to standard? • Systems documented? • EUC - may be necessary in some cases but it is still a RISK that needs careful management

  8. Implications for ESS Code of Practice • 2 main inputs to produce results - staff (Principle 7- Sound Methodology) & IT (where explicitly?) • No explicit mention that our IT systems need to be to standard • P12 (Accuracy) “Data…outputs are assessed and validated” • How can results be validated without reference to the systems used to produce them?

  9. Conclusion • IT systems - critical input for our work • IT systems need to be to standard • Can we use the Code of Practice to help drive improvements in this area? • Need to make explicit what standard we expect our IT systems to be at - implications for any future self-assessment/peer review exercise

  10. Where is your organisation regarding IT Systems & Controls? Positive • EUC Central IT Negative Controls in place? Flexibility Standards Standards Flexibility

  11. What do you think? Is it an issue?

  12. Thank you • Thank you for your attention • Any questions or comments? • Email: keith.mcsweeney@cso.ie

More Related