On 3rd and 4th of March 2020 in Bern, Switzerland, a meeting of IT(A)SA for EUROSAI Group on Information Systems (ITWG) took place.
This subgroup, led by the Swiss SAI, aims to promote and encourage the institutional development of SAIs through self-assessment.
IT Audit Self Assessment (ITASA) and IT Self Assessment (ITSA) are considered as very important instruments and are aimed at periodically assessing the quality of the information technology audit process performed by the supreme audit institutions and the quality of support that IT provides in the activity of the institution.
IT Audit Self-Assessment (ITASA) offers a set of standard actions that contribute to improving the functioning of IT audit in accordance with the requirements of the institution itself. The purpose of conducting an IT audit self-assessment is to provide senior management of the supreme audit institutions with a clear picture of the current situation and level at which the IT audit operates and the manner or actions to be taken in order to this ever-evolving type of audit should be improved.
In addition to the above, supreme audit institutions face great challenges in an environment of high expectations where nothing can function in accordance with standards and best practices without the inclusion of information technology. Without IT, the key processes of the supreme audit institutions cannot function effectively, including risk assessment, planning, reporting, and follow-up of recommendations. IT Self-Assessment (ITSA) is a very useful tool that provides top management with a complete overview of how information technology supports the audit activity and, more broadly, of the supreme audit institution.
At their core, these instruments conclude with the respective assessments and recommendations made to the heads of the supreme audit institutions in order to take appropriate measures to remedy the weaknesses identified by these two processes.
The meeting was attended by representatives of the supreme audit institutions from Poland, The Netherlands, Austria, Belgium, The Czech Republic, Estonia, Germany, Hungary, Ireland, Serbia, Turkey, Romania, Moldova etc.
ALSAI representatives at this meeting, Mr. Bujar Leskaj, Chairman of ALSAI, Mr. Kozma Kondakciu, Head of IT Audit Department and Mr. Aldo Kita, Head of IT Sector held talks and exchanged views with SAI’s executives. participates on issues encountered in the field of IT as well as the possibility of enhancing cooperation and exchange of experiences.
The opening speech of this working subgroup was delivered by the Director of the IT Audit Department at the SAI of Switzerland, Mr. Bernhard Hamberger, who after familiarizing the participants with the aspects of the organization and functioning of the SAI of Switzerland, presented the work done in Switzerland, followed-up by this institution for the management and organization of the IT(A)SA subgroup.
Following the meeting the participants presented and shared the concrete experiences they had during 2019 in developing ITASA and ITSA projects across the respective SAIs. The meeting invited participants from countries that had facilitated the development of these projects as well as from countries where these projects were developed, thereby providing the opportunity to share experiences across a full range of how it works and how an ITASA or an ITSA can be performed.
More specifically, Mrs. Iris Korthagen, representative of the SAI of The Netherlands presented the benefits and opportunities it offers to senior managers of the supreme audit institutions but also to the auditors or specialists of those institutions, developing ITSA or ITASA projects. Her discussion also came as an approach of a newly recruited IT auditor to a supreme audit institution which made her discussion also worthwhile as a presentation of the difficulties or facilities offered by ITASA or ITSA.
Then there was a discussion by the representatives of the German SAI and the Austrian SAI, where Mr. Frank Scherwa as the representative of the German SAI presented his experience as a moderator of an ITASA project developed during 2019 at the SAI of Austria. Austrian SAI representatives, meanwhile, shared their experience from the perspective of an institution in which an ITASA project had just been developed, presenting the great benefits that this project provided to their institution.
During the subgroup meeting there were numerous discussions by representatives of participating SAIs presenting specific views as institutions that had developed IT audit or IT self-assessment, as well as institutions that had conducted or moderated these self-assessments.
The meeting highlighted the idea that an SAI should have quality IT support inside it in order to have a quality IT audit, which clearly demonstrates that even the leaders of this meeting submitted that IT self-assessment also IT audit self-assessment are two powerful tools in the hands of senior managers to improve the weaknesses of SAIs in these two areas.
Albanian Supreme Audit Institution attended this meeting as a supreme audit institution that had previous experience in the years 2016-2017 of the development of ITSA and ITASA projects, the implementation of which has made recommendations to improve aspects which have shown weaknesses by directly impacting on improving and increasing the level of both IT audit and IT support in the State Supreme Audit.
In the function of institutional well-being and functioning as well as following international standards and best practices which suggest that each SAI performs a self-assessment process of IT audit and IT self-assessment every 2 to 4 years, by ALSAI it was requested to develop an IT self-assessment process at the Supreme Audit Office during 2020 and an IT audit self-assessment process during 2021, in the spirit of international co-operation which ALSAI has had and still does, as an important ‘key’ in its work as INTOSAI's motto guides 'Experience Shared, Everyone Benefits'