On Expenditure for Information Systems and its Benefits

“State institutions spend a lot of money on procurement, management and security of information systems however increasingly more doubts arise as to whether they bring the expected benefits, if systems are managed properly and data in the systems are well protected”, said the Auditor General Ms Rasa Budbergytė when presenting the audit report on Management of Information Systems at the Central Electoral Commission. According to Ms Budbergytė information systems audits conducted by the National Audit Office so far have revealed not only the common problems that most of the state institutions are facing but also their unwillingness or incapability to tackle them. The fact that the Law on Management of the State Information Resources has not been adopted yet does not contribute to the solution of this problem. Central Electoral Commission uses information system where data on political parties, candidates and electors are accumulated and processed, elections and  referendums  outcomes  are  summed up and generalised.

Taking into consideration the fact that those data are of great importance strict control should be exercised over the management of the information systems. Main weaknesses determined during the audit are: no regulation of strategic planning and information systems risk assessment process, insufficiently defined security agent functions, no appointed data managers, insufficient control of personal data management.

Having analysed the process of introduction of internet voting system the auditors determined that it is managed improperly. Since 2006 when Seimas (the Parliament) adopted the concept of such voting the Government appointed two project implementation co-ordinators however manager of the future information system was not appointed. In such a situation there is a risk that functions might be duplicated and responsibility be avoided. The National Audit Office attracted the Government’s attention to the fact that Information Society Development Committee should not be assigned the functions of co-ordination and implementation of the Programme for Introduction of Internet Voting as according to management principles those functions should be separated. The National Audit Office provided this recommendation already in 2006 however it has not been implemented yet.

Some years ago it was envisaged to spend 2 million Litas for the Programme for Introduction of Internet Voting System however 650 thousand Litas have been spent so far only for the preparation of documentation on the establishment of the internet voting system and acquisition of pilot version of the system. Now it is envisaged to spend up to 12 million Litas for the entire system. During the audit it was determined that neither the Central Electoral Commission nor Information Society Development Committee when implementing the Programme for Introduction of Internet Voting System have carried out cost-benefit analysis of the future information system therefore there is a risk that this might actually increase overall election expenditure instead of reducing it. The National Audit Office as far back as 2007 proposed to determine an obligation to carry out cost-benefit analysis for information society development projects into the State Capital Investment Planning Methodology however amendments to the Methodology have not been developed and approved so far.
Auditors denoted that the Central Electoral Commission have not developed and approved information systems continuity management plan and procedure for backup storage therefore there is a risk that recovery after a disaster might be unplanned and hardly controllable that is why election organisation and implementation process might get interrupted. Information system security problems might cause a risk that personal and sensitive personal data might get damaged.

In its recommendations to the Central Electoral Commission the National Audit Office proposes to strengthen information systems management control, to increase effectiveness of their administration. The Central Electoral Commission is recommended to perform management functions for the future internet voting information system after the Seimas adopts acts regulating internet voting and implementation of the internet voting project is resumed.



Public audit report is available in Lithuanian:
Central Electoral Commission Information Systems Control