Main page
ETC/ITWG Seminar “SAIs in Control of IT”


ETC/ITWG SEMINAR “SAIs IN CONTROL OF IT”

Vilnius, Lithuania

16-17 June 2005

 

Participants List Presentations and
Handouts
Information for EUROSAI
Newsletter
Photos

 

This training event gives an opportunity for SAIs to gain an increased understanding of IT governance and how to familiarize themselves with COBIT in general and with its use for IT self assessment in particular. The measurement and management of (internal) IT performance will be the focal point. The training takes an interactive approach to learning: it is practically oriented and includes case studies.

Background of the training event
During the first meeting of the Eurosai IT Working Group (The Hague, 2002), the members expressed the need for a methodology for IT self assessment by SAIs. A project team was set up to come up with a proposal. The methodology which they presented during the second meeting of the IT WG (Bern, 2004) was based on the experiences gained by applying an earlier draft to three SAIs: in Denmark, Lithuania and Spain a successful test of the methodology took place.

The Eurosai Training Committee (ETC) was established in 2000 to deal with 'all training issues'. The ETC studied the training needs of SAIs. Their survey shows that IT is in the top 10 list of important training issues and that IT auditing is one of the major areas of interest. One of the objectives of the ETC is to support the Eurosai Workings Groups. So reasons enough for Eurosai Training Committee and Eurosai IT Working Group to decide to jointly organize the training event 'SAIs in control of IT'.

The first seminar took place in Lisbon on October 13-14, 2004 and was aimed to give an increased knowledge and better preparation for the SAIs - members of the Eurosai IT Working Group - to carry out IT self assessment.

After the Lisbon seminar IT self-assessment was recognised as an important issue for IT management among the SAIs - members of the Eurosai IT Working Group: self-assessment is already accomplished in 12 SAIs, and currently being widely spread within the Eurosai IT Working Group. Alternatively, practical aspects of the self-assessment influenced the methodology, and now the latest 2.1 version answers more precisely SAIs needs.

Responding positively to the EUROSAI needs to get better awareness in IT related issues, Eurosai Training Committee (ETC) and the Eurosai IT Working Group has decided to extend training 'SAIs in control of IT' aiming it primarily at the SAIs - members of the EUROSAI who are not members of the Eurosai IT Working Group.

Objective of the training event
The 2nd seminar in Vilnius has the aim to prepare SAIs for an IT self assessment from a technical and a management point of view. Next to that, the participating SAIs will be made familiar with the methodology that can be used for such a self assessment. COBIT is the crucial basis of this methodology and that is why quite some time will be spent on introducing COBIT in and identifying the possibilities for SAIs to use it. Next to IT self assessment, attention will also be paid to the use of COBIT in SAI's audit practices, especially in creating an approach to auditing the IT function and the security and control of information systems.

The relevance of COBIT for SAIs.
COBIT, Control Objectives for Information and related Technology, is designed as a tool for IT governance that helps in understanding and managing the risks and benefits associated with information and related IT. COBIT is developed by the Information Systems Audit and Control Foundation (ISACF). It is a broadly accepted standard and documents can be downloaded free of charge from the ISACA-website (www.isaca.org).

The use of COBIT by a SAI contributes to the work of the SAI by insuring the quality and performance of the SAI's own IT environment and by promoting awareness of IT governance. It helps to develop the capacity of a SAI to meet its strategic goals through the use of IT. Next to that, SAIs can also use COBIT to audit information systems as part of their financial audits or their other audit work. COBIT is used by quite a number of companies within the private sector. It is also of strategic importance for the public sector in general.

Who should attend?
The target group for the training event can be derived from its main objective: to prepare SAIs for an IT Self Assessment. So those SAI-employees could attend that play a crucial role in such a self assessment. This means that each participating SAI should be represented by two persons:

- one representing the business process owners (audit manager),

- the (other representing the) IT process owner (i.e. the head of the internal IT department).

During the training event these two colleagues will have the opportunity to discuss IT governance issues within their SAI in a neutral setting. Next to that, they will be able to exchange experiences with colleagues from other SAIs. When they return to their SAIs, they are expected to be the initiators and stimulators of an IT self assessment.

Vilnius training event - continuation of Lisbon training event.
Lisbon training event was attended by 34 participants from 14 SAIs of the Eurosai IT Working Group, and a participant from Brazilian Court of Auditors - those who were willing to perform the self-assessment before end of 2005. Vilnius training event is targeted primarily at the SAIs - members of the EUROSAI who are not members of the Eurosai IT Working Group.

To make the training event as effective as possible, it is decided to reduce the number of participants to 44. Next to that, it was considered to be important to allow each SAI to send two participants. This means that the training event allows for a maximum of 22 participating SAIs.

Therefore, some of Eurosai IT Working Group member SAIs who are willing to perform the IT self-assessment, but were not able to take part in Lisbon training, will also be invited.Vilnius training event is not the last one - the organizers are ready to go for the 3rd seminar, if the EUROSAI community considers it is important and helpful.

The organisers
The training event is a joint effort of the Eurosai Training Committee and the Eurosai IT Working Group. The Lithuanian National Audit Office takes responsibility for the training event in Vilnius.



PROGRAMME

 Thursday, June 16th, 2005

8.30 - 8.45

Welcome and opening of the seminar by Auditor General Mrs. Rasa Budbergytė and Director of IT Department Mr. Dainius Jakimavičius

   

8.45 - 10.00

Introduction, benefits and necessity of IT self assessment (Paul Mantelaers, The Netherlands)

   

10.00 - 10.15

Coffee Break
   

10.15 - 12.15

Introducing COBIT - workshop part 1 (Erik Guldentops, Belgium)
   

12.30 - 14.00

Lunch
   

13.45 - 15.15

Introducing COBIT - workshop part 2 (Erik Guldentops, Belgium)
   

15.15 - 15.30

Coffee Break
   

15.30 - 17.00

Introducing COBIT - workshop part 3 (Erik Guldentops, Belgium)

Friday, June 17th, 2005

9.00 - 10.00

COBIT based IT Self Assessment - part 1 (Massimo Magnini, Switzerland) The methodology.

   

10.00 - 10.45

Impacts of the self-assessment on the SAIs (Dainius Jakimavičius, Lithuania)
   

10.45 - 11.00

Coffee Break
   

11.00 - 12.15

COBIT based IT Self Assessment - part 2 (Massimo Magnini, Switzerland) Workshop (focussing on pitfalls, do's and don'ts, best practices)

   

12.30 - 13.30

Lunch
   

13.30 - 15.00

The use of COBIT in auditing - workshop part 1 (Rune Johannessen, Norway) Case of Norway; experiences

   

15.00 - 15.15

Coffee Break
   

15.15 - 16.45

The use of COBIT in auditing - workshop part 2 (Børre Lagesen, Norway)
   

16.45 - 17.00

Evaluation and closing



******

Responsible for the information Aldona Puteikienė, Chief Officer, International Relations Division, Audit Development Department
Last updated on 20 December 2012

National Audit Office of Lithuania

Pamėnkalnio St 27, LT-01113 Vilnius, Phone: + 370 5 266 6793, + 370 5 266 6752, Email: nao@vkontrole.lt.