SlideShare a Scribd company logo

BC OAG Maturity of Computer Controls in5slides

Download as PPTX, PDF
Tim Kirby, profile picture
Tim Kirby

The British Columbia Auditor General's audit assessed the maturity of computing controls in government agencies, recommending a target maturity level of 3. Although self-assessments were generally optimistic, the audit found that 69% of agencies overstated their maturity levels. The report emphasizes the importance of validation in self-assessments and highlights risks associated with outsourced IT projects.

Government & Nonprofit
1 of 5
Download to read offline
1
2
3
4
5
British Columbia Auditor General audit of Maturity of Computing Controls… Strong general computing controls are government’s first line of defence against potential threats. The Auditor General looked at how good government’s general computing controls were, and how good 148 agencies thought they were. FEBRUARY 2016
The current COBIT 4.1 maturity model worked superbly for this audit of IT management systems. The AG recommended that BC government adopt a target maturity level of 3. This means that each perspective of the management system is defined and staff are trained. WHAT DOES IT SAY. FEBRUARY 2016
Self-assessments were generally optimistic. No surprises. Most agencies rated themselves at a maturity level of 3 or above. Central agencies and health sector agencies rated themselves well into the 4s and 5s. The AG found that 69% of the validated agencies overstated their maturity level. WHAT ELSE DOES IT SAY. FEBRUARY 2016
The audit identified more than 600 outsourced IT projects, which raises the importance of general computing controls. This raises the risks of: fraud, human error and down-time. I didn’t see analysis of instances where outsourcing has led to higher maturity levels, and lower risks. WHAT ELSE DOES IT SAY. FEBRUARY 2016
• This report justifies general computing controls better than most. • Perhaps central agencies, and the health sector, have gone beyond a cost-effective optimum, self-assessing controls well above maturity level of 3. • Always seek to validate self-assessments to gain more insight. The comments on these slides are the views of Tim Kirby, Sydney. You should always read the report itself before putting any money on the line. WHAT DOES IT MEAN. Tim Kirby, Sydney CA, CIA, LA-EMS au.linkedin.com/in/timkirbysydney FEBRUARY 2016

More Related Content

PPT
E gov versus corruption - test of indexes
Åke Grönlund
 
PDF
The Sick State of Healthcare Data Breaches
LightCyber-Inc
 
PDF
IRJET- Crime Prediction System
IRJET Journal
 
PDF
Etude PwC "Crime Survey 2014" sur la fraude dans le secteur pharmaceutique (o...
PwC France
 
PPT
Welcome in Czechoslovakia. Any startups here?
Jan Horna
 
PPTX
Measuring Web Content Readability & Consistency - with VisibleThread Clarity ...
Clarity Grader
 
PDF
Ret Barbosa
kacdown
 
PDF
Content Maturity Model
ComBlu, Inc.
 
E gov versus corruption - test of indexes
Åke Grönlund
 
The Sick State of Healthcare Data Breaches
LightCyber-Inc
 
IRJET- Crime Prediction System
IRJET Journal
 
Etude PwC "Crime Survey 2014" sur la fraude dans le secteur pharmaceutique (o...
PwC France
 
Welcome in Czechoslovakia. Any startups here?
Jan Horna
 
Measuring Web Content Readability & Consistency - with VisibleThread Clarity ...
Clarity Grader
 
Ret Barbosa
kacdown
 
Content Maturity Model
ComBlu, Inc.
 

Viewers also liked (20)

PDF
Web2 journalsmanuscripteditingmuenning
Society for Scholarly Publishing
 
PPTX
Best practices in website design
Tabby Farney
 
PDF
Measuring Marketing Governance Maturity
Demand Metric
 
PPT
Sociální sítě - Workshop
Jan Horna
 
PPT
The Case for a Web Audit: Your 360 Degree Performance Review
Kathy McShea
 
PDF
Data Governance Maturity Model Thesis
Jan Merkus
 
PDF
Best Practices for Structuring Your Web Content
Ben MacNeill
 
PPT
WhiteHat Security Presentation
markgmeyer
 
PPTX
Implementing the Four Pillars of the SharePoint Governance Maturity Model
Christian Buckley
 
PDF
Website Governance: Tips for Defining a Successful Strategy
Percussion Software
 
DOC
Website Governance Document
Demand Metric
 
PDF
Governance Maturity Assessment Report
smcasas
 
PDF
A Practical Web Governance Framework
Shane Diffily
 
DOCX
Small business consultant performance appraisal
martinnick967
 
PDF
Content marketing maturity map & e-guide
Hind Al Nahedh
 
PDF
Risk Management Maturity Model (RMMM)
Adnan Naseem
 
PPTX
Web Governance: Where Strategy Meets Structure
Peter Morville
 
PDF
Planning for Content Governance
Rick Allen
 
PDF
Rethinking Website Design: Creating a Peak-Performing Website with Less Risk ...
HubSpot
 
PDF
It governance & cobit 5
Laddawan Rattanaruang
 
Web2 journalsmanuscripteditingmuenning
Society for Scholarly Publishing
 
Best practices in website design
Tabby Farney
 
Measuring Marketing Governance Maturity
Demand Metric
 
Sociální sítě - Workshop
Jan Horna
 
The Case for a Web Audit: Your 360 Degree Performance Review
Kathy McShea
 
Data Governance Maturity Model Thesis
Jan Merkus
 
Best Practices for Structuring Your Web Content
Ben MacNeill
 
WhiteHat Security Presentation
markgmeyer
 
Implementing the Four Pillars of the SharePoint Governance Maturity Model
Christian Buckley
 
Website Governance: Tips for Defining a Successful Strategy
Percussion Software
 
Website Governance Document
Demand Metric
 
Governance Maturity Assessment Report
smcasas
 
A Practical Web Governance Framework
Shane Diffily
 
Small business consultant performance appraisal
martinnick967
 
Content marketing maturity map & e-guide
Hind Al Nahedh
 
Risk Management Maturity Model (RMMM)
Adnan Naseem
 
Web Governance: Where Strategy Meets Structure
Peter Morville
 
Planning for Content Governance
Rick Allen
 
Rethinking Website Design: Creating a Peak-Performing Website with Less Risk ...
HubSpot
 
It governance & cobit 5
Laddawan Rattanaruang
 
Ad

Similar to BC OAG Maturity of Computer Controls in5slides (20)

DOCX
Student Name Brief #5 Use of Audit Software Review and Survey.docx
emelyvalg9
 
PPTX
T Kirby Presentation AES conference September 2016
Tim Kirby
 
PDF
Audit Committee
Janet Robinson
 
DOCX
Running head AN   EMPIRICAL STUDY ON ACCOUNTING AND AUDITING ENFO.docx
joellemurphey
 
PPTX
VAGO access to Public Sector Info
Tim Kirby
 
PPT
Immigration Compliance and E-Verify for Federal contractors
Eliot Norman
 
PPTX
What The Heck Is CCM
ACL Services
 
PDF
SOX 2016 - PART I - COSO 2013
Lorri Jongeneel, CPA
 
DOCX
1 2Cheat Sheet on Evidence and DocumentationACC491J.docx
honey725342
 
PDF
Case Study Audit
Jessica Lopez
 
PDF
N6.pdf
TrungVThnh8
 
PDF
The effect of risk based audit approach on the implementation of internal co...
inventionjournals
 
PDF
Grc sap next evaluation of internal audit
SARVJEET KAUSHAL
 
PDF
Cga Assignment Au1 Essay
Sandra Arveseth
 
PDF
Audit Report And Internal Control Evaluation
Rochelle Schear
 
PDF
Solution Manual for Information Technology Auditing 3rd Edition by Hall
burkajundt77
 
PDF
Pwc 2015 Technology Sector Sec Comment Letter Trends
PwC
 
DOCX
Acc 490 final exam
erlesenlay1981
 
PDF
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
IJNSA Journal
 
PDF
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
IJNSA Journal
 
Student Name Brief #5 Use of Audit Software Review and Survey.docx
emelyvalg9
 
T Kirby Presentation AES conference September 2016
Tim Kirby
 
Audit Committee
Janet Robinson
 
Running head AN   EMPIRICAL STUDY ON ACCOUNTING AND AUDITING ENFO.docx
joellemurphey
 
VAGO access to Public Sector Info
Tim Kirby
 
Immigration Compliance and E-Verify for Federal contractors
Eliot Norman
 
What The Heck Is CCM
ACL Services
 
SOX 2016 - PART I - COSO 2013
Lorri Jongeneel, CPA
 
1 2Cheat Sheet on Evidence and DocumentationACC491J.docx
honey725342
 
Case Study Audit
Jessica Lopez
 
N6.pdf
TrungVThnh8
 
The effect of risk based audit approach on the implementation of internal co...
inventionjournals
 
Grc sap next evaluation of internal audit
SARVJEET KAUSHAL
 
Cga Assignment Au1 Essay
Sandra Arveseth
 
Audit Report And Internal Control Evaluation
Rochelle Schear
 
Solution Manual for Information Technology Auditing 3rd Edition by Hall
burkajundt77
 
Pwc 2015 Technology Sector Sec Comment Letter Trends
PwC
 
Acc 490 final exam
erlesenlay1981
 
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
IJNSA Journal
 
QUALITY ASSESSMENT OF ACCESS SECURITY CONTROLS OVER FINANCIAL INFORMATION
IJNSA Journal
 
Ad

More from Tim Kirby (20)

PDF
BC OAG Protection of Drinking Water Audit in5slides
Tim Kirby
 
PPTX
ARPA-E Evaluation 2017
Tim Kirby
 
PPTX
BC OAG Ethics Management in5slides
Tim Kirby
 
PPTX
OAGNZ Report on Governance
Tim Kirby
 
PPTX
OAGNZ Report on Governance
Tim Kirby
 
PPTX
Dairy NZ Water Accord Report 2016
Tim Kirby
 
PPT
What others are saying about environmental accounting AIEA Conference Novembe...
Tim Kirby
 
PPTX
What auditors are saying about evaluation AES Conference September 2015
Tim Kirby
 
PPTX
Warming up to environmental regulation risk SOPAC March 2016
Tim Kirby
 
PPTX
UK NAO report on Sellafield in5slides
Tim Kirby
 
PPTX
US GAO Environmental Regulation Decision making
Tim Kirby
 
PPTX
Nsw Report on Native Vegetation 2011 13 in5slides
Tim Kirby
 
PDF
ASAE 3610 in5slides
Tim Kirby
 
PPTX
ANAO performance audit of the Strengthening Basin Communities in5slides
Tim Kirby
 
PPTX
IPCC Report on the Physical Science Basis for Climate Change in5slides
Tim Kirby
 
PPTX
OAG WA Audit Report on Pest Management in5slides
Tim Kirby
 
PPTX
Australian Govt Environmental Information Requirements in5slides
Tim Kirby
 
PPTX
CSEAR Silent and Shadow reporting in5slides
Tim Kirby
 
PPTX
OAGNZ Biosecurity Performance Audit in5slides
Tim Kirby
 
PPT
IPPF Practice Guide in5slides
Tim Kirby
 
BC OAG Protection of Drinking Water Audit in5slides
Tim Kirby
 
ARPA-E Evaluation 2017
Tim Kirby
 
BC OAG Ethics Management in5slides
Tim Kirby
 
OAGNZ Report on Governance
Tim Kirby
 
OAGNZ Report on Governance
Tim Kirby
 
Dairy NZ Water Accord Report 2016
Tim Kirby
 
What others are saying about environmental accounting AIEA Conference Novembe...
Tim Kirby
 
What auditors are saying about evaluation AES Conference September 2015
Tim Kirby
 
Warming up to environmental regulation risk SOPAC March 2016
Tim Kirby
 
UK NAO report on Sellafield in5slides
Tim Kirby
 
US GAO Environmental Regulation Decision making
Tim Kirby
 
Nsw Report on Native Vegetation 2011 13 in5slides
Tim Kirby
 
ASAE 3610 in5slides
Tim Kirby
 
ANAO performance audit of the Strengthening Basin Communities in5slides
Tim Kirby
 
IPCC Report on the Physical Science Basis for Climate Change in5slides
Tim Kirby
 
OAG WA Audit Report on Pest Management in5slides
Tim Kirby
 
Australian Govt Environmental Information Requirements in5slides
Tim Kirby
 
CSEAR Silent and Shadow reporting in5slides
Tim Kirby
 
OAGNZ Biosecurity Performance Audit in5slides
Tim Kirby
 
IPPF Practice Guide in5slides
Tim Kirby
 

Recently uploaded (20)

PPTX
Vocational Education for educational purposes
Swati270511
 
PDF
2026 RMHC Terms & Conditions agreement - updated 8.1.25.pdf
Christian Home Educators of Colorado
 
PPTX
AMO Pune Complete information and work profile
kaivalyakkale1612
 
PDF
मुख्यमंत्राी सामूहिक विवाह कार्यक्रम, जनपद बाँदा
COLOURIMPRESSION
 
PPTX
GOVERNMENT-ACCOUNTING1. bsa 4 government accounting
AngelOrale
 
PDF
Contributi dei parlamentari del PD - Contributi L. 3/2019
Partito democratico
 
PDF
Item # 3 - 934 Patterson Final Review.pdf
ahcitycouncil
 
PDF
The Role of FPOs in Advancing Rural Agriculture in India
Watershed Organisation Trust
 
PPTX
Weekly Report 17-10-2024_cybersecutity.pptx
gowenow253
 
PPT
generalgeologygroundwaterchapt11-181117073208.ppt
SDDMORampurhat1
 
PPTX
STG - Sarikei 2025 Coordination Meeting.pptx
jameschiew5
 
PDF
Item # 2 - 934 Patterson Specific Use Permit (SUP)
ahcitycouncil
 
PPTX
Nur Shakila Assesmentlwemkf;m;mwee f.pptx
zakwanqalbi05
 
PPTX
Omnibus rules on leave administration.pptx
Manila14
 
PPTX
Quiz - Saturday.pptxaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
DheerajKL1
 
PDF
ISO-9001-2015-gap-analysis-checklist-sample.pdf
WaqasBhutto1
 
PPTX
DFARS Part 249 - Termination Of Contracts
JSchaus & Associates
 
PDF
PPT Item #s 2&3 - 934 Patterson SUP & Final Review
ahcitycouncil
 
PPTX
怎么办休斯敦大学维多利亚分校毕业证电子版成绩单办理|UHV在读证明信
ixajxoeq
 
PDF
Courtesy Meeting NIPA and MBS Australia.
Tri Widodo W. UTOMO
 
Vocational Education for educational purposes
Swati270511
 
2026 RMHC Terms & Conditions agreement - updated 8.1.25.pdf
Christian Home Educators of Colorado
 
AMO Pune Complete information and work profile
kaivalyakkale1612
 
मुख्यमंत्राी सामूहिक विवाह कार्यक्रम, जनपद बाँदा
COLOURIMPRESSION
 
GOVERNMENT-ACCOUNTING1. bsa 4 government accounting
AngelOrale
 
Contributi dei parlamentari del PD - Contributi L. 3/2019
Partito democratico
 
Item # 3 - 934 Patterson Final Review.pdf
ahcitycouncil
 
The Role of FPOs in Advancing Rural Agriculture in India
Watershed Organisation Trust
 
Weekly Report 17-10-2024_cybersecutity.pptx
gowenow253
 
generalgeologygroundwaterchapt11-181117073208.ppt
SDDMORampurhat1
 
STG - Sarikei 2025 Coordination Meeting.pptx
jameschiew5
 
Item # 2 - 934 Patterson Specific Use Permit (SUP)
ahcitycouncil
 
Nur Shakila Assesmentlwemkf;m;mwee f.pptx
zakwanqalbi05
 
Omnibus rules on leave administration.pptx
Manila14
 
Quiz - Saturday.pptxaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
DheerajKL1
 
ISO-9001-2015-gap-analysis-checklist-sample.pdf
WaqasBhutto1
 
DFARS Part 249 - Termination Of Contracts
JSchaus & Associates
 
PPT Item #s 2&3 - 934 Patterson SUP & Final Review
ahcitycouncil
 
怎么办休斯敦大学维多利亚分校毕业证电子版成绩单办理|UHV在读证明信
ixajxoeq
 
Courtesy Meeting NIPA and MBS Australia.
Tri Widodo W. UTOMO
 

BC OAG Maturity of Computer Controls in5slides

  • 1. British Columbia Auditor General audit of Maturity of Computing Controls… Strong general computing controls are government’s first line of defence against potential threats. The Auditor General looked at how good government’s general computing controls were, and how good 148 agencies thought they were. FEBRUARY 2016
  • 2. The current COBIT 4.1 maturity model worked superbly for this audit of IT management systems. The AG recommended that BC government adopt a target maturity level of 3. This means that each perspective of the management system is defined and staff are trained. WHAT DOES IT SAY. FEBRUARY 2016
  • 3. Self-assessments were generally optimistic. No surprises. Most agencies rated themselves at a maturity level of 3 or above. Central agencies and health sector agencies rated themselves well into the 4s and 5s. The AG found that 69% of the validated agencies overstated their maturity level. WHAT ELSE DOES IT SAY. FEBRUARY 2016
  • 4. The audit identified more than 600 outsourced IT projects, which raises the importance of general computing controls. This raises the risks of: fraud, human error and down-time. I didn’t see analysis of instances where outsourcing has led to higher maturity levels, and lower risks. WHAT ELSE DOES IT SAY. FEBRUARY 2016
  • 5. • This report justifies general computing controls better than most. • Perhaps central agencies, and the health sector, have gone beyond a cost-effective optimum, self-assessing controls well above maturity level of 3. • Always seek to validate self-assessments to gain more insight. The comments on these slides are the views of Tim Kirby, Sydney. You should always read the report itself before putting any money on the line. WHAT DOES IT MEAN. Tim Kirby, Sydney CA, CIA, LA-EMS au.linkedin.com/in/timkirbysydney FEBRUARY 2016