Version 7 section • brief discussion Public Financial Management Control and Security in the Age of Transparency SEGURINFO Uruguay 2011
Jan 13, 2015
Version 7 section
• brief discussionPublic Financial Management
Control and Security in the Age of
Transparency
SEGURINFO Uruguay 2011
trust
3
Version 7 section
• brief discussion
transparency
Version 7 section
• brief discussion
strategic openness
55
Version 7 section
• brief discussion
trust but verify
Strengthening Public Financial Management through
Transparency in Timor-Leste
Version 7 section
• brief discussion
Version 7 sectionFreeBalance is a global provider of Government Resource Planning (GRP) software for public financial management (PFM)
• Canadian software company ISO-9001/2008 certified
• For Profit Social Enterprise
• 100% focus on government
• Global presence, implemented in 19 countries in North America, Latin America, Caribbean, Africa, Middle East, and Asia/Pacific
• From post-conflict through G8
Who is FreeBalance?
Version 7 section
• brief discussion
FORCES
99
Version 7 section
• brief discussion
globalization
1010
Version 7 section
• brief discussion
transparency
1111
Version 7 section
• brief discussion
citizen services
1212
Version 7 section
• brief discussion
international assessment
1313
Version 7 section
• brief discussion
governance
1414
Version 7 section
• brief discussion
corruption
1515
Government Expenditures as a % of GDP 2006: Non OECD Countries
Version 7 section
• brief discussion
Democratic
Republic of
Timor-Leste
(RDTL)
Objectives
build civil society
build infrastructure
build capacity
build citizen involvement in government
GDP Per Capita (PPP, logs)
UGANDA
PAPUA NEW GUINEA
AU
ST
RA
LIA
-3
-2
-1
0
1
2
3
209 Countries
Norm
alized Government Effectiveness Index
HIGH
LOW
Benefits of Transparency Government Effectiveness and GDP*
* At purchasing power parity
Source: The World
Bank
Higher the government effectiveness
= higher the country GDP Per Capita
GDP Per Capita (PPP, logs)
UGANDA
PAPUA NEW GUINEA
AUSTRALIA
-3
-2
-1
0
1
2
3
207 Countries
Norm
alized Voice and Accountability Index
.
HIGH
LOW
Benefits of Transparency Voice and Accountability and GDP*
* At purchasing power parity
Source: The World
Bank
Higher the government
accountability = higher the country
GDP Per Capita
GDP Per Capita (PPP, logs)
UG
AN
DA
PA
PU
A N
EW
GU
INE
A
AU
ST
RA
LIA
-3
-2
-1
0
1
2
3
204 Countries
Norm
alized Control of Corruption Index
HIGH
LOW
Benefits of TransparencyControl of Corruption and GDP*
* At purchasing power parity
Source: The World
Bank
Higher the control of corruption
= higher the country GDP Per
Capita
Version 7 section
• brief discussion
= stability
Version 7 section
• brief discussion
= investor confidence
Version 7 section
• brief discussionavoid the
resource curse
Version 7 section
• brief discussion
problem
2828
Version 7 section
• brief discussion
transparency - corruption
Version 7 section
• brief discussion
controls - corruption
Version 7 section
• brief discussion
transparency
3131
controls
Version 7 section
• brief discussion
1. Strategic Transparency
Version 7 section
• brief discussion
1.1. International Standards
Version 7 section
• brief discussionIPSAS
International Public Sector Accounting
Standards
Version 7 section
• brief discussion
EITI
Extractive Industries Transparency
Initiative
Version 7 section
• brief discussion
GFS
Government Financial Statistics
Version 7 section
• brief discussion
MTEF
Medium Term
Expenditure
Frameworks
Version 7 section
• brief discussion
1.2 e-Procurement Portal
Version 7 section
• brief discussion
review
39
government
tenders
published
vendor
alerts
tender
results
published
Version 7 section
• brief discussion
1.3. Transparency Portal
Version 7 section
• brief discussion
review
41
10 years of
budget &
financial datadrill down
through the
chart of
accountsoutput in
RTF, Word,
Excel, PDF,
Text, XML,
HTML
http://www.transparency.gov.tl
Version 7 section
• brief discussion
2. Internal Controls
Version 7 section
• brief discussion
Version 7 section
• Chart of Accounts (COA) is key
within governments. Key control
needs include:
•Hierarchical – organizational,
functional, project, budgetary
•Multi-dimensional data access
2.1 Hierarchical Controls
4343
Version 7 section
• brief discussion
Version 7 section
• Sophisticated reporting
• Pro-active monitoring
• Administrative and compliance
needs
2.2 Reporting
4444
Version 7 section
• brief discussion
Version 7 section2.3 Multiple Controls
Multiple controls for the same activity
or function
Version 7 section
• brief discussion
3. Audit
Version 7 section
• brief discussion
Version 7 section
• Same activity can vary within
government ministries, departments
and agencies (MDAs)
• Audit workflow based rules and
procedures for conformity
3.1 Activity
Version 7 section
• brief discussion
Version 7 section
• Roles and responsibilities
•Separation of duties
3.2 Roles
Version 7 section
• brief discussion
Version 7 section
• Non-
repudiation
of data
3.3 Traceability
Version 7 section
• brief discussion
4. System Security
Version 7 section
• brief discussion
Version 7 section
�Physical Security- Lock and Key
� Authentication – Wax Seals and
Stamp
Paper
Version 7 section
• brief discussion
Mainframes
�Physical Security- Lock and Key
� Authentication – User ID and Password
Version 7 section
• brief discussion
Network Security
�Identity Management
�Encryption
�High Availability
Version 7 section
• brief discussion
Version 7 sectionInternet
�Internal and External Site
�Firewalls
�Virtual Private Network (VPN)
�Secure Socket Layer
Version 7 section
• brief discussion
Version 7 sectionCloud
�Data Access Security
�Identity Management
�Regulatory Compliance
�Data Segregation
Version 7 section
• brief discussion
Security Details
5656
Version 7 section
• brief discussion
Data Security
• Protect vital Government Data
• Multiple layers of Encryption
– Data
– Traffic
– Access
Version 7 section
• brief discussion
Data Access Security• Data-based filtering system
• Configurable
• Standalone
• Non-intrusive
• Works jointly with Functional Classes
Data Access Security
• Resides between the Business Logic Layer and the Client Side.
DB DAL BLL
DASUser
Version 7 section
• brief discussion
Security Dimension Types• Chart of Accounts Restriction
• Hierarchical Domain
• Domain Restriction
• Literal Restriction
Version 7 section
• brief discussion
Secure Scripting
– Support for server and client-side validation.
– Strong access control.
– Obfuscation of JavaScript enhances client-side
security
– Stripping of comments and whitespace
– Industry standard SSL technology
Version 7 section
• brief discussion
5. Security Advantages of Open
Source Middleware
6262
Open Source Middleware
• Who are the most vocal proponents of open
source middleware software in the American
government?
• Answer: Department of Defense and Central
Intelligence Agency
• Why?
• Answer: Because they can examine the source
code of the middleware.
• FreeBalance software is not open source so no
one can examine your source code.
• You can’t stop transparency
• Can have transparency and security together
• Public Financial Management and Governance focus
• Electronic funds transfers reduces corruption opportunity
Conclusions