ROYAL AUDIT AUTHORITY, SAI of BHUTAN 19th Working Group on IT Audit Presentation on ICT & IT Auditing in Bhutan 1.

ROYAL AUDIT AUTHORITY, SAI of BHUTAN

19th Working Group on IT Audit

Presentation on ICT & IT Auditing in Bhutan

1

OVERVIEW OF THE PRESENTATION

ICT Policies & Regulatory Frameworks;

Royal Government’s initiatives in the development of ICT;

Auditing Frameworks; IT Auditing in Bhutan; CurrentAchievements in IT Audit; and Way Forward.

2

Bhutan’s Development Philosophy

Gross National Happiness as the middle path for development

ICT is used as an enabler as well as a tool to enhance the elements of good

governance

ICT is also used in preserving and

promoting cultural heritage

3

4

ICT POLICIES & REGULATORY FRAMEWORKS

Constitution of the Kingdom of Constitution of the Kingdom of BhutanBhutan • “There shall be freedom of press, radio and television and other forms

of dissemination of information including electronic.”

• “A Bhutanese citizen shall have the right to information.”

5

ICT POLICIES & REGULATORY FRAMEWORKS

Bhutan Information, Communication & Media Act, 2006;

Telecommunication Act;Bhutan ICT Policy &

Strategies (BIPS);Information Sharing Policy;Information & media Policy;Information Management

Security Policy;

ROYAL GOVERNMENT’S INITIATIVES

Policy measures

Infrastructure development

E-governance

Content & application development

6

7

AUDITING FRAMEWORKS

“There shall be a Royal Audit Authority to audit and report on the Economy, Efficiency and Effectiveness in the use of Public Resources”

“There shall be a Royal Audit Authority to audit and report on the Economy, Efficiency and Effectiveness in the use of Public Resources”

Article 25.1, Constitution of the Kingdom of Bhutan &

Article 3, of the Audit Act of Bhutan 2006

Article 25.1, Constitution of the Kingdom of Bhutan &

Article 3, of the Audit Act of Bhutan 2006

Our Vision“ A premier audit institution

that promotes value for money in government operations and

contribute towards good governance”

Our Vision“ A premier audit institution

that promotes value for money in government operations and

contribute towards good governance”

Our Mission“To audit without fear or

favor or prejudice and effective use of public

resources and report to the Parliament and

stakeholders for enhancing transparency and

accountability in the government”

Our Mission“To audit without fear or

favor or prejudice and effective use of public

resources and report to the Parliament and

stakeholders for enhancing transparency and

accountability in the government”

8

IT Auditing in Bhutan

Article 38 (a), Audit Act

The RAA shall carry out financial, The RAA shall carry out financial, propriety, compliance, special propriety, compliance, special audits and any other form of audits and any other form of audits that the Auditor General audits that the Auditor General may consider significant and may consider significant and necessarynecessary..

IT related audits are conducted by

IT Audit Section under

Thematic Audit

Division (established in July 2007)

9

Audit on Budget &

Accounting System

Audit on Dzongkhag Local Area Network Internet

Connection Project Audit on

Electricity Billing & Collection

System

OUR ACHIEVEMENTS IN IT AUDIT

Audit on IDRC Project

"improving rural livelihoods in

Bhutan through addressing identified

information needs"

Audit on Informat

ion Security

10

OUR RECENT ACHIEVEMENTS IN IT AUDIT

Audit was conducted among

others to:To ascertain whether

the rural communities were benefited from the access to the Information Centres;

To assess the content & application system and ascertain whether it is able to meet communities’ identified information needs;

To assess the completeness, adequacy and timeliness of the information provided by the Information Centres;

Our Significant impacts :

Extensive deliberation in the Parliament;

Extensive media coverage;

Proper study and planning were carried out;

Trained the beneficiaries in the use of the centers;

Developed comprehensive plan to revitalize the established Information Centers and to address the issues of sustainability.

Audit on IDRC Project "improving rural livelihoods in

Bhutan through addressing identified

information needs"

11

OUR RECENT ACHIEVEMENTS IN IT AUDIT

Audit was conducted among

others to:To determine whether

the IT-related internal control environment, including documented policies and procedures, provide reasonable assurance of safeguarding the information and IT assets;

To assess whether the auditee agencies exercise due care and diligence in the protection of information and IT assets from unauthorized access, disclosure, destruction, modification, disruption and other applicable risks

Our Significant impacts :

Deliberated extensively in the Parliament;

Extensive media coverage;

Endorsed Information Security & Management Policy;

Created awareness amongst the top management in terms of the prevailing security situations.

Audit on Informat

ion Security

12

WAY FORWARD Elevating the present IT Audit Section to

full fledge Division;Enhance IT Audit Functions in the RAA by

strengthening the staff of IT Audit Section;Build the professional capabilities of the IT

Auditors by infusing relevant skills;Keep abreast with the advancement in

technologies;Enhance the use of Audit Tools like IDEA

13

WAY FORWARDAutomate the audit process (introduction

of ERP System);Establish professional institutional

relationship with IT related agencies like Ministry of Information & Communication and other organizations;

Establish systemic follow-up in IT audits and impact assessment;

Extend relationship with other SAIs for sharing best practices and expertise in IT Auditing.

TASHI DELEG& THANK YOU

14

POLICY MEASURES

Exemption of import duties on ICT equipments;

Declared tax holidays for ICT firms from 3 to 5 years;

To provide 75 percent of services online by 2010;

The vision concept of Bhutanese Information Society

15

16

INFRASTRUCTURE

DEVELOPMENT Establishment of Community

Information Centers; Established Local Area Network in

all 20 districts; Installed Thimphu Wide Area

Network; Provided computers and Internet

connection in schools; Commitment to One Laptop per

Child (OLPC) Project; Video Conferencing ( On-going); National broadband Network Plan

(On-going)

E-GOVERNANCE INITIATIVES

• Developed E-Platform to deliver services online (e.g. Audit Clearances);

• Developed online Asset Declaration;• Online agriculture Marketing information to

provide prompt and reliable market information on agriculture produce (ongoing);

• Government Portal (single window/ e-office) for government offices to share information (ongoing);

• Online Digital library (ongoing);• Started telemedicine;

17

18

CONTENT & APPLICATION DEVELOPMENT

Developed Bhutan Civil Registration System to facilitate Citizenship ID Cards;

Developed passport system with machine readable passports;

Developed DZONGKHA LINUX- an operating system with Dzongkha Desktop;

Hospital Information System (Ongoing);

Common Integrated Police Application (Ongoing)