Updates and new activities of the e-Government Subgroup

12.12.2024

The Subgroup’s effort focused on its two audit supporting tools: Control space of e-government (CUBE: egov.nik.gov.pl) and the Active IT Audit Manual (AITAM: aitam.tcontas.pt).

The most important goal of CUBE has been to share the IT audit experience of various supreme audit institutions through the publication of SAIs’ audit reports - systematized and accompanied by the information contained in these reports in a way that allows the reader to quickly and easily find the topics and information that interest them. The latest updates to CUBE will also be made for the same purposes.

First, the plan is to introduce control related terminology based on the INTOSAI Internal Control Standards (ICS). Using this terminology, the subgroup plans to begin systematizing the reports to be added to CUBE, as well as the findings, problems, and recommendations contained in these reports. The subgroup tries to find the most important notions in the audit reports that have the most analytical potential and select those that are most interesting to the auditor.

A control-oriented approach would help standardize audit reports from different countries and support core audit work and knowledge management of supreme audit institutions. Such an approach creates possibilities to more automated analytics and to development of the audit portfolios idea. Portfolios are created of topics of interest, where the internal structure of these topics is illustrated with specific examples from audits. The initial four portfolio project topics are:

  • information security (including cybersecurity and critical infrastructure),
  • public e-services,
  • artificial intelligence, and
  • conflict of interest.

Each portfolio is organized in line with a set of basic control related notions. Each notion is defined and accompanied by close terminology. Sub-notions are briefly described and accompanied by CUBE examples. Overall, the portfolios project uses CUBE resources and AITAM experience – its goal is to support audits by exchange of knowledge.

The aforementioned changes should take place in conjunction with the development of AITAM. AITAM, now aligned with INTOSAI standards (specifically ISSAI 100 and GUID 5100), will support CUBE's new control-oriented approach, as well as allowing the creation of audits on portfolio project topics. It is also vital to expand the AITAM user base, currently it has 91 registered users from 33 organizations. A total of 699 audit files have been created in AITAM. In recent years, AITAM workshops have been conducted in the national audit offices of Poland, Jordan, Palestine, and Kyrgyzstan.

Last but not least, at the Subgroup meeting held on October 28-29 in Warsaw, it was decided that starting next year, significantly more new audit reports will be added to CUBE in order to better bring international experience to all auditors.