By Abdourahman Badjie and Seringe Saine from SAI The Gambia
The recommendations of the AFROSAI-E Governing Board in 2019 resulted in the formation of the Working Group on Information Systems Audit and Management (WGISAM). The working group enables knowledge and experience sharing on information system security in the region. The rapidly expanding technical developments that pose difficulties at SAIs for IS audits and IS management were the driving force behind the formation of the WGISAM.
The annual WGISAM meeting took place in Livingstone, Zambia, from 26 to 30 September. WGISAM members and managers from the SAI IS Audit/Management units attended the meeting. SAIs were also invited to share their insights on the theme of the meeting, Data-Driven SAIs.
The theme for this year’s meeting was motivated by the fast-growing technological advancements that present challenges to SAIs in becoming more data-driven. These challenges were highlighted in the research AFROSAI-E conducted and discussions at the AFROSAI General Assembly and AFROSAI-E Governing Board meetings. To address these concerns, the meeting focussed on the following areas:
- Using data in audits
- SAI data management
- AFROSAI-E Guide on Data-Driven SAIs
- Cyber Security in SAIs
The Hon. Cornelius Mweetwa, the Zambia Southern Province Minister, officially opened the workshop. The Auditor General of SAI Zambia, Dr Dick Chellah Sichembe, gave opening remarks, as did the WGISAM Chairperson, Mr David Munyaka, and Mr Fredrick Bobo from the AFROSAI-E Secretariat.
Mr Percy Chinyama, from the National Coordinator of the Smart Zambia Institute, delivered the keynote address.
The speakers emphasised the significance of SAIs being data-driven by highlighting the recent technological advancements and data security threats at SAIs and audit clients.
Progress of the WGISAM Projects
- The Research Subgroup completed research on SAI automation and technology innovation. This project is one of the ten planned research topics from its two-year work plan.
- The Knowledge Subgroup conducted three knowledge-sharing sessions. It did, however, have challenges in identifying experts to share their knowledge and skills on the subject matter. It was also challenging to have most of the meetings virtually, making it harder for members to join and participate effectively.
- The Standards and Framework Subgroup developed the draft roadmaps they were tasked to create but faced several challenges in accomplishing their work plan.
- The Chairperson and the subgroup chairs emphasised that the success of the WGISAM projects and activities depends on SAI participation.
Data analysis (big data) in audits
This session outlined the stages involved in data analysis. The key takeaways were what constitutes big data in SAIs and how it can be integrated into audits. The team shared their experiences on critical data analysis issues, including validation procedures and access to data from various applications and platforms.
AFROSAI-E Data Driven and Cybersecurity Guides
The AFROSAI-E shared the Becoming a Data-Driven SAI Guideline (exposure draft) with participants and distributed it at the 17th Technical Conference. The Cybersecurity guide was also shared and will be circulated to SAIs for comment shortly.
Data Governance and Security
In this session, participants discussed and shared experiences on what constitutes data governance and security and how far auditors should go in governance and security. There were also in-depth discussions on cybersecurity, enterprise technology and threats to SAIs and audits.
2023-24 Work Plan and appointment of the new Chairperson
SAI Zambia was appointed as the new WGISAM Chairperson to be deputised by SAI Rwanda. The working group also deliberated on its 2023-2024 work plan, focusing on IT, IT management and cybersecurity within the existing sub-working groups.
MEETING OUTCOMES AND RESOLUTIONS
- The success of the WGISAM projects is dependent on SAI participation and commitment from SAI leadership to make working group members available to complete their allocated tasks.
- It is critical that SAIs be more data-driven. The majority of SAI, however, face difficulties accessing, manipulating and analysing data and understanding the tools. The working group and AFROSAI-E will continue to work on interventions to address these challenges.
- SAIs that are advanced in being data-driven should share their expertise with other SAIs by establishing a data science department or a data unit.
- Policies or instructions on dealing with the cybersecurity dangers SAIs face are needed. More study is required on the many cybersecurity challenges that SAIs and governments encounter.
- SAIs should provide unbiased feedback on the AFROSAI-E guidance on data-driven SAIs and cyber security during the exposure period. After it is finalised, SAIs can modify them for their environment.
- AFROSAI-E welcomes feedback from SAIs on its audit management system, A-SEAT, to continuously improve the system.
- The duration of the working group projects was shortened from two years to one year. To attain the project outputs, it was decided that the subgroups should meet more frequently.