Académique Documents
Professionnel Documents
Culture Documents
into IT
In 1999, the Office of the Auditor General of Norway1 began a collaborative project with
the SAIs of the UK, Sweden, Japan, Russia and Canada to develop a guide on auditing IT
Service Management. Project co-ordinator Bernt Nordmark and Anne Grete Bangsund
describe the outcome.
The annexes describe overall IT service The Guide has now been introduced Mastering the Guide might pose a
management, systems development and into the drive to improve IT service challenge, and adequate knowledge of
IT service management processes. management and security solutions in how an organisation use and manage
There are also explanations of risk public sector agencies elsewhere in their IT systems is really necessary to
management, auditing the management Scandinavia. In this connection, project obtain the best results. One of our
of IT infrastructure risks and examples coordinator Bernt Nordmark presented auditors remarked that "I am quite
of audits of unsatisfactory IT projects. it during a security seminar for major pleased with this tool, and we have
Finally, there is a glossary of terms. Scandinavian public sector agencies held profited from using it in our work.
in Frankfurt last November, and it was However, getting into it probably takes
also presented at a Nordic audit seminar some effort, and some background
Auditing experience in Helsinki in autumn 2001. The Guide knowledge about risk assessment and IT
has also been taught at a seminar for is required".
To ensure user-friendliness we tested
auditors held in northern Norway last
the Guide both in Norway and in other
autumn.
countries. We have used it at both an
overarching level and in connection with
reviewing major components of IT Conclusion
service management within Statistics
Norway, the Norwegian Directorate of Overall, we have received favourable
Customs and Excise, the Norwegian feedback from auditors on the Guide's
Directorate of Taxes, and in our audit of usefulness, while both our clients'
the International Organization of management and IT departments have
Migration (IOM) in Geneva. We have shown great interest in it. We have also
also found the Guide useful in our initiated a dialogue on improving our
advisory activities. clients' standards of IT service
management.
When planning the IOM audit
programme in 2001, we decided that IT
service management was an important
1
area to audit. We therefore focused on Strategies
potential risk factors, together with their and policies
attendant faults and problems, and on
possible risk reduction strategies. The
Guide proved a very useful tool both in
4 2 5 6
preparing the audit programme and in External User
conducting the audit. Drivers In Operation Internation Consequences
We used the Guide in the Directorate of
Customs and Excise, and Directorate of
Taxes audits (in both 2001 and 2002) to
uncover the risks inherent in their
operational and strategic IT service
management. The auditors looked for
3 Support