VIEWS: 0 PAGES: 5 POSTED ON: 4/26/2013
Opening Remark By Y.Bhg. Tan Sri Dato’ Setia Ambrin Bin Buang Auditor General of Malaysia At the Opening Ceremony of The Information Technology (IT) Audit Course Under the Malaysian Technical Cooperation Programme (MTCP) 03 November 2009 At The National Audit Academy Bismillahirahmanirrahim, Distinguished Guests, Course Instructors, MTCP Course Participants, Ladies and Gentlemen. Assalammualaikum, Selamat Datang and a very good morning. 1. On behalf of the government of Malaysia and the National Audit Department, it is a great pleasure for me to welcome our guests and course participants from 18 countries to this auspicious occasion. Ladies and gentlemen, 2. My utmost appreciation goes to the sponsor of this program that is the Economic Planning Unit of the Prime Minister’s Department. We are indeed honored to host this course under the Malaysian Technical Cooperation Programme (MTCP) this year. The objective of MTCP is to share Malaysian development experiences and help capacity building amongst the participating countries. Therefore, I hope the participants will maximize this opportunity to know Malaysia, its people, culture and the wide spectrum of cuisines, besides gaining knowledge and experiences of IT Audit. 3. Information Technology (IT) has progressed rapidly in Malaysia especially after the launch of the Multimedia Super Corridor (MSC) in 1996 in Kuala Lumpur. MSC has leap frogged Malaysia to become the hub for IT in this information age. The mode of transaction has changed from manual to electronic, establishing electronic governments in the country. 4. Information is one the most important resources of an organization, and to protect it is one the main priorities. In today’s environment we must seek for control and process tools that guarantee the liability, security and confidentiality of the data that is processed through out the information system. 5. The setting of controls must be precise and broad, not only should they be focused on physical and material aspects of security, space assigned to computer systems, the assignment of access passwords, labeling of equipments, inventories, among other issues, controls must be established as a logical component. 6. The use of IT has tremendously changed the mode and speed of processing, storage of data and records. These in turn affect the organization and the procedures of the auditee (agency’s) accounting and internal control systems. Consequently, the auditors’ techniques and methodologies in conducting the audit would be affected by the characteristics of the computerized environment. 7. We all know that as the economy and governance begin to experiment with the new science, the perpetrators of crime may take advantage, making detection difficult if not impossible. Therefore as they say, diamond cuts diamond we need to use ICT to detect ICT related frauds. 8. In the traditional auditing environment, fraud usually occurs from inside the audited entity. For instance, the management commits deliberate top-down frauds by inventing or even hiding the facts; some of the staff forge, modify or even destroy relevant records to search for personal benefits. While in IT environment, fraud always come from the outside, for instance, when the hacker breaks in the system and modifies the data through Internet. Actually such fraud is against the interests of the audited entity. While the management should take the responsibility for the weakness, they are also the victim to a large extent. Under such circumstances, the auditor should differentiate respective responsibilities based on special consideration before disclosure. 9. The National Audit Department has already embarked into IT Auditing when it pioneered the use of the Computer Assisted Audit Techniques and Tools (CAATTs) called Audit Command Language (ACL) since early 1980s in this region. Since then, we have our counter parts from Indonesia, Singapore and Brunei coming to learn and share experiences for the use of ACL. ACL is widely used in the analysis of financial data to certify the Financial Statements of the Federal and State Governments as well as to evaluate existence of internal controls in the systems. 10. As technology progresses, more systems and applications are developed. Federal and State Governments, local authorities, statutory bodies as well as the religious councils are all becoming electronic. Hence, it becomes more and more important for the auditors to ensure sufficient controls exist in the system in order to generate sound Financial Statements at the end of the year. 11. Over the years we have reported on the internal controls status of the Financial Accounting Systems of the Federal Government, some statutory bodies and recently the Land Administration System of the state governments. These findings are indeed adding value to the aspects of accountability and transparency in the implementation of e-Governments in the country. 12. In the IT environment, the scope of Auditing includes Internal Controls Review, System Development Life Cycle Audit, Security Audit, IT Infrastructure and Network Audit as well as Performance Audit of the IT Systems. In Malaysia, the rapid progress in the electronic Government Development warrants the change in the mode of audit. ‘Pre auditing’ and ‘concurrent auditing’ are crucial and necessary, rather than ‘post audit’, involving auditors from the start of the System Development. These are carried out for several high impact IT projects such as smart schools and Hospital Information Systems (HIS). 13. The Government of Malaysia recognizes the role of the Auditor General (AG) in the IT agenda. The AG is appointed a member of the highest IT Committee for the government (JITIK) chaired by the Chief Secretary to the Government. Here, the Auditor General’s opinion is frequently sought upon before a decision on IT procurement or development is made. Ladies and gentlemen, 14. I am sure IT development is a significant agenda in your respective countries as well. It may be to address the ‘digital divide’ amongst communities in the rural and urban areas, or to ‘improve service delivery’ in the government sector. Whichever it is, financial implication is definitely significant. Therefore, auditors can play an important role to ensure value for money in these large investments. 15. Recently, NAD Malaysia has raised the issues of source code ownership, wastage on purchase of Computers, IT project management weaknesses and system development risks. The government is taking positive steps to remedy weaknesses highlighted. Some roll-out projects have been put on hold due to comments on their pilot implementation. 16. NAD Malaysia has developed its own IT Audit Guidelines in 2002. With reference to that document, in 2003, Malaysia chaired the ASOSAI Research Committee together with China, India, and Australia SAIs to develop the ASOSAI IT Audit Guideline. 17. The instructor’s team for this MTCP course has specially designed the module for an Internal Controls Review which also includes the use of CAATTs for the data Analysis. It is hoped that after this program, participants will be able to do a system’s control review and give an opinion whether the internal controls are present and adequate to mitigate the possible risks from affecting the Financial Systems. Materials from the International Organization of the Supreme Audit Institutions (INTOSAI) and the ASEAN Organization of the Supreme Audit Institutions (ASOSAI) have been referred to for this course. Cases of the IT Audit carried out by the NAD Malaysia are also used to illustrate some examples. 18. I am convinced that this course will be a good forum for exchange of ideas and experiences. This course will also give a valuable chance to establish close friendship and ties between the SAIS. I sincerely hope it will bring results through your close cooperation and full involvement in the discussions of the related topics of the IT audit. 19. I’m glad to announce that the secretariat has also arranged social programmes during your stay here in Malaysia, including a home stay at a Malay village. Do enjoy this privilege to learn the cultures, new places and of course the taste of the local food. Ladies and Gentlemen, 20. Before I end my speech, let me once again thank all the distinguished guests for your presence to this gracious occasion. To the MTCP participants, I wish you on enjoyable your stay in Malaysia and do get to experience what Malaysia has to offer you, besides taking back the valuable knowledge and experiences of IT Audit that our team of instructors share with you. Thank you and terima kasih.
Pages to are hidden for
"Opening Remark By Y.Bhg. Tan Sri Dato"Please download to view full document