Latvijas Republikas Valsts Kontrole

State Audit Office of the Republic of Latvia (LRVK)

Software management assessment in local governments and local government educational institutions Read full text in English

2013 report 5.1-2-42/2012

Objective of the audit was to verify compliance of software recording and management with regulatory enactments, as well as to assess the effectiveness of software management in local governments and local government educational institutions.

In the report page 7-8

- regulations on the security of IT were not developed, inspections of IT security were not carried out and employees were not trained on the issues of IT security

- computer hardware users were granted unlimited rights or administrator rights to work with the computer hardware

- access to 30% of computers in local government administrations and 50% of computers in educational institutions or libraries was not protected by password

- illegal and malware software installed on the computers

- threat of built-in keyboard readers or software password reading

- threat of illegal remote administration or usage for prohibited purposes or virus infection

In the report page 6-7

- many local governments and educational institutions used prohibited software or programs, which license term have expired

- free of charge use in municipalities was not allowed by software licensing terms or purchase documents were not available

- 18% of the software programs included in the audit selection were used without complying with the requirements set in the software licensing terms or on the purchase of which no source documents were available and the cost of free software programs, the use of which in local governments is not provided for by the license terms totals approx. 64 000 EUR

- violating the norms in protection of intellectual property rights, harming the image of the local government

- local government is put under the risks, which occur when computer programs are used without the certification of the right to use or without complying with the licensing terms

In the report page 9-10

- incomplete organization, control of accounting and exchange of information in assessment of expenditures related to information technologies

- IT expenses in the amount of approx. 160 000 EUR are not recorded according to economic categories

- impossible to determine the item and its components according to the available accounting source documents

In the report page 8-9

- no software accounting registers implemented, which comprises the full range of software programs used in the local government

- no list with used standard software were developed in municipalities

- in 10% of audited cases the license period of anti-virus software has expired or it was not updated or even installed

- on average two or three different software programs or the versions thereof are used for ensuring the same function

- even 11 different antivirus software programs were used in the same institution

The risk cases visible on this page are collected and described by the e-Government Subgroup of the EUROSAI IT Working Group in contact with author Supreme Audit Institutions (SAI). In the same way, analytical assumptions and headings are chosen by the Subgroup. We encourage you to read the original texts by SAIs - to be found in the linked files.