Management of Information Resources of the Ministry of the Interior Read full summary in English
Many activities of the Ministry of the Interior require the use of information resources that are of great significance to the entire State, such as the state and departmental registers, and public information systems. Whereas the Ministry has failed to implement some of the public audit recommendations of 2007 and 2010,6 we analysed, whether there have been any positive changes in the field of IT management. Their impact is important not only because the Ministry manages 16 information resources, which ensure data availability to the population, efficient activity of the services, and operation of the Schengen collaboration tools. The quality of IT management in the Ministry shall also affect the activities of other state institutions: from 05/01/206, the list of public information resources consolidation works is being implemented7 and the Information Technology and Communications Department under the Ministry of the Interior was appointed one of the four public IT service providers.
The purpose of the audit was to assess the management of information resources in the Ministry of the Interior. We assessed how the Ministry ensures planning and organisation, monitoring, assessment and coordination of their management. In addition, we assessed the IT management maturity in the Ministry. We analysed information resources managed by the Ministry (five state registers, eight state IS and three departmental registers), which are used and managed by both the Ministry and institutions and other establishments within the purview of the Ministry.
The audit covered the period from 2013 through to the first quarter of 2016. For data analysis, data from other periods was used. The audit was conducted in the Ministry of the Interior. We also collected information at the Information Technology and Communications Department and State Enterprise Regitra which are responsible for administration of the information resources managed by the Ministry as well as data security and development.
- During the audit, we discovered that the top management of the Ministry does not pay enough attention to IT management coordination and control; therefore, the maturity of IT management processes in the Ministry of the Interior has not changed for nine years and can currently be defined as the initial (Ad Hoc) process. This means that there is evidence suggesting that the management of the Ministry understands that there are problems, which need to be addressed, but the processes remain unstandardised (undefined information architecture model, undetermined levels of IT services provided). In addition, 24 cases of non-compliance with the statutory requirements were found (see Annex 3 of the full text report). A common approach to IT management in the Ministry is non-systematic (a strategic IT plan is not being prepared, the organizational structure of IT management requires improvement, the monitoring and assessment process is inadequate), and Ad Hoc methods, which vary with each individual case, are normally used instead of standardized processes.
- Taking into consideration the significance of information resources managed by the Ministry of the Interior, and the fact that the Information Technology and Communications Department was appointed one of the four public IT service providers, it is important to eliminate the detected shortcomings of the IT management in time. A higher IT management maturity level can only be achieved through the implementation of the requirements of legal acts of the Republic of Lithuania and our recommendations.
- The present documentation on information resources managed by the Ministry does not reflect the actual extent of computerized functions and information processed; without establishing the importance and sensitivity of the information managed by the Ministry and
- not all registers and IS managed by the Ministry have updated provisions (12 of 16 relevant), drawn up and approved technical specifications (4 of 16 absent);
- the Ministry does not have a detailed list of IS, registers and other software used or a general information architecture model. As a result, the interaction between information resources remains unclear.
- The organizational structure of IT management used by the Ministry should be improved, because:
- due to shortcomings of IT organization, the change of employees responsible for management of information resources, and the lack of human resources, performance of the functions of the manager of information resources managed by the Ministry of the Interior cannot be ensured, because their performance does not comply with the statutory requirements;
- there is no mechanism that could be applied to address the IT management issues together with the management in order to link the needs of the primary activities with the opportunities offered by IT;
- the policy shaping and implementation functions were not separated, i.e. one unit of the Ministry both performs the functions of the manager of the Ministry's information resources and shapes e-government and e-security policy (coordinates, plans projects and assesses their compatibility);
- the Ministry has failed to appoint 13 (of 16) representatives for managing the data of information resources managed by the Ministry, who should monitor how these resources are created and managed, and how investments are used.
- The audit of information resources of critical importance required by the Law on the Management of Public Information Resources was not conducted from 2013 through to the first half of 2016, and the Ministry's Internal Audit Division has not conducted a single audit dealing with information systems and assessment of their security, common control or other IS (IT) aspect. Therefore, the management of the Ministry may be lacking information about the effectiveness of IT processes and their compliance with the performance requirements, unidentified IT control weaknesses and shortcomings, and fails to comply with the statutory requirements (see Annex au3)