Najvyšší Kontrolný Úrad Slovenskej Republiky

Supreme Audit Office of the Slovak Republic (NKÚ SR)

Management and protection of assets in the field of the information-communication technologies at the AO SR Read full summary in English

2011 report KA-001/2011/1022

The Supreme Audit office of the Slovak Republic (SAO SR) has executed the audit at the Antimonopoly Office of the Slovak Republic (AO SR) for the audit period 2010 and 2011 to verify the operation and security of the information-communication technologies (ICT) and the information systems of the public administration (ISPA) as well as the state assets administration, the economy and disposal with the state assets, the compliance with the generally binding legal regulations and the general statues in the field of the ISPA. There were 24 irregularities found, mainly in the field of the protection and security of assets of the information systems (IS), in the area of business continuity and the IS restoring and also several cases of lawbreaking in the field of accounting.

In the report page 1

- incorrect accounting of the software licence for MS System Center Configuration Manager and support services for this product

- financial statement not providing a true and fair view

In the report page 1

- the current status of determining the responsible person in charge of supervising the protection of personal data in Security directive document was not reflected

- standards stated in the Edict of the Ministry of Finance of the Slovak Republic on the standards for the ISPA were not met

- vulnerability of personal data

- breaking the law on the ISPA

In the report page 1

- Insufficient formalization of backup and recovery procedures of the information systems in case of unpredictable circumstances - failure to perform the regular updating of internal regulations in accordance with the law on the ISPA

- lack of compliance with various provisions of the minimum technical standards for security of the ISPA governing the physical backup and storage advances - inadequately prepared backup process - lack of updated internal regulations in accordance with the generally binding legal regulations in the field of the ISPA

- contract on deploying the virtualization system regulates assistance and technical support in conflict with the provision of internal directive controlled area for the IS - contract on the use of an application program and a contract for procuring, installing and commissioning an automated system registry does not contain provisions concerning the transfer of the contract for installation data carriers

- loss or damage of data or disablement of the information systems above the allowable time limit

- adverse effect on the management and protection of the assets of the office

- disabling of system recovery in case of unpredictable circumstances

In the report page 1

- irregularities of confidential nature in the protection and security of the ICT assets were found

- failure to protect the assets of the office and their security

- significant threats to office's assets in the form of destruction, theft of hardware or data from the ISPA - negative impact on the financial resources of the office

The risk cases visible on this page are collected and described by the e-Government Subgroup of the EUROSAI IT Working Group in contact with author Supreme Audit Institutions (SAI). In the same way, analytical assumptions and headings are chosen by the Subgroup. We encourage you to read the original texts by SAIs - to be found in the linked files.