Control space of e-government EUROSAI ITWG

34 organisations - 189 reports - 663 cases

Australia 4-20

Australian Taxation Office: Administration of Australian Business Number Registrations 2003
The Australian Business Number (ABN) and Australian Business Register initiatives were implemented as part of theGovernment's comprehensive reform of the taxation system in 2000. Their introduction involved challenging issues of technology and governance , including the imperative to process and register significant numbers of applications in a short time. Overall, the Australian SAI concluded that the ABN registration process is operating effectively. However, matters relating to the eligibility of some ABN applicants need to be reviewed. Further, some data integrity issues remain outstanding.

Cyber Attacks: Securing Agencies’ICT Systems 2014
List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.

The Shared Services Centre 2016
The department's administration of the Shared Services Centre (SSC) has been effective for sharing resources between the departments and delivering selected back-office services to a small client base. However, the governance arrangements established to oversight the SSC have not positioned it well for the future and the departments have not yet determined if the arrangement is efficient and resulting in savings. ANAO found instances where the advisory board of SSC was not consulted or involved in decisions relating to the strategic direction, financial arrangements and expenditure priorities. Information reported to the board did not focus on areas of strategic importance and the quality and completeness of this information could be improved. The mechanisms established for setting out responsibilities and obligations and ensuring transparency for services delivered by the SSC was weak. Service standards and levels were not fixed and can change. The delineation of responsibilities between the SSC and its clients was not clear and there was no commitment by the SSC to certify the quality of its control framework.

Cyber Resilience of Government Business Enterprises and Corporate Commonwealth Entities 2019
The ANAO noticed that despite the importance of cyber security in safeguarding the Australian Government’s digital information, there has been ongoing low levels of cyber resilience of non-corporate entities and weaknesses in the regulatory framework for ensuring compliance with mandatory cyber security strategies. The audit focused on: cybersecurity risk management, application of related norms and level of a culture of cyber security resilience.

Switzerland 11-50

Business Continuity Management 2010
The audit points, among others, at a necessary but difficult process chain: Policy - Analysis - Strategy - Planning - Training.

IT strategy of Swiss Federal Institute of Technology 2010
Interesting problems of IT strategy implementation - including that of organizational authonomy skope.

Does the Admin PKI correspond to the original objectives and the needs of the Federal Administration and the Cantons? 2010
A successful project of digital certificates distribution had difficult time when main Government players disagreed.

IT security in the Federal Administration 2011
Only minor deficiencies were revealed in the Windows environment but only in case of Microsoft products.Providers' lack of both assertiveness and synergy adds to 'the great unknown' of authonomous entities' networks.

Parallel Audit on Biometric Passports - Overall Results (anonymised) 2015
Swiss SAI summed up results of audits concluded in seven countries (Belgium, Latvia, Lithuania, Norway, Portugal, Switzerland). The evaluation of the reported results showed that the overall passport process is generally under control while a couple of high-risk findings were identified in the non-process-specific assessments. In the non-process-specific assessments, most of the countries found deficiencies and weaknesses related to the IS/IT system and the IT management. Medium risks have been identified in the area of laws and regulations, cost-benefit realisation and transparency, as well as in security regulations relating to internal and external personnel.

Audit of the key ICT project regarding a consumption tax platform Federal Customs Administration (FCA) 2015
SAI Switzerland analised problems steming from insufficient specification of a complex ICT system project concerning a consumption tax platform. The project's budget turned out to cover only 70% of the expected functions. Suspension of the project and restarting preparations stage followed.

Audit of the key ICT project federal GEVER programme Federal Chancellery 2015
Ever since 1990, sequential controls and file management have been part of the Federal Administration's IT landscape (GEVER business administration). Significant obstacles have to be overcome in order to ensure the successful creation and introduction of GEVER. Previous efforts did not have any widespread success and led to a diverse GEVER landscape. The federal GEVER project has now laid the foundations for simplification and centralisation.

Audit of the procurement of ICT products with the potential to be standard products 2015
SFAO points out what is critical in ICT procurement. Requirements management is extremely important, as well as procurement strategies for relevant product groups. Legal rules should protect investments and support competition, but they can still be insufficient without appropriate reporting - if you want your system to adapt to changes.

Analysis of alternatively financed building projects of the Federal Institutes ofTechnology 2017
Hundreds of millions was invested by third parties in the Swiss Confederation's real estate portfolio and analyses show a net return of over 4% for investors. Early exit from this alternative financing must be examined to get some advantages and greater attention must be paid to the economic effectiveness for future financing models.

Audit of the effectiveness of incident management in protecting federal ICT from cyber-risks 2022
The Swiss Federal Audit Office reviewed the effectiveness of the cyberinicident management process. In particular, the audit focused on issues relating to the timely flow of information from the sources to the Center, and on the processing this information with the Centre's own monitoring results. In addition, the detection of cyberincidents and the timely implementation of measures, as well as the flow of information to the relevant units, was assessed.

Examination of development and operation of the public key infrastructure 2023
Public Key Infrastructure (PKI) is understood here as a set of technologies, policies, and procedures used to manage digital certificates and public-private key pairs. Although the Swiss public key infrastructure related service achieved a high level of security, there are still areas for improvement such as system monitoring, log management, and decision-making processes. In addition, there are areas where transparency and coordination can be increased, such as in change, release, and life-cycle management. Finally, the costs and risks associated with transitioning to a commercially provided PKI should be considered

Czech Republic 5-32

The management of the State Property and Funds while Information Systems Building for the Ministry of Defence 2005
Both organizational changes and inflexibility produce unbalanced plans which cause deiscrepancies between IS and infrastructure.

Ministry of Education realized corrective measures incorrectly 2007
Several problems - from documentation to ineffectiveness - in designing and financing were found by the Czech SAI in a government program: the Funding Conception for Communication Services at Schools.

Preparations and realization of the State A-levels 2011
Analyzing problems of state examinations system, Czech Republic SAI found that commonplace strategy effected in shortsighted planning, poor procurement and disadvantageous contracting.

State funds spent on development, operation and using of data centres services 2015
SAI of Czech Republic analysed consequences of failures in strategic IT management at the state level. Lack of coordination and implementation rules reduced practical role of the ministry whose task was to guard high quality standards for all crucial IT systems in the state administration. Next consecquences were (among others) risk of uneconomical results of large IT investment and risk of inefficient supply of services, as well as opposite results of workforce reduction.

The Ministry of the Environment lacks a compact information system and still uses 125 separate information systems and databases 2015
The Ministry of the Environment (MoE) has for more than 20 years a legal obligation to administer and manage an Integrated Environmental Information System (IEIS). In spite of this fact, the existing systems (more than 125 information systems and databases) are designed, implemented and managed as individual information systems without a direct integration into a joint point of reference.

Germany 6-19

Finally updating the central information system for VAT control 2014
German Bundesrechnungshof demanded to update the IT system, which plays crucial role in the European system of fighting fraud related to the Value Added Tax (VAT). This BRH's case shows that reminding about appropriate follow-up can be as important as the very recommendation.

Federal Institute for Risk Assessment purchased unnecessary software 2015
The Germamn SAI audited the Federal Institute for Risk Assessment that introduce a new software. Time of implementation was nearly three times as long as originally scheduled. The costs also nearly trebled. Moreover, the Institute purchased unnecessary licences for expanding the software

Lack of information about heavy-duty transports on federal long-distance roads - number of closed bridges increases 2016
The Bundesrechnungshof of Germany revealed that the Federal Ministry of Transport and Digital Infrastructure does not know which routes are particularly affected by heavy-duty transports, since it has not obtained comprehensive information from the state authorities about the heavy-duty transports.

Cost-intensive data centres stood idle for years 2016
As found by the German SAI, some of costly Federal data centres stood largely idle. The Ministry failed to adequately assess the project risks. The Ministry needs to avoid similar shortcomings in the proposed federal IT consolidation project.

VAT risk assessment - better use made of information generated by inspections on company premise 2016
The audit by the German BRH shows that general tax inspections on company premises can also reveal facts that may be relevant for VAT risk assessment. 'However, this information cannot be adequately used for VAT risk assessment because it is not available in electronic format.'

Insufficient monitoring of consultancy work in large-scale IT projects 2017
The German Federal Ministry of the Interior did not sufficiently plan, monitor and control consultancy work in two large-scale IT projects, not being thus able to evaluate the amount of work done and pay accordingly. It was recommended by SAI the establishment of a quality management system and its application mandatory for large-scale IT projects

Denmark 13-65

Report to the Public AccountsCommittee on mitigation of cyber attacks 2013
Government agencies are open for cyber attacks because they often forget to respect three basic IT security measures. The three measures are: 1. technical restriction on programs downloading; 2. limited use of local administrators rights; 3. systematic software updates.

Report to on the user-friendliness and user involvement in the development of e-government services in Denmark 2013
The Danish Rigsrevisionen is of the opinion that the user-friendliness of the services can be improved if the authorities meet all the requirements of the Danish Agency for Digitisation concerning the matter. The audit covered user-friendliness related problems in case of five systems, before and after the launch. The systems take-up was also considered, as well as communicating with citizens who are unable to use digital services.

Report on the government’s processing of confidential data on persons and companies 2014
If a government institution does not protect confidential data to the extent necessary, the risk that third parties get unauthorized access to the data is very high. In opinion of the Danish SAI, inadequate protection of confidential data may also erode the citizens’ and companies’ confidence in government data security. That may eventually become a barrier for the continued efforts to implement e-government and make government administration more efficient.

Report on the problems connected with the development and implementation of the digitally based Shared Medication Record 2014
Digitally based Shared Medication Record is basis of the complex healthcare system. Rigsrevisionen analysed unsolved issues related to unclear business case, insufficient analysis of work flows and processes leading to implementation problems, governance not involving key players, and IT security organisation.

Extract from the report to the Public Accounts Committee on the access to IT systems that support the provision of essential services to the Danish society 2015
The Danish report concerns the measures - taken by six government institutions of various branches of State activities - to protect IT systems and data that support the provision of essential services to the Danish society from unauthorized access, obtained on the basis of domain administrator privileges.

Staff scheduling in government institutions 2015
Danish Rigsrevisionen shows in their study problems with staff scheduling in government institutions where employees are required to work irregular hours. Optimized staff scheduling contributed to reducing payroll costs. On the other hand, problems with rearrangement of work, recording working hours, optimisation of staffing levels and analysis of overtime triggers - add up to high costs of workforce. IT is not always used as ally either.

Usability of public digital services directed at businesses 2015
Danish Rigsrevisionen finds that the digital services directed at businesses, examined during this audit, are not sufficiently user-friendly from start to finish, and the authorities need to focus more on ensuring that relevant solutions are interlinked in a userfriendly manner.

Management of IT security in systems outsourced to external suppliers 2016
When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices

The protection of IT systems and health data in three Danish regions 2017
It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.

Relocation of government jobs 2017
The Danish government decided to move almost 4 thousand government jobs away from the metropolitan area. The purpose of the relocation was to attain a better balance and development across Denmark and ensure that government institutions were located close to the citizens and businesses. Study of the SAI Denmark shows that overall, the departments have implemented the whole operation in an appropriate manner. At the same time, however, the relocation had negative consequences for the institutions’ production which has also affected citizens and businesses.

The protection of research data at the Danish universities 2018
It is Rigsrevisionen’s assessment that the five largest universities are not adequately protecting their research data against unknown IT equipment. As a result, foreign actors may relatively easy gain unauthorized access to the universities’ research data.This is not considered satisfactory by Rigsrevisionen. The study shows that the five largest universities have defined guidelines for researchers’ use of software and hardware centrally, but that they have failed to centralise efforts to maintain a satisfactory level of security for research data. This is due mainly to the fact that, at some universities, researchers are allowed to bring their own devices,and at all the universities, researchers are allowed to have local administrator privileges, which gives them access to install software. Additionally, all five universities know of incidents where unknown hardware has been connected to their network.

Cyber security resilience of the Danish public sector II 2023
Danish NAO underlines that public authorities depend on IT to deliver their services. Thus, major IT problems and loss of data relating to critical IT systems can have far-reaching consequences for the government, citizens and companies. The audit focused on IT contingency plans, secure continuity of operations and mitigation of the consequences of system breakdowns or data losses in the event of major IT breakdowns.

Security of servers managed by the Danish Agency for Governmental IT Services 2023
Servers are essential part of IT infrastructure. At the same time, they are vulnerable to cyberattacks, because they can be exploited by hackers to gain unauthorized access to the system and steal sensitive information, corrupt data, or cause systems to malfunction. Once the security of a server is compromised, attackers can gain access to other computers and servers across the network. Danish auditors paid attention to risky stages of servers lifecycle.

Estonia 10-42

Effectiveness of internal controls in the protection of personal data in national databases 2008
Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.

Quality of public services in information society in 2010 2010
Irrespective of a few positive changes, the quality of provision of public services in information society has not improved significantly in comparison to 2007. Information about the services is still difficult to find on websites and people who use public services must still submit unjustified documents, proof of facts or go to administrative agencies in person.

Results of the development of the state’s information systems 2010
Conclusions of performance IT audit based on a sample of government projects: business portal, land register, e-police, fire safety monitoring system, childcare information system and the document management system of the Defence Forces. Key problems and discussion with auditees are presented.

Management and development of IT systems in the Ministry of the Environment 2012
Correctness and reliability of the environmental data is guaranteed to a considerable extent. However there is a need for redevelopment of environmental information systems, particularly by the Environmental Register.

Use of European Union funds in promoting information society 2012
Access to useful information, true suppervision and measurement of progress are listed by the Estonian SAI as key elements necessary to keep balanced development of strategy for Information Society.

Submission of data to national databases in municipalities, towns and cities 2013
The NAO of Estonia audited the activities of state agencies in the management of the database selected for the audit, to which local authorities are obliged to submit data. It was found that in most cases the state does not compensate the costs of data submission for local governments.

Activities of the state in implementing the e-health system - Do the state, doctors and patients benefit from ehealth? 2014
The report reviews whether the objectives set to the e-Health – ambitious multiyear program of Estonian Government - have been achieved. They are: higher quality of the health service and more efficient organisation of health care. As SAI Estonia found out, wide range problems started from two basic points: lack of strategic manager and unrealisitc schedule.

Effectiveness of development of broadband network or high-speed internet 2015
The Estonian Information Society Development Plan foresees that high-speed internet of 30 Mbit/s should be accessible to all people in Estonia by 2020 and that 60% of the population will be using superfast internet of over 100 Mbit/s. To achieve these goals, the state, with the help of European Union support, decided to establish a broadband network which is not further than 1.5 km from 98% of homes and institutions. Private companies have not entirely met the Government's expectations. The Estonian SAI has looked for an answer: Why?

Centralisation of support services of state authorities 2018
Centralisation of support services of state authorities has generally been successful, the quality of accounting has improved, and accounting has become more effective. The objective of saving on costs was not achieved. It would be beneficial to analyse the implementation of a similar model in local governments, i.e. concentrating the accounting services to central units in order to improve the quality of accounting and make work more effective. It would allow saving working time on doing routine accounting procedures and use this time more for financial management, which helps to use public funds better and more expediently.

Database access management 2023
Does database access management ensure that only authorised individuals can access data? The report provides insights into the implementation of access management practices regarding public administration databases in Estonia. The document emphasizes the importance of establishing robust information security processes, including risk assessment, access management, data protection, incident response, security monitoring, and compliance management, to safeguard sensitive data and IT resources from unauthorized access and security breaches.

Finland 5-25

The development and use of identification services in public administration 2008
See what may go wrong with the IT public procurement. Check out what is the basis to avoid irregularities or omissions in complying with public procurement legislation. National Audit Office of Finland identified also risks resulting from lack of horizontal coordination.

The implementation of national IT projects in social and health care 2011
SAI Finland perfomed a vast review of IT projects in health and social protection. Many interesting findings cover structural problems, as 'Many separate systems with no future' and characteristics of poor governance, as 'No cost monitoring - unclear objectives - arguable usefulness'.

State aid for IT projects in social and health care 2011
Finish Audit Office analyzed results of poor cooperation between authorities on national and local level in social and health care projects: difficult integration of information systems and poor coordination of the financing information technology projects, including double financing.

Immigrant students and the effectiveness of basic education 2015
SAI Finland performed independent analysis to find out real situation regarding immigrant students' education. They found that despite more positive attitude than in case of native students, the immigrants' performance and education outcomes need more support.

Cyber protection arrangements 2017
The SAI Finland investigated whether cyber protection in central government had been arranged as effectively and cost-efficiently as possible. In their opinion, the rise of concern is required in operating modelling, design of procedures and change management approach.

Hungary 6-23

Audit on the operation of the “Ministry of Finance” Central Budget Chapter 2008
Hungarian Audit Office analyzed in detail fundamentals of proper IT investment taking into account problems of Budget Management System.

Operation of the Hungarian State Holding Company in 2009 2010
The State Audit Office of Hungary audited the Hungarian State Holding Company and found that reliable data management is essential for effective property management. The IT project aimed at supporting state property management had serious deficiencies in the field of project management. As a consequence of the weaknesses in data management, the chartered accountant refused giving an opinion both in 2008 and 2009 as there were no reliable data available for an opinion on the financial report.

Operation of the Record Systems Applied in the Eligibility Scheme of Benefits and Services Provided from the Social Security Funds 2012
State Audit Office of Hungary.has proved that date safety may depend on quality of regulations. The report on record systems of social security services casted light on risk connected with huge data bases managed by different entities, in a changing legal environment.

Audit of the asset preservation and management activities of state-owned (partly state-owned) economic organisations – HungaroControl Hungarian Air Navigation Services Pte.Ltd.Co. 2017
Lack of formal approval of the 2014 annual report was an issue found by Hungarian auditors in HungaroControl, a state-owned company, which provides training for air traffic personnel and carries out air navigation research and development.

Correlations between the operational risks of companies in the majority ownership of local governments and the financial situation of the local governments 2017
The Hungarian SAI analysed four risk areas, taking 19 aspects and the specificities of Hungary’s settlement patterns into consideration. The four areas defined were the following: performance of public tasks, exercise of proprietary rights, financial stability of local governments, and short and medium-term stability of the financial management of companies.

Municipalities’ internal control system – Audit of the establishment and operation of the internal control system of municipalities – on the audit of Rudabánya 2018
The SAI Hungary published the compliance audit of the establishment and operation of the internal control system, as well as certain investment decisions, their implementation and accounting at the Local Government of Rudabánya. Apart from positive findings, some accounting irregularities and insufficient controls established to ensure organisational integrity were pointed out.

Lithuania 12-75

Management of Information Resources of the Ministry of Agriculture 2013
Since 1996 the Ministry has been using information systems of varying complexity for collecting and processing data, including personal data. The Ministry of Agriculture of the Republic of Lithuania has managed 32 information systems and registers. SAI of Lithuania revealed that systems were not well mantained what affected use of funds devoted to the systemsand also their legality and security.

Protection of automatically processed personal data 2013
Rapid development of information and communication technology continuously brings about issues of personal data protection. Due to lack of long-term vision in this area they are frequently not addressed by the existing legislation. Moreover, SAI of Lithuania revealed failures in organization and control of personal data protection by public sector.

Management of State Information Resources 2013
The leading idea of the 'Approach to Management of State Information Resources' programme was to entrench a comprehensive management of data resources. After five years preparations, the desired momentum was still not the case. SAI Lithuania analysed roots of the problems: concept, poor use of funds, lack of interconnections, unsatified users.

General and Creation Control of the Information Systems of the Ministry of Foreign Affairs 2013
SAI Lithuania looked into all critical elements of a Ministry's information system, starting from IT architecture, through information security to automation of data processing.

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA 2015
SAI Lithuania determined that the issue of ensuring and increasing cyber security and resilience has not been effectively addressed at the national level. The focus has primarily been on reacting to and preventing incidents in cyber space, which means that traditional issues related to electronic information security (confidentiality, integrity, accessibility) have been neglected, and from 2015, not enough attention has been paid to development, legislation, improvement of organisational structure, etc. in this field.

Management of Police Information Resources 2015
Review by SAI Lithuania makes readers aware that nowadays it is difficult to develop a larger IT system without whole conceptual infrastracture: planning composed into strategy of the organisation and well understood architecture of information. Well functioning IT management structures, which on the other hand may sound trivial, were proved here as the key to success.

Management of Information Resources of the Ministry of the Interior 2016
Main risk areas in case of this audit were strategic and organisational - Ministry’s weak ownership of IT resources, insufficient audit and internal control function. SAI Lithuania auditors found also flaws in change management and security processes. But the finding, which gave them the key to the root cause of problems, was connected with maturity assessment of the auditee's IT processes.

Whether Disclosure of the Public Sector Data Is Ensured 2016
Why open data are so dificult to become reality? Lithuania possesses the elements required to disclose data but lacks a strategic approach. The report by SAI Lithuania reviews all critical elements of this problem. Most of them look like a pattern reproduced by other countries. And one important thing: the SAI Lithuania opened their own data - exactly on the day of publication of the audit report!

Smart tax administration system 2019
Lithuanian taxpayers use the e-services and the Lithuanian state uses a data analytics centre to handle part of the identified data modelling. The smart tax administration project's objetives are to enhance the positive processes. As the SAI Lithuania discovered, due to the implementation weaknesses, however, the project's success may be partially reduced.

Is Cybercrime Combated Effectively 2020
SAI Lithuania noticed that with the growing amount of cybercrimes, the society must be prepared to recognise the threats of cybercrime and be able to protect itself from them. There is a number of forces capable of preventing and investigating this type of crime, but auditors identified shortcomings in cybercrime prevention and investigation processes, starting from lack of common taxonomy and criteria.

Cyber Security Assurance 2022
The Lithuanian SAI audit covered a range of key topics regarding the national cybersecurity: risk management, planning, incidents management, and legal regulation of cyber security and electronic information security.

Management of digitalization of public and administrative services 2023
The Lithuanian SAI found that some electronic services provided by public institutions are unavailable through the E-Government Gateway portal. Institutions do not perform evaluations of the suitability of public and administrative electronic services for users and do not identify the needs for changes in the service provision process.

Latvia 11-65

Evaluation of the effectiveness of implementation and compliance with regulatory enactments and the legal framework of the project “E-government Portfolio” 2010
Wide list of problems that can be met when more care is received by 'absorb funds' objective than by clear vision what and how can be improved. SAI Latvia's analysis shows how dangerous it can be for both effectiveness and financial management.

Actions of national and municipal authorities to ensure the fulfillment of the obligations under the Loan Agreement “Safety Net and Social Sector Reform Program” between the Republic of Latvia and the World Bank 2011
SAI Latvia reviewed the unemployment benefits system and analyzed the cosequences of poor information flow among state and municipalities registers. Findings presented in the report are result of effective use of CAAT software.

Material–technical supply of the State Police 2013
SAI of Latvia reveals chain of events that lead to unsuccessful implemenation of two important IS of the State police. What started with an absence of the strategy ended up with budget, time overruns and an IS not ready for effiecient use.

Software management assessment in local governments and local government educational institutions 2013
Manage your software! Local governments and local government education institution neglect basic safety procedures, use outdated or illegal kinds of software, use two and more different software for the same function.

Storage of Electronic Documents and Data at the National Archives of Latvia 2015
National archives fulfil an important function for storing the documentary heritage and became one of the most important sources of information. But after electronic documents have entered our daily lives and majority of state administration processes have been transferred to electronic information systems, the archives still have a lot of work to do for improving the storage of electronic documents. SAI Latvia analysed causes of over 12 years with no progress in this domain.

Is the project 'E-health in Latvia' a step towards the right direction? 2015
Project “E-health in Latvia” supports healthy lifestyle, it will provide valuable and accessible information and will promote more efficient provision of services to patients. It is undoubtedly a step towards the right direction then. However, as found the Latvian SAI, the e-health policy will not be implemented within the initially planned scope and deadline and within set data security levels, thus the objective of this policy – to promote more effective provision of healthcare services will be attained only partially.

Does the state administration effectively use the stored information? 2017
Latvian auditors found that government institutions have a good cooperation in the area of data use, but there are still several areas wherein a person still has to perform the function of a 'courier'. Many channels of data exchange and distribution used in state administration create a fragmented and complicated environment for maintenance of ICT, while responsible ministry does not become actively involved and does not coordinate cooperation of institutions.

Has Public Administration Used All Opportunities for Efficient Management of ICT Infrastructure? 2019
Centralised management of ICT services and infrastructure would allow the institutions to optimise in long run their resources – financial, human, material and technical. However, we observed during the audit that the move towards ICT centralisation and single data centres has ceased. The different ministries and even the institutions subordinated to the same ministry do not cooperate sufficiently with each other regarding the ICT management, maintenance, and infrastructure placement. They rather choose to maintain their own, sometimes even several, data centres.

Does the Public Investment in Internet Access Reach the Population? 2020
Latvia is known for its high-speed Internet provided to individuaals and business. Auditors verified results of the Government's effort to strengthen national infrastructure in this regard. They ponted at issues in: planning, risk analysis, information flow, quality and impact.

Does the country ensure effective use of the official electronic address in communication with individuals and businesses? 2021
The eAddress solution was designed and the laws and regulations were approved to stipulate its operating principles, but the implementation of the solution caused difficulties by resulting in the non achieved goals of the eAddress. The eAddress aims at providing official electronic communication between the state and an individual; which is not achieved as individuals rarely use it. The eAddress solution is new and unknown, and other, more familiar channels are available for electronic communication with the state. The principles of eAddress (security, guaranteed delivery, and convenience) do not ensure sufficient motivation to change existing communication habits.

Can we rely on the access to IS and the receipt of e-services? 2022
The requirements for the attainable level of accessibility for the integrated national IS, state integrator and e-services have been set in regulations, but it is not clear what and how to measure and there is no calculation methodology either. Auditors did not get an unequivocal answer because the information provided by the institutions about the level of access to information systems and e-services was mostly based on opinions, not facts. Institutions understand the IS accessibility achieved in different ways, as they do not measure anything and do not even highlight IS accessibility as a necessity, they only measure the accessibility of databases (which is one of the components for IS and e-service to function), interpret IS security incidents in different ways.

Netherlands 7-46

Lessons learned from government ICT-projects 2007
Excellent analysis of systemic errors commited when designing Government IT projects. The report aims at the essence of problems which are encountered far from information technologies - in: politics, business, psychology... Do not be misled by date of report, it is evergreen for all who really want to know why IT projects fail.

Data security and positions with access to confidential information 2011
Surprising weaknesses were revealed by the NCA in its Government-wide operational audit performed as part of the 2011 audit into the state of central government accounts: Poor quality of data protection policy and poor protection of information systems. Also, non vetted positions with access to confidential information.

Open Data Trend Report 2015 2015
The Dutch SAI looks for ways to improve open data practice in the Netherlands. They point at experience of two leading countries: UK and US, and advise to: prepare a concrete action plan, to increase number of mandatory published data, to develop government-wide data inventory and to put open data to work.

Products sold on the European market: unravelling the system of CE marking 2017
The Netherlands National Court of Audit was interested in finding out whether anyone keeps track of all the actors involved in the process of system of European Union product markings. The interest was aroused by an observation that the vast majority of the questions raised about the system were prompted by incidents and that the questioners did not generally appear to be interested in the operation of the system as a whole...

Cyber security of border controls operated by Dutch border guards at Amsterdam Schiphol Airport 2020
Who does not know the Amsterdam Airport? As put by the Netherlands Court of Audits: the IT systems used for border controls at the Schiphol Airport are in the midst of a process of rapid development. The auditors reviewed the process and pointed at necessity of formal certification and better mechanism of information analysis. The report picutres also the organisation of the controls - must read for all frequent fliers

Understanding algorithms - 2021 2021
The Netherlands Court of Audit applied their audit framework to algorithms used by the Dutch Government. They point at the salient issues like: lack of clear requirements, risk of anomalies produced, insufficient documentation and thus transparency, need for more privacy guarantees. What more, the Dutch colleagues provide their audit framework as an appendice. (The CUBE web page re-edited in line with the up-to-date format).

Understanding algorithms - 2021 2021
The Netherlands Court of Audit applied their audit framework to algorithms used by the Dutch Government. They point at the salient issues like: lack of clear requirements, risk of anomalies produced, insufficient documentation and thus transparency, need for more privacy guarantees. What more, the Dutch colleagues provide their audit framework as an appendice. (The CUBE web page re-edited in line with the up-to-date format).

Poland 5-27

Public access point to the Polish e-Administration 2008
Presentation based on a vast audit by Polish SAI which subject was of big network project aiming to provide one access point to Government and Selfgovernments services. The presentation illustrates the EUROSAI ITWG 'Algorithm approach' and focuses on procurement systemic problems.

Risks of e-Governance Strategy Dominated by Outsourcing 2010
Presentation based on audit of IT services in Polish Ministry of Public Assets. Outsourcing risks were classified and next identified at Business Case, preparation and teststing stages.

Informatization of hospitals 2013
Informatisation of healthcare is one of the most money-consuming IT activities of the State. Polish NIK shows how a poor concept can delay modernization of hospitals. The new IT system was expected to take some burden off doctors, streamline medical care, prevent fraud and improve efficiency. But will it be created at all?

IT Police Systems 2013
Polish NIK compared the implementation of two flagship IT projects of the Police HQ: successful 'Command Support System' and problematic 'E-police station'. List of interesting problems appeared...

Audit on the broadband internet infrastructure access 2015
Polish SAI audited a project, which aim had been to develop broadband internet network across the country. They revealed that legal obstacles, idleness and lack of supervision were the main causes of delays. Some of the projects are in danger of not being completed on time and some of the EU funds may not be fully used.

Sweden 17-88

IT Support in the Judicial Chain 2011
Despite many years’ of work to modernize the IT support within the judiciary, there are still many deficiencies. The Government has not given the authorities good conditions enough to lead the work. The authorities, in their turn, need to improve their steering and control, as well as interact to a much higher degree.

Correct information at the right time in healthcare and nursing – collaboration without effect? 2011
Health and social care staff has very limited access to patient information from other care-giving institutions, which may lead to health damage and wrong-treatment. The cooperation between the Government and the municipalities must improve if the investments in better access to common patient information shall get impact in practice.

The National Government Service Centre – Has administration become more effective? 2016
The Service Centre – payroll and financial administration IT system for Swedish public agencies under the government – has achieved the target of a subscription rate of 25 per cent of the total number of state employees. However, subscription to the Service Centre was initially slower than the Government had predicted and meant lower revenues than expected in autumn 2013. The Service Centre then introduced a rigorous review of its expenditure, for example for some planned development initiatives for internal procedures and support systems.
The Swedish NAO noted that the Government’s steering of agencies' subscription to the Service Centre’s services was limited to start with. For example, the Service Centre’s operational targets for subscription did not refer to agency size, which is important in achieving economies of scale. In addition, the Government has instructed agencies to review the question of subscription and report their reasons for delaying subscription.

Information security work at nine agencies 2016
Together with the Swedish NAO we assume that the picture that emerges at the agencies audited applies also to most of the other agencies in the public administration. The information security work is not given high enough priority in relation to the risks that exist. This applies to both the Government, which should have been clearer in its directions to agencies on this matter, and to agency managements, which did not give priority to the work of information security to the extent required. Much indicates that it is difficult for many agencies to achieve an appropriate level of information security work.

Incorrect payments in social insurance - Control activities of the Swedish Social Insurance Agency 2016
Role of social insurance in public finance is so substantial that reduction of incorrect payments' volume is matter of huge savings. The Swedish NAO noted positive initiatives by the Social Insurance Agency in this regard. However they found also, that serious problems can stem from giving higher priority to the speed of payment and customers satisfaction. They both are undoubtedly important features of each system, still, the prevention of incorrect payments needs strategic support to be really effective.

Population registration - uphill quality work 2017
The Swedish NAO notes that quality requirements for population registration are highand that quality work should concentrate on the errors that have the most seriousconsequences for society. They point then at the need to increase knowledge of the errors, improve IT tools and governance to receive more quality work.

Supply of food and medicinal products 2018
Deficiencies in emergency preparedness and weaknesses in governance are still found by the Swedish NAO in the system of safeguarding supply of food and medicinal products. The system is complex and NAO appreciates efforts made by responsible agencies. However, they found also insufficient clarity in division of responsibilities and weaknesses in coordinantion.

The protection of valuable forest 2018
Protection of valuable forest land is an important mean of achieving the environmental quality objectives. Governments can establish formal protection of forests through the formation of national parks, biotope conservation areas, nature reserves or by signing nature conservation agreements. Beyond the state's formal protection of forests, the forest owners themselves are also expected to contribute through voluntary set-asides of forest. From a state perspective, it is important to investigate whether or not the resources for formal protection are being used cost-effectively. However, in order to achieve cost-effective formal protection work, the state also needs to address forest owners' voluntary set asides.

Protection against fraud in migration activities at missions abroad 2018
The audit showed that reports on alleged fraud in migration activities at missions abroad increased continually between 2014 and 2017. Altogether about 60 alleged cases of fraud were reported during the period, including selling interview appointments, stolen visa stickers, issuing visas on false grounds and prohibited searches in case management systems. Missions abroad, the Ministry for Foreign Affairs and the Swedish Migration Board are all responsible for migration activities at missions abroad. The division of responsibility between them is sometimes unclear and difficult to assess. According to the Swedish NAO this leads to particular challenges in ensuring satisfactory and common protection against fraud at missions abroad. Ensuring protection is made even more difficult in that the missions abroad vary regarding in terms of size, case volume, case mix and risk exposure. In addition, for the missions abroad the internal control requirements are notsufficiently explicit.

Recovery of housing allowance - easy to make mistakes 2018
Housing allowance recovery rules are complex and outdated. What more, ad hoc changes can result in unpredicted deficiencies. The Swedish NAO found that monitoring and evaluation based analysis is of critical importance to avoid problems on the administration side - and what much more important: on the side of financialy vulnerable households.

For the sake of security – intelligence sharing between the Police Authority and the Swedish Security Service 2018
The Swedish NAO audited whether the Police Authority and the Swedish Security Service share intelligence effectively to prevent and combat violent extremism and terrorism. In this highly non-typical environment, some universal rules turned out to be still valid. We would like to emphasise role of : organizational patterns, information access rights and sincere feedback.

The Annual Municipal Accounts as a basis for comparing municipalities - are the cost indicator reliable? 2018
Municipalities report among others, their costs, which cannot be directly attributed to any specific activity, product, or service. Standardized taxonomies exist, but they are not applied uniformly. Swedish NAO traces ramifications: lower ability to compare municipalities' data and need of more central level control.

Higher education institutions' provision of premises- room for improvement 2018
Higher education institutions' rental costs constitute a significant part of central government rental expenses. Swedish NAO analysed results of reform, which aimed at more effective use of resources at central government agencies and more effective management of real property and assets for the State as a whole. Apart from the positive results as a whole, substantial room for improvement still exists: especially in identifying targets of costs, looking for incentives and in mitigating commercial approach to education institutions.

The Swedish Transport Administrations support to research and innovation 2018
The Swedish agency dealing with transport innovations did not use sufficient control over its research funds, shows the audit of the Swedish National Audit Office. The deficiencies include risk analysis, administrative procedures and management of taxpayers' money.

The Art of Governing – the Government’s management of cultural sector institutions 2019
Cultural sector is characterised by a large number of small government agencies, companies, foundations and a large diversity of operational forms. Governments may then have problems with the risk of conflicting goals.

Swedish Customs control – an accurate enterprise? 2019
Control activities play an important role in successful work of Customs Service. Lack of thoroughful analysis of own errors can lead to ineffective use of some tools, and as a result, to difficulty in focus identification.

Government control of national information and cyber security – both urgent and important 2023
The Swedish NAO audited whether the Government’s efforts to strengthen national information and cyber security had been efficient. The audit’s focused on problems related to: strategy, coordination and international best practices.

UK 20-137

The National Offender Management Information System (NOMIS) 2009
An initiative to build a single offender management IT system for the prison and probation services has not delivered value for money. The NAO investigation found the project had been hampered by poor management leading to a three-year delay, a doubling in project costs and reductions in scope and benefits.

Identifying and meeting central government's skills requirements 2011
UK Departments have invested heavily in skills development. Government estimates that expenditure on formal training, including salary costs of departmental learning and development staff, was £275 million in 2009-10. NAO identified weaknesses of the system which start with devolved responsibilities, lead to: weak data, mis-profiled trainings, doubtful personal decisions, lack of well-targeted evaluation - and finish at more expensive buying-in and retaining key skills...

Managing the risk of legacy ICT to public service delivery 2013
UK’s government experience in managing the risks connected to legacy ICT provides valuable insight for others facing the same problem and are considering transforming their services.

The rural broadband programme 2013
The British NAO's audit report of 2013 concerns ambitious yet delayed UK government programme, which objective was to have the best superfast broadband network in Europe by 2015. The report focuses on one of the programme's main problems: rural areas, where commercial providers had no plans to invest, because of lower returns.

Central government staff costs 2015
The British NAO found that departments had significantly reduced numbers of their civil servants and of course salary costs at the same time. But they reduced staff numbers mainly by minimising recruitment, and the age profile of the civil service has changed. NAO pays a lot attention to what effect this has had on the future pipeline of talent and skills. It reminds also that the departments need long-term operating models to work efficiently with the staff reduced.

Conflicts of interest 2015
the British NAO gathered a significant amount of intelligence on conflicts, particularly in the health and education sectors. These are areas of government where services are increasingly commissioned and delivered by parties at arm’s-length to departments. Conflicts of interest can occur naturally as a product of the way a system is designed and most often arise from operational situations.

Use of consultants and temporary staff 2016
UK NAO: Used well, consultants and temporary staff can be an important source of specialist skills and capabilities that are uneconomic for departments to maintain in their permanent staff. Since 2009-10, the government has used spending controls to reduce its use of consultants and temporary staff, and by 2014-15 spending had fallen by £1.5 billion. However, spending has increased by between £400 million and £600 million since 2011-12, suggesting that this was more of a short-term reduction than a sustainable strategy. In the longer term, departments will need to develop workforce, skills and capacity plans to reduce their dependence on external skills. They will need to improve their strategic workforce planning to determine where they can deploy existing staff, where they need to recruit, and where they need to engage temporary resources. Without this, departments cannot demonstrate that they are achieving value for money from the use of consultants and temporary staff.

Homelessness 2016
British NAO analyses the root-causes of unsuccessful effort to reduce homelessness in England. They point at a side effect of the Goverment reform of welfare reform and at lack of full impact assessment.

Performance measurement by regulators 2016
Primary adressees of this good practice guide - by the British NAO - are regulators, the public institutions established for making sure that an industry or system works legally and fairly. But we are sure that many more can find this guidance useful - including auditors. NAO presents a comprehensible framework for performance measurement and hints how to focus on influence that regulators can use.

Protecting information across government 2016
The UK National Audit Office noticed that in recent years, cuts to departmental budgets and staff numbers, and increasing demands from citizens for online public services, have changed the way government collects, stores and manages information. Concurrently, the threat of electronic data loss from cyber crime, espionage and accidental disclosure has risen considerably. The NAO’s audit results in emphasising role of the whole system coordination.

Digital transformation in government 2017
As the NAO states: Government faces significant challenges in providing public services. While many government services are now available online, public administration is struggling to manage more complicated programmes and to improve the complex systems and processes that support public services.

Housing in England: overview 2017
Even if housebuilding in England has not kept pace with need and there has been a reduction in social rented homes, significant advantages can be enjoyed: an increase in home ownership and in the number of private rented homes. The quality of housing improved in recent years too. The National Audit Office has reviewed critical elements of the housing being one of the government's key priorities. Looking for risks, they found that a potential conflict of objectives can lead to tensions in delivery.

Online fraud 2017
This type of fraud can affect everyone, but yet it is not a strategic priority for local police forces and the response from industry is uneven. UK NAO underlines: For too long, as a low-value but high-volume crime, online fraud has been overlooked by government, law enforcement and industry. It is a crime that can affect everyone. Fraud is now the most commonly experienced crime in England and Wales, is growing rapidly and demands an urgent response. Yet fraud is not a strategic priority for local police forces, and the response from industry is uneven.

WannaCry Cyber Attack and the NHS 2017
The NAO's investigation points at the problem of insufficient powers of the cybersecurity coordinator across the health organisation. As a result no remedial actions were taken, and the cyber attack succeeded thanks to neglected precautions.

Good Practice in Annual Reports 2016-17 2018
The Building Public Trust Awards, sponsored by PwC, have been running for 15 years and the British NAO co-sponsors the public sector award. The Good Practices in annual reports 2016-2017 present eye-opening examples of how to make complex reports easily understandable and how to clearly outline goals and achievement of them.

Improving government’s planning and spending framework 2018
NAO reviewed the UK government's progress in improving their planning and spending framework. The auditors found that the complex structure and lack of longer term perspective in planning form a significant obstacle to fully benefit from the framework.

The BBC’s understanding of its audiences and users 2019
Audience data and insights are critical to the success of broadcasters - which is also true in the case of the world renowned British Broadcasting Corporation. Auditors reviewed the BBC's main projects and the analyst team dedicated to collect and interpret the audience related information. Data coherence, review of performance and benefits traicing - belong to key areas in need of substantial refinements.

The effectiveness of Official Development Assistance expenditure 2019
The audit of the UK's Official Development Assistance revealed among others: fragmented responsibilities and difficulties in review and reporting. These led to difficulties in assessment of effectiveness of the assistance and of progress in implementing the UK Aid Strategy.

Improving broadband 2020
UK NAO's report on goverments extensive support to the superfast internet, with special focus on the Future Programme perspectives. Influence of the COVID-19 pandemic considered.

Use of artificial intelligence in government 2024
The British NAO covered strategy and governance, use of artificial intelligence in government and future opportunities. The auditors considered also support for adopting and scaling AI. They point out fundamental areas to exploiting AI opportunities: “updating legacy systems and improving data quality and access”. NAO noticed at the same time that it will take time to implement.

USA 24-147

Electronic Records. Management and Preservation Pose Challenges 2003
This audit of GAO, reported in 2003, can be helpful in looking for basic problems in electronic records management. These problems are compounded as computer hardware, application software, and even storage media become obsolete, as they may leave behind electronic records that can no longer be read.

Software Developement Effective Practices and Federal Chalenges in Applying Agile Methods 2012
Useful products delivered in a short time are basis for often applauded features of agile project approach. Applied by many private companies, it tends as well to be more and more popular among state administrations. American GAO reviewed set of agile projects and revealed - apart from advantages - a set of commonly occurring problems: poor team work, lack of time and deficit of customers’ trust.

Information Technology Cost Estimation Agencies Need to Address Significant Weakness in Policies and Practices 2012
Check out what may go wrong with the information technology cost estimation. Results of the US GAO audit can help to identify high risk areas: comprehensiveness of estimations, their documentation, lack of adequacy and inadequate implementation.

Improved Planning and Performance Measures Are Needed to Help Ensure Successful Technology Modernization 2012
Social security issues can touch lives of many. Information technology in this area are increasingly costly and difficult to maintain. GAO is recommending to develop comprehensive metrics to effectively gauge modernization progress; complete comprehensive strategic planning, including its enterprise architecture; and define the new roles and responsibilities to help ensure effective oversight.

ACQUISITION REFORM: DOD Should Streamline Its Decision-Making Process for Weapon Systems to Reduce Inefficiencies 2015
The US Department of Defense (DOD) has long sought to improve the efficiency of its weapon system acquisition process, including the time and effort needed to complete the milestone decision process. Good practices of some DOD programs and five commercial firms were used by GAO to look for new momentum in refining the process.

Copyright Office Needs to Develop Plans that Address Technical and Organizational Challenges 2015
GAO shows in its report on the US Copyright Office, what is a role of IT strategy in organisaion. Effects can be found at the bottom and at the top: the lack of strategic plan can make it more difficult to solve practical problems, but it can also put the overall mission of the Office at risk.

Federal Agencies Need to Address Aging Legacy Systems 2016
The US government spends about 75 percent of the total amount budgeted for information technology on operations and maintenance. GAO reviewed Office of Management and Budget and 26 agencies, covering years 2010 through 2017 and recommends to develop a goal for spending measure and finalize guidance to identify and prioritize legacy IT needing to be modernized or replaced.

Federal Human Resources Data 2016
GAO audited the Enterprise Human Resources Integration payroll data warehose. The American auditors pointed at problems that may impede 'leverage of these data to meet its mission and allow others to make full use' of them. The critical internal contols areas to be improved in this cas are: completeness, accuracy, and validity of information, authorization, documentation, monitoring, results' evaluation.

FEMA Needs to Address Management Weaknesses to Improve Its Systems 2016
GAO audited the agency of the Department of Homeland Security, responsible for federal efforts to mitigate, respond to, and recover from disasters. American auditors recommend that the agency fully define its investment board’s roles and responsibilities and procedures for selecting and overseeing investments, update its strategic plan and complete plans for IT modernization, and establish time frames for completing workforce planning efforts. The agency should also establish policies and guidance for implementing key IT management controls.

Homeland Security. Oversight of Neglected Human Resources Information Technology Investment Is Needed 2016
Although the Human Resources Information Technology (HRIT) investment was initiated about 12 years ago with the intent to consolidate, integrate, and modernize the department's human resources IT infrastructure, the Department of Homeland Security (DHS) has made very limited progress in achieving these goals. HRIT's minimally involved executive steering committee during a time when significant problems were occurring was a key factor in the lack of progress. This is particularly problematic given that the department's ability to efficiently and effectively carry out its mission is significantly hampered by its fragmented human resources. DHS's ineffective management of HRIT, such as the lack of an updated schedule and a life-cycle cost estimate, also contributed to the neglect this investment has experienced. DHS will be limited in efficiently tracking and reporting accurate, comprehensive performance and learning management data across the organization, and could risk further implementation delays.

OMB and Agencies Need to Focus Continued Attention on Implementing Reform Law 2016
IT investments are large and growing position in annual budgets. Historically, they have frequently failed, incurred cost overruns and schedule slippages, or contributed little to mission-related outcomes. GAO recommendations focus on the oversight and execution of the data center consolidation initiative, the accuracy and reliability of the IT Dashboard, and incremental development policies.

Opportunities Exist for SEC to Improve Its Controls over Financial Systems and Data 2016
Financial audit by US GAO was accompanied by an IT examination focused on information security measures in the Securities and Exchange Commission (SEC). GAO found that SEC’s systems could be compromised, because of risks jeopardizing the confidentiality, integrity, and availability of sensitive financial information.

VETERANS’ HEALTH CARE - Preliminary Observations on VHA’s Claims Processing Delays and Efforts to Improve the Timeliness of Payments to Community Providers 2016
US GAO analyzed all factors of slower processing and user unfriendliness that occur sometimes to the veterans healthcare. The main focus is data processing - and it has been proved that it can be failing not only because of technology, but also because of work-process design, staff and organisation.

RURAL BROADBAND DEPLOYMENT: Improved Consistency with Leading Practices Could Enhance Management of Loan and Grant Programs 2017
US GAO applied its COSO based Green Book to review consistency of support programs for rural information infrastructure.

Steps Needed to Identify Acquisition Training Needs for Non-Acquisition Personnel 2019
Despite from hundreds of billions of dollars spent annually to acquire products and services, the US Department of Defense does not full information about staff to be trained. The information is needed about the non-acquisition staff, who can play crucial role in particular acquisitions. As GAO underlines, their identification is necessary to fully understand the training needs and... budget.

Opportunities Exist for FAA to Improve Airport Terminal Area Safety Efforts 2019
The US GAO examined various issues related to runway safety and to update its prior work on airport terminal areas. Their findings point at inefficient use of data, which may lead to more risk and to inefficient targeting their limited resources.

Electronic Health Records - VA Needs to Identify and Report Existing System Costs 2019
The US Department of Veterans Affairs provides health care services to approximately 9 million veterans and their families. However, the IT system they use is more than 30 years old, is costly to maintain, and does not fully support exchanging health data. The US GAO, analyzed the system's modenization plans and found serious problems with definition and cost estimation.

VA ACQUISITION MANAGEMENT: Supply Chain Management and COVID-19 Response 2019
US Department of Veterans Affairs acquires hundreds of millions of dollars-worth of medical supplies each year. The Medical-Surgical Prime Vendor-Next Generation (MSPV-NG) is one of its key initiatives to modrnize its processes. GAO auditor pointed in their previous audits that the approach lacked an effective medical supply procurement strategy, clinician involvement, and reliable data systems. In time of the pandemic, the problem seems even more difficult to deal with.

Broadband: Observations on Past and Ongoing Efforts to Expand Access and Improve Mapping Data 2020
Review of the GAO audits concerned with broadband deployment, especially across areas where costs are high and returns on the investment are low.

GAO-20-701, COVID-19: Federal Efforts Could Be Strengthened by Timely and Concerted Actions 2020
The bimonthly GAO report on efforts related to the COVID-19 pandemic examines key actions the federal government. Among others, interesting points: medical supply chain, future vaccine distribution, data collection and cybersecurity.

AUTOMATED TECHNOLOGIES: DOT Should Take Steps to Ensure Its Workforce Has Skills Needed to Oversee Safety 2020
The US GAO analysed the Department of Transportation’s efforts to provide automated transportation with a highly skillful oversight. ...

ARTIFICIAL INTELLIGENCE: An Accountability Framework for Federal Agencies and Other Entities 2021
A must-read: the US GAO’s advice about how to review artificial intelligence technologies across the administration ‘to help ensure accountability and responsible AI use’. Focus is on: Governance, Data, Performance and Monitoring.

CYBERSECURITY: Implementation of Executive Order Requirements Is Essential to Address Key Actions 2024
GAO continues to review and report status of information security - the high-risk area for more than 25 years already. Special focus is on federal cybersecurity challenges.

Artificial Intelligence: Generative AI Technologies and Their Commercial Applications 2024
The GAO’s Q&A Report to Congressional Requesters provides readers with a helpful “overview of how generative AI works, how it differs from other kinds of AI” – adding examples of its use across various industries.