The Turkish Court of Accounts (TCA), which has been conducting Information Technology (IT) audits for more than 15 years, has recently been given a new assignment—to ensure audit efficiency for e-government projects in the public sector.
This new assignment addresses several issues outlined in the 2016-2019 National e-Government Strategy and Action Plan (Strategy), including a constantly expanding scope of e-Government that parallels developing technology, social demands and trends; steadily rising expectations; continued project growth; and substantially low success rate.
The poor success rate, caused by a number of factors, resulted in a national strategy that addresses the need for efficient and generalized audits.
The TCA now bears responsibility for “ensuring the efficient and generalized audit for e-government projects in the public sector.” Four primary steps comprise this action:
- Create an audit model for e-government projects;
- Prepare an audit guideline concordant with the audit model;
- Test and finalize the model and guideline; and
- Generalize audits in all public agencies and institutions.
Through literature research and best practice examination, the TCA has created a model and guideline and is currently conducting pilot audits.
The model incorporates two primary criteria to define project success: (1) Was the project completed within defined scope, budget and time targets, and (2) Did the project ensure appropriate quality and information security and comply with national policies, organizational strategies and relevant legislation.
Adopting a risk-based audit approach, the model groups controls to be examined and evaluated into five main areas:
- IT Governance/Management;
- Project Management;
- Information Security;
- Outsourcing; and
- Process and Content.
Critical e-government projects will be audited by TCA IT auditors, while the TCA will address generalized audits by implementing training and providing compulsory tool kits.
The guideline will also be adapted for public sector internal audit units, and internal auditor training for IT audits will be organized.