Slovenia Lead Paper INTOSAI Working Group （斯洛文尼亚铅纸INTOSAI工作组）.pdfVIP

2004 4th Working seminar on Performance auditing Lead paper On Risk assessment of e-service projects Marjan Podgoršek, CISA The Court of Audit of Republic of Slovenia Risk assessment of e-service projects Content 1 Introduction 3 2 Risk Management approach - framework4 2.1 Recommended time frames for performance of the steps in risk management framework5 2.2 Inherent risks 5 2.3 Risk Categories Assessed 6 2.4 Methods for testing control objectives 6 3 Control Objectives 7 4 Output of the Risk Assessments /Action plans 12 Page 2 Risk assessment of e-service projects 1 Introduction In previous years we have seen fast development of internet related services. From the point of the SAI’s process become especially important with the appearance of different kind of e-Government solutions. Such solutions are usually built through projects that in many cases last for years and are joint efforts of numerous institutions and external vendors. The implementation itself usually also involves significant changes in technology, processes and the role that people play. In the end of the day established e-government service has important consequence on life of many if not all citizens. As such this projects present risk which should be tackled through audit process of SAI’s, primarily to achieve early detection of risks and successfully communicate and mitigate them. Beside financial indicators which are usually audited through classical financial audit approach there are also performance dimensions of projects/implementations and connected risks of e-governance solution project which should be assessed in planning, implementation and post implementation phases of the project. The prese