Leveraging Technology for Enhancing Public Audit – Case of SAI Japan

Leveraging Technology for Enhancing Public Audit – Case of SAI Japan


Board of Audit of Japan

Introduction

For decades, the Government of Japan has implemented a series of policies to improve its administrative efficiencies as well as proliferate Information Technology (IT) in Japan with a large amount of IT related budget allocated each fiscal year. Therefore, it has been an important challenge and continues to be so for the Board of Audit (Board) to conduct audits on IT expenditure under audit objectives of economy, efficiency, and effectiveness in line with the development of the use of IT. This article illustrates the current situation of IT environment surrounding the board and our effort for harmonizing auditors’ capacity with the said environment.

1.    Usage of Technology In Public Sectors in Japan

(1) Status of e-Government in Japan
More than half a century has passed since the Government of Japan introduced the very first computer in 1959, and now IT is used in every aspect of social activities.  Based on the “Master Plan for Promoting Government-wide Use of IT” (Cabinet Decision, December 1994, Revised December 1997), the Government of Japan had engaged with preparing infrastructure to promote e-Government, which included providing administrative information by the internet; enabling e-services such as submission of documents through the internet in line with the progress of information and communication society; developing Kasumigaseki-WAN, i.e. communication network among the central and local governments during 1995-2002.

IT Basic Law: Basic Law on the Formation of an Advanced Information and Telecommunications Network Society,” was enacted in December 2000, effective January 2001. “Program for Building e-Government” in 2003, and “Program for Promoting e-Government” in 2006, and other programs were intended to realize e-government and to provide one-stop services for convenience of users as well as to achieve simple and efficient government.

In May 2010, the government further addressed the use of ICT in public service, reformed its works and systems accordingly to “A New Strategy in Information and Communications Technology” and “The New Strategy in Information and Communications Technology Roadmaps”.

In 2013, “Declaration to be the World’s Most Advanced IT Nation” and also “Road Maps to be the World’s Most Advanced IT Nation” were decided. The Declaration stated to promote the use of open data, introduce “My Number system” which provides an identification number to every citizen for the sake of efficient, fair and accurate public service including social security and tax, and reform government information system among other things.

(2) Governance, risk and control framework for e-Government

Three bodies constitute the overall framework of the IT governance of the Government of Japan: the CIO Council (established in 2002) which is composed of Chief Information Officer of every Ministry and Agency of the Government, with Deputy Chief Cabinet Secretary for Information Technology Policy (so called government CIO) as a head, the IT Strategic Headquarter in the Prime Minister’s Office and the Information Security Policy Council.

Since the Government IT investment had been implemented by each government agency, duplication as well as lack of coordination caused inefficiency and lowered the quality of government services.  Therefore, the government established CIO in the Cabinet Office in 2013 to integrate IT policies and exercise leadership to tackle these problems. The Act to amend a part of Cabinet Law was promulgated and enacted in May 2013. This Act stipulates the mandate of Government CIO, which includes: designing cross-government agencies plan; drawing policy of cost estimation; making policy implementation guidelines, evaluating policies, requesting top management of the government agencies to submit necessary information and other cooperative measures.

For the sake of governance and risk management, the following guidelines were brought out;

• Guidelines for Development and Management Standards for Central Government Information Systems (December 3, 2014);
•    Guidelines for Formulating Standard Information Security Measures for Central Government Agency Computer System  ();
•    Guidelines for Central Government Agency Information System Operational Continuity Plan (March, 2012  ver.2 May 2012)

The Guidelines for Development and Management Standards for Central Government Information Systems require each government agency to set up a progress review at each milestone of the project, and to assess risks not only by self-check but also by the third party for the sake of objectivity. The progress review implementation guidelines is currently under discussion by the government.

The Board participates in the Government CIO Coordination Committee which is the decision making body of the framework, as an observer.

(3) The Board’s approach to nurture staff for IT audit

Since 1968, although the Board has been engaged with IT Audit and accumulated the institutional know-how on IT audit, the Board recognizes that more advanced technique have to be provided to auditors and other staff.

As for the IT audit, Technical Counsellor has been seconded to the Board from a government agency as technical expert, and audit divisions involved in the IT related audit employ several IT specialists from private companies as fixed-term officials or Senior Specialists in order to utilize knowledge and experience. The Board also has a contract with an outside specialist to serve as Assistant to Chief Information Officer (CIO).

In addition to the IT training programs for the officials, which have been conducted for years, the Board has also recruited IT specialist with experience.

2.    Audit on e-Government and ICT environment
(1) Usage of IT tools for auditing
The Board utilizes IT for calculation, analysis, sampling and simulation of the various audit related data, thus allowing auditors to identify focusing points and sites to be further investigated. Also, the Board has introduced tools for data collection, analysis and communication at the field audit sites to ensure quick processing of audit related data to conduct field audits efficiently and effectively. In addition, in order to enhance and strengthen the audit work, the Board has developed the Audit Information System with high security level, which is used for verification of the final accounts of the States and management of all kinds of data and materials related to the audit.

The account statements in electric data submitted by auditees are compared automatically with the State’s final accounts submitted by the Cabinet and the statements of the State’s revenues and expenditures submitted by the Bank of Japan, by the system developed by the Board, named “CEFIAN” (Certification of the final account computer system) thus ensuring efficient performance of verification of numerical accuracy of the national final accounts.

(2) IT audit on IT projects and system development

The Board conducts the audit with broad and diverse objectives such as accuracy, regularity, economy, efficiency and effectiveness. And the Board considers specific audit viewpoints such as i) appropriateness of system procurement plan described by auditees, and whether the procurement has been economically implemented according to the schedule determined by the plan, ii) whether systems developed have been used sufficiently, etc. at the stage of implementation of IT audit.

Information and Communication Audit Division  has been established for cross-section auditing of governmental agencies’ IT projects and system development. However Audit on IT projects and system development is not only conducted by this  division,  as each audit division makes an audit plan based on their analysis of expenditures and risks of auditees, and conduct audits on IT related contracts etc.  The Information and Communication Technology Division provides support to the other audit divisions when necessary.

(3) IT audit cases conducted by the Board

Every year, the Board reports on various IT audits conducted by it. Two audit cases are illustrated below:

Case 1:  FY2011 Audit Report, Impropriety
This is a case of establishment of basic management computer system in Japan Patent Agency. Due to inefficient management of the project, the expected purpose was not achieved.
(i) Outline of the case
In October 2004, in order to improve applicant friendliness Japan Patent Agency (hereafter JPA) had decided to update the former systems and develop basic management computer system. JPA contracted with Toshiba Solutions Corporation (hereafter TSOL) for the design and development work, and with Accenture Japan Ltd (hereafter Accenture) for management assisting work, and paid TSOL JPY 2,487,020,238 from 2006 to 2009 and paid Accenture JPY 2,964,073,875 from 2006 to 2011. (grand total JPY 5,451,094,113)

(ii) Audit findings
The Board found the following improprieties.
JPA originally planned that system design and development required 85 months and it would start the operation of the system in January 2014. However, the project was delayed as basic design had not been completed even by January 2012, which meant that the project was more than two years behind the schedule.  TSOL drew common basic system design for commonly used function for the development of the program, however, due to the delay of basic system design, common basic system design has not been realized. Therefore, the system design and development was requiring further more work process. JPA, TSOL and Accenture had not taken effective measures to improve this situation. The Board considered that the chance to overcome the delay of design and development work in the near future was very slim, and it was unable to predict when the project would be completed and start its operation.
The Board concluded that the amount of money paid to TSOL as well as Accenture, JPY 5,451,094,113 in total, was improper.

Case 2: FY2011 Audit Report Presented Opinion to the Cabinet Secretariat and the National Personnel Authority
On the Personnel and Salaries Operations Supporting System the Board presented opinions that the Cabinet Office and the Cabinet Secretariat should continue efforts to improve the system and manage it stably by promoting coordination between the participating government offices and realize the effect of optimization through fully sharing information with the participating government offices and supporting the transition to the new systems.

(i) Outline of the “Personnel and Salaries Operations Supporting System”
The National Personnel Authority (NPA) and Ministry of Internal Affairs and Communications (MIAC) were in charge of system planning, design and development of the “Personnel and Salaries Operation Supporting System” based on an Optimization Plan.  Cabinet Secretariat is responsible for advising government agencies to enhance progress of system design and development according to the optimization plan.  Cabinet Secretariat, together with NPA, joined the secretariat of the “Liaison Council of Government Agencies Personnel and Salaries Operations Supporting System” set up in September 2006.

The start of the operation of “Personnel and Salaries Operations Supporting System” in the participating government agencies, however, was delayed from the original plan, because the optimization plan has been revised four times by January 2012 since the first optimization plan was decided in February 2004.

(ii) Audit findings  
NPA and MIAC had spent JPY 8,927,340,000 for development and operation to optimize “Personnel and Salaries Operations Supporting System” from FY2003 to FY2011. However, it was decided that the “Personnel and Salaries Operations Supporting Systems” should be converted from so called “distributed system”, i.e., each participating government agency was responsible for procurement of devices such as server, maintenance and operation, to “centralized controlling system”, i.e., procurement of devices, maintenance and operation managed solely by NPA.  Therefore, NPA was entrusted with system design and development since 2008.  In the process of transition starting from 2010, when NPA recorded data of participating agencies, huge inconsistency occurred and greatly delayed the transition process. Most of participating government agencies greatly delayed the start of the operation, thereby delaying the realization of optimization effect.

The Board analyzed factors preventing realization of optimization effect and found the following problems:

A)    Design and development process
Because NPA did not confirm properly the amount of data maintained by the participating government agencies, performance requirement for the system was not fully defined. Consequently, actual amount of data maintained by the participating government agencies was not correctly reflected in the design and development of the systems, nor tested sufficiently in the integration tests.

B)    Transition process
Due to the improper communication from NPA to the participating government agencies regarding transition tools and data entry form, the agencies did not understand that they had to assure the quality of data in advance and how to fill the data entry form. Therefore, huge amount of inconsistency of recorded data occurred in the transition process.  Furthermore, from 2010, NPA set up help desk to answer the queries, however, only one thirds of the queries could be answered because most of the inquiries arose from data problems which was beyond their anticipation.

C)    Project management assisting work
Because project management assisting work was concluded within the system design and repair contracting period, only mid-term assessment was reported but complete assessment of the system design and repair work was never done. Therefore, the project management assisting work was not well coordinated with the design and repair work.

D)    Organization by NPA etc.
“Liaison Council of Government Agencies for Personnel and Salaries Operations Supporting System” organized by NPA and Cabinet Secretariat did not work well because transition tools as well as data entry form were not fully explained in the Council, and information on the progress of government agencies and problems they had faced were not shared in the meaningful way.

E)     Calculating cost for transition process in implementing optimization plan
It is important to measure cost for transition process of “Personnel and Salaries Operations Supporting System” to assess optimization effect from the view point of investment effectiveness. Moreover, the cost of transition process of the participating government agencies accounted for JPY 1,808,110,000 in FY2008-2012.  Such huge amount of investment for optimization should have been properly recorded, however, NPA failed to record transition cost in the investment account in the optimization plan.

(iii) Opinion of the Board
The Board presented its opinion to the NPA and Cabinet Secretariat to coordinate further with participating government agencies, optimize “Personnel and Salaries Operations Supporting Systems”, so that effect of optimization would be realized at the earliest.

A)    NPA should work out repair priority with participating government agencies  and continue repair programs; study test process and working period to assure quality of system repair work with due care, and consider carefully the contract period and specification regarding project management assisting work so that its contractor can effectively provide technical assistance.
B)     NPA should share information with participating government agencies concerning “Personnel and Salaries Operations Supporting System” and assist their smooth transition, and study and prepare with due care the expected amount and content of the help desk work.
C)    NPA should grasp details of the transition work of participating government agencies so as to calculate their cost of transition for recording them in investment account of the optimization plan, and study rational calculation method for transition cost.
D)    Cabinet Secretariat should conduct integrated adjustment and coordination including giving advice to NPA when it implements the above mentioned work.

3.    Capacity Building
The Board formulated a Strategy to Nurture and Utilize Human Resources for IT Audit in 2014, which consisted of Analysis of the Status Quo, Needed Human Resources and Capability, Implementation Method, Report and Evaluation. The Strategy included:
IT Assisted Audit Capability: The Board should study and cope with the auditees’ computer system update, and train auditors to utilize Computer Assisted Audit Techniques (CAATs).
IT Procurement Capability: The Board should develop knowledge and skills necessary to further improve efficiency, transparency in IT procurement.
IT Security Capability: The Board should maintain confidentiality, integrity and availability (CIA), in the level sufficient enough as an organization.
IT Planning Ability: The Board should have ability to plan and propose its IT plan, based on the insight with five to ten years mid-term technical trend, social trend, etc.

In order to obtain those abilities, in addition to the IT training programs for the officials which has been conducted for years, the Board recruited IT specialist with experience, carefully plan placing personnel so that IT audit and IT research could be appropriately experienced, provide continual OJT education, send personnel to academic institutions outside of the Board for further IT training even more often and with attentiveness for development effect.
The Board also conducts training and seminars for its staff by bringing specialists from outside.  It also sends its staff to specialized institutions to hone technical skills in IT system architecture.

4.    Conclusion
The Board has conducted audits on government and other entities’ expenses for IT mainly with audit objectives of economy, efficiency and effectiveness in line with the development of the use of IT. The Board is tackling the challenges by improving  audit techniques, nurturing auditors’ knowledge and skills.





Leave a Reply