EUROSAI. Magazine N26 - 2021

EUROSAI 52 EUROSAI Working Groups and Task Forces Rapid developments around us are pushing public entities out of their comfort-zone and having an impact on their operations – the pandemic has shown the vulnerability of healthcare systems while “hybrid conflicts” and ransomware attacks have demonstrated the fragility of defense systems and traditional approaches to cyber-security. Supreme audit institutions, being in the middle of these crises, are looking for ways to react proportionally and to use their mandate to mitigate the impact. Experience sharing among SAIs is gaining more and more importance, because in these turbulent circumstances there is no time for “reinventing the wheel”. The EUROSAI IT Working Group is focusing its efforts on enhancing cooperation and experiencesharing between the members. The ITWG held its 14th meeting on November 9-10 in a hybrid format, hosting participants both online as well as in person in Tallinn. The first day focused on SAIs’ role in mitigating cyber threats at strategic and operational levels. As the event was open to all INTOSAI members, over 200 participants representing close to 70 SAIs attended. Although a SAI is not an emergency response team reacting to a cyber incident, our role can be to make sure there is a strategic framework created, responsibilities appropriately divided, and all relevant risks considered in a society. A number of SAIs have audited the implementation of their state’s cyber security strategy – the results of German and Slovenian audits were presented during the meeting. The involvement of SAIs has resulted in betterstructured, clearer and more precisely targeted strategies. Experts also agreed that a SAI has an important role in looking at the resilience of IT in critical infrastructure – in this area, participants could learn from Swiss and Slovenian SAIs’ respective experiences presented at the meeting. For the SAI community, there is still a big leap to take. Only a quarter of SAIs has performed topical audits thus far, based on a small survey conducted during the meeting. At the same time, half of the audience represented audit offices that have no capacity or mandate to audit cyber critical infrastructure. This gap between the needs and possibilities shows the importance of international cooperation and events like the one held by the ITWG. EUROSAI ITWG Secretariat National Audit Office of Estonia Chair of the EUROSAI Working Group on Information Technologies (ITWG) ESTABLISHED PROJECTS AND NEW DEVELOPMENTS IN EUROSAI ITWG: AN OVERVIEW OF THE 14th MEETING