This preview shows page 1. Sign up to view the full content.
Unformatted text preview: Was the system planned and developed in a
systematic manner taking into account the
business and security requirements of the user
departments and the ease of use by the citizens? IT Audit Manual Volume III 98 IT Audit Manual
OPERATIONAL ISSUES KD reference • Have the requirements of all the departments
concerned been considered?
• Is there a formal and proper process in place for
procuring/developing technical solutions?
• Are standard products and solutions used where
• Is there a middleware in place to connect the
front end with the back end systems (possibly
legacy systems) in various departments?
• Has there been adequate capacity planning for
• Is the application software compatible with the
back end applications in the departments? • Is the system scaleable to include the provision
of new services? • Is there adequate bandwidth to provide speedy
services? • What is the periodicity of information updation? SECURITY ISSUES
• Is a risk management methodology followed for
identifying and addressing risks? • Is security considered at various stages of system
design, development and implementation? • Are there adequate physical and logical access
controls? • How secure is the network? • Are there firewalls and intrusion detection
systems in place? • What is the mechanism for identification and
authentication of citizens? IT Audit Manual Volume III 99 IT Audit Manual
• KD reference Can the public view the data/update the data
dynamically/transact on-line? BUSINESS CONTINUITY PLAN
• Is there an approved, documented and tested
business continuity/disaster recovery plan? • What is the timeframe for turnaround after a
disaster? • What is the security mechanism at the alternate
site? HUMAN RESOURCES
• Was the staffing requirement evaluated and
provided for? • Were the key e-government positions identified,
defined and filled? • Do the personnel know their responsibilities and
are they competent to discharge them? • Was there an analysis of the skills requirement of
the personnel and was training prov...
View Full Document
- One '10