Georgia -IT Audit Introduction and development Programme, 2014-2017

This concept note seeks to increase the IT audit capacity of SAI Georgia, to ensure that the SAI’s audit capacity meets the requirement to respond to the fast paced transition to e-governance. Planned activities include: • Acquisition of IT equipment – software and hardware • Establishment of pilot team with 10 IT specialists, regularly trained by experienced IT audit trainers through workshops and courses • ISACA certification of the IT auditors • Pilot audits • Development of an IT audit manual based on ISSAI standards • Elaboration of professional development training program (including training course and recruitment) • Awareness raising conference for government agencies and non-governmental organizations. SAI Capacity Development Fund (SAI CDF) and The Norwegian Ministry of Foreign Affairs funded the proposal.  The Norwegian Ministry of Foreign Affairs helped with the implementation of an Audit Management Software. Overall amount of the financial assistance from the Ministry is 280,000 USD.  The SAI CDF grant amount is USD 500,000. The Project includes three components: • Component 1:Development of IT audit Information System at SAO; • Component 2: Capacity Development of SAO IT Audit Staff; • Component 3: Project Management. Component 1: Development of IT audit Information System at SAO. 1.1. Acquisition of Information System Equipment (7 Laptop Computers, Server Hardware, Server Software, License Fees, Peripheral Devices) – based on the National Shopping procedure, SAOG acquired 7 mobile workstations, Server Infrastructure (blade servers, data storage, UPSs, network switches, LTO 6 tape drive and tapes, MS SQL 2014 licenses and Backup software), printer and projector for the IT audit unit. The hardware and software were installed on SAOG infrastructure in July, 2016. 1.2. Acquisition of Specialized Audit Software (Data Analysis Software + License Fee) – SAOG acquired data analysis software – Caseware IDEA which is one of the widely recognized software solutions for Supreme Audit Institutions. Hereby, SAOG acquired consultant’s services to train 8 auditors. The contract was signed in July, 2015. 1.3 Acquisition of Specialized Audit Software (Network Security Vulnerability Assessment Software) – SAOG has identified the needs for Network Security Evaluation Software and conducted market research according to the forehead mentioned criteria. Acquisition of the software is planned in 2017. 1.4 Acquisition of Generalized Audit Software (Audit Management Software (AMS) user licenses for 200 auditors; Training courses for System Administrator and system users, installation and configuration procedures) – The proposed activity is finance by the Royal Norwegian Ministry of Foreign Affairs. The procurement method for the AMS and related services was International Competitive Bidding (ICB) (please, refer to the following link: http://www.dgmarket.com/tenders/np-notice.do?noticeId=12632401 ). Based on the tender results, SAOG acquired MKinsight Audit Management Software by Morgan Kai Limited. The Contract was signed on 30th of November, 2015. After initial configuration of the MKinsight, the system was installed on SAOG server infrastructure at the end of February. Afterwards, in April, the vendor conducted onsite training session for the 12 representatives of the SAOG. The training covered System Administration Course, System User Course and Training of Trainer Course. In June, the SAOG received translation of the Audit Management Software – the system is now fully translated in Georgian Language. Based on an extensive technical and functional testing, SAOG conducted operational acceptance procedure in September, 2016. Currently, SAOG working Group on AMS is refining existing configuration of the system and is elaborating Audit Program Templates, Checklists and Questionnaires. SAOG plans to fully deploy AMS in live environment in January, 2017. Financial, Performance, Compliance and IT Audits will be done in the system. Component 2: Capacity Development of SAO IT Audit Staff 2.1.1. Capacity building of SAO IT Audit Staff – Provided by SAI India (Training Courses, Assistance in conducting pilot IT Audits, Quality Assurance Support of the selected audit engagements, Elaboration of IT audit manual, Elaboration of IT audit Quality Control and Assurance procedures, Elaboration of training program/policy) – SAOG started negotiations with SAI India in May, 2015. SAI India has agreed to provide SAOG with the forehead mentioned consultant’s services. The details of the cooperation between SAIs were discussed during 25th meeting of INTOSAI IT Audit Working Group in Brasilia, Brazil. The SAI India agreed to allocate experts to the SAOG Capacity Building Project. Based on the results of the face-to-face negotiations, the SAOG updated the draft of the ToR, which includes scope of works, framework of the training courses, project outline, and etc. Based on the agreement, SAI India will provide SAOG with the following assistance: • 2 Training Courses in Information Technology Audit; • Assistance in conducting 2 pilot Information Technology Audits; • Quality Assurance Support of selected 1 audit engagement; • Elaboration of IT audit manual; • Elaboration of IT audit Quality Control and Assurance procedures; • Elaboration of training program/policy. The Agreement between SAOG and SAI India will be signed in December, 2016. The activities start in January, 2017. 2.1.2. Capacity building of SAO IT Audit Staff – Provided by US GAO (1 Training Course in Information Security Audit, Assistance in conducting 1 pilot Information Security Audit and 1 Quality Assurance Support of the selected audit engagement) – the SAOG started negotiations with the GAO in the middle of 2015. Based on the negotiations, the US GAO’s Center for Audit Excellence has agreed to provide SAOG with the Consultant’s services. The Project team developed the Terms of Reference, Request for Proposal, draft of Agreement which were cleared by the World Bank. Forehead mentioned agreement was signed by SAOG and US GAO’s Center for Audit Excellence in September, 2016. The activities start in January, 2017. 2.2 Training SAO IT auditors at iCISA program – SAOG has already sent two auditors to the iCISA program in Noida, India. 2.3 ISACA certification of SAO IT auditors – SAOG aims to send its IT Auditors to become Certified Information Systems Auditors (CISA). Currently, IT audit pilot team is gaining experience and knowledge in IT audit field, in order to prepare for the certification. 2.4. International conferences/workshops/seminars Component 3: Project Management 3.2 Finance Management Consultant – Selection of the part-time Finance Management Consultant represents effectiveness condition for the WB grant. SAOG selected part-time FM Consultant and the contract was signed on 16th of March, 2015. FM consultant developed Financial Management manual that was found acceptable for the Bank and approved by the Auditor General. 3.3 Procurement Consultant – Part-time Procurement Consultant was contracted on 16th of March, 2015. 3.4 Organizational activities – related to the implementation of the project represents contribution of the SAOG in the grant project. This component includes management of the international workshops, meetings and awareness raising campaigns.