SUMMARY:

The National Internal Audit (AIN) launched in May 2023 the Government Internal Audit Information System (SIAIGU), a project that allows monitoring of internal control and audits of public bodies in one place.
 

INFORMATION:

The computer platform, whose security has been carefully designed, receives data from Subsections and Executing Units of the Central Administration, from all Autonomous Entities and Decentralized Services and from all non-State Public Persons.

The AIN has raised the following unknowns:

-whether the organizations are managed in an effective, efficient, ethical, transparent, responsible manner and for the benefit of the public interest.
-if they have adequate internal control that allows them to identify the effectiveness and efficiency of the internal systems and processes used to manage risks, safeguard public funds and assets, guarantee the integrity of information for decision-making, and comply with the applicable rules and regulations.
-The level of maturity of its Internal Audit units and if they work based on the Government Internal Audit Standards.
-If the vulnerabilities identified in the audit processes are remedied in a timely and effective manner.

The solution

The analysis so far was quite handmade. The organizations sent their reports in Excel files and many others sent physical folders to the AIN headquarters. All this generated significant risks, such as loss, manipulation and errors in the transmission of data, added to the inability to exploit this data for decision making.

The main objective of the project was to overcome these limitations and establish a centralized and secure system for the exchange and analysis of information.

The solution adopted by the National Internal Audit was based on the implementation of the STATUM platform. This technology has made it possible to simplify the collection and exploitation of information from different entities and ministries, which significantly improves management processes.

"At the security level, the change is radical. Before, the information came in a simple email, on a flash drive without any security," said Rafael Brocos, Deputy Coordinator of the AIN's Public Sector Division and one of the project managers. Now each user enters the tool with a Digital ID, which provides advanced security. This establishes a series of essential security layers to manage sensitive State information.

System design and training development

In mid-2022, the AIN began to explore how to incorporate technology capable of improving all of this work. In August, the first meetings with STATUM began.

There, the specifications that the AIN needed were agreed upon. The team was successfully coordinated and led by María Eugenia Cremona, a member of the AIN technical team.

"We complied with the basic steps for software development: identification of requirements, regular meetings to get it down to earth and then we started with the prototypes, which allowed us to move faster," Cremona said.

In addition, a training strategy was established for 150 officials from all over the State with the objective of familiarizing them with the tool and making the most of said tool. Each public agency involved two auditors for these trainings. Training sessions were organized and videos and instructions were made available on a website.

One factor that favored the implementation was that the Audit Office was already familiar with STATUM technology, since it had used the ApiaDocumentum electronic filing system since the beginning of the last decade. "There was already knowledge of Apia. We have been managing it for more than 10 years. So it was necessary to incorporate a solution that was familiar to us", commented Brocos. "We were among the first to incorporate it," said Tamar Frenquel, AIN Public Sector coordinator, who also participated in the work.

What does the AIN look for with SIAIGU?

The AIN seeks with the SIAIGU that all state offices contribute information to this tool. With these data, the AIN will be able to a) promote actions to improve State management; b) Alert against eventual risks that the organizations may be assuming, so that they adopt opportune actions; c) establish a cycle of continuous improvement for the internal audit function in the State.

Something important is that the tool allows the AIN to understand the level of maturity of the Internal Audit units and if they work based on government internal audit standards. And, of course, if the vulnerabilities that are identified in the audit processes are fixed in an effective and timely manner.

With this information, the AIN intends to provide quality information to the Ministry of Economy and Finance, the Planning and Budget Office and the Agency for Monitoring and Evaluation of Public Policies that is useful for decision-making.

Results and benefits

"I am pleasantly surprised that the planned schedule has been met in reasonable terms. There was a serious commitment from all the actors involved to carry this out, with an invaluable contribution from our technical representative Eugenia Cremona," Frenquel added about the start-up. system production.

Brocos highlighted three great benefits of this tool. The first is that it grants information security since from now on an equal tool is used for everyone, which has high computer security standards.

The second benefit is the possibility of exploiting the information. This means that it helps to quickly analyze each report from each of the agencies.

The third benefit is that the technology works for organizations large and small. "We had a vision that it wouldn't be a platform that would only help us," Brocos said.
The solution is also useful for audit units of public bodies that are very small and do not have the budget to purchase such technology. It is that of 100% of the Audit Units, only 5% had such a solution. "In the trainings it was something that stood out," said Brocos.

For his part, Frenkel appreciated the speed in the analysis of the reports. "When vulnerabilities arrive, they are detected much faster," she said. "This solution will mark a before and after in the monitoring of how the Organizations are managed".