ROYAL AUDIT AUTHORITY,

SAI of BHUTAN
19th Working Group on IT Audit
Presentation on ICT & IT Auditing
in Bhutan
1
OVERVIEW OF THE PRESENTATION
I CT Policies & Regulatory Frameworks;
Royal Governments initiatives in the development
of I CT;
Auditing Frameworks;
I T Auditing in Bhutan;
CurrentAchievements in I T Audit; and
Way Forward.
2
Bhutans Development Philosophy
Gross National Happiness as the middle path for development
4 Pillars
of
GNH
Promotion of
equitable and
sustainable
socio-economic
development
Conservation
of the
Natural
Environment
Preservation
and
promotion of
cultural
values
Establishment
of good
governance
ICT is used as an
enabler as well as a
tool to enhance the
elements of good
governance
ICT is also used in
preserving and
promoting cultural
heritage
3
4
ICT POLICIES & REGULATORY FRAMEWORKS
Constitution of the Kingdom of Bhutan

There shall be freedom of press, radio and television and other forms
of dissemination of information including electronic.

A Bhutanese citizen shall have the right to information.

5
ICT POLICIES & REGULATORY FRAMEWORKS
Bhutan Information,
Communication & Media Act,
2006;
Telecommunication Act;
Bhutan ICT Policy & Strategies
(BIPS);
Information Sharing Policy;
Information & media Policy;
Information Management Security
Policy;


ROYAL GOVERNMENTS
INITIATIVES

Policy measures
Infrastructure development
E-governance
Content & application development



6
7
AUDITING FRAMEWORKS
There shall be a Royal
Audit Authority to audit
and report on the
Economy, Efficiency
and Effectiveness in the
use of Public
Resources
Article 25.1, Constitution of
the Kingdom of Bhutan &
Article 3, of the Audit Act of
Bhutan 2006

Our Vision
A premier audit institution that
promotes value for money in
government operations and contribute
towards good governance
Our Mission
To audit without fear or favor or
prejudice and effective use of public
resources and report to the
Parliament and stakeholders for
enhancing transparency and
accountability in the government
8
IT Auditing in Bhutan
Article 38 (a), Audit Act
The RAA shall carry out financial,
propriety, compliance, special audits and
any other form of audits that the Auditor
General may consider significant and
necessary.
IT related
audits are
conducted
by
IT Audit Section
under Thematic
Audit Division
(established in
July 2007)
9
Audit on
Budget &
Accounting
System
Audit on
Dzongkhag Local
Area Network
Internet
Connection
Project

Audit on
Electricity Billing
& Collection
System

OUR ACHIEVEMENTS IN IT AUDIT
Audit on IDRC
Project "improving
rural livelihoods in
Bhutan through
addressing identified
information needs"

Audit on
Information
Security
10
OUR RECENT ACHIEVEMENTS IN IT AUDIT
Audit was conducted
among others to:
To ascertain whether the
rural communities were
benefited from the access to
the Information Centres;

To assess the content &
application system and
ascertain whether it is able
to meet communities
identified information
needs;

To assess the completeness,
adequacy and timeliness of
the information provided by
the Information Centres;

Our Significant impacts :

Extensive deliberation in the
Parliament;

Extensive media coverage;

Proper study and planning
were carried out;

Trained the beneficiaries in the
use of the centers;

Developed comprehensive plan
to revitalize the established
Information Centers and to
address the issues of
sustainability.




Audit on IDRC Project
"improving rural
livelihoods in Bhutan
through addressing
identified information
needs"

11
OUR RECENT ACHIEVEMENTS IN IT AUDIT
Audit was conducted
among others to:
To determine whether the
IT-related internal control
environment, including
documented policies and
procedures, provide
reasonable assurance of
safeguarding the
information and IT assets;

To assess whether the
auditee agencies exercise
due care and diligence in
the protection of
information and IT assets
from unauthorized access,
disclosure, destruction,
modification, disruption
and other applicable risks

Our Significant impacts :

Deliberated extensively in the
Parliament;

Extensive media coverage;

Endorsed Information Security &
Management Policy;

Created awareness amongst the
top management in terms of the
prevailing security situations.



Audit on
Information
Security
12
WAY FORWARD
Elevating the present IT Audit Section to full
fledge Division;
Enhance IT Audit Functions in the RAA by
strengthening the staff of IT Audit Section;
Build the professional capabilities of the IT
Auditors by infusing relevant skills;
Keep abreast with the advancement in
technologies;
Enhance the use of Audit Tools like IDEA




13
WAY FORWARD
Automate the audit process (introduction of ERP
System);
Establish professional institutional relationship
with IT related agencies like Ministry of
Information & Communication and other
organizations;
Establish systemic follow-up in IT audits and
impact assessment;
Extend relationship with other SAIs for sharing
best practices and expertise in IT Auditing.



TASHI DELEG
& THANK YOU
14
POLICY MEASURES
Exemption of import duties on ICT
equipments;
Declared tax holidays for ICT firms from 3
to 5 years;
To provide 75 percent of services online by
2010;
The vision concept of Bhutanese
Information Society


15
16
INFRASTRUCTURE DEVELOPMENT
Establishment of Community Information
Centers;
Established Local Area Network in all 20
districts;
Installed Thimphu Wide Area Network;
Provided computers and Internet connection in
schools;
Commitment to One Laptop per Child (OLPC)
Project;
Video Conferencing ( On-going);
National broadband Network Plan (On-going)

E-GOVERNANCE INITIATIVES
Developed E-Platform to deliver services online (e.g.
Audit Clearances);
Developed online Asset Declaration;
Online agriculture Marketing information to
provide prompt and reliable market information on
agriculture produce (ongoing);
Government Portal (single window/ e-office) for
government offices to share information (ongoing);
Online Digital library (ongoing);
Started telemedicine;





17
18

CONTENT & APPLICATION
DEVELOPMENT
Developed Bhutan Civil Registration System
to facilitate Citizenship ID Cards;
Developed passport system with machine
readable passports;
Developed DZONGKHA LINUX- an
operating system with Dzongkha Desktop;
Hospital Information System (Ongoing);
Common Integrated Police Application
(Ongoing)