IT Audit - The Institute Of Internal Auditors  


Reference Library: Government

Technology information and resources published in government Web sites, including guidelines, checklists, audit programs, case studies, and research results.

Alaska Division of Legislative Audit (U.S.)
The Division of Legislative Audit provides a summary and the full text of its audit reports.
Association for Federal Information Resources Management (AFFIRM)
AFFIRM is a U.S.-based organization that provides education for professionals who manage information and related systems and resources within the U.S. government.
Audit Office of New South Wales (Australia)
The Audit Office Web site includes reports, guides, publications, and audits in progress.
Auditor General for Western Australia
The site explains the role of the Auditor General's office, describes how audits of the Western Australian public sector are carried out, and includes access to reports to Parliament and links to foreign auditors general.
Auditor General of Alberta (Canada)
Included in this site are: annual reports to the Legislative Assembly, information about operations and staff, literature about legislative auditing and accounting, and links to related sites.
Auditor General of British Columbia (Canada)
Subjects covered in the Auditor General's Web site are strategic directions, types of audits performed, methods of audit selection, and performance measurement criteria.
Australian National Audit Office (ANAO)
The ANAO audit standards are one of several documents contained in the Other Publications section of the agency's Web site.
Basel Committee on Banking Supervision
Publications of the Basel Committee cover topics relevant to management, control, security, audit, and legal professions, and are available in English, French, German, and Italian.
British Standards Institute (BSI)
BSI ensures the views of British industry are represented in international standards bodies.
Canada Chief Information Officer (CIO)
Canada's CIO determines and implements a strategy to accomplish the government's IT goals, including serving as technology strategist and expert adviser to Treasury Board Ministers and senior officials.
Canada Office of Critical Infrastructure Protection and Emergency Preparedness
The Office of Critical Infrastructure Protection and Emergency Preparedness reports to the Minister of National Defence, which is responsible for emergency preparedness in Canada.
CanCERT (Canada)
CanCERT is Canada's national Computer Emergency Response Team. CanCERT is committed to client confidentiality and the improvement of IT security.
Council of Europe Convention on Cybercrime
The Convention is an international treaty that addresses crimes committed over the Internet and computer networks such as copyright infringement, fraud, child pornography, and network security violations.
Data Mining: Results and Challenges for Government Program Audits and Investigations
This U.S. Government Accountability Office report details the agency's use of data mining techniques during audits of federal government agencies and provides information on identifying fraud, waste, and abuse. [PDF]
Department of Fisheries and Oceans of Canada Audit and Evaluation Directorate
The Department of Fisheries and Oceans of Canada Review Policy, Service Standards for review services, and Review Reports are made available online, together with links to other audit sites.
Emergency Management Guide For Business & Industry
The Emergency Management Guide for Business & Industry, produced by the U.S. Federal Emergency Management Agency, offers recommended approaches.
Employee Privacy: Computer-use Monitoring Practices and Policies of Selected Companies
A 2002 U.S. Government Accountability Office report provides information about computer-use monitoring practices at 14 Fortune 1000 companies. [PDF]
EU Dependability Development Support Initiative (DDSI)
This site provides information about DDSI, an 18-month European Union (EU) project that developed critical infrastructure protection assessment plans for EU member nations and others.
Federal Association of Security Officials (Canada)
The Federal Association of Security Officials works with government security organizations and the security industry to organize training and obtain briefings in new developments and new technologies.
Fiscal Year 2001 Report to Congress on Federal Government Information Security Reform
The Fiscal Year 2001 Report summarizes the results of security evaluations reported to the U.S. Office of Management and Budget, including common weaknesses, challenges, and frequent questions. [PDF].
Georgia Department of Audits and Accounts (U.S.)
The Office of the State Auditor's divisions performing functions including financial and performance audits for 44 departments, agencies or commissions, 34 colleges and universities, and 183 boards of education.
German Government
This Web site offers links to information concerning federal ministries, offices, research establishments, and political archives, in German, French, Spanish, and English.
Gilmore Commission (U.S.)
The Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction reports annually to the U.S. Congress about the federal government's ability to respond to terrorist incidents.
Identity Theft — U.S. GAO Report to Congress March 2002
Identity Theft — Prevalence and Cost Seem to be Growing, provides statistics on the incidence and societal costs of identity theft. [PDF]
Information and Privacy Commissioner of Ontario (Canada)
This agency provides an independent review of Ontario's government decisions and practices concerning access and privacy, investigates complaints, researches access and privacy issues, and educates the public.
InfraGard is an information and analysis cooperative between the U.S. federal government, businesses, academic institutions, law enforcement, and others dedicated to increasing the security of critical infrastructures.
Intergovernmental Audit Forums
Intergovernmental Audit Forums is a U.S.-based association of audit executives from federal, state, and local governments that works to improve coordination and cooperation in intergovernmental auditing.
Mega Australian Government Bodies
A directory of the largest Australian government agencies: Administrative Services; Communications and the Arts; Defence, Environment, Sport & Territories; Inter-ACT; Australian Space Research Institute; and Telstra/Telcom Australia.
Modern Comptrollership (Canada)
This site operated by the Comptrollership Modernization Directorate provides access to comptrollership information, a chronology of modernization events, documents, articles, speeches, news releases, and presentations.
National Council for Public-Private Partnerships (U.S.)
Public and private sector members exchange ideas and innovations promoting partnership practices, benefits and values, for the public good.
Privacy Commissioner of Canada
The Privacy Commissioner of Canada advocates the privacy rights of Canadians with the power to investigate complaints and conduct audits under two federal laws.
Provincial Auditor - Saskatchewan (Canada)
This Web site provides access to the Provincial Auditor's reports, services and information about the organization and operation of the Office of the Provincial Auditor Saskatchewan.
Queensland Audit Office (QAO) (Australia)
QAO's Web site provides access to reports to Parliament, special reports, annual reports, and other reports, including the QAO Audit Standards.
Republic of Turkey Undersecretariat of Treasury
Information about accounting and audit requirements for conducting business in Turkey, details on investing and banking regulations, statistics, and links to ministries and state institutions.
Review of U.S. FBI Security Programs
A U.S. Department of Justice review was presented in March 2002 in response to the treason of FBI Supervisory Special Agent Robert Hanssen.
South Africa Office of the Auditor-General
The Office of the Auditor-General performs independent computer, forensic, performance, and regularity audits and examinations.
State of Florida Information Resource Security Policy (U.S.)
In response to the increasing dependence of state agencies on information systems, this policy addresses the use of risk analysis to determine threats and controls to offset threats and protect state resources.
Strategic Information Technology Plan (SITP) for the Commonwealth of Kentucky (U.S.)
This plan provides a framework and strategies for the use and management of IT within the Commonwealth government, and for an enterprisewide approach to IT management.
Support for Improvement in Governance and Management (Sigma)
Sigma is a joint initiative of the Organisation for Economic Co-operation and Development and the European Union that assists nations in modernizing public governance systems and provides reports on current governance reform projects.
Tennessee Information Technology Policies (U.S.)
Policies to protect the state of Tennessee's information resource investment address data security, data resource management, open access to electronic information, systems dial-up access security, and other issues.
Thomas - U.S. Legislative Information on the Internet
The Thomas system makes U.S. federal legislative information freely available to the public. Databases include the floor activities of the House and Senate, bill summary and status, committee reports, and historical documents.
U.K. National Audit Office
The U.K. National Audit Office scrutinizes public spending on behalf of Parliament and is completely independent of government. The Comptroller and Auditor General certifies the accounts of all government departments.
U.S. Advanced Research Projects Agency
The U.S. Defense Department Advanced Research Projects Agency's Technology Transition study chronicles the process by which technologies and concepts have transitioned into military capabilities for U.S. forces.
U.S. Central Intelligence Agency (CIA)
The CIA's mission is to provide accurate, comprehensive, and timely foreign intelligence on national security topics, and conducting counterintelligence activities and other functions, as directed by the President.
U.S. Chief Information Officers (CIO) Council
The CIO Council's role includes developing recommendations for information technology management policies, procedures, and standards; identifying opportunities to share information resources; and assessing and addressing the needs of the U.S. federal government's IT workforce.
U.S. Congress
The Congressional Research Service is an analytical, research, and reference source for the Senate and the House of Representatives.
U.S. Defense Contract Audit Agency (DCAA)
DCAA performs contract audits for the Department of Defense (DoD) and provides advisory services and subcontracts to all DoD components responsible for procurement and contract administration.
U.S. Department of Commerce
The Department of Commerce expands U.S. exports, develops innovative technologies, gathers and disseminates statistical data, measures economic growth, grants patents, and promotes minority entrepreneurship.
U.S. Department of Defense - DefenseLINK
The official Web site for the Department of Defense is the starting point for finding U.S. military information online.
U.S. Department of Energy Office of Scientific and Technical Information (OSTI)
OSTI leads a team that establishes agreed-upon goals and objectives for the Department of Energy's scientific and technical informaiton and provides a framework for collaboration.
U.S. Department of Homeland Security
The Department of Homeland Security works to ensure the adequacy of the national strategy for detecting, preparing for, preventing, protecting against, responding to, and recovering from terrorist threats or attacks.
U.S. EGov
Electronic government offers citizens and businesses easily accessible, electronic government services and information.
U.S. E-Government Act of 2002
U.S. Federal E-Government Act of 2002 establishes e-government initiatives, including a chief information officer council and annual reporting to Congress. The Act also sets out information security requirements and responsibilities under the Federal Information Security Act.
U.S. Federal Emergency Management Agency (FEMA)
The mission of FEMA is to reduce loss of life and property and protect the U.S. critical infrastructure from all types of hazards through a risk-based emergency management program.
U.S. Federal Financial Institutions Examination Council
The Council is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions.
U.S. Federal Government Agencies Directory
Louisiana State University's list of all federal agency Web sites is subdivided into sixcategories: Executive; Judicial; Legislative; Independent; Quasi-Official; and Boards, Commissions, and Committees.
U.S. Federal Information Processing Standards Publications (FIPS Pubs)
The National Institute of Standards and Technology supports the development of voluntary industry standards to reduce costs and further reliance upon the private sector to supply goods and services to the government.
U.S. Federal Inspector General Community
Inspector generals conduct audits and investigations, evaluate legislation's impact on economy and efficiency, prevent fraud and abuse, and keep the head of the agency and Congress informed concerning problems.
U.S. FedWorld Information Network
FedWorld was established by the U.S. National Technical Information Service to serve as the online locator service for a comprehensive inventory of information.
U.S. FFIEC Information Security Booklet
This Federal Financial Institutions Examination Council (FFIEC) booklet provides information security guidance for auditors and financial institutions.
U.S. GAO Electronic Government Report
This report provides the results of a U.S. Government Accountability Office study of the program plans for OMB's e-government initiatives.
U.S. GAO Executive Guide Information Security Management
A U.S. Government Accountability Office (GAO) study of security management practices, endorsed by the CIO Council as best practices. [PDF]
U.S. GAO/NSAA Management Planning Guide for Information Systems Security Auditing
This document from the U.S. Government Accountability Office (GAO) and National State Auditors Association (NSAA) outlines procedures for information systems security audits in federal, state, and local government agencies. [PDF]
U.S. Government Accountability Office (GAO)
The Government Accountability Office (GAO) is the investigative arm of the U.S. Congress, charged with examining matters relating to the receipt and disbursement of public funds.
U.S. Government Auditing Standards
This site presents the current Government Auditing Standards (Yellow Book), exposure drafts currently out for comment, and related information, and provides an electronic codification of Government Auditing Standards.
U.S. Homeland Security Act of 2002
The U.S. Homeland Security Act of 2002 established the U.S. Department of Homeland Security. [PDF]
U.S. Information Assurance Technology Analysis Center (IATAC)
IATAC, a U.S. Department of Defense Information Analysis Center, is a central source for information and methodologies relating to the continuity of operation of information systems critical to the nation's defense.
U.S. IT Policy
The U.S. General Services Administration promotes the strategic management and effective use of federal government information technology through governmentwide programs and functions.
U.S. Library of Congress
Library of Congress databases include the floor activities of the U.S. House and Senate, bill summaries and status, committee reports, and historical documents.
U.S. National Association of State Auditors, Comptrollers and Treasurers (NASACT)
NASACT's membership is comprised of officials who have been elected or appointed to the office of state auditor, state comptroller, or state treasurer in the 50 states, the District of Columbia, and U.S. territories.
U.S. National Energy Research Scientific Computing Center (NERSC)
NERSC's mission is to accelerate the pace of scientific discovery in the U.S. Department of Energy's Energy Research community by providing high-performance computing, information, and communications services.
U.S. National Information Infrastructure Protection Act Of 1996
The Department of Justice examines computer crime, enforcement techniques and new laws, and new abuses that spring from the misuse of new technologies.
U.S. National Institute of Standards and Technology (NIST)
NIST's major programs to help companies overcome obstacles to competitiveness are Measurement and Standards Laboratories, Advanced Technology Program, Manufacturing Extension Partnership, and Quality Outreach.
U.S. National Research Council
The National Research Council is organized by the National Academy of Sciences to associate the science and technology community with the Academy's purposes of furthering knowledge and advising the federal government.
U.S. National Security Agency
The NSA is responsible for highly specialized technical functions in support of government activities to protect communications and produce foreign intelligence information.
U.S. National Strategy to Secure Cyberspace
The homeland security strategy provides a framework and guidance for national cyberspace security response, threat-reduction, and security awareness programs; government security initiatives; and international cooperation. [PDF]
U.S. National Technical Information Service
The National Technical Information Service is the official source for government-sponsored scientific, technical, engineering, and business-related information.
U.S. National Telecommunications and Information Administration (NTIA)
The NTIA is the U.S. federal government executive branch's principal voice on domestic and international telecommunications and information technology issues.
U.S. National White Collar Crime Center (NW3C)
NW3C provides support services for enforcement agencies involved in the prevention, investigation, and prosecution of economic and high-tech crime.
U.S. NIST Computer Security Resource Center (CSRC)
The National Institute for Standards and Technology's (NIST's) CSRC collects and disseminates computer security information and resources to help users, systems administrators, managers, and security professionals better protect their data and systems.
U.S. Office of Management and Budget (OMB)
The OMB assists the President in the preparation of the Federal budget; evaluates the effectiveness of programs, policies, and procedures; assesses funding demands among agencies; and sets funding priorities.
U.S. Office of Technology Assessment (OTA) Publication Archive
Until its closing in 1995, OTA provided Congress with objective and authoritative analysis of scientific and technical issues. This site makes available in electronic form the complete collection of OTA publications.
U.S. Office of the Comptroller of the Currency (OCC)
The OCC charters, regulates, and supervises national banks to ensure a safe, sound, and competitive banking system that supports the citizens, communities, and economy of the United States.
U.S. Partnership for Critical Infrastructure Security (PCIS)
PCIS is a collaboration of companies, associations, and government agencies that promotes the protection and assurance of communications and information services, energy, financial services, transportation, and vital human services such as health, safety, and water.
U.S. Sarbanes-Oxley Act of 2002
Sarbanes-Oxley protects U.S. investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws and for other purposes.
U.S. Securities and Exchange Commission (SEC)
The SEC administers federal securities laws to protect investors in securities markets that operate fairly and to ensure that investors have access to disclosure of all material information concerning publicly traded securities.
U.S. Treasury Department
Functions of the Treasury include managing federal finances, collecting taxes, paying bills, producing postage, currency, and coinage, and managing government accounts and the public debt.
This joint venture between the U.S. Department of Homeland Security and Carnegie Mellon University monitors and provides warnings about information security threats and coordinates responses to them.
UK Audit Commission
This independent watchdog works to ensure the appropriate stewardship of public finances; the Web site includes news, reports, publications, assessments, judgments, and interactive tools.
UK National Audit Office
Annual reports for government departments and other public-sector bodies can be viewed online, as can State Audit in the European Union, Accounts Audited by the Comptroller and Auditor General, and Resource Accounts: Preparing for Audit.
UK National Infrastructure Security Co-ordination Centre (NISCC)
NISCC is an interdepartmental organization that coordinates and develops critical national infrastructure protection against electronic attacks among UK government agencies and departments and private sector organizations.
Victorian Auditor General's Office (Australia)
The Auditor General's office provides annual reports and other information documents.