During the opening of the meeting in Tallinn, Auditor General of Estonia Janar Holm underlined that the number of effective cyber attacks on state resources is increasing. An example of an effective cyber attack in Estonia was the loss of access to electronic identity documents. As a result, half of inhabitants could no longer use state services. Supreme Audit Institutions should indicate risk areas related to cybersecurity of the state administration bodies for the benefit and security of citizens, while taking care of the security of their resources.
The following persons gave their presentations during the meeting:
- Juhan Lepassaar, Executive Director of the European Union Agency for Cybersecurity,talked about strategic outlook and challenges of the European cybersecurity policy,
- Frank Scherwa, SAI of Germany, gave presentation about cybersecurity audits in Germany,
- Boštjan Delak PhD, SAI of Slovenia, discussed audits of efficiency of cybersecurity measures developed by the state and the electricity grid operator,
- Bernhard Hamberger, SAI of Switzerland, talked about audits of cyber resilience of the Swiss critical infrastructure.
During the meetings, results of selected audits carried out by Supreme Audit Institutions in 2014-2020 were presented. The audits dealt with significant aspects of cybersecurity, such as: data protection, integrity of national data processing centres, implementation of national cybersecurity strategies. On a yearly basis NIK audits cybersecurity issues and prepares the list of audits related to this topic, developed for the needs of the European audit compendium.
European audit compendium on cybersecurity
In the second part of the meeting, the debate participants discussed the modern approach to cybersecurity audits. They talked about potential areas to be audited by the Supreme Audit Institutions. Tõnu Tammer, Executive Director of CERT-EE, the Estonian Information Systems Authority also presented his opinion on audits of the critical cyber infrastructure.
NIK President had a bilateral meeting with his counterpart from the Supreme Audit Office of Estonia. The Presidents discussed challenges currently faced by the European SAIs, topics to be addressed at the meeting of the EUROSAI Governing Board – NIK President as Vice-President of the EUROSAI Governing Board, activities as part of the Three Seas Initiative (NIK President has initiated tightening cooperation as part of this project), potential areas of further cooperation and areas to be covered by joint, parallel audits. It is thanks to joint efforts and mutual support that the Supreme Audit Institutions become more and more effective as independent guardians of public spending.
The Supreme Audit Institution chaired works in the said group in 2014-2020. At that time, the Polish presented several initiatives which have sparked interest of auditors from other countries as they make everyday work of auditors easier. NIK keeps the website for exchanging knowledge about audit reports (Control Space of e-Government - The CUBE) and an active manual on IT audits.
The CUBE is a tool assuming multidimensionality of issues examined by SAIs. It is designed to facilitate planning, conduct and comparison of audit results. This is an analytical internet base of audit reports which may be searched for interesting issues: state activity areas, organisational functions, elements of management control. Materials placed on egov.nik.gov.pl were first addressed mainly to auditors from the e‑administration area. However, since the website dynamically develops its resources and functionalities, it can be interesting to all individuals who conceive modern methods of planning and conducting audits.
The European Organisation of Supreme Audit Institutions (EUROSAI) is a regional group associating 51 members – chiefly Supreme Audit Institutions (SAIs) and the European Court of Auditors (ECA). EUROSAI has in its structure working groups which operate in several thematic areas. In the area of information technology this is the EUROSAI IT Working Group. The Supreme Audit Office of Poland was the ITWG’s chair in 2014-2020, and now NIK is the chair of works of the EUROSAI Working Group on Environmental Auditing.
EUROSAI Working Group on Environmental Auditing about Green transition
