Strengthening Information Systems Audit Capacities in African SAIs

ISACP Module 2 and ISACP Expert Module 3 Workshops, 13 to 17 November 2023

In partnership with OAG Norway, we implemented the first IS Audit Champions Programme (ISACP) in 2017. We are now on the third round of this exciting programme to build practical capacity in SAI’s Information Systems Audit function. The programme aims to empower SAIs to conduct audits of critical information systems and adequately support financial, compliance and performance auditors in the SAI.

Following the successful Module 1 workshop in Rwanda earlier this year, we held the Module 2 workshop in South Africa from 13 to 17 November. This module focused on financial information systems audit and targeted SAIs with established IS audit sections meeting specific criteria.

Concurrently, we also held the 3rd Module workshop of the IS Audit Experts Programme (ISAEP), which we launched last year, to ensure continuous education for IS auditors in the region. The workshop provided advanced training in auditing Active Directory, emphasising Microsoft Active Directory and Windows environments.

The strategic outcomes of both programmes are to capacitate SAIs to produce integrated audit reports that comprehensively include IT/IS issues and improve SAI staff IS audit skills and knowledge.

The workshops successfully trained 15 IS Audit Champions, and seven IS Audit Experts, contributing tangibly to the development of audit capacities within participating SAIs. These figures reflect the commitment of SAIs from Uganda, South Africa, The Gambia, Somalia, Palestine, Namibia, Zambia, Kenya, Tanzania, and Sierra Leone to strengthen IS Audit capacity.

Critically, these programmes include follow-up activities. The IT Audit Champions participants must conduct pilot audits based on the training components. Notably, two SAIs have already made strides in conducting audits of Oracle databases, while others are in the planning stages or actively executing audits.

These two workshops represent a pivotal moment in building robust IS audit capacities in African SAIs. As SAIs continue to embrace and implement the knowledge gained, we anticipate a substantial impact on audit quality and effectiveness.

“My overall observation from these trainings was that there has been significant improvement in participants’ knowledge and skills in risk assessment and mitigation, identification of control weaknesses, audit execution and report writing. Continuous engagements with the SAIs are bound to yield fruitful results in the long run for both the participating SAIs and the Continent in securing information systems and strengthening information systems audit capacities.”Sylvia Birabwa, Course Facilitator for the ISACP.