Army needs better IT auditing

National Audit Offices finds good internal IT practices but needs business continuity plan

Another Information Technology (IT) audit by the Auditor General, this time within the Armed Forces of Malta (AFM), has called on the AFM to invest in an electronic IT inventory application.

"Overall, the NAO commended the number of IT related internal policies and operating procedures that were issued by the AFM," the NAO said.

But although the army took a number of initiatives to mitigate the risks involved in the event of a disruption or total failure in the IT systems within the organisation, the NAO found that the army is not being audited, and does not have formalised IT business continuity plans.

The NAO recommended that the AFM carries out a Business Impact Analysis to identify the business and operational impacts of IT related incidents in order to determine a recovery strategy, and to carry out a risk assessment to analyse critical IT assets to identify possible threats to those assets and assess the level of vulnerability.

The AFM IT Strategy highlights, amongst other things, the importance of having an autonomous operational Wide Area Network, which would have sufficient bandwidth to eventually support the AFM operations and administration.

This Audit Report may be accessed through the National Audit Office website (www.nao.gov.mt).