行业研究公司研究宏观策略财报招股书会议纪要 seedance2.0 低空经济 DeepSeek AIGC 大模型

加强波兰公共服务连续性计划的审计：内部审计职能的最佳做法

休闲服务 2024-11-19 经济合作与发展组织静心悟动

研究报告总结

1. 引言

该报告旨在为波兰公共部门内部审计师提供指导，支持其对公共服务连续性计划进行有效审计。报告强调了在 COVID-19 疫情等危机事件中，政府管理危机和应对突发事件的重要性，特别是确保关键公共服务的连续性。报告指出，数字化在提升公共服务连续性的同时，也带来了新的风险，因此审计工作需要充分考虑数字化因素的影响。

2. 法规和标准

报告介绍了与连续性管理相关的国际法规和标准，包括 ISO 22301（业务连续性管理体系）和 OECD 关于关键风险治理的建议。报告还介绍了英国和加拿大在业务连续性管理方面的框架和工具，以及波兰的相关法规和标准，例如欧盟关于关键实体弹性的指令和波兰财政部关于业务连续性管理政策的规定。

3. 审计属性

报告详细讨论了业务连续性计划审计的各个方面，包括：

选择审计类型：BCP 审计属于绩效审计，旨在评估连续性计划的有效性、效率和适应性。
时间和资源：审计时间安排和资源需求应根据风险评估结果和实际情况进行合理规划。
目标：BCP 审计的目标包括确保公共服务具备运营弹性、符合相关法律法规、有效管理数字化风险、合理分配资源等。
范围：审计范围应明确界定审计主题、文档记录、时间期限和地点，并与审计目标相一致。
风险评估：审计人员需要识别与 BCP 建立和实施相关的风险，并评估组织在这些方面的风险管理活动。
标准：审计标准应包括连续性计划与组织战略目标的一致性、基于全面风险评估、对第三方供应商的评估、持续监控和改进机制等。
利益相关者参与：内部和外部利益相关者的参与对于有效规划和执行审计至关重要。
BCP 审计清单：清单可以帮助审计人员系统地评估 BCP 的各个方面。
建议：建议应针对 BCP 中的缺陷，并具有具体、可衡量、可归因、相关和有时限的特点。
报告：BCP 审计报告应全面、有说服力、及时、易于理解且平衡，并包括必要的详细信息和建议。
支持审计人员的数字化能力：审计人员需要具备敏捷、分析、编码、促进、主动性、演示等方面的能力。

4. 结论

该报告为波兰公共部门内部审计师提供了全面的指导，帮助他们有效审计公共服务连续性计划，确保组织在危机事件中能够持续运营，并提升公共服务质量。

Best practices for internal audit functions ENHANCING AUDITING OF PUBLIC SERVICE CONTINUITY PLANS IN POLAND © OECD 2024 This document was produced with the financial assistance of the European Union. The views expressedherein can inno way be taken to reflect the official opinion of the European Union. This document and any map included herein are without prejudice to the status of or sovereignty over anyterritory, to the delimitation of international frontiers and boundaries and to the name of any territory, cityor area. The statistical data for Israel are supplied by and under the responsibility of the relevant Israeli authorities.The use of such data by the OECD is without prejudice to the status of the Golan Heights, East Jerusalemand Israeli settlements in the West Bank under the terms of international law. The project was funded by the European Union via the Technical Support Instrument, and implementedby the OECD, in cooperation with the European Commission. This paper was approved and declassified by thePublic Governance Committeeon14November2024. © OECD 2024 Attribution 4.0 International (CC BY 4.0) This work is made available under the Creative Commons Attribution 4.0 International licence. By using this work, you acceptto bebound by the terms of this licence (https://creativecommons.org/licenses/by/4.0/). Attribution–you must cite the work. Translations–you must cite the original work, identify changes to the original and add the following text:In the event of any discrepancybetween the original work and the translation, only the text of original work should be considered valid. Adaptations–you must cite the original work and add the following text:This is an adaptation of an original work by the OECD.Theopinions expressed and argumentsemployed in this adaptation should not be reported as representing the official views of the OECDor of its Member countries. Third-party material–the licence does not apply to third-party material in the work. If using such material, you are responsible forobtaining permission from the third party and for any claims of infringement. You must not use the OECD logo, visual identity or cover image without express permission or suggest the OECD endorses your Any disputearising under this licence shall be settled by arbitration in accordance with the Permanent Court of Arbitration (PCA)Arbitration Rules 2012. The seat of arbitration shall be Paris (France). The number of arbitrators shall be on About This Paper The COVID-19 pandemic crisis highlighted several areas where governments must improve in how theymanage crises and extraordinary events, including the challenges affecting the delivery of critical publicservices. Part of those challenges included those related to digitalisation. Thispaperis designed to inform and support all public sector internal audit practitioners working withininternal audit functions and all other functions performing audit or assurance related activities, eitherdirectly or indirectly, within Poland. It will describe the context surrounding the auditing of public servicecontinuity plans along with the implications and experiences related to digitalisation in the public service.Itisvital that all aspects of digitalisation are considered to ensure continuity plans remain relevant and upto date. Thisguidancediscusses the elements of a business continuity plan and details the aspects of performanceauditing and digitalisation in relation to the following topics: selecting audit type, resources, objectives,scope, risk assessment, criteria, involvement of stakeholders, checklist recommendation and necessarycompetencies to support auditors. It will contribute to the preparedness of internal audit functions acrossall levels of government in Poland.It guidespractitionersinprovidingassurance that an organisation’sgovernance of the continuity processes and related risksareeffective and in line with the organisation’sobjectives.This will further help organisations be better prepared in the event of an emergency orextraordinary event. Thisguidancedescribes international regulations related to continuity and the elements of the standardsrequired. These elements include the context of the organisation, leadership, planning, support, operation,performance evaluation and improvement. It further describes the business continuity management policyin Poland’s Ministry of Finance and the related responsibility. The guidance includes international good practice examples, including topics related to business continuitysuch as, toolkits, strategies and steps for an appropriate emergency plan. It also includes relevantexamples of auditing of continuity planning including examples of objectives, scope, criteria and relevantrecommendations. These examples provide guidance on structure and language which may be used whendeveloping a similar type of audit on continuity planning. The OECD would like to express its appreciation to the Poland Ministry o

点击免费查看完整报告