SUPREME AUDIT OFFICE OF THE SLOVAK REPUBLIC REPORT FROM

SUPREMEDISTRICT COURT OF QUEENSLAND REGISTRY NUMBER PLAINTIFF (INSERT NAME)
SUPREMEDISTRICTMAGISTRATE COURT OF QUEENSLAND REGISTRY NUMBER PLAINTIFFI (INSERT NAME)
SUPREMEDISTRICTMAGISTRATES COURT OF QUEENSLAND REGISTRY NUMBER PLAINTIFF (INSERT NAME)

SUPREMEDISTRICTMAGISTRATESCOURT OF QUEENSLAND REGISTRY NUMBER PLAINTIFF1 (INSERT NAME) AND
SUPREMEDISTRICTMAGISTRATESCOURT OF QUEENSLAND REGISTRY NUMBER PLAINTIFFI (INSERT NAME) AND
SUPREMEDISTRICTMAGISTRATES COURT  OF QUEENSLAND REGISTRY NUMBER PLAINTIFF (INSERT

NAJVYŠŠÍ KONTROLNÝ ÚRAD SLOVENSKEJ REPUBLIKY

Supreme Audit Office of the Slovak Republic

REPORT


from the application audit of the VIES system (VAT Information and Exchange System), which was the part of audit of tax income of the State budget for the year 2008 and  progress in implementation of VIES system.


The purpose of the audit was to check the correctness of tax income evidence on the state income accounts and to evaluate the overall meeting of budgetary income for the year 2008.


The audit had been performed in the year 2009 in the audited subject: Tax head Office of the Slovak Republic (hereinafter referred to as „THO SR“.



  1. Organization and documentation


The area of information technology (hereinafter referred to as „IT“) was in the audited subject managed by the appropriate manager for the IT area, through the Section of Informatics. From organizational point of view the Section of Informatics was divided into the Department of Development, the Department of Service and the Unit of Project Administration. The Department of Service was in charge of the administration, maintenance and running of VIES application while the Department of Development was in charge of the development of VIES information system (hereinafter referred to as „IS VIES“).


The audit focused on checking the documentation concerning IS VIES revealed that the technical documentation concerning VIES application had not been in compact form. SAO SR had recommended to complete the technical documentation concerning the mentioned VIES system.


The audit group had also checked the compliance with the legislation of SR in the area of information systems of public administration and observing the provisions of the Act on the Protection of Personal data. They found out in this area certain shortcomings which had been consequently eliminated by the accepted measures.


The audited subject defined the policy of IS security by internal guideline on the security policy of information and communication technology of the tax offices of SR. This guideline was interlocked with the global security policy for the tax offices in SR. In the area of physical security and security of objects the audit of technological premises of audited subject had been performed (the rooms with the key hardware equipment, e.g. servers, active network items, etc.). The audit revealed many shortcomings of technical and organizational character. The SAO SR recommended organizing the premises with the information and technological equipment in compliance with the purpose they should serve to. This had been consequently realized by the audited subject.


The area of security of IS continuous service in the audited subject has been regulated by the internal guideline for emergency planning of IS THO SR. The guideline regulated the process of emergency planning, responsibility for creation, testing, updating and application of emergency plans. The special emergency plan and the plan for renewal have been elaborated for the VIES system. The main aim of this emergency plan was to ensure the availability of national system providing that the negative impacts on users and system services will be eliminated in case that unexpected emergency situation occurs. The audit revealed small discrepancies in this document but these had been eliminated and the document has been updated already in the course of the audit.



  1. Input of data


The audit group checked the way of authorization of input data to the VIES information system. Process of data input had been realized through submitting the comprehensive report for the certain period to the locally appropriate tax office and its acceptance by the tax office. This document must be marked by the presentation stamp of the tax office and it must obtain a unique identification number. Consequently, this document has to be scanned to the information system of the tax administration.


Verifying of input data correctness had been realized by the auditing techniques supported by the computer (CAATs), software for the IDEA data analyse.
After testing the sample of submitted comprehensive records they found out that some documents had not met the formal terms for acceptance of document by the tax office but this figure had been in acceptable divergence. Further they found out by testing of sample that input data had been recorded correctly from the source documents to information system, i.e. the conversion to the electronic form run reliably, while the audited subject accepted sufficient measures which had prevented input of incorrect data to IS VIES.


SAO SR recommended to the audited subject to accept adequate measures which would prevent input of data from incorrect, respectively incomplete source documents to the information system. The audited subject had accepted measures ensuring formal completeness and correctness of source documents though the internal regulation.



  1. Data and transactions processing


Checking of area of data and transactions processing in IS VIES had been realized through the audit of selected sample out of the set of comprehensive records. The audit revealed that processing of data inserted to IS VIES and their representation in the output run correctly. The audit also checked the area of special data processing where they found out no shortcomings.



  1. Data transmission


Transmission of data among individual EU member countries in the frame of IS VIES was realized through common communication network CCN. National system VIES is connected to this international network through communication portal and firewall with relevant security elements and measures. Technical arrangement for connection to this network had been provided by the European Commission. The audit checked the area of transmission and revealed no shortcomings.



  1. Constant data


Data stored in IS VIES as the constant records, so called classifiers, was managed/handled by competent persons. The administrator of IS VIES was responsible for the technical part of classifiers and the authorized employee from the department of international administrative cooperation was responsible for the classifiers in the application part. The audit revealed that responsibility for the administration of classifiers in the application part of IS VIES had not been formally specified in any internal regulations of the audited subject or in any record/description of the state employment positions.


SAO SR recommended to the audited subject to formally determine the responsibility for the administration of classifiers in IS VIES. The audited subject in the frames of the accepted measures for the elimination of the found shortcomings had formally determined this responsibility.



  1. Data output


Application VIES enables to present the data from the comprehensive records delivered by the Slovak VAT payers and also to present the data sent from the other EU member states. The data was displayed on the monitors of the clients´ computers with the possibility to print the compilations and such document has been automatically chronologically stamped (time stamp) and marked by identifier of user who elaborated this compilation.


IS VIES also enables to check the validity of identification number of VAT payers. At the same time, this system enables to provide various statistical data in the form of printed compilation. The audit revealed that the audited subject had not formally determined the output distribution of IS VIES.

SAO SR recommended to the audited subject to regulate formally the output distribution of IS VIES in the frame of the organization. Consequently, the audited subject defined the rule of output distribution of IS VIES in the approved internal regulation.



Conclusion


The performed audit revealed the discrepancy in the generally binding legal regulations of the Slovak Republic. The auditors also found out some shortcomings mainly in the area of insufficient formalization of concerned processes and in the area of specifying the responsibility for individual activities.


Generally, the information in the VIES system can be considered for credible and correct.


The results from the performed audit had been discussed with the statutory representative of the audited subject who accepted relevant measures for the elimination of the shortcoming found by the audit.

4



0 SUPREME COURT OF APPEAL OF SOUTH AFRICA MEDIA
2 SUPREME COURT OF APPEAL OF SOUTH AFRICA MEDIA
2 THE SUPREME COURT OF APPEAL OF SOUTH AFRICA


Tags: audit office, performed audit, slovak, report, republic, office, supreme, audit