We are excited to share that the Demystifying Technologies brochure is now available.

This brochure is designed to provide a clear and concise visual guide for public auditors on various technologies that may impact their work and to establish a common language in the field. It is especially useful for non-technology professionals or auditors who want to learn about key technologies and concepts.

You can download the brochure in Arabic, English, French, and Spanish by visiting this link.

Additionally, you will find a library of additional resources related to the featured technologies, including use cases and audit-related information, in the “Other Resources” section of the page.

IDI is pleased to invite you to join the 3rd edition of LOTA Talks.

This time we will talk about Cybersecurity.

The interpretation will be available in Arabic, French, English and Spanish.

🕒 22nd November 2023 | 14:00 – 17:00 CET

Poster: Download Poster

Register: HERE

Our speakers:

Performance Audit of Preparedness for Cybersecurity: Bhutan Experience
	Kinley Zam | Performance Auditor, SAI Bhutan Kinley Zam, a seasoned Performance Auditor at SAI Bhutan since 2008, is known for her pioneering work in Performance auditing. She has a Master’s in IT from Murdoch University, Australia. As an active contributor to knowledge-sharing initiatives, she provides training on performance auditing, IT auditing, data analysis and communication skills. Kinley is an alumni of the IDI’s SAI Young Leader Programme.
Audit of Cybersecurity
	Renato Braga | Security Information Audit Manager, SAI Brazil Renato is a Security Information Audit Manager from the Brazilian Federal Court of Accounts (Tribunal de Contas da União). He has 21 years of auditing experience, 11 of which are in IT auditing. Renato has the following certifications: CISA, CFE,  CIA,  CGAP,  CCSA, CRMA, DPO, CRTP, OSWP, eJPT, CySA+, and Security+.
	Andre Torres | Cybersecurity Specialist, SAI Brazil Andre is a Cybersecurity specialist from the Brazilian Federal Court of Accounts (Tribunal de Contas da União). He has 18 years of cybersecurity experience. Andre’s focus is on incident response, vulnerability management and offensive security. He has the following certifications: CRTE, CRTP, CESP ADCS, PNPT, eCPPTv2, eWPT, eJPT, CASP+, PenTest+, CySA+, Security+, and Linux+.
Audit of Zero Trust Architecture
	Jeffrey Knott | Assistant Director, IT and Cybersecurity, SAI USA Jeff Knott is an Assistant Director within the Information Technology and Cybersecurity team at the U.S. Government Accountability Office (GAO). He leads engagements that focus on an array of cybersecurity issues, including reviews at the government-wide, agency-specific, and system-specific levels. Jeff joined GAO in 1992 and has performed reviews at most federal agencies. He is a certified information system auditor. He earned a bachelor of science degree in computer science from the University of Mississippi and a master’s degree in business administration, with a concentration in information systems, from the University of Texas at Arlington.
	Kevin Smith | Senior Analyst, IT and Cybersecurity, SAI USA Kevin Smith is a Senior Analyst within the Information Technology and Cybersecurity team at the U.S. Government Accountability Office (GAO). He manages engagements that focus on cybersecurity issues, including reviews at the government-wide, agency-specific, and system-specific levels. Kevin joined GAO in 2018 and has performed reviews at many federal agencies. He earned a bachelor of science degree in physics and a master’s degree in information science from the University of Michigan.
Cyber Security in a rapidly evolving Space industry
	George Tountas | Senior Manager, Information Security Management, SES George has a background in Computer Science and holds an M.Sc. Information Security from University College London. He has been working on Cyber Security and IT Audit for more than 13 years. He is passionate about the topic and loves to collaborate with teams to get the best and most secure solutions. Currently, he is a Senior Manager in Information Security Management at SES, a global satellite communications provider. He is CISA and CISSP certified.
Cybersecurity and data protection
	Kareem Ismail | Senior Auditor, SAI Egypt Kareem is the Senior Auditor, with over 12 years of experience in Auditing at the Supreme Audit Institution of Egypt, known as Accountability State Authority. He has a Bachelor’s degree in Accounting and Finance from Cairo University and a Master’s degree in Information Systems from DePaul University in the United States of America. Kareem is an active team member of two INTOSAI working groups – WGITA (Working Group of Information Technology Audit) and WGBD (Working Group of Big Data).
Cybersecurity and data protection guidelines
	Roberto Hernandez Rojas Valderrama | General IT Audit Director, SAI Mexico Roberto is the General IT Audit director in the Superior Audit of Mexico with more than 30 years of experience IT Audit Governance, risk and Cybersecurity. He is in charge of IT compliance audits and cybersecurity evaluations (based on NIST Cybersecurity Framework, Basel III, PCI, CSI and CCCM) in different government sectors, such as financial, energy, health, social development, telecommunications, and national security. He is also in charge of the Big Data and Analytics initiative and project leader of Cybersecurity and data protection guidelines in the Working Group of IT Audit WGITA. Roberto is a Subject Matter Expert in many IT standard-setting committees and in Cloud Security.
Cyber security and internal auditors
	José Manuel Espinoza Reyes | System Engineer, SAI Costa Rica José is a system engineer with more than 20 years of working in Information Technologies, 7 years of experience in IT Audits and coordinator of Information Technology Audit teams at the SAI Costa Rica. He is a teacher in the IT Engineering program at the National Technical University.

Come join LOTA Talks and let us make the world a safer place!​​

Register: HERE

For more information on the LOTA initiative, please visit:

LOTA – Leveraging on Technological Advancement

LOTA Scan: A tool for Supreme Audit Institutions

In response to this rapidly changing environment and technology development, IDI has developed a LOTA Scan Tool to help SAIs in making better use of technology in fulfilling their audit mandates, by planning technology-specific audits, developing technology skills and introducing new technologies into the SAI audit practice.

The LOTA Scan aims to provide SAIs with a tool to analyse their internal and external environment in the use technology in audits and use of technology by governments. The LOTA Scan part related to external environment assessment helps to identify areas where technology audits are required and outlining technology-related audit projects to be included in LOTA Strategy. At the same time, external environment assessment helps to identify the technological needs of SAI for using technology in audits. In turn, the internal environment assessment helps to assess the current state at the SAI and how well SAI responds to the technological needs arising from the external environment.

The LOTA Scan Tool consists of

• LOTA Scan Guide. The LOTA Scan Guide provides basic guidance on running the LOTA Scan project at a SAI. This includes guidance on prerequisites for conducting a LOTA Scan and the LOTA Scan workflow including key phases and analysis.
• LOTA Scan Canvas. The LOTA Scan Canvas provides a template for conducting and high-level reporting on the LOTA scan.
• LOTA Scan Question Bank. The LOTA Scan Question Bank lists detailed questions to be considered during the analysis.

The more information on LOTA Scan Tool along with download links may be found here: https://idi.no/work-streams/relevant-sais/lota/lota-scan