On June 6, the Brazilian Federal Court of Accounts (TCU) hosted the seminar for the Supreme Audit Institutions (SAIs) of the BRICS countries, composed of Brazil, Russia, India, China and South Africa, as well as new members in the process of joining. The videoconference, themed "the audit of cyber security and data protection challenges", was organized by the Department of International Relations (Serint) and the Audit Department for Information Technology (AudTI). Representatives of the founding members delivered presentations and answered questions from the audience during the Q&A sessions. The event also featured the participation of new member countries as guests, including Egypt and Ethiopia.  

The Seminar

In her opening speech, the Secretary of International Relations, Simone Bambini, stressed that cooperation with the BRICS SAIs is crucial for enhancing TCU's role as a public institution.  As institutions from large and diverse developing countries, BRICS SAIs face multiple challenges, such as working under pressure to deliver high-quality results, while dealing with threats to their independence and limited resources. In this context, cooperation among group members presents an opportunity to identify common solutions and share good practices.  

As Rafael Albuquerque, AudTI's Head of the Department and moderator of the debates, pointed out, the conference's theme is central to any discussion on Digital Transformation and therefore attracts significant interest. In this perspective, it is important to recall that Digital Transformation is one of the priorities of the TCU presidency in INTOSAI.

The discussions focused on four main points: approaches to assess or enhance cybersecurity risk management in federal entities; approaches to assess or enhance resilience in cybersecurity and data protection in federal entities; methods and techniques to assess cybersecurity controls implemented by federal agencies; and means for assessing the impact of SAIs actions in the area of cybersecurity and data protection.  

The TCU opened the conference exhibitions with a presentation led by André Torres, auditor from the Department of Information Technology and Digital Evolution (Setid), who provided a practical approach to the court's audit regarding "Ransomware" defense. South African SAI, represented by Chester September, senior manager in cybersecurity, presented practical cases of attacks that challenge the country's cybersecurity system, along with corresponding audit measures. 

Following the first Q&A session, Cui Zhu, representative of the Chinese SAI, discussed practical elements and perspectives on cybersecurity in her country, as well as the audit systems employed. Subsequently, Denis Strizheusov, Deputy Director of the Financial Audit Department at the Russian SAI, presented on best practices from international organizations in cybersecurity auditing. This topic sparked particular interest among SECEXONU members present at the session, given that the TCU is currently a member of the UN Board of Auditors. Deepak Raghu, representative of the Indian SAI, concluded the exhibitions by sharing India's experience and national regulations on cybersecurity and data protection. The final round of questions was diverse and addressed all the speakers. 

Next Steps

For 2024, international cooperation within the framework of the BRICS SAIs still includes two technical seminars and a leaders' meeting. The Fourth BRICS SAIs Leaders' Meeting is scheduled to take place on July 30 and 31 in Ufa, Russia, with the central theme of sustainable development auditing. Also planned for the second half of the year are a technical seminar on auditing major infrastructure projects, organized by the South African SAI, and another on auditing sustainable urban development, organized by the Indian SAI.