The Project was carried out by several TCU’s technical units and coordinated by the Department of External Control – IT (Sefti). It results from a recommendation from minister Aroldo Cedraz, in face of the scenario mapped by the Survey of Critical Information Systems of the APF.

In the first execution cycle, three system audits are planned to start in 2021, chosen based on negotiations between Sefti and the technical units that have indicated candidate systems for evaluation. Sefti, in turn, will support the audits with the following measures:

• implementation of a course on Systems Auditing, in partnership with the Serzedello Corrêa Institute (ISC);
• assignment of one auditor to compose each one of the inspection teams;
• technical supervision of the inspections, complementing the supervision carried out by each unit. 
•  

As one of the actions of the strategy, a course on Systems Auditing is scheduled to take place from July 22 to August 27, 2021, offering 30 vacancies in this first class, prioritizing the units that have indicated critical systems candidates for evaluation.

The training will be divided into sessions that will cover the fundamentals of systems auditing, techniques and tools commonly used, aspects related to the system and the supported business, weaknesses in governance and systems management, general and application controls, and data analysis in systems auditing. The expectation is that this body of knowledge will enable departments, as a whole, to conduct system assessments with their own resources, as is already the case in some departments.

More information can be found, in Portuguese, in the executive summary of the Strategy for the Supervision of Critical Systems, available only by request to serint@tcu.gov.br.