A Study about Government Coordination and Donor Harmonization Improves Service Delivery
The NTP2 program was established by the Government of Vietnam. It would exist regardless of whether any donor contributions were received. Strong government leadership has led to greater coordination, including reporting, budgeting, financial management and procurement. This was a very important aspect of its success as planning and implementation falls across several government agencies. AusAID support has been pivotal in brokering good working relationships between the lead agency and other participating ministries.
The first steps for donor support of the NTP2 were commenting on the program’s design and establishing a funding mechanism. With agreement from the Government and other donors, AusAID led the development of a financing agreement that underpinned the Targeted Program Budget Support. The establishment and operation of the agreed funding mechanism was intregral to harmonising donor support and strengthening Government planning, budget and delivery systems. The implication is that program resources now available are on budget, predictable and subject to review through joint Government and donor audits. Keep reading…
A Case Study about United Nations Development Program: North Korea
Introduction: In March 2007, the United Nations Development Program (“UNDP”) suspended its operations in the Democratic People’s Republic of Korea (“DPRK”), commonly known as North Korea. This unprecedented step stemmed from the DPRK’s refusal to agree to UNDP measures to increase the transparency and accountability of its programs there. This Report presents evidence obtained by the US Senate Permanent Subcommittee on Investigations (the “Subcommittee”) regarding management and operational deficiencies in the UNDP program in North Korea.
These deficiencies rendered UNDP vulnerable to manipulation by the North Korean government. Specifically, the Subcommittee investigation identified deficiencies involving inappropriate staffing, questionable use of foreign currency instead of local currency, and insufficient administrative and fiscal controls. The Subcommittee investigation also found that, by preventing access to its audits and not submitting to the jurisdiction of the UN Ethics Office, UNDP impeded reasonable oversight and undermined its whistle blower protections. Keep reading…
Since our first audits in 2006, we’ve expanded to more countries and more supplier categories. We’ve conducted audits in 14 countries, and in 2012, our audits covered nearly 1.5 million workers. We also perform audits in select nonproduction facilities, including call centers and warehouses. In addition, we conduct specialized audits focusing on areas such as the environment and safety.We audit our final assembly manufacturers annually, and we audit other facilities based on certain risk factors, including location and geographic sensitivities, past audit performance, and the nature of the facility’s work. Since many smaller suppliers have never been exposed to auditing, our audits often identify ways to enable operations to comply with our standards. This effort not only improves working conditions at these suppliers, it also helps improve conditions industrywide, since many of our peers use the same companies.
Core violations and corrective action: Apple considers the most serious breaches of compliance to be core violations. These include physical abuse; underage, debt-bonded, or forced labor; falsification of information or obstruction of audit; coaching workers for audits or retaliating against them if they provide information; bribery; significant pollution and environmental impacts; and issues posing immediate threat to workers’ lives or safety. All core violations must be stopped and corrected immediately. Our preference is to fix problems so they don’t happen again rather than just fire the supplier—which would likely let these violations continue for other customers. However, if a violation is particularly egregious, or if we believe a supplier is not fully committed to stopping the behavior, we terminate our relationship with that supplier and, when appropriate, report the behavior to the proper authorities. Keep Reading..
Introduction: Jacadis is a security consultancy based in Columbus, Ohio that applies its “practical security” mandate to small-to-medium sized businesses and government agencies throughout the state. Jacadis used to conduct security assessments the traditional way, which entailed periodic vulnerability audits with manual software tools, correlation of vulnerability data, elimination of false positives, and explanations of the data to clients. “The old approach was really time consuming, expensive and not an effective way to demonstrate best practices in vulnerability and threat management,” says Davidson. Jacadis switched to the QualysGuard on demand vulnerability management solution.
ITG was contracted by an agency within the U.S. Defense Department to perform a study spanning three major environmental activities: compliance, conservation, and prevention and consisted of 12 sub-functional groups, 78 activities, and 303 tasks. The particular workforce studied consisted of roughly 2,100 Full Time Equivalents (FTE) in approximately 76 locations in continental United States, Europe, and Asia.
ITG and their teaming partner provided a comprehensive solution at best value within the short time period required. This project involved:
# Workforce Requirements Determination
# Projection Model Equation Development
# Projection Model Application
ITG staff developed its expertise and tools over more than 20 years of performing studies and teaching organizational analysis. The ITG methodology System Process Assessment Reengineering and Redesign Comparison (SPARRC™) virtual workshop approach (data gathering online) with subject matter experts builds consensus to assure validity and acceptance of the results. This methodology withstood audits and reviews across the federal government. Read more on Manpower Analysis
We understand security but approach it from a practical perspective,” says Doug Davidson, CEO and Principal Consultant of Jacadis. Jacadis is a security consultancy based in Columbus, Ohio that applies its “practical security” mandate to small-to-medium sized businesses and government agencies throughout the state.
Jacadis used to conduct security assessments the traditional way, which entailed periodic vulnerability audits with manual software tools, correlation of vulnerability data, elimination of false positives, and explanations of the data to clients. “The old approach was really time consuming, expensive and not an effective way to demonstrate best practices in vulnerability and threat management,” says Davidson. View more about Jacadis, LLC
Overview: The mission of the Office of the Inspector General (OIG) is to generate economy, efficiency and effectiveness in the Social Security Administration (SSA). Its programs and operations prevent and detect fraud, waste, abuse, and mismanagement. To accomplish its mission, the OIG directs, conducts and supervises a comprehensive program of audits, evaluations and investigations relating to SSA’s programs and operations.
Challenge: OIG strives for continual improvement in SSA’s programs, operations and management by proactively seeking new ways to prevent and deter fraud, waste and abuse. OIG wanted to develop a new electronic system for the collection of investigative and related information in order to provide greater flexibility and ease of information access. It had previously been using a mainframe-based case management system housed at another agency but that system had limited functionality.
Executive Summary: Pepsi-Cola Manufacturing International Ltd. (“PCMIL”) has successfully executed a compliance initiative supported by BPM technology in response to a need for more efficient compliance with the corporate Global Control Standard (GCS).Their primary objective for this initiative was to streamline theirpreparations for SOX activities and to ensure compliance with GCS requirements. Using Interfacing’s Enterprise Process Center® (EPC), PCMIL effectively integrated their GCS implementation with day-to-day operations in order to benefit from a unified approach to corporate governance and process management. They achieved significant cost savings for their internal GCS audit and extremely positive overall results.
Challenge Addressed: Without a formal and central documentation system, the preparation time – and, therefore, business disruption – for internal GCS audits and SOX reporting was very high, and inconsistent process knowledge was a source of insecurity as it pertained to the outcome of the audits. PCMIL also needed to address an acute lack of easy accessibility to the documentation and process flows for auditors. Click here to read more…
Risk management, regulatory compliance, and IT security services are booming. In fact, with rising IT security threats, the increased dependence on technology to run business, and the demands of attaining regulatory compliance, continue to push demand for security services—including risk assessments, consulting, and vulnerability management services—that are growing at a double-digit clip. Analysts expect the global market for security services to exceed $32 billion by 2010, as more organizations seek the strategic guidance needed to assess their level of IT risk, vet their security and privacy policies, and gain third-party insight through IT audits. View more..
“Thanks to Qualys’ software as a service model, we are benefiting from the solution, maintenance, service, and easy implementation inherent in the model, as well as minimal management.”
- Jean-Marc Lecoint, CISO, Arval.
Tight on resources and time, Arval, one of the leading providers of operational leasing and fleet management services in Europe, sought a way to automate how it identifies and eliminates the software vulnerabilities that place its infrastructure at risk to attack, and of falling out of regulatory compliance.
Founded in 1989, Arval operates its operational leasing and fleet management services throughout most of Europe. In its efforts to reduce security risks, Arval faces two ongoing challenges: the company’s IT teams and security managers must do more with tight resources, while also complying with increasingly stringent regulatory compliance demands. Arval needs to maintain high levels of security, and always be ready to demonstrate a healthy security posture. Its parent company, BNP Paribas group, audits Arval’s IT practices three times every year. View more on Arval