An Information Security Report of the Auditor General on the Office of the Premier’s EXCOTrack Cabinet Document Management Solution was presented to the Legislative Assembly on May 15, 2019.
ExcoTrack, a computerized version of the Cabinet documentation monitoring/tracking process was developed in an effort to provide efficient ways to monitor/track the Government of Montserrat’s (GoM) decisions and policies.
The purpose of this review was to assess and determine if ExcoTrack is self-sufficient, secure, and robust, with adequate application controls in place to ensure the integrity, completeness, accuracy, and security of the (i) user information and (ii) Cabinet-related confidential information that is inputted, processed, and outputted, by the application software, and in a timely manner. This audit was conducted in accordance with the International Standards for Supreme Audit Institutions (ISSAI) 100, 5300, and ISAE 3000 and other
internationally accepted IT related standards and guidelines.
Key Findings & Recommendations
The review revealed that the ExcoTrack software was user-friendly and accessible from any electronic device. However, we found that there was no formally signed agreement or contract between the GoM and Rovika Inc., which outlines clear ownership or operational parameters which pose a high risk to the GoM. We also found that ExcoTrack’s alert function did not always work, sometimes causing significant delays. There was also no Business Continuity Plan or IT Security Policy should there be a security breach to ExcoTrack.
It was recommended that the GoM should desist from entering into software application arrangements without having the necessary documented agreements or contracts in place. We have highlighted other findings and recommendations which were contained in the full report.
The OAG stated: “Subsequent to our audit of the software application ExcoTrack in 2017, it has come to the attention of the Office of the Auditor General that the Government of Montserrat and the ExcoTrack software developer, Rovika are now engaged in legal proceedings surrounding contractual payments, data access and ownership, and the issue of overall ownership rights to the software. It is important to note that some of the issues highlighted in the audit have manifested themselves and led to the GoM no longer being able to use the software for its regular Cabinet data management operations. It is our understanding that GoM now has “read only” access to the data in ExcoTrack, and is seeking an alternative solution for document management for the Cabinet Office. The Office of the Auditor General will revisit this matter at the conclusion of the court proceedings.”
5-31-19-ExcoTrack Final Report 2019 Amended
The report in its entirety can be found at the Montserrat Public Library or by visiting https://oag.gov.ms or by requesting an electronic copy from the Office of the Auditor General.