1-1 The State Audit Function in Oman dates back to pre-1970 and has undergone several transformations over the years; the main ones in 1985 with the issuance of the first Audit Law, and in 1989/1991 when the entire system was revamped and a new Audit Law issued. The SAI continued to pursue improvements with the aim of enhancing its function. In 1998 changes were recommended to strengthen its independence and widen its audit mandate. a new State Audit Law was promulgated through Royal Decree No. 55/2000 on 12/07/2000. It was renamed the State Audit Institution (SAI) and was declared independent from the Diwan of Royal Court, with which it was hitherto attached.
1-2 The objectives of the SAI's audit, as laid down in the State Audit Law are:
1-5 Audit Reports are issued, usually after every audit, to the Ministry concerned. The results of the SAI's work throughout the year are summarized in an Annual Report, which is submitted to His Majesty the Sultan.
1-6 Increasingly, the SAI has been moving from a traditional transaction-oriented audit approach towards system-based auditing, with emphasis on identifying weaknesses in internal control systems rather than merely highlighting irregularities in individual transactions. With the growing use of information technology amongst auditees, the SAI is also making increasing use of Computer Assisted Audit Techniques (CAATs) to make its audit effort more efficient and effective.
1-7 During 1999, the SAI conducted audit of nearly 150 agencies, and issued more than 120 audit reports. Some of these were "special audits" undertaken at the specific request of the Government. These included Government-controlled companies in the oil and gas sector and several important financial institutions, as well as socio-economic programmes undertaken by Government. The SAI's special audit findings were well received and appreciated by the Government, and played an important role in the expansion of audit mandate in the new State Audit Law (issued though Royal Decree No. 55/2000) to cover Government-owned companies and other entities.
2-1 The SAI is headed by a President, who is of the rank of a Minister and also has a Deputy President of the rank of an Under-Secretary, both of whom are appointed by Royal Decree. The audit function is managed by an Assistant Deputy President, who has four Directors General, under him, responsible for different areas of audit. The administration is headed by a Director General (Administration and Finance).
2-2 The total strength of staff in the SAI is 172, of which 140 are nationals, and 32 expatriates, with a predominance of accounting, finance and law graduates. The annual budget of the SAI is approximately US$ 5.2 million, of which approximately 80% is spent on salaries.
3-1 The SAI has adopted a systematic approach to knowledge and skill development in the organization, through a mix of in-house training programmes and on-the job training, supplemented by external attachments and training programmes.
3-2 The SAI has evolved a rigorous in-house foundation course for providing induction training to new staff members, which covers:3-4 The SAI has also been seconding its staff members for attachments with various external organizations. These include:
attachments/training programmes of other Supreme Audit Institutions -the National Audit Office (UK), the General Accounting Office (USA), the Auditor General of British Columbia (Canada), the Comptroller and Auditor General of India, the Auditor General of Pakistan; ARABOSAI, the Gulf Co-operation Council Sals and 6 months attachments with international audit firms
3-5 The SAI actively encourages and sponsors its staff members for certification programmes offered by international professional organizations of accountants and auditors -the Association of Chartered Certified Accountants (UK), the Chartered Institute of Management Accountants (CIMA), the Institute of Internal Auditors (USA) and the Arab Society of Public Accountants (Jordan).
4-1 The SAI's introduction to the field of Information Technology (IT) commenced in 1989 with the installation of a Wang computer system primarily to meet word processing requirements. This was followed in 1992 by the installation of a Novell Netware based Local Area Network (LAN) and 4 terminals to provide on-line access to the government-wide financial and personnel information systems running on an IBM Mainframe system.
4.1 IT Strategy
4.1-1 In October 1996, the SAI's approach to IT was re-oriented and a formal IT Strategy was drawn up with two broad goals (a) to facilitate better control over audit and administrative activities and (b) to provide better information support for field auditors.
4.1-2 In support of this strategy, long and short term plans and detailed policies and standards covering hardware and software acquisition, application software development, IT operations and IT security were developed. An IT Steering Committee consisting of senior management and technical staff, was set up to ensure effective management of IT in line with organizational objectives.
4.2-1 In line with the strategic framework for IT, the SAI went in for a comprehensive but very economical upgradation of its IT infrastructure, which presently has the following core components:
4.3-1 In 1997, the SAI established an intranet, which enables users to access information from different database applications using the web browser (Microsoft Internet Explorer) in the same manner, as they would browse the Internet. All the IT systems of the SAI have an "intranet" interface for viewing information, and most of the data entry is also through the intranet.
4.3-2 Users in the SAI, with little knowledge of computers and not much training, are thus able to use computer applications on sophisticated platforms with ease. This technology is "state-of-art" and very few SAls, mainly from the developed countries, have adopted this technology, while the SAI of Oman has been using it for the last three years, making it a pioneer in this area.
4.3-3 The main IT applications being accessed through the Intranet are:
4.3-4 The SAI's long-term objective is to provide an "electronic briefcase / toolkit" for auditors and a paper-free decision support system for managers.
4.4-1 The SAI has developed its own computer training courses, consisting of computer based presentations with audio-visual support, and used it to build an in-house pool of IT trained manpower. This is now being supplemented through short training programmes on specific topics.
4.4-2 In addition, IT Department staff have been given exhaustive training in network and systems administration, as well as in application and web development through a mix of in-house and external training programmes.
4.5-1 Over the last three years through extensive in-house training, the SAI has built a relatively large cadre of generalist auditors, who could undertake simple IT audit tasks, as well as a small pool of specialist IT auditors. These staff have since conducted several important IT audits. The SAl's thrust is on increasing use of audit interrogation software like ACL (Audit Command Language) and MS Access in its regular audit work. This approach has proven to be highly successful, with analysis of electronic data in several auditee agencies providing rich material for both financial and performance audit findings.
4.5-2 The SAI uses the "Control Objectives for Information and Related Technologies" (COBIT) developed by the Information Systems Audit and Control Association (ISACA) as a framework for conducting IT audits. The SAI also plans to sponsor promising staff members for the prestigious CISA (Certified Information Systems Auditor) examination being conducted by ISACA.
5-1 The SAI of Oman is a member of the International Organization of Supreme Audit Institutions (INTOSAI) and is also a member of two of INTOSAI's regional working groups -ARABOSAI (the Arab Organization of Supreme Audit Institutions) and ASOSAI (the Asian Organization of Supreme Audit Institutions)
5-2 In 1999, the SAI was invited to join the Standing Committee on EDP Audit of INTOSAI, which supports Supreme Audit Institutions (SAIs) in developing their knowledge and skills in the use and audit of Information Technology. It is now actively involved in the technical activities of the Committee:
With its experience in intranets, SAI led a research study on how SAIs can use intranets for getting better value out of IT.
At the end of the research study, a Report has been prepared which is currently being disseminated to all SAIs.
The SAI is hosting and maintaining the Arabic version of the Committee's Internet web site. The SAI is also involved in two projects related to the publication of an IT Journal and updating of a comprehensive set of training courseware on IT audit.