Information Technology Audit Report, Jamaica Customs Agency
The Jamaica Customs Agency (JCA) is mandated to assess and collect duties, fees, and penalties due on imported merchandise. It also has the responsibility of facilitating international trade while ensuring the protection of Jamaica’s borders against illicit imports. JCA’s services are therefore a significant source of tax revenue and contributor to national security and development.
The efficient execution of the JCA’s functions is highly dependent on the use of Information Technology(IT) in its core processes. Given this dependence and the value of IT investments made over the years, the agency should implement the necessary controls to ensure that IT risks are managed in a structured manner. The JCA should also ensure that it can appropriately respond and continue to offer critical services in spite of technological disruptions.
In light of this, I commissioned an IT audit to determine whether the JCA has an effective Business Continuity Management System to ensure the timely resumption of critical services in the event of any serious interruptions. The audit revealed that the JCA did not have a Business Continuity Plan and its IT disaster recovery planning was limited to the failure of one application, though the agency was reliant on information maintained on several other systems. Consequently, the JCA may not be able to resume operations in a timely manner resulting in lengthy delays in the customs and clearance process for goods and passengers. We also found that though IT was a key business enabler, the JCA did not have an IT governance mechanism to ensure the systematic management of risk, proper resource allocation and the alignment of IT strategies with corporate objectives.
This report is intended to assist the JCA in improving its oversight of the IT function, risk management and continuity planning in order to reduce the likelihood and or impact of major disruptions on its operations. The management of the JCA is urged to implement the recommendations made in this report with a view to strengthen the agency’s controls and ensure the continuity of critical business services to its customers.