Skip to main content Skip to page footer
A Rwanda Government Website

SAI-Rwanda hosts AFROSAI-E workshop on auditing MS SQL Database

2 June 2026

From 25–29 May 2026, The Office of the Auditor General of State Finances (OAG) which is also Supreme Audit Institutions (SAI-Rwanda) hosted African Organization of English-speaking Supreme Audit Institutions (AFROSAI-E) workshop on Information System Audit Champion Program - Module 2, for auditing MS SQL Database.

The workshop brought together 31 participants from AFROSAI-E country members from South Africa, Namibia, Eswatini, Uganda, Zambia, Eswatini, Mauritius and Rwanda. It was facilitated by auditors from South Africa, Namibia, Zambia and Gambia. IT aimed to equip IS auditors with a VMware image environment to extract and analyze security and financial data from databases, and benchmark findings against international best practices.

The training also provided a platform for IS auditors to share experiences, update their knowledge, and strengthen their IT auditing skills, while addressing challenges encountered during the audit.

The workshop sought to address the challenges in the information systems audit and support provided to financial, compliance and performance audits which have been highlighted in SAI requests and quality assurance reviews. 

Speaking at the opening of workshop, The Auditor General of Rwanda, KAMUHIRE Alexis, highlighted the importance of IS auditing. He said “(…) Is auditing improves operational efficiency, enhancing service delivery, and ensuring systems security.” 

He further mentioned data integrity as a recurring concern in IS audit findings and expressed confidence that the training would meaningfully strengthen the capacity of IS auditors across all participating countries.

Participants successfully developed a solid understanding of information systems audit techniques focused on Microsoft SQL Server security. The training covered MS SQL Server fundamentals, security risks, materiality considerations, laboratory setup, VMware image configuration, audit data extraction and analysis using sqlcmd, and the use of MS SQL audit scripts. 

Participants also learned to assess user access controls, permissions, password policies, surface area reduction settings, logging mechanisms, version management, patching practices, and Transparent Data Encryption (TDE). The module concluded with practical exercises, participant presentations, and a comprehensive review of key audit concepts and findings. 

Participants expressed sincere thanks to the management of our SAI-Rwanda for “organizing the workshop properly and all support offered to us making our attendance in this workshop a success. We commit ourselves to transfer the skills and knowledge gained from this workshop to our daily          audit work in order to enhance IS audit reports with constructive recommendations. Information System Auditor from Mauritius, Paniken Yogeswaree Devi told OAG Newsletter during interview.

The workshop complemented other existing AFROSAI-E programs inclduing the supervision and review skills for Integrated Financial Management Systems (IFMIS). 

Back