The Ministry of Information Technology and Telecommunication (MoITT) has decided to conduct a third-party audit of the Asan Khidmat Markaz (AKM) Initiative, seeking independent validation of the programme’s compliance with its approved scope, system architecture, and policy framework.
The move comes amid the expanding scale of AKM, a flagship citizen facilitation initiative of the Government of Pakistan designed to deliver integrated public services through a combination of digital platforms and physical service centres.
Independent Review of a Key Public Service Programme
According to officials, MoITT plans to engage a reputable independent firm to carry out a comprehensive assessment of the initiative. The review aims to identify operational gaps, technical risks, and opportunities for improvement, while strengthening governance and service delivery mechanisms.
The AKM initiative involves multiple stakeholders, including MoITT, ICT implementation partners, and infrastructure executing agencies such as the Capital Development Authority (CDA), making independent oversight essential for transparency and coordination.
Broad Technical and Governance Scope
The audit will cover a wide range of technical components, including the application layer, databases, middleware, and system integration architecture. The firm will also verify core system documentation such as software requirement specifications (SRS) and architectural diagrams.
In addition, the review will assess the system’s scalability, availability, and fault tolerance, ensuring the platform can support growing service demand without disruption.
Focus on Cybersecurity and Standards
Security will form a central pillar of the audit. The independent firm will evaluate access controls, authentication mechanisms, and audit logging practices. Systems will be reviewed against internationally recognised frameworks and standards, including ISO 27001, OWASP, and NIST.
Data protection measures, backup protocols, and disaster recovery mechanisms will also be examined to ensure the resilience of citizen services and sensitive information.
Process, Financial Oversight, and Value for Money
Beyond technology, the audit will assess end-to-end service workflows, governance structures, vendor management practices, and service-level agreement (SLA) oversight.
On the financial side, the review will examine alignment with the approved PC-I and defined scope, mapping financial responsibilities across involved entities. A programme-level value-for-money assessment will also be conducted to evaluate efficiency and public benefit.
Not a Forensic Audit
MoITT has clarified that the exercise will not constitute a forensic audit or bill verification. Instead, the objective is to produce practical, prioritised recommendations aimed at improving operational effectiveness, governance, and the overall citizen experience.
The move reflects a broader push by the government to strengthen digital public service delivery through transparency, accountability, and adherence to global best practices.
