An audit of the effectiveness of Public Service information systems has found a number of weaknesses that could threaten the integrity of Departmental information systems.
In her report 18: 2019-20, Information Systems Audit Report 2020 – State Government Entities, Auditor General, Caroline Spencer said there had been some improvements including an increase in the number of entities – from 13 to 15 – who met benchmark targets across all categories.
“However, we continue to find a large number of control weaknesses that could compromise the confidentiality, integrity and availability of entities’ information systems,” Ms Spencer said.
“This year we reported 522 computer control issues to 50 State Government entities, a slight reduction from the 547 issues reported in 2018 at 47 entities.”
She said entities were not addressing audit findings quickly, with 45 per cent of findings from this year related to previously reported findings.
“While there was some improvement in controls over information security and business continuity, they continue to be areas of concern,” Ms Spencer said.
“Only 57 per cent (information security) and 54 per cent (business continuity) of entities performed to the expected level,” she said.
Ms Spencer said poor controls in these areas left systems and information vulnerable to misuse and could affect critical services provided to the public.
“The report includes a number of case studies to help entities learn from others’ experiences,” Ms Spencer said.
“All public sector entities, including those not audited, are encouraged to consider the report’s recommendations where relevant to their function.”
She said she was considering expanding the report in future years to provide more detailed information about common weaknesses found and approaches to addressing shortcomings.
“In the current environment, controls around remote IT access infrastructure will also need to be an area of priority as entities increasingly support staff to work in more flexible ways in response to current public health measures for the COVID-19 virus,” Ms Spencer said.
The Auditor-General’s 25-page report can be accessed at this PS News link.
The audit team was Jordan Langford-Smith, Kamran Aslam Walber, Almeida Karla, Cordoba Sheau, Lan Gan, Jake Davey, Fareed Bakhsh and Nomin Chimid-Osor.
