An audit report on information systems for the Local Government sector has found significant shortcomings.
The report, Information Systems Audit Report 2020 – Local Government Entities, summarises the results of the 2019 cycle of information systems audits of one regional and nine metropolitan Local Government entities.
Auditor General, Caroline Spencer said all 10 entities had significant shortcomings in their information security practices.
“Only four entities demonstrated that they were effective or partially effective in at least half of the 14 areas of the security standard,” Ms Spencer said.
“In addition, the level of maturity for entities’ general computer controls was low, with no entity meeting our minimum capability benchmark across all control categories.”
She said the audit identified 150 general computer control weaknesses with 13 rated as significant, 113 moderate and the remainder as minor.
“All Local Government entities, including those not sampled in this audit, need to carefully consider the standards and the recommendations in this report to improve information security practices and protect the confidentiality, integrity and availability of information and systems,” Ms Spencer said.
“As with our State sector general computer control work, we have not identified the audited Local Government entities so as not to expose their systems to additional risks.”
She said her office had provided each entity with detailed findings so they could address identified shortcomings.
The Auditor-General’s 27-page report can be accessed at this PS News link and the audit team was Jordan Langford-Smith, Kamran Aslam, Walber Almeida, Karla Cordoba, Fareed Bakhsh and Nomin Chimid-Osor.