The Auditor General has tabled three reports in Parliament — Contractor Procurement – Data Led Learnings; Security Basics for Protecting Critical Infrastructure from Cyber Threats, and Traffic Management System.
Auditor General Caroline Spencer said the Contractor Procurement – Data Led Learnings audit was conducted by her Forensic Audit team and used data analytics to identify red flags in the Public Transport Authority (PTA) contractor procurement data.
“This could indicate undisclosed relationships or corrupt procurement practices,” Ms Spencer said.
“Our review did not give rise to a suspicion of fraud or corruption, but did highlight procedural, mathematical and documentary gaps that could have been exploited by dishonest people.”
She said while corrective steps had been taken by the PTA to resolve the historical vulnerabilities identified, the public sector could benefit from these learnings to improve its own procurement and contract management arrangements.
“Security Basics for Protecting Critical Infrastructure from Cyber Threats is a better-practice guide that aims to help entities enhance their cyber resilience by better managing cyber threats to their critical systems and infrastructure,” Ms Spencer said.
“Cyber security is a critical concern across all industries as cyber-attacks continue to evolve and pose significant threats to our national security, health and safety, and essential services, and can result in severe economic damage.”
She said the security of critical infrastructure had been a focus of her Office and as cyber threats grew, Governments worldwide were taking steps to improve cyber security measures.
“The final report, Traffic Management System, was a part of our yearly program of information system application audits,” the Auditor General said.
“We assessed the key applications that form part of Main Roads Western Australia’s Traffic Management System (TMS), to gain assurance that traffic operations are adequately supported to ensure the safe and efficient movement of people and freight.”
Ms Spencer said the audit found that Main Roads partly protected the TMS from unauthorised access and use, but needs to improve security controls to minimise the risk of the system being compromised and traffic operations disrupted.
“In addition, despite being aware it is not permitted to, Main Roads has continued to collect anonymous data from local road users under the Surveillance Devices Regulations 1999,” she said.
“We have recommended it complies with the Regulations.”
Access to the audits can be arranged by the Contractor Procurement at this link; the Security Basics at this link; and the Traffic Management at this link.