Australian Audit Report 22 June 2022

West Australian Local Government Information Systems Audit Report “a significant area of concern”

None of the 12 entities where we performed capability maturity assessments met benchmark

Office of the Auditor General Report: Information Systems Audit Report 2022 – Local Government Entities

Read more Audit Reports and WA Office of the Auditor General

Auditor General Ms Caroline Spencer said capability maturity assessments were conducted at, 12 entities which found information security continues to be a significant risk area. ‘Like last year, none of the 12 entities met our expectations across all 6 categories and nonemet the benchmark for information security. ‘As information and cyber security threats continue to evolve, it is increasingly important that entities implement appropriate controls to protect their valuable information and systems,’ Ms Spencer said.

Reported 358 control weaknesses to 45 entities this year, compared to 328 weaknesses at 50 entities last year. Ten percent (37) of this year’s weaknesses were rated as significant and 71% (254) as moderate. These weaknesses represent a considerable risk to the confidentiality, integrity and availability of entities’ information systems and need prompt resolution.

Fifty-six percent (202) of the findings were unresolved issues from last year. Entities need to address these weaknesses to reduce the risk of their systems and information being compromised.

None of the 12 entities that had capability maturity assessments met our expectations across all 6 control categories, a similar finding to last year. Information security remains a significant risk again this year and needs urgent attention. Compared to 2019-20, there have been some improvements in change control, management of IT risks, physical security and IT operations. However, entities need to improve in all 6 control categories.