Select Page

Audit: West Australian Local Government Information Systems Audit Report “a significant area of concern”

Audit: West Australian Local Government Information Systems Audit Report “a significant area of concern”

Australian Audit Report 22 June 2022

West Australian Local Government Information Systems Audit Report “a significant area of concern”

None of the 12 entities where we performed capability maturity assessments met benchmark

Office of the Auditor General Report: Information Systems Audit Report 2022 – Local Government Entities

Read more Audit Reports and WA Office of the Auditor General

Auditor General Ms Caroline Spencer said capability maturity assessments were conducted at, 12 entities which found information security continues to be a significant risk area. ‘Like last year, none of the 12 entities met our expectations across all 6 categories and nonemet the benchmark for information security. ‘As information and cyber security threats continue to evolve, it is increasingly important that entities implement appropriate controls to protect their valuable information and systems,’ Ms Spencer said.

Reported 358 control weaknesses to 45 entities this year, compared to 328 weaknesses at 50 entities last year. Ten percent (37) of this year’s weaknesses were rated as significant and 71% (254) as moderate. These weaknesses represent a considerable risk to the confidentiality, integrity and availability of entities’ information systems and need prompt resolution.

WAOAG Figure 2

Fifty-six percent (202) of the findings were unresolved issues from last year. Entities need to address these weaknesses to reduce the risk of their systems and information being compromised.

WA OAG FIgure 4a

None of the 12 entities that had capability maturity assessments met our expectations across all 6 control categories, a similar finding to last year. Information security remains a significant risk again this year and needs urgent attention. Compared to 2019-20, there have been some improvements in change control, management of IT risks, physical security and IT operations. However, entities need to improve in all 6 control categories.

 


About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required


Shares
Share This