Audit: WA Auditor General tables the 2021 Financial Audit Results for Universities and TAFEs
West Australian Audit Report 24 July 2022
Western Australia Auditor General tables the 2021 Financial Audit Results for Universities and TAFEs
OAG identified 124 information systems control weaknesses, a 20% increase 2020, 67% of the weaknesses as rated as moderate
Western Australia Auditor General Report: Financial Audit Results – Universities and TAFEs 2021
The Auditor General today tabled in Parliament the Financial Audit Results – Universities and TAFEs 2021 report. Although all universities and TAFEs received clear (unqualified) opinions for 2021, there was a significant increase in their control weaknesses since 2019. Financial control weaknesses have increased by over 100% and information system control weaknesses by 40% over the past 2 COVID-19 affected years.
The universities and TAFEs audited were: Curtin University, Edith Cowan University, Murdoch University, The University of Western Australia, Central Regional TAFE, North Metropolitan, North Regional TAFE, South Metropolitan TAFE, South Regional TAFE.
Key recommendation: Universities, TAFEs and other entities should address identified financial management, KPI and information systems control weaknesses in a timely manner to ensure the ongoing integrity of their financial and system controls and external reporting
In 2021, OAG identified 124 information systems control weaknesses across the four universities and five TAFEs. This is a 20% increase from the 103 issues we identified in 2020 and 88 reported in 2019. OAG rated 67% of the weaknesses as moderate and the remaining 33% as minor. Entities should action moderate findings as soon as practicable.
Of the 124 weaknesses identified:
- 49% related to information security issues. These included system and network vulnerabilities and weak access controls (48% in 2020)
- 38% related to IT operations issues. These included the monitoring and logging of user activity, processing and handling of information, and review of access privileges (37% in 2020)
- 49% were unresolved findings from our previous audits (42% in 2020).
Information systems control weaknesses have the potential to compromise the confidentiality, integrity and availability of key business systems.