Select Page

Audit: Western Australia Auditor General’s Local Government Financial Audit 2020-21 reports 358 information system control weaknesses

Audit: Western Australia Auditor General’s Local Government Financial Audit 2020-21 reports 358 information system control weaknesses

West Australian Audit Report 17 August 2022

Western Australia Auditor General’s Local Government Financial Audit 2020-21 reports 358 information system control weaknesses

12 of the 45 entities did not met expectations across all six control categories and 68% of the audit results were below the minimum benchmark

Western Australia Auditor General Report: Financial Audit Results – Universities and TAFEs 2021

Read more Western Australia Auditor General Reports and West Australia incidents.

In 2020-21, we reported 358 information system control weaknesses to 45 entities, with 10% (37) of these rated as significant and 71% (254) as moderate. Last year we reported 328 control weaknesses to 50 entities. As these weaknesses could significantly compromise the confidentiality, integrity and availability of information systems, entities should act promptly to resolve them.

Our capability assessments at 12 of the 45 entities show that none met our expectations across all six control categories and 68% of the audit results were below our minimum benchmark. Information and cyber security remain significant risks again this year and need urgent attention. Compared to 2019-20, there have been some improvements in change control but very little progress in management of information technology (IT) risks, physical security and IT operations. Entities need to improve in all six control categories.

Of the weaknesses identified in 2020-21:

  • 47% related to information security issues. These included system and network vulnerabilities, and unauthorised and inappropriate access
  • 28% related to IT operations issues. In particular, there were issues in inadequate monitoring and logging of user activity, poor handling of information and lack of review of user access privileges
  • 13% related to business continuity. For example, disaster recovery and business continuity plans were lacking or out-of-date
  • 12% related to inappropriate IT risk management, poor environmental controls for the server room and a lack of change management controls.

 

 


About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required


Shares
Share This