Select Page

Audit: Western Australia Auditor General’s Local Government Financial Audit 2020-21 reports 358 information system control weaknesses

Posted by | Aug 17, 2022 | , , , , , , , | 0 |

Audit: Western Australia Auditor General’s Local Government Financial Audit 2020-21 reports 358 information system control weaknesses

West Australian Audit Report 17 August 2022

Western Australia Auditor General’s Local Government Financial Audit 2020-21 reports 358 information system control weaknesses

12 of the 45 entities did not met expectations across all six control categories and 68% of the audit results were below the minimum benchmark

Western Australia Auditor General Report: Financial Audit Results – Universities and TAFEs 2021

Read more Western Australia Auditor General Reports and West Australia incidents.

In 2020-21, we reported 358 information system control weaknesses to 45 entities, with 10% (37) of these rated as significant and 71% (254) as moderate. Last year we reported 328 control weaknesses to 50 entities. As these weaknesses could significantly compromise the confidentiality, integrity and availability of information systems, entities should act promptly to resolve them.

Our capability assessments at 12 of the 45 entities show that none met our expectations across all six control categories and 68% of the audit results were below our minimum benchmark. Information and cyber security remain significant risks again this year and need urgent attention. Compared to 2019-20, there have been some improvements in change control but very little progress in management of information technology (IT) risks, physical security and IT operations. Entities need to improve in all six control categories.

Of the weaknesses identified in 2020-21:

  • 47% related to information security issues. These included system and network vulnerabilities, and unauthorised and inappropriate access
  • 28% related to IT operations issues. In particular, there were issues in inadequate monitoring and logging of user activity, poor handling of information and lack of review of user access privileges
  • 13% related to business continuity. For example, disaster recovery and business continuity plans were lacking or out-of-date
  • 12% related to inappropriate IT risk management, poor environmental controls for the server room and a lack of change management controls.

 

 

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Incident: Cyber attack threatened WA astrophysicists’ shot at gravitational waves, colliding neutron stars | ABC News (Australia)

Incident: Cyber attack threatened WA astrophysicists’ shot at gravitational waves, colliding neutron stars | ABC News (Australia)

October 17, 2017

Incident: WA Officer David Snowball illegally accessed police computer to protect partner’s massage business | ABC News (Australia)

Incident: WA Officer David Snowball illegally accessed police computer to protect partner’s massage business | ABC News (Australia)

August 9, 2019

Update Incident: Telstra apologises for accidentally publishing data of thousands of customers online | ABC News Australia

Update Incident: Telstra apologises for accidentally publishing data of thousands of customers online | ABC News Australia

December 11, 2022

Incident: Queensland water supplier Sunwater targeted by hackers in months-long undetected cyber security breach | ABC News (Australia)

Incident: Queensland water supplier Sunwater targeted by hackers in months-long undetected cyber security breach | ABC News (Australia)

November 11, 2021

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

How Australia's ASIC v FIIG decision supports your cyber investment business case
How Australia's ASIC v FIIG decision supports your cyber investment business case

What you need to know First AFSL cyber penalty: FIIG's $2.5 million penalty is the first cyber security penalty under general financial services … [...]

APRA and ASIC Sound the AI Alarm for Boards and Executives
APRA and ASIC Sound the AI Alarm for Boards and Executives

What you need to know APRA and ASIC have sent powerful messages to regulated entities regarding AI, cyber security and operational resilience in … [...]

Exclusive: INC Ransom claims cyber attack on Australian engineering service company
Exclusive: INC Ransom claims cyber attack on Australian engineering service company

Threat actors have claimed a cyber attack on an Australian engineering solutions company and are threatening to publish data they allegedly … [...]

Exclusive: Major cleaning and facility services firm confirms third-party cyber incident
Exclusive: Major cleaning and facility services firm confirms third-party cyber incident

Major private cleaning and facility services firm Menzies Group has confirmed a cyber incident that occurred after a third-party IT provider was … [...]

Exclusive: Australian College of Business Intelligence investigating Qilin ransomware claims
Exclusive: Australian College of Business Intelligence investigating Qilin ransomware claims

A Sydney-based vocational college has found no evidence of compromised student data after being listed on the leak site of a prolific hacking group. • … [...]

Victorian bulk porting scammer gets over two years in prison
Victorian bulk porting scammer gets over two years in prison

A 35-year-old man from Lynbrook, south-east Melbourne, has received a prison sentence of two years and two months, with a 12-month non-parole period, … [...]

NSW cyber cops bust alleged bullion-buying BEC bandits
NSW cyber cops bust alleged bullion-buying BEC bandits

NSW Police have charged three people over an alleged $600,000 business email compromise (BEC) scam operation, after detectives caught a young woman … [...]

Miners’ data targeted as hackers hold software provider to ransom
Miners’ data targeted as hackers hold software provider to ransom

Dozens of Australian mining companies are scrambling to access their key technology systems after a major software supplier to the sector was … [...]

Instructure dealing with Canvas cyberhackers a dangerous tactic, say experts
Instructure dealing with Canvas cyberhackers a dangerous tactic, say experts

The company that runs Canvas has painted a target on its back for future extortion attempts by making a deal with hackers, according to cybersecurity … [...]

Exclusive: Hospitality IT provider allegedly breached by Qilin
Exclusive: Hospitality IT provider allegedly breached by Qilin

Threat actors have claimed a cyber attack on an Australian hospitality and gaming industry supplier, having listed the firm on the dark web. • Fri, 15 … [...]

ACCC welcomes another year of funding for the National Anti-Scam Centre
ACCC welcomes another year of funding for the National Anti-Scam Centre

The Australian consumer watchdog is pleased with the overall funding boost of $67.7 million over four years in the 2026–27 budget. • Thu, 14 May 2026 … [...]

Report: Business email compromise attacks surged dangerously in April
Report: Business email compromise attacks surged dangerously in April

BEC attacks rose 151 per cent month on month in April, with advanced fee and gift card fraud key drivers. • Thu, 14 May 2026 • Security *]:clear-none … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading