Select Page

Audit: Western Australia Auditor General’s Local Government Financial Audit 2020-21 reports 358 information system control weaknesses

Posted by | Aug 17, 2022 | , , , , , , , | 0 |

Audit: Western Australia Auditor General’s Local Government Financial Audit 2020-21 reports 358 information system control weaknesses

West Australian Audit Report 17 August 2022

Western Australia Auditor General’s Local Government Financial Audit 2020-21 reports 358 information system control weaknesses

12 of the 45 entities did not met expectations across all six control categories and 68% of the audit results were below the minimum benchmark

Western Australia Auditor General Report: Financial Audit Results – Universities and TAFEs 2021

Read more Western Australia Auditor General Reports and West Australia incidents.

In 2020-21, we reported 358 information system control weaknesses to 45 entities, with 10% (37) of these rated as significant and 71% (254) as moderate. Last year we reported 328 control weaknesses to 50 entities. As these weaknesses could significantly compromise the confidentiality, integrity and availability of information systems, entities should act promptly to resolve them.

Our capability assessments at 12 of the 45 entities show that none met our expectations across all six control categories and 68% of the audit results were below our minimum benchmark. Information and cyber security remain significant risks again this year and need urgent attention. Compared to 2019-20, there have been some improvements in change control but very little progress in management of information technology (IT) risks, physical security and IT operations. Entities need to improve in all six control categories.

Of the weaknesses identified in 2020-21:

  • 47% related to information security issues. These included system and network vulnerabilities, and unauthorised and inappropriate access
  • 28% related to IT operations issues. In particular, there were issues in inadequate monitoring and logging of user activity, poor handling of information and lack of review of user access privileges
  • 13% related to business continuity. For example, disaster recovery and business continuity plans were lacking or out-of-date
  • 12% related to inappropriate IT risk management, poor environmental controls for the server room and a lack of change management controls.

 

 

Rate:

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Related Posts

Incident: Telstra apologises for accidentally publishing data of thousands of customers online | ABC News Australia

Incident: Telstra apologises for accidentally publishing data of thousands of customers online | ABC News Australia

December 11, 2022

Incident: Confidential details of entire WA Police Force accessed in ‘startling’ audit breach, CCC finds | ABC News (Australia)

Incident: Confidential details of entire WA Police Force accessed in ‘startling’ audit breach, CCC finds | ABC News (Australia)

April 24, 2020

Incident: Hundreds of classified Home Affairs documents believed sent to unsecured address in ‘serious’ breach of security protocols | ABC News Australia

Incident: Hundreds of classified Home Affairs documents believed sent to unsecured address in ‘serious’ breach of security protocols | ABC News Australia

May 30, 2022

Incident: ‘Business as usual’ for Perth restaurant following bookings hack | WAtoday

Incident: ‘Business as usual’ for Perth restaurant following bookings hack | WAtoday

August 28, 2018

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

View my Flipboard Magazine.

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required


Shares
Share This