Information and Communications Technology Controls Report 2013–14

VAGO Publication large

Tabled: 15 OCTOBER 2014

The Auditor-General is the external auditor of Victoria's public sector entities, and has a legislated obligation to provide independent assurance to the Parliament about the financial status as well as the efficiency, effectiveness and economy of these entities.

This inaugural report summarises the results of our audits of public sector entities' ICT general controls as part of the 2013–14 financial audits. This report is the first of its type by VAGO and aims to provide extra insight and visibility of our ICT-related audit findings, and also identify wider trends that may not be covered in the reports we give to an entity's management.

Notwithstanding some deficiencies in ICT controls, VAGO was able to rely on these controls for financial reporting purposes because other mitigating controls were identified and tested. Most of ICT audit findings were medium risk, with none ranked as an extreme risk. High-risk ICT audit findings are concentrated in a few ICT general controls categories.

The five themes identified through our ICT audits were:

  1. ICT security controls need improvement
  2. management of service organisation assurance activities requires attention
  3. prior-period audit findings are not being addressed in a timely manner
  4. patch management processes need improvement
  5. ICT disaster recovery planning is weak.

In future reports, we will perform detailed maturity assessments of selected entities' ICT environments and examine some selected areas of focus, such as identity and access management, software licensing and wireless network security.

 

 

 

 

 

 

VAGO Icon Download

Access the Report

Full report as HTML

Full report as PDF Adobe PDF (1.5 MB)

PDF of the presentation

 

Audit team

Paul O'Connor
Engagement Leader

Ian Yaw
Team Leader
Rue Maharaj
Team Member
Tonderai Nduru
Team Member
Engagement Quality Control Reviewer

Paul Martin

 

 

......

Last updated on 10/7/2015