Financial Systems Controls Report: Information Technology 2014–15

Tabled: 7 October 2015

This report summarises the results of our audits of 45 public sector entities' IT controls performed in support of VAGO's 2014–15 financial audits. This report is in its second year and builds on the inaugural ICT controls report 2014–15 to provide additional insight and increase visibility of our IT audit findings. It also summarises reviews undertaken over two areas—identity & access management (IDAM) and software licensing practices.

Sixty-five key financial IT applications and their infrastructure were audited, with 462 associated audit findings used as the basis for this report’s analysis.

Most IT audit findings identified were rated medium and high risk, with one audit finding rated as an extreme risk. Along with the specific IT audit findings, this report draws out the following three clear emerging themes:

  • management of controls at outsourced IT environments requires improvement
  • use of IT systems that are no longer supported or at their end-of-life
  • IT security controls need improvement.

Notwithstanding some deficiencies in IT controls, VAGO was able to rely on these controls for financial reporting purposes because other mitigating controls were identified and tested.

Access the Report

Full report as HTML

Full report as PDF  (4.4 MB)

PDF of the presentation


Audit team

Karen Phillips

Engagement Leader

Ian Yaw

Team Leader

Tonderai Nduru

Team Member
Engagement Quality Control Reviewer

Paul Martin



Last updated on 8/31/2016