A transparent and accountable government depends on the accessibility and reliability of its records. Effective records management requires a robust framework of legislation, centralised governance and oversight, monitoring, and disincentives for noncompliance.

There are four well‑documented barriers to achieving fully effective records management in Victoria:

1.1.1 Victoria's Public Records Act 1973

The Public Records Act 1973 (the Act) is the foundation of Victoria's legislative framework for managing government information. The Act regulates how government records must be captured and managed.

Many of Victoria's other laws—such as freedom of information, privacy and even the Audit Act 1994—can operate effectively only when agencies comply with the Act and manage their records effectively.

Good records management is the foundation of government accountability. In Victoria, accountability is enshrined in the Public Administration Act 2004, which requires public servants to submit themselves to appropriate scrutiny. This typically includes scrutiny of the records they make or receive in the course of their duties. These records are known as 'public records'.

Well-managed public records enable governments to make informed decisions, to deliver services, and to demonstrate performance, transparency and accountability.

Ordered to be published

VICTORIAN GOVERNMENT PRINTER MARCH 2017

PP No 249, Session 2014–17

This Appendix provides information about recent major changes within the public sector in relation to information technology (IT).

This Appendix shows our maturity assessment scores by information technology (IT) general controls category for the selected 38 entities by sector. The overall maturity assessment score is derived by averaging the aggregated maturity scores of the entities, as listed in Appendix C.

Ratings for audit findings reflect our assessment of both the likelihood and consequence of each identified issue in terms of its impact on:

• the effectiveness and efficiency of operations, including probity, propriety and compliance with applicable laws
• the reliability, accuracy and timeliness of financial reporting.

The ratings also assist management to prioritise remedial action.

Figure D1

Rating definitions and management action

This Appendix contains a list of the entities included in the scope of this report and shows which entities were included in focus area surveys (covering wireless security and the Australian Signals Directorate Top 4 Strategies to Mitigate Targeted Cyber Intrusions) and information technology (IT) control maturity assessments.

Figure C1

Entities selected for this financial systems controls report

Why this report is important

This audit aggregates our information technology (IT) audit findings covering policies, procedures and activities put in place by an entity to ensure the confidentiality, integrity and availability of its IT systems and data. This report also provides decision-makers with information and insights to help them address IT audit findings, improve processes and controls, and enhance accountability across the public sector.