During this audit we found Police has not addressed findings reported in our Third Public Sector Performance Report 2009 and Information Systems Audit Report 2013. These previous audits found that Police lacked appropriate quality controls over assessment and licensing decisions, did not have a risk-based approach to monitoring and compliance, and lacked adequate controls for their information systems. Police has not addressed our previous findings to adequately reduce risks. Appendix 2 summarises recommendations from our previous audits.