Each year since 2009, we have tabled in Parliament a stand-alone Information Systems Audit report. This report, which was the first of its kind in Australia, contains:
- The results of at least one specific audit topic (eg Security of Online Transactions in 2012, Cyber Attacks in 2011 and Security of Laptop and Portable Storage Devices in 2010).
- An audit of the application controls in place for key business applications at select agencies. Applications are the software programs that are used to facilitate key business processes of an organisation. For example finance, human resource, licensing and billing are typical processes that are dependent on software applications. Application controls are designed to ensure the complete and accurate processing of data from input to output.
- The results of our annual General Computer Controls (GCC) audits and capability assessments. The objective of our GCC audits is to determine whether the computer controls effectively support the confidentiality, integrity, and availability of information systems. We use the results of our GCC work to inform our capability assessments of agencies. Capability maturity models are a way of assessing how well developed and capable the established IT controls are and provide a benchmark for agency performance.
You can access our previous stand-alone Information Systems audit reports here: