Information Systems Audit Report 2018

Auditor General's overview

This is the tenth annual Information Systems Audit Report by my Office. The report summarises the results of the 2017 annual cycle of audits, plus application reviews completed by our Information Systems audit group since last year’s report.

The report is important because it reveals the common information system weaknesses we identified that can seriously affect the operations of government and potentially compromise sensitive information held by agencies. It also contains recommendations that address these common weaknesses and as such, has a use broader than just the agencies we audited.


Summary video

Information Systems Audit Report

Duration 2:22

Report content

Password management
Password Management in the WA State Government
The objective of this audit was to determine if selected government agencies are using good practices to manage network passwords, to protect the information they hold. Read more....
Password management
Audit findings
More than one quarter of the enabled accounts we assessed had weak or commonly used passwords... read more
Password management
Recommendation and Agency responses
The Department of the Premier and Cabinet should: a. provide guidance to agencies on ways to better manage identities and access including password management and multi-factor authentication ... read more
Applications backup and recovery
Application Controls Audits
Applications are software programs that facilitate an organisation’s key business processes including finance, human resources, case management, licensing and billing. Read more
Applications backup and recovery
Patient Medical Record System - Department of Health
Several Western Australian hospitals use a patient medical record system (the Application) to make patient medical records digitally available. Read more
Applications backup and recovery
Tenancy Bonds Management System - Department of Mines, Industry Regulation and Safety
The Tenancy Bonds Management System (TBMS) is used by the Department of Mines, Industry Regulation and Safety (DMIRS) to manage the processing of residential and long stay tenancy bonds. Read more
Applications backup and recovery
First Home Owner Grant Online - Office of State Revenue
The First Home Owner Grant Online system (FHOG Online) is used by the Office of State Revenue (OSR) to provide a one-off payment for eligible first home owners who are buying or building a new home. Read more
Applications backup and recovery
Election Management System WA - Western Australian Electoral Commission
The Electoral Management System WA (EMSWA) is used by the Western Australian Electoral Commission (WAEC) to manage election related information. This includes EMSWA storing an electronic electoral roll, and recording and counting votes for State general elections. Read more
Applications backup and recovery
Keysmart - Keystart Housing Scheme Trust
Keystart Home Loans (WA) uses the Keysmart system to manage home loan enquiries, application processing, broker commissions and loans. Read more
General Computer Controls and Capability Assessments
The objective of our general computer controls (GCC) audits is to determine whether computer controls effectively support the confidentiality, integrity, and availability of information systems. Read more
Audit findings
Our capability maturity model assessments show that agencies need to establish better controls to manage information security, business continuity, IT risks and IT operations. Read more
As a matter of priority, agencies should address risks to security and continuity of business systems. In particular, ... read more