Introduction

Applications are software programs that facilitate an organisation’s key business processes. Typical administrative processes dependent on software applications include finance, human resources, licensing and billing. Applications also facilitate specialist functions that are peculiar and essential to individual entities.

Each year we review a selection of key applications that agencies rely on to deliver services. Our focus is the application controls designed to ensure the complete and accurate processing of data from input to output. Failings or weaknesses in these controls have the potential to directly impact other organisations and the public. Impacts range from delays in service to possible fraudulent activity and financial loss.

What did we do?

We reviewed key business applications at 5 agencies. Each application is important to the operations of the agency and may affect stakeholders including the public if the application is not managed appropriately.

Our application reviews look at the systematic processing and handling of data to ensure that:

The 5 agency applications we reviewed were:

1. Complaints and Licensing System (CALS) – Department of Commerce
2. Total Offender Management Solution (TOMS) – Department of Corrective Services
3. Controlled Waste Tracking System (CWTS) – Department of Environment Regulation
4. Smart Parker – Public Transport Authority
5. Treasury System – Gold Corporation

Figure 1 represents the focus of our application reviews – people, process, technology and data. In considering these elements, we follow the data from input, processing and storage, to outputs.

Overall assessment

All 5 applications had some control weaknesses with most related to poor policies, procedures and the security of sensitive information. We also found issues with operational, procedural and process controls that aim to ensure the applications function efficiently, effectively and remain available. We found 56 findings across the 5 applications with 6 rated as significant, 39 moderate and 11 being minor. Correcting most of the issues we raised is relatively simple and inexpensive. Figure 2 shows the findings for the 5 applications reviewed.