Report
Information and communications technology controls report 2013–14
Publisher
Public sector
Auditing
Information technology
Victoria
Resources
Description
This audit assessed information and communications technology (ICT) Controls in the Victorian public sector.
This inaugural report summarises the results of the audits of public sector entities' ICT general controls as part of the 2013–14 financial audits. It aims to provide extra insight and visibility of ICT-related audit findings, and also identify wider trends that may not be covered in the reports given to an entity's management.
Most of ICT audit findings were medium risk, with none ranked as an extreme risk. High-risk ICT audit findings are concentrated in a few ICT general controls categories.
The five themes identified through the ICT audits were:
- ICT security controls need improvement
- management of service organisation assurance activities requires attention
- prior-period audit findings are not being addressed in a timely manner
- patch management processes need improvement
- ICT disaster recovery planning is weak.
Publication Details
ISBN:
978 1 925226 03 4
Copyright:
Victorian Auditor-General's Office 2014
Access Rights Type:
open
Series:
Victorian Auditor-General’s Report 2014–15:12
Post date:
17 Oct 2014
