Auditor-General's comments
|
Dr Peter Frost Acting Auditor-General |
Audit team Dallas Mischkulnig—Engagement Leader Annie Skelton—Team Leader Jason Cullen—Analyst Engagement Quality Control Reviewer Rocco Rottura |
|
Dr Peter Frost Acting Auditor-General |
Audit team Dallas Mischkulnig—Engagement Leader Annie Skelton—Team Leader Jason Cullen—Analyst Engagement Quality Control Reviewer Rocco Rottura |
Ordered to be published
VICTORIAN GOVERNMENT PRINTER December 2015
PP 122, Session 2014-15
Dear Presiding Officers
In accordance with section 16(3) of the Audit Act 1994, a copy of this report was provided to the Department of Premier & Cabinet, the Commissioner for Privacy and Data Protection and Department of Environment Land, Water & Planning.
The submissions and comments provided are not subject to audit nor the evidentiary standards required to reach an audit conclusion. Responsibility for the accuracy, fairness and balance of those comments rests solely with the agency head.
Responses were received as follows:
Figure B1
Entities selected for this financial systems controls report
Entities |
Scope details |
||
|---|---|---|---|
Information technology (IT) audit |
Focus areas | ||
Ratings for audit findings reflect our assessment of both the likelihood and consequence of each identified issue in terms of its impact on:
The ratings also assist management to prioritise remedial action.
Figure A1
Rating definitions and management action
In 2014–15 we had two focus areas:
identity and access management (IDAM) controls—controls which aim to reduce the risk of inappropriate access to information and data
For each of the 45 entities selected for this report, we prepared management letters highlighting any control weaknesses identified by our information technology (IT) audits. For this report, these management letters were analysed to identify the overarching themes and key messages that may have a broader impact.
Key information technology (IT) audit themes are drawn from testing performed as part of each entity's annual financial audit, as well as discussions with management and analysis of our IT audit findings. These themes are prepared to provide insight and actionable recommendations for public sector entities.
For the 2014–15 financial year, we identified three clear emerging themes from IT audits, and have made a number of recommendations to address them.
When planning a financial audit, VAGO seeks to understand and evaluate an entity's information technology (IT) environment and any related risks to the reliability of financial reporting.
This report summarises the results of this work on selected public sector entities' IT general controls as part of the 2014–15 financial audits. This is the second report of its kind and aims to provide extra insight into VAGO's IT audit findings, and identify wider trends that may not be covered in reports to an entity's management.