Appendix A: Submissions and comments

Read more about Appendix A: Submissions and comments

Download a PDF copy of Appendix A: Submissions and comments.

3. Whole-of-government approach to cybersecurity

Read more about 3. Whole-of-government approach to cybersecurity

The public sector does not use its size and economy of scale to address cybersecurity risks in a coordinated way. Agencies have recognised the need to establish a whole of government approach but need to do more to improve the public sector’s cybersecurity.

2. Effectiveness of identity and device controls

Read more about 2. Effectiveness of identity and device controls

Agencies are not adequately prepared to prevent cyber attacks. This is because they have not correctly configured all of their Microsoft 365 cloud-based identity and device controls.

Why identity and device controls are important

Identity and device controls are 2 pillars of the zero trust model. These controls help an agency:

1. Audit context

Read more about 1. Audit context

Cyber attacks

Impact of cyber attacks

Public sector agencies are constantly at risk of cyber attacks.

Microsoft reports and analyses 43 trillion threat signals for its cloud computing products every day.

Cyber attacks can:

What we found

Read more about What we found

This section summarises our key findings. Sections 2 and 3 detail our complete findings, including supporting evidence.

In this report we do not specify which findings relate to which agency given the sensitive nature of the weaknesses we observed. But we have given each audited agency a detailed report about their own control deficiencies.

When reaching our conclusions, we consulted with the audited agencies and considered their views. The agencies’ full responses are in Appendix A.

Our recommendations

Read more about Our recommendations

We made 7 recommendations to address 3 key findings. The relevant agencies have accepted the recommendations in full or in principle or with qualifications. While our recommendations are directed to audited agencies, we expect all Victorian public sector agencies to implement them where appropriate.

Responses to Performance Engagement Recommendations: Annual Status Update 2023

Body

We examined whether public sector agencies are implementing our performance engagement recommendations in a timely way.

Guardianship and Decision-making for Vulnerable Adults

Body

This audit assessed if the Office of the Public Advocate provides guardianship and investigation services that promote and protect the rights and interests of vulnerable adults.

Appendix A: Abbreviations, acronyms and glossary

Read more about Appendix A: Abbreviations, acronyms and glossary

Download a PDF copy of Appendix: Abbreviations, acronyms and glossary.

3. Financial audit work program

Read more about 3. Financial audit work program

We deliver a range of attest services to public sector agencies. We conduct financial audits in line with the Australian Auditing Standards and other relevant professional and legislative requirements.

Our financial audit scope

Sectors we audit

Our financial audit program covers entities across a range of sectors.

Subscribe to Department of Families, Fairness and Housing