News Auditor-General again flags concerns with public sector cyber security

Auditor-General again flags concerns with public sector cyber security

Auditor-General Grant Hehir is concerned about the public service's handling of cyber security. Photo: AAP
Twitter Facebook Reddit Pinterest Email

The handling of cyber security and the purchase of goods and services remain key problems for federal government departments and agencies, the auditor-general says.

The Australian National Audit Office’s annual report released on Thursday said there continued to be evidence the public sector’s approach to some core activities “regularly falls short of expectations”.

Auditor-General Grant Hehir said in terms of the public sector’s implementation of cyber security “little assurance is given to the government or the Parliament of adherence to mandatory requirements, other than through external audit”.

As well, audits of procurement show “the sector’s approach regularly falls short of expectations”.

In his previous annual report the Auditor-General made a strong plea for more funding, which the government provided in its last budget.

“The funding will enable the ANAO to operate on a more sustainable basis, to meet mandated financial statements audits, an appropriate program of performance audits and the staged roll-out of performance statements audits,” he said.

Over the year, 142 findings were reported to entities as a result of the 2019-20 financial statements audits.

These comprised two significant, 22 moderate and 118 minor findings.

One significant legislative breach was also reported during 2019-20.

The report said the highest number of findings continued to be in the compliance and quality assurance frameworks supporting program payments and financial reporting, and management of IT security and user access, in particular the management of privileged users.

The ANAO also produced 42 performance audits.