Audit Finds Council IT Systems Have Weak Security Controls

Audit Finds Council IT Systems Have Weak Security Controls

Victoria’s auditor-general has expressed concern over the increasing number of weaknesses in IT controls in the state’s local government sector.

 

According to a new audit, the office found more IT control weaknesses due to increased scrutiny. These weaknesses included access management, policies and procedures, logging and monitoring, backup and recovery, and change management.

 

The auditor-general noted that poor IT controls increase the risk of unauthorised access, cyber-attacks, fraud, error, data manipulation and information theft. The report called for councils to adopt the Australian Signals Directorate’s Essential Eight mitigation strategies.

 

This is not an isolated issue; other states have reported similar findings. NSW auditor-general reported that 65 councils had yet to implement basic governance and internal controls to manage cyber security, while Queensland’s auditor found 67 new internal control deficiencies with respect to councils’ information systems.

 

It is clear that IT controls are a challenge for councils all over the country.