Report 20: May 2019 Western Australian Auditor General’s Report Information Systems Audit Report 2019 Office of the Auditor General Western Australia 7th Floor Albert Facey House 469 Wellington...

1 answer below »
There are 2 assessement briefs and another is the sample IT audit report.


Report 20: May 2019 Western Australian Auditor General’s Report Information Systems Audit Report 2019 Office of the Auditor General Western Australia 7th Floor Albert Facey House 469 Wellington Street, Perth Mail to: Perth BC, PO Box 8489 PERTH WA 6849 T: 08 6557 7500 F: 08 6557 7600 E: [email protected] W: www.audit.wa.gov.au National Relay Service TTY: 13 36 77 (to assist people with hearing and voice impairment) We can deliver this report in an alternative format for those with visual impairment. © 2019 Office of the Auditor General Western Australia. All rights reserved. This material may be reproduced in whole or in part provided the source is acknowledged. ISSN: 2200-1931 (Print) ISSN: 2200-1921 (Online) WESTERN AUSTRALIAN AUDITOR GENERAL’S REPORT Information Systems Audit Report 2019 Report 20 May 2019 THE PRESIDENT THE SPEAKER LEGISLATIVE COUNCIL LEGISLATIVE ASSEMBLY INFORMATION SYSTEMS AUDIT REPORT 2019 This report has been prepared for Parliament under the provisions of section 24 and 25 of the Auditor General Act 2006. Information systems audits focus on the computer environments of public sector entities to determine if these effectively support the confidentiality, integrity and availability of information they hold. I wish to acknowledge the cooperation of the staff at the entities included in our audits. CAROLINE SPENCER AUDITOR GENERAL 15 May 2019 Information Systems Audit Report 2019 | 3 Contents Auditor General’s overview ......................................................................................... 4 Application controls audits .......................................................................................... 5 Introduction .................................................................................................................. 5 Audit focus and scope .................................................................................................. 5 Summary ...................................................................................................................... 6 Recruitment Advertisement Management System – Public Sector Commission ........... 8 Advanced Metering Infrastructure – Horizon Power.....................................................16 Pensioner Rebate Scheme and Exchange – Office of State Revenue .........................23 New Land Registry - Titles – Western Australian Land Information Authority ..............29 General computer controls and capability assessments ........................................... 34 Introduction .................................................................................................................35 Conclusion ..................................................................................................................35 Background .................................................................................................................35 Audit focus and scope .................................................................................................36 Audit findings ...............................................................................................................36 Recommendations ......................................................................................................46 Appendix 1 – Cloud application (SaaS) better practice principles ............................ 47 4 | Western Australian Auditor General Auditor General’s overview This is the eleventh annual Information Systems Audit Report by my Office. The report summarises the results of the 2018 annual cycle of information systems audits, and application reviews completed by my Office since last year’s report. The report contains important findings and recommendations to address common system weaknesses that can seriously affect the operations of government and potentially compromise sensitive information held by entities. All public sector entities should consider the relevance of the recommendations to their unique operations. The newly funded Office of Digital Government has an important role in supporting entities to address these weaknesses and improve their capability and cyber resilience. The first section of the report contains the results of our audit of key business applications at 4 public sector entities. All 4 had weaknesses, the most common of which related to poor contract management, policies, procedures and information security. When government outsources any ICT function, or buys cloud hosted applications, it remains responsible for identifying risks and ensuring appropriate functionality, security and availability controls are in place. Proper due diligence processes must be undertaken, when designing the contract and throughout the term of
Answered Same DayApr 24, 2021SBM4302

Answer To: Report 20: May 2019 Western Australian Auditor General’s Report Information Systems Audit Report...

Preeta answered on Apr 25 2021
146 Votes
1. Introduction:
Information system has become a very essential part of the business and most of the operational functions in a business are carried on using the system. So, information system is also used in audit, to reduce the amount of task and error. Software programs popularly known as applications maintain the key business operation like human resources, finance, licensing, case management and billing (Pereira and Santos 2010). Some software is general in nature and can be used by a l
ot of organizations where as some software is specific in nature and can cater to only specific type of business. But through the use of such software, the data should be correctly entered, processed, interpreted and maintained. Both the business enterprise as well as the audit organization must have skillful employees to handle all the software applications. A huge control is to be maintained on the applications (Dacey 2010).
The system can be handled internally within the organization or can be outsourced. Many business houses use cloud hosted software but generally there is security threat on cloud hosting and so firewall is to be used. But most of the companies fail to implement the system well. It is important to understand if the business has adequate ability to control and maintain its information system. The associated risks are to be identified. So, Information Systems Audit Report 2019 by Western Australian Auditor General’s Report (Office of the Auditor General, 2019) has been reviewed to identify the issues and then to come to the conclusions.
2. Audit focus and scope of the given report:
The focus of the audit was mainly on the applications. The applications covered in the audit report are:
· Recruitment Advertisement Management System (RAMS) of the commission of public sector.
· New Land Register of Western Australian Land Information Authority.
· Advanced Metering Infrastructure of horizon power.
· Pensioner Rebate Scheme and Exchange of Office of State Revenue.
The scope of report was defined through the controls. The identified control categories are:
· The policies and procedures followed by the company should be appropriate so that the information can be processed reliably.
· Only the authorized data should be entered as data input and those should be complete and to be entered correctly.
· It is to be ensured that the information is available all the time but confidentiality and integrity of those are maintained and the sensitive information should be highly secured.
· The data should processes as per the requirement and within the required time.
· The data output should be complete and accurate. It should be in hard copy or online report.
· The transaction log should be checked to keep an audit trail to ensure complete and accurate historical data.
· The data should be backed up for recovery at the time of disaster.
· The duties should be distributed among the staffs based on their skill, experience and working capacity.
· It is to be ensured that the interface is controlled and the master file is maintained properly.
3. Irregularities found in the report:
3.1 Audit findings in the RAMs:
Recruitment Advertisement Management System (RAMS) are being used by Western Australian (WA) government since 2003 to manage the recruitment, deployment and redeployment of staffs. The advertisement of vacancies is also put through this software for the view of the public so that they can make their application. The system is hosted externally by a third party in the form of arrangement of Software as a Service. Most of the security responsibilities are of the vendor, the commission only has the responsibility of governance and share the responsibility of data with vendor. The governance of the application can be improved since there is lack of evidence that the security control measures used by the vendor for information is adequate. Further it cannot be established that the vendor compliances are monitored and managed as per the security level agreement. Improper access management has exposed the risk of misuse of the personal sensitive information.
The findings revealed the following things:
· The commission has not conducted enough procedures to obtain assurance regarding the control measures of the vendor. The deficiencies in control are: the software vendor do not support some of the software components any longer, some part of software is outdated; disaster test recovery has not been conducted by the vendor since 2015; technical documentation of the application is outdated.
· At the time of the contract, the commission did not conduct adequate risk assessment, so the information in the contract is inadequate regarding the security of the information. The following weaknesses remain for the commission due to the contract: the commission do not possess the right to conduct any security audit and so the scope of security control verification is limited; the...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here