❓ Hon Nick Goiran questions the Premier regarding the Auditor General's report on information systems, highlighting unresolved control weaknesses and potential risks. The Premier's response acknowledges the risks and cites improvements in cybersecurity maturity and compliance compared to the previous government.
AnsweredQoN 403Legislative Council
QuestionView source ↗
INFORMATION SYSTEMS
AUDIT — AUDITOR GENERAL'S REPORT
403. Hon NICK GOIRAN to the Leader of the House representing
the Premier:
I refer to the report Information
systems audit: State government 2021–22 , in which the Auditor
General says —
Concerningly,
and similar to last year, half of the audit findings (282) were unresolved
issues from 2020–21 . At 13 entities, control weaknesses were so
pervasive they resulted in qualified audit opinions—a serious matter—due
to weak system access management, and network security controls. These
findings, if not addressed, could result in data breaches, system outages and
financial loss to the State and its citizens.
(1) Has the Premier been briefed about the Auditor
General's 566 general computer control findings to 61 entities
for the last financial year?
(2) Given the seriousness of the
findings, has the Premier directed that urgent action be undertaken?
(3) Will the
Premier undertake to provide Parliament with monthly updates until the Auditor
General's 10 recommendations have been implemented?
AUDIT — AUDITOR GENERAL'S REPORT
403. Hon NICK GOIRAN to the Leader of the House representing
the Premier:
I refer to the report Information
systems audit: State government 2021–22 , in which the Auditor
General says —
Concerningly,
and similar to last year, half of the audit findings (282) were unresolved
issues from 2020–21 . At 13 entities, control weaknesses were so
pervasive they resulted in qualified audit opinions—a serious matter—due
to weak system access management, and network security controls. These
findings, if not addressed, could result in data breaches, system outages and
financial loss to the State and its citizens.
(1) Has the Premier been briefed about the Auditor
General's 566 general computer control findings to 61 entities
for the last financial year?
(2) Given the seriousness of the
findings, has the Premier directed that urgent action be undertaken?
(3) Will the
Premier undertake to provide Parliament with monthly updates until the Auditor
General's 10 recommendations have been implemented?
AnswerView source ↗
I thank the honourable member for
some notice of the question.
(1)–(3) The
WA government takes these risks seriously and has implemented several
initiatives to increase the level of cybersecurity maturity across the WA
public sector. The Auditor General's report acknowledges the hard work
being done by staff and leaders across the state government to mitigate these
risks. The report found that risk management, which importantly reduces the likelihood
and impact of negative events, reached its highest level of compliance on
record at 87 per cent. This is double what it was under the former Liberal–National
government, when compliance was only 44 per cent in 2012. Under the former
Liberal–National government, more than 60 per cent of entities failed
to meet IT and cybersecurity benchmarks. This year, 66 per cent of entities met
information security framework benchmarks. This is the highest level of
compliance on record.
some notice of the question.
(1)–(3) The
WA government takes these risks seriously and has implemented several
initiatives to increase the level of cybersecurity maturity across the WA
public sector. The Auditor General's report acknowledges the hard work
being done by staff and leaders across the state government to mitigate these
risks. The report found that risk management, which importantly reduces the likelihood
and impact of negative events, reached its highest level of compliance on
record at 87 per cent. This is double what it was under the former Liberal–National
government, when compliance was only 44 per cent in 2012. Under the former
Liberal–National government, more than 60 per cent of entities failed
to meet IT and cybersecurity benchmarks. This year, 66 per cent of entities met
information security framework benchmarks. This is the highest level of
compliance on record.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.