Finance, Services and Innovation

2017-18

Cyber security (in progress)

The NSW Government uses digital technology to deliver services, organise and store information, manage business processes, and control critical infrastructure.
The increasing interconnectivity between computer networks has increased the risk of unauthorised users obtaining access to systems. Recent global security incidents highlight the importance of NSW government agencies having adequate systems and processes for detecting and responding effectively to security incidents.
This audit will assess how well cyber incidents are monitored and remedial advice is communicated in the NSW public sector. In making this assessment, the audit will examine whether:

  • Cyber security incidents are monitored efficiently and effectively
  • Agencies receive timely and quality advice on cyber incidents and remedial action

The audit will focus on the role of the Department of Finance, Services and Innovation in coordinating the Information Security Community of Practice and the information security event reporting protocol.  The audit will also examine ten case study agencies to develop a whole of government perspective on how agencies detect and respond to incidents. 

Property asset utilisation

In response to recommendations of the Property Asset Utilisation Taskforce the NSW Government set out in 2012 operational and guiding property principles that Property NSW and NSW Government agencies must follow. Property NSW was assigned the mandate to improve the management of the NSW Government's owned and leased real property portfolio.

This audit may examine the effectiveness and efficiency of Property NSW's initiatives to improve the management of NSW Government's owned and leased property portfolio.

Risk management culture and capability (in progress)

See full description under Treasury.

2018-20

ICT Investment Assurance Framework

In 2016, the NSW Government strengthened the information and communications technology (ICT) investment assurance framework (IAF). The IAF applies an independent risk-based assurance process for the State’s capital and recurrent funded ICT projects to identify the level of confidence that can be provided to the nominated sub-committees of Cabinet that the State’s ICT projects are being effectively developed and delivered in accordance with the Government’s objectives.

This audit may examine a selection of large ICT projects to determine whether the IAF is effective in providing independent assurance that projects address priority needs, the best options to address these needs are selected, costs are controlled well and variations properly justified and approved.

Ensuring contract management capability in government

Effective contract management requires an appropriate contract management framework that addresses governance arrangements, skills, roles and responsibilities, and policies and procedures. It should promote accountability for decision making and expenditure of public funds. A robust contract management framework helps ensure all parties meet their obligations, contractual relationships are well managed, agencies achieve value for money and deliverables meet the required standards and agreed timeframes. An effective framework should also provide guidance for managing contract variations well.

This audit may consider whether agencies have the contract management capabilities needed to effectively manage different types of contracts with different risks, scale and complexity.  

Cyber security

Description pending.