Reports
Actions for Managing climate risks to assets and services
Managing climate risks to assets and services
What the report is about This report assessed how effectively the Department of Planning, Industry and Environment (DPIE) and NSW Treasury have supported state agencies to manage climate risks to their assets and services. Climate risks that can impact on state agencies' assets and services include flooding, bushfires, and extreme temperatures. Impacts can include damage to transport, communications and energy infrastructure, increases in hospital admi
Actions for Managing cyber risks
Managing cyber risks
What the report is about This audit assessed how effectively Transport for NSW (TfNSW) and Sydney Trains identify and manage their cyber security risks. The NSW Cyber Security Policy (CSP) sets out 25 mandatory requirements for agencies, including implementing the Australian Cyber Security Centre’s Essential 8 strategies to mitigate cyber security incidents, and identifying the agency’s most vital systems, their ‘crown jewels’. The audited agencies h
Actions for Grants administration for disaster relief
Grants administration for disaster relief
What the report is about The report examined whether NSW Treasury, Service NSW and the Department of Customer Service effectively administered grants programs funded under the $750 million Small Business Support Fund, including: $10,000 Small Business Support Grant $3,000 Small Business Recovery Grant. What we found The agencies effectively implemented the grants within required timeframes, reflecting the NSW Government’s decision to deliver urgent f
Actions for Security of student information
Security of student information
Schools collect and maintain detailed student data, including sensitive personal information. Schools can also require or encourage students to use third party software applications for learning and other school related activities. This audit will examine how effectively schools ensure student data is secure – both within their own systems and when provided to third parties. This audit may also examine the effectiveness of information security governance