Refine search Expand filter

Reports

Published

Actions for Compliance with the NSW Cyber Security Policy

Compliance with the NSW Cyber Security Policy

Whole of Government
Compliance
Cyber security
Information technology

This audit assessed nine agencies’ compliance with the NSW Cyber Security Policy (CSP) including whether, during the year to 30 June 2020, the participating agencies: met their reporting obligations under the CSP reported accurate self-assessments of their level of maturity implementing the CSP’s requirements including the Australian Cyber Security Centre’s (ACSC) Essential 8. What we found Key elements to strengthen cyber se

Published

Actions for Managing climate risks to assets and services

Managing climate risks to assets and services

Planning
Environment
Treasury
Industry
Infrastructure
Management and administration
Risk
Service delivery

This report assessed how effectively the Department of Planning, Industry and Environment (DPIE) and NSW Treasury have supported state agencies to manage climate risks to their assets and services. Climate risks that can impact on state agencies' assets and services include flooding, bushfires, and extreme temperatures. Impacts can include damage to transport, communications and energy infrastructure, increases in hospital admi

Published

Actions for Fast-tracked Assessment Program

Fast-tracked Assessment Program

Planning
Industry
Environment
Compliance
Internal controls and governance
Management and administration
Service delivery

This report examines the effectiveness of the Fast-tracked Assessment Program, administered by the Department of Planning, Industry and Environment (DPIE) between April 2020 and October 2020.  The program aimed to support the construction industry during the COVID-19 crisis by accelerating the final assessment stages for planning proposals and development applications.  DPIE selected projects and planning proposals for fast tr

Published

Actions for Managing cyber risks

Managing cyber risks

Whole of Government
Transport
Cyber security
Information technology
Internal controls and governance
Procurement
Risk

This audit assessed how effectively Transport for NSW (TfNSW) and Sydney Trains identify and manage their cyber security risks. The NSW Cyber Security Policy (CSP) sets out 25 mandatory requirements for agencies, including implementing the Australian Cyber Security Centre’s Essential 8 strategies to mitigate cyber security incidents, and identifying the agency’s most vital systems, their ‘crown jewels’.  The audited agencies h

Published

Actions for Grants administration for disaster relief

Grants administration for disaster relief

Treasury
Finance
Compliance
Fraud
Management and administration
Project management

The report examined whether NSW Treasury, Service NSW and the Department of Customer Service effectively administered grants programs funded under the $750 million Small Business Support Fund, including: $10,000 Small Business Support Grant $3,000 Small Business Recovery Grant. What we found The agencies effectively implemented the grants within required timeframes, reflecting the NSW Government’s decision to deliver urgent f

Planned

Actions for Security of student information

Security of student information

Education
Compliance
Cyber security
Information technology
Internal controls and governance
Risk

Schools collect and maintain detailed student data, including sensitive personal information. Schools can also require or encourage students to use third party software applications for learning and other school related activities. This audit will examine how effectively schools ensure student data is secure – both within their own systems and when provided to third parties. This audit may also examine the effectiveness of information security governance