Search filters applied: education, finance, health, local government, planning, transport, treasury, whole of government AND special review, performance audit AND 2020 AND cyber security, financial reporting, fraud, information technology .
Actions for Service NSW's handling of personal information
The Auditor-General for New South Wales, Margaret Crawford, released a report today examining the effectiveness of Service NSW’s handling of customers’ personal information to ensure its privacy. The audit found that Service NSW is not effectively handling personal customer and business information to ensure its privacy. Service NSW continues to use business processes that pose a risk to the privacy of personal information. This includes the routine ema
Actions for Governance and internal controls over local infrastructure contributions
The Auditor-General for New South Wales, Margaret Crawford, released a report today on how well four councils managed their local infrastructure contributions during the 2017-18 and 2018-19 financial years. Local infrastructure contributions, also known as developer contributions, are collected from developers to pay for local infrastructure such as drainage, local roads, open space and community facilities. Controls over local infrastructure contribut
Actions for Destination NSW's support for major events
This report focuses on whether Destination NSW (DNSW) can demonstrate that its support for major events achieves value for money. The audit found that DNSW’s processes for assessing and evaluating the major events it funds are mostly effective, but its public reporting does not provide enough transparency. DNSW provides clear information to event organisers seeking funding and has a comprehensive methodology for conducting detailed event assessments. H
Actions for Integrity of data in the Births, Deaths and Marriages Register
This report outlines whether the Department of Customer Service (the department) has effective controls in place to ensure the integrity of data in the Births, Deaths and Marriages Register (the register), and to prevent unauthorised access and misuse. The audit found that the department has processes in place to ensure that the information entered in the register is accurate and that any changes to it are validated. Although there are controls in place
Actions for Managing cyber risks
Following our 2018 audit of detecting and responding to cyber security incidents, this audit will examine how effectively agencies identify and manage their cyber security risks. This will include consideration of their compliance with the NSW Cyber Security Policy that came into effect in February 2019.
Actions for WestConnex: Changes since 2014
The WestConnex project is a motorway project that will link the M4 and M5 motorways with 33km of new motorway tunnels in Sydney. We conducted a performance audit of the WestConnex business case review process in 2014. Since then, the scope and projects included in WestConnex have changed. This audit will assess whether Transport for NSW and Infrastructure NSW effectively assessed and justified major scope changes to the WestConnex project since December
Actions for Compliance review: Cybersecurity
In February 2019 the Department of Finance, Services and Innovation launched the NSW Cyber Security Policy to ensure all NSW Government Departments and Public Service Agencies are managing cyber security risks to their information and systems. The policy mandates a number of requirements that are a minimum that all agencies must implement. In addition agencies must assess their level of cyber maturity. This audit will examine whether agencies are complyi
Actions for Council annual charges
New South Wales has a lot of councils providing similar services to the community, such as domestic waste and stormwater management services. However, the charges for these common services vary greatly between councils. This audit could examine selected common charges across a number of councils to understand what is driving the variability in charges.
Actions for Security and privacy of patient information
Local Health Districts manage large volumes of private patient information and have their own systems for data management with differing approaches to data protection. Clinicians in busy hospital environments require timely access to data and systems to effectively treat patients. Increased accessibility may in turn increase the risk of poor data and system security practices. Recent experience in other jurisdictions has also demonstrated that operationa
Actions for Security of student information
Schools collect and maintain detailed student data, including sensitive personal information. Schools can also require or encourage students to use third party software applications for learning and other school related activities. This audit will examine how effectively schools ensure student data is secure – both within their own systems and when provided to third parties. This audit may also examine the effectiveness of information security governance