The Auditor-General for New South Wales, Margaret Crawford, released a report today examining the effectiveness of Service NSW’s handling of customers’ personal information to ensure its privacy. The audit found that Service NSW is not effectively handling personal customer and business information to ensure its privacy. Service NSW continues to use business processes that pose a risk to the privacy of personal information. This includes the routine ema

This report focuses on how the NSW Police Force managed a $100 million program to acquire new technology. The program invested in technologies intended to make police work safer and quicker. These included body-worn video (BWV) cameras, smart phone devices, mobile fingerprint scanners and hand-held drug testing devices. The audit found that while the NSW Police Force mostly managed the ‘Policing for Tomorrow’ program effectively, investment decision mak

This report outlines whether the Department of Customer Service (the department) has effective controls in place to ensure the integrity of data in the Births, Deaths and Marriages Register (the register), and to prevent unauthorised access and misuse. The audit found that the department has processes in place to ensure that the information entered in the register is accurate and that any changes to it are validated. Although there are controls in place

Agencies need to improve their compliance with requirements governing the procurement of consultancy services. These requirements help agencies access procurement savings. Also, some agencies have under-reported consultancy fees in their annual reports for the 2016-17 financial year, according to a report released today by the Auditor-General for New South Wales, Margaret Crawford. The report examined twelve agencies' compliance with procurement and rep

The HealthRoster system is delivering some business benefits but Local Health Districts are yet to use all of its features, according to a report released today by the Auditor-General for New South Wales,  Margaret Crawford. HealthRoster is an IT system designed to more effectively roster staff to meet the needs of Local Health Districts and other NSW health agencies. The NSW public health sy

A report released today by the Auditor-General for New South Wales, Margaret Crawford, found there is no whole-of-government capability to detect and respond effectively to cyber security incidents. There is very limited sharing of information on incidents amongst agencies, and some agencies have poor detection and response practices and procedures. The NSW Government relies on digital techno

Neither agency (NSW Ministry of Health and NSW Police Force) demonstrated that they continued to get value for money over the life of these long term contracts or that they had effectively managed all critical elements of the three contracts we reviewed post award. This is because both agencies treated contract extensions or renewals as simply continuing previous contractual arrangements, rather than as establishing a new contract and financial commitmen

Following our 2018 audit of detecting and responding to cyber security incidents, this audit will examine how effectively agencies identify and manage their cyber security risks. This will include consideration of their compliance with the NSW Cyber Security Policy that came into effect in February 2019.

In February 2019 the Department of Finance, Services and Innovation launched the NSW Cyber Security Policy to ensure all NSW Government Departments and Public Service Agencies are managing cyber security risks to their information and systems. The policy mandates a number of requirements that are a minimum that all agencies must implement. In addition agencies must assess their level of cyber maturity. This audit will examine whether agencies are complyi

Local Health Districts manage large volumes of private patient information and have their own systems for data management with differing approaches to data protection. Clinicians in busy hospital environments require timely access to data and systems to effectively treat patients. Increased accessibility may in turn increase the risk of poor data and system security practices. Recent experience in other jurisdictions has also demonstrated that operationa