The report states that none of the 11 entities that the Auditor-General performed capability maturity assessments on met minimum targets. For the remaining 39, general computer controls audits were conducted. The audit probed information security, business continuity, management of IT risks, IT operations, change control, and physical security. Of the 328 control weaknesses, 33 rated as significant and 236 as moderate. Like last year, nearly half of all issues were about information security. The capability assessment results, meanwhile, showed that none of the 11 audited entities met the auditor’s expectations across the six control categories, with 79% of the audit results below the minimum benchmark. […] The report provided six recommendations, one for each of the security types audited. These included implementing appropriate frameworks and management structures, identifying IT risks, and patching.
An anonymous reader quotes a report from ZDNet: The Auditor-General of Western Australia on Wednesday tabled a report into the computer systems used at 50 local government entities, revealing 328 control weakness across the group. It was Auditor-General Caroline Spencer’s intention to list the entities, but given the nature of her findings, all case studies included in Local Government General Computer Controls [PDF] omit entity, and system, names.