Tecnologias De Informacion
Páginas: 44 (10911 palabras)
Publicado: 25 de abril de 2012
Western Australian Auditor General’s Report
Information Systems Audit Report
Report 2: March 2010
The PresidenT LegisLaTive CounCiL
The sPeaker LegisLaTive assembLy
inFormaTion sysTems audiT rePorT
I submit to Parliament my Information Systems Audit Report under the provisions of sections 24 and 25 of the Auditor General Act 2006.
GLEN CLARKE ACTING AUDITOR GENERAL 24 March 20102
Information Systems Audit Report
l Western Australian Auditor General
Contents
Auditor General’s Overview
4
IS Compliance Audit: Security of Laptop and Portable Storage Devices
5
Application and General Computer Controls Audits
Application Controls General Computer Controls and Capability Assessments for Agenices
17
20 24
Western Australian Auditor Generall Information Systems Audit Report 3
Auditor General’s Overview
This is the second annual Information Systems Audit Report tabled by this Office. Following the inaugural 2009 report, I have been encouraged by feedback that the reported results provide an important performance benchmark for agencies. This report has two sections covering three items: • Information systems compliance auditm
Security of laptop and portable storage devices.
•
Application and general computer controls audits
m
Application controls General computer controls and capability assessments of agencies.
m
The first item of the report, ‘Security of laptop and portable storage devices’, rounds out a four year focus on various aspects of Information Systems security. This year’s auditlooked at how agencies manage the physical security of laptops, mobile phones, media players and flash drives and at the security of information stored on those devices. Laptops and other portable storage devices offer benefits through allowing flexible work arrangements and easy access, storage and transfer of large amounts of data. However their portability also places them at greater risk of beinglost or stolen. Information stored on portable devices also needs to be adequately protected. None of the seven agencies we reviewed had adequately considered or addressed these risks. Our audit of four key business applications at four agencies, found weaknesses in security and data processing controls that could potentially impact delivery of key services to the public. Our general computercontrol audits involved assessing 52 agencies and benchmarking 42 against good practice for IS management. Forty-five per cent of agencies failed to meet the benchmark. While we have seen some good practice and some signs of improvement, too many agencies continue to ignore the risks from not effectively managing their information systems. The standards and frameworks we audit against do not placeunrealistic expectations on agencies and are generally accepted across all industries. I strongly urge senior management of agencies to act on the recommendations of this report.
4
Information Systems Audit Report
l Western Australian Auditor General
IS Compliance Audit: Security of Laptop and Portable Storage Devices
Overview
Western Australian Government agencies own and use largenumbers of laptop computers and other portable storage devices (PSDs) – including flash drives, portable hard drives and mobile phones. These devices can hold large volumes of information. The portability of laptops and PSDs allow flexible work arrangements and easy transfer of information. However, their portability also increases the risk that they will be lost or stolen. On average about 250laptops are reported stolen by agencies each year. Without adequate safeguards in place these losses can easily result in unauthorised access to sensitive information. Agencies therefore have a responsibility to manage these items effectively. This includes protecting the physical assets and ensuring appropriate security for the information stored on them. The challenge facing agencies is to meet...
Information Systems Audit Report
Report 2: March 2010
The PresidenT LegisLaTive CounCiL
The sPeaker LegisLaTive assembLy
inFormaTion sysTems audiT rePorT
I submit to Parliament my Information Systems Audit Report under the provisions of sections 24 and 25 of the Auditor General Act 2006.
GLEN CLARKE ACTING AUDITOR GENERAL 24 March 20102
Information Systems Audit Report
l Western Australian Auditor General
Contents
Auditor General’s Overview
4
IS Compliance Audit: Security of Laptop and Portable Storage Devices
5
Application and General Computer Controls Audits
Application Controls General Computer Controls and Capability Assessments for Agenices
17
20 24
Western Australian Auditor Generall Information Systems Audit Report 3
Auditor General’s Overview
This is the second annual Information Systems Audit Report tabled by this Office. Following the inaugural 2009 report, I have been encouraged by feedback that the reported results provide an important performance benchmark for agencies. This report has two sections covering three items: • Information systems compliance auditm
Security of laptop and portable storage devices.
•
Application and general computer controls audits
m
Application controls General computer controls and capability assessments of agencies.
m
The first item of the report, ‘Security of laptop and portable storage devices’, rounds out a four year focus on various aspects of Information Systems security. This year’s auditlooked at how agencies manage the physical security of laptops, mobile phones, media players and flash drives and at the security of information stored on those devices. Laptops and other portable storage devices offer benefits through allowing flexible work arrangements and easy access, storage and transfer of large amounts of data. However their portability also places them at greater risk of beinglost or stolen. Information stored on portable devices also needs to be adequately protected. None of the seven agencies we reviewed had adequately considered or addressed these risks. Our audit of four key business applications at four agencies, found weaknesses in security and data processing controls that could potentially impact delivery of key services to the public. Our general computercontrol audits involved assessing 52 agencies and benchmarking 42 against good practice for IS management. Forty-five per cent of agencies failed to meet the benchmark. While we have seen some good practice and some signs of improvement, too many agencies continue to ignore the risks from not effectively managing their information systems. The standards and frameworks we audit against do not placeunrealistic expectations on agencies and are generally accepted across all industries. I strongly urge senior management of agencies to act on the recommendations of this report.
4
Information Systems Audit Report
l Western Australian Auditor General
IS Compliance Audit: Security of Laptop and Portable Storage Devices
Overview
Western Australian Government agencies own and use largenumbers of laptop computers and other portable storage devices (PSDs) – including flash drives, portable hard drives and mobile phones. These devices can hold large volumes of information. The portability of laptops and PSDs allow flexible work arrangements and easy transfer of information. However, their portability also increases the risk that they will be lost or stolen. On average about 250laptops are reported stolen by agencies each year. Without adequate safeguards in place these losses can easily result in unauthorised access to sensitive information. Agencies therefore have a responsibility to manage these items effectively. This includes protecting the physical assets and ensuring appropriate security for the information stored on them. The challenge facing agencies is to meet...
Leer documento completo
Regístrate para leer el documento completo.