Page 3226 - Week 10 - Thursday, 25 September 2014

Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Debates(HTML) . . . . PDF . . . . Video


This report presented the results of a performance audit on whole-of-government information and communication technology—ICT—security management and services for ACT government directorates and agencies. ICT security is a component of information security that in turn is part of an organisation’s protective security. As noted in the audit report:

Information security is an important, complex and challenging issue particularly as information management needs to continually respond to new technologies and community expectations.

At the time of the audit, responsibility for protective, information and ICT security resided from:

a policy perspective—with the Justice and Community Safety Directorate’s Security and Management Branch and the Treasury Directorate’s Territory Records Office;

from a management of technology perspective—with the Treasury Directorate’s Shared Services Centre—specifically, Shared Services ICT security section; and

from an operational perspective each directorate and agency is responsible for ensuring policies and procedures are in place so that staff comply with whole-of-government policies in managing their ICT.

The report contained three recommendations—each with multiple parts—to address the audit findings.

The committee received a briefing from the Auditor-General in relation to the audit report on 5 February 2013, and a submission from the government dated 12 September 2012. In its submission the government agreed to each of the three recommendations, with the exception of noting part 3(g).

Given the significance of information security and its management as an important and critical issue in the contemporary public sector environment, the committee has followed up on progress regarding implementation of the Auditor-General’s recommendations.

Relevant annual reports reporting on external scrutiny provide information on the status of audit report recommendations. As at 30 June 2013 the committee notes that significant work against each of the recommendations has taken place, progress has been achieved in relation to each and, where relevant, agencies have dealt with the issues identified by the audit report and laid out plans for how shortcomings would be addressed.

The committee emphasises that it is the action taken by applicable agencies to implement audit recommendations that is all-important in helping achieve better efficiency and improving accountability of the government, not the recommendations per se.

The committee has resolved to make no further inquiries into the audit report.


Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Debates(HTML) . . . . PDF . . . . Video