Vic government agencies fare poorly in IT audit

Victorian government agencies are riddled with IT control deficiencies, including continued use of out-of-support hardware and software, an audit has shown.

The Victorian Auditor General’s Office (VAGO) report into 45 public sector entities’ IT controls identified 462 deficiencies, most of which are rated as medium or high risk.

More than half of the issues uncovered involved delayed progress migrating from outdated or obsolete systems, including Windows XP and Oracle Financials, the report shows.

The reluctance to finally upgrade from XP cost one agency $2.37 million in the form of a deal with Microsoft to provide custom support for 12 more months.

The VAGO said the audit also demonstrates that the management and controls in outsourced IT environments need to be addressed, and that IT security controls in place need improvement.

Among the 134 IT audit findings classified as high risk, 91% involved one of these three key issues.

The audit also uncovered one extreme-risk finding, involving an agency having password management policies and configurations not consistent with the Victorian Government IT standards.

The auditor’s office also warned that the government still lacks a formal whole-of-government framework for prioritising IT systems recovery in the event of a disaster that impacts multiple departments and agencies.

“More focused attention and oversight by accountable officers and governance bodies is required to address our IT audit findings,” the VAGO said.

Image courtesy of Got Credit under CC