The New South Wales Audit Office has revealed that close to half of Transport NSW’s total internal control deficiencies were related to IT processes and controls.
The audit identified 30 different IT-related opportunities for Transport NSW to improve upon — specifically in the processes and controls supporting the integrity of the financial data used to prepare financial statements.
As a whole, there was a total 61 opportunities for improvement, including operational deficiencies, financial reporting and compliance with legislation and policies.
“Rectifying certain IT deficiencies can take longer than rectifying other control deficiencies. IT fixes may require program changes, system testing and interruptions to services,” the report read.
“However, until they are addressed, vulnerabilities may be exploited by internal and external parties and pose a threat to agencies.”
The Audit Office specifically pointed to issues in user access administration and privileged user activities.
The report said Transport NSW should improve the timeliness of removing user access for terminated staff and ensure all user reviews are completed.
“While most user access issues raised in 2016–17 have been resolved, there were further user access issues across the cluster identified as part of our 2017–18 audits,” the report read.