The objective of this audit is to assess the effectiveness of the management of cyber security risks by three government business enterprises or corporate Commonwealth entities. The entities selected for audit are ASC Pty Ltd, the Australian Postal Corporation and the Reserve Bank of Australia.

Audit criteria

The audit criteria are:

  1. Have entities managed cyber security risks in line with their own risk arrangements?
  2. Have entities managed cyber security risks in line with key aspects of the Information Security Manual?
  3. Do entities have a culture of cyber security resilience?