This cross-portfolio audit reviewed the management of Internet security across ten Commonwealth agencies, with the objective of forming an opinion on the adequacy of Internet security management within the selected agencies. The audit pursued two strands - a review of the management systems employed within agencies including the adequacy of risk assessments, security policies and plans, day to day management and business continuity planning in connection with the agencies' Internet presence, and physical testing of the security arrangements of selected Internet sites. Staff from the Defence Signals Directorate were appointed under the Auditor-General Act 1997 to perform the site testing.