Senator the Hon Doug Cameron Systems and processes within DHS security citizens identity
Please direct enquiries relating to requests for audit through our contact page.
The Auditor-General responded on 11 December 2015 to correspondence from Senator the Hon Doug Cameron on 30 October 2015 regarding systems and processes within the Department of Human Services (DHS) that go to the security of citizens' identity.
11 December 2015
Senator the Hon Doug Cameron
Shadow Minister for Human Services
Senator for New South Wales
PO Box 322
SPRINGWOOD NSW 2777
Dear Senator Cameron
Security of citizens’ identity within the Department of Human Services
Thank you for your letter dated 30 October 2015 seeking an ANAO audit into the systems and processes within the Department of Human Services (DHS) that go to the security of citizens’ identity.
Your correspondence notes that the department has advised it is currently investigating a significant number of allegations of identity theft. DHS has confirmed directly with the ANAO that a joint departmental/NSW Police investigation (known as Strike Force Board) has been underway since September 2015, under a Joint Agency Agreement. This investigation is examining the theft of patients ‘ records from a number of medical practices in NSW, which may have resulted in the alleged offenders using unlawfully obtained medical details to make fraudulent Medicare claims.
Separately, on the issue of the exposure of current DHS systems to unauthorised access, you may be interested to note that the ANAO’s past testing has shown that these systems have limited direct links to the internet. In addition, as part of our regular auditing of the department’s financial statements, the ANAO’s testing has indicated that the department has appropriate logical security controls in place to limit both internal and external access to appropriate and authorised users.
On this basis and given the ANAO’s resourcing levels and other performance audit priorities, I do not propose to initiate an audit of these matters at this time. The ANAO’s annual audit of DHS’ financial statements will continue to include regular review and testing of the department’s logical security arrangements, with any relevant findings noted in both the ANAO’s interim and final reports of the whole of government financial statements. The ANAO is also planning a performance audit of the myGov service platform, which will examine aspects of the DHS control environment. For example, DHS has advised the ANAO of changes, since April 2015, to the controls associated with the process for linking Medicare on-line accounts to myGov as well as changes to claiming limits. The department has further advised that additional changes are being considered.
I trust this information has been of assistance.
Auditor-General for Australia
Correspondence from Senator the Hon Doug Cameron