The objective of the audit was to assess the effectiveness of the management of cyber risks by the Department of the Treasury, National Archives of Australia and Geoscience Australia.

The objective of this audit was to assess the effectiveness of the selected entities’ implementation of arrangements for managing cyber security incidents in accordance with the Protective Security Policy Framework (PSPF) and relevant ASD Cyber Security Guidelines.

The objective of the audit was to assess the effectiveness of cyber security risk mitigation strategies implemented by selected non-corporate Commonwealth entities to meet mandatory requirements under the Protective Security Policy Framework, and the support provided by the responsible cyber policy and operational entities.

This edition of Audit Insights is targeted at Australian Government officials who have responsibility for the implementation of cyber security controls or strategy for government systems. The aim is to communicate lessons from our audit work to make it easier for people working within the Australian public sector to apply those lessons. It is drawn from audit reports tabled in 2019–20, 2020–21 and 2022–23 into management of cyber security risks.

The objective of this audit was to examine the effectiveness of selected non-corporate Commonwealth entities' arrangements for managing cyber security risks within their procurements and specific contracted providers under the Protective Security Policy Framework (PSPF).

The objective of this audit was to assess the effectiveness of the management of cyber security risks by three government business enterprises or corporate Commonwealth entities. The entities selected for audit are ASC Pty Ltd, the Australian Postal Corporation and the Reserve Bank of Australia.

The objective of this audit is to assess the readiness of the Australian Bureau of Statistics’ (ABS) cyber security arrangements for the 2026 Census.

The objective of this audit is to examine whether the Department of Parliamentary Services (the department) has an effective baseline of cyber security controls.

Mr Mr Ian McPhee - Auditor-General for Australia, presentation to the Global Working Group of Auditors-General

The audit objective was to assess selected agencies’ compliance with the four mandatory ICT security strategies and related controls in the Australian Government Information Security Manual.