Browse our range of reports and publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.
- Self-assess the Top Four cyber security risk mitigation strategies of the Protective Security Policy Framework using a controls-based approach. If the self-assessment is non-compliance, make the necessary investments and changes to become compliant.
- The effective implementation of cyber security mitigation strategies is underpinned by the identification of assets and risk assessments to identify the level of protection required from cyber threats.
- To meet the mandatory PSPF requirements of mitigating common and emerging cyber threats, it is important for entities to have effective risk management practices for cyber security. This includes conducting assessments of the effectiveness of security controls, security awareness training, and adopting a risk-based approach to prioritise improvements to cyber security.
Performance audit (Auditor-General Report No. 33 of 2010–11)
Published: Wednesday 23 March 2011
Published
The objective of the audit was to assess the effectiveness of Australian Government agencies' management and implementation of measures to protect and secure their electronic information, in accordance with Australian Government protective security requirements.
Entity
Across agencies
Performance audit (Auditor-General Report No. 18 of 2011–12)
Published: Tuesday 20 December 2011
Published
The objective of the audit was to assess the effectiveness of the management of risks arising from the use of PSDs in selected Australian Government agencies. The PSDs included within the scope of this audit were: USB flash drives; CDs and DVDs; external hard drives; laptop computers and smartphones.
Entity
Across agencies
- As Australia’s cyber security regulatory landscape evolves and reforms, it is important for an entity to consider how their legal function will support their governance committees during the external reporting process to manage increasing scrutiny and liability risks following a significant or reportable cyber security incident.
Performance audit (Auditor-General Report No. 30 of 2013–14)
Published: Wednesday 7 May 2014
Published
The audit objective was to assess the effectiveness of the Therapeutic Goods Administration’s (TGA) application of the Code of Good Manufacturing Practice (Code of GMP) for prescription medicines.
Entity
Department of Health
Contact
Please direct enquiries relating to reports through our contact page.
Performance audit (Auditor-General Report No. 49 of 2013–14)
Published: Tuesday 24 June 2014
Published
The audit objective was to assess the effectiveness of physical security arrangements in selected Australian Government agencies, including whether applicable Australian Government requirements are being met.
Entity
Australian Crime Commission, Geoscience Australia, Royal Australian Mint
Contact
Please direct enquiries relating to reports through our contact page.
Corporate
Published: Friday 4 May 2018
Published
This first e-newsletter of the Commonwealth Auditors General Group was produced by Sir Amyas Morse, UK Comptroller and Auditor General as guest editor, along with the editorial team of the Auditors General of Australia, Fiji, Jamaica and Tanzania. Cybersecurity is the theme for this newsletter, with articles from the Supreme Audit Institutions (SAIs) of Australia, Malta and the UK.
One of the main purposes of the e-newsletter is to share experiences and establish a dialogue based on the discussions that were started at the 23rd Conference of Commonwealth Auditors General in Delhi. For this edition the conversation is around ‘leveraging technology in public audit’, and it draws on international peers experiences and learnings from conducting cybersecurity audits.
Contact
If you have any thoughts on future technical content which you would like to propose, please contact international@nao.gsi.gov.uk
Performance audit (Auditor-General Report No. 42 of 2016–17)
Published: Wednesday 15 March 2017
Published
The audit objective was to re-assess the three entities' compliance with the 'Top Four' mandatory strategies in the Australian Government Information Security Manual (ISM). The audit also aims to examine the typical challenges faced by entities to achieve and maintain their desired ICT security posture.
Entity
Australian Taxation Office; Department of Human Services; Department of Immigration and Border Protection
Contact
Please direct enquiries relating to reports through our contact page.