ACT government directorates could be exposed to fraud because of lax computer security measures, an Auditor-General's report has found.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
ACT Auditor-General Maxine Cooper has warned that the ACT public service is not doing enough to protect information, nor has it introduced adequate security measures to prevent data tampering or manipulation.
In her 2012-13 financial audits for territory directorates, Dr Cooper found there had been some improvements in the way data and details of employees were protected across the ACT public service.
Dr Cooper's report said there was a problem in that the ACT government computer network did not automatically enforce complicated passwords to improve security.
Her review also found that ACT Health still had not completed a fraud management plan and that Housing ACT remained one of the most vulnerable directorates to fraud because of unresolved problems with its systems.
Dr Cooper wrote that Housing ACT failed to implement policies to prevent unauthorised access or tampering.
She also found that the physical security of ActewAGL's data centre needed to be improved by installing a locking entry door to reduce the risk of inappropriate access.
The review found the problem of shared or generic IT accounts continued with a large number of such accounts across the service.
Dr Cooper said the accounts were compromising the security of ACT agencies as they ''reduce management's ability to trace actions of users to a specific person''.
Her report also noted that ''uncomplicated'' passwords that were easy to guess made it simpler for hackers to gain unauthorised access to territory accounts.
She found most territory directorates had acted on recommendations of previous audits and financial reporting had improved in the 2012-13 financial year.
''While it is satisfying to see improvements in reporting and resolving audit findings, a goal for next year will be to tighten up weaknesses in controls over computer information systems, including major revenue applications,'' Dr Cooper said.
''Despite the overall improvement in resolving audit findings many weaknesses in controls over computer information systems have not been resolved.''
