Auditor-General's Department South Australia Logo
Report 10 of 2021 - (Published on 8 June 2021)

ICT vulnerability management in South Australian public sector entities

This is a report on the results of a high-level review we conducted of 10 public sector entities to understand the level and maturity of their penetration testing and vulnerability scanning.  The review involved confirming the types of public facing ICT environments maintained by each entity, the number and frequency of testing and scanning reviews performed in the last three years, the resources used to perform these reviews and the level of remediation.

We found the entities we reviewed did not always effectively manage the penetration testing and vulnerability scanning of their public facing environments.

We also found that the level of penetration testing and vulnerability scanning conducted by most of these entities in the last three years was limited and ad hoc. We identified several environments holding sensitive information that were not tested or scanned.

While penetration testing and vulnerability scanning performed by these entities increased in the last 12 months, they need to further strengthen their overall management of vulnerability management security controls.

Click to open this report or right click and 'Save link as' to download

 
 
 
 
 
 
 
 
 
 
 
Report 9 of 2021 - (Published on 25 May 2021)

Probity of the processes for the heavy rail service contract

As explained in section 3 of this report, the objective of the examination was to conclude on the effectiveness of the procurement process for heavy rail passenger transport services for metropolitan Adelaide. To do this we assessed:

  • the probity of the process leading up to the awarding of the service contract for the provision of heavy rail passenger transport services in metropolitan Adelaide
  • whether the service contract met the requirements of the Passenger Transport Act 1994.

The conclusions are outlined in section 1.2 of the Report.

Click to open this report or right click and 'Save link as' to download

 
 
 
 
 
 
 
 
 
 
 
Report 8 of 2021 - (Published on 30 March 2021)

State finances and related matters

The 2020-21 State Budget was tabled in Parliament in November 2020. This Report provides our observations on the State’s public finances based on our review of the Budget. This involved:

  • reviewing the Budget against the SA Government’s stated fiscal strategy
  • analysing new budget measures and initiatives
  • examining the actual results for the past year, Budget estimates and forecasts
  • analysing major assets and liabilities
  • analysing South Australia’s key fiscal measures compared to other Australian states
  • reviewing credit rating agency reports on South Australia.

Our analysis is based on data provided in the 2020-21 Budget Papers supplemented with representations and information provided by Department of Treasury and Finance. The 2020‑21

Budget notes that the COVID-19 pandemic could substantially impact budget revenues and expenses and that forecasting financial outcomes in the present economic environment is particularly difficult.

Click to open this report or right click and 'Save link as' to download

 
 
 
 
 
 
 
 
 
 
 
Report 7 of 2021 - (Published on 30 March 2021)

Consolidated Financial Report review

The 2019-20 Consolidated Financial Report was published in February 2021 and it reports the SA Government’s actual financial performance and position for the year.

The review of the Consolidated Financial Report did not identify any material misstatements or control deficiencies. We did identify some opportunities to improve the way financial information is collected, validated and consolidated in preparing the Consolidated Financial Report.

Click to open this report or right click and 'Save link as' to download

 
 
 
 
 
 
 
 
Report 6 of 2021 - (Published on 16 March 2021)

Update to the annual report for the year ended 30 June 2020

This report summarises the audit outcomes for the 103 agencies I audited for 2019-20 that were not included in the Annual Report to Parliament in September 2020.

The report gives particular focus on agencies with:

  • a modified Independent Auditor’s Report
  • significant matters raised through the audit
  • other matters that, in my opinion, need to be brought to the attention of the Parliament and the SA Government.

Click to open this report or right click and 'Save link as' to download

 
 
 
 
Report 5 of 2021 (Published on 2 March 2021)

Adelaide Oval redevelopment for the designated period 1 July 2020 to 31 December 2020

This Report addresses the Auditor-General’s obligation to report on the Adelaide Oval Hotel development.

The review focussed on:

  • assessing the public accounts used to make loan funds available to AOSMA for the hotel development
  • whether loan funds were used for purposes allowed for under the loan agreement
  • arrangements put in place by AOSMA to manage hotel construction activity
  • the processes established by SAFA to manage the loan arrangement and ensure the obligations of AOSMA and the State are met.

Download

Report 4 of 2021 (Published on 16 February 2021)

Passenger transport service contracts - Heavy rail

The Auditor-General is required to examine the contract for providing heavy rail passenger transport services in metropolitan Adelaide and report on the probity of the process leading to a service contract being awarded.

This report provides an update on the status of his review and the circumstances impacting it.

Download

Report 3 of 2021 (Published on 2 February 2021)

Examination of cyber security - Port Augusta City Council

We examined the arrangements established by the Port Augusta City Council to manage cyber security.

We concluded that for the period December 2019 to March 2020, important internal control elements to mitigate cyber security and technology risks within the Council were not operating effectively.

Download

Report 2 of 2021 (Published on 2 February 2021)

Examination of cyber security - City of Prospect

We examined the arrangements established by the City of Prospect to manage cyber security.

For the period that we examined we concluded that important internal control elements to mitigate cyber security and technology risks within the City of Prospect were not operating effectively. We do acknowledge that the City of Prospect has a small IT team and budgetary constraints and that it implemented some controls over its core Enterprise Resource Planning and records management systems.

The City of Prospect responded positively to our recommendations and had already commenced some improvement activities prior to our examination. It continued those improvement activities during and after our examination.

Download

Report 1 of 2021 (Published on 2 February 2021)

Examination of cyber security - City of Port Adelaide Enfield

We examined the arrangements established by the Port Augusta City Council to manage cyber security.

We concluded that for the period December 2019 to March 2020, important internal control elements to mitigate cyber security and technology risks within the Council were not operating effectively.

Download