A report has raised concerns about cyber security in local government in NSW citing IT policies, lack of risk management, shared user accounts, weak passwords and poor system implementation.

The NSW auditor general has called for the office of local government to develop a cyber security policy to ensure a consistent response across councils after finding 80 per cent don’t have a cyber security framework.

“The Office of Local Government … should develop a cyber security policy by 30 June 2021 to ensure a consistent response to cyber security risks across councils,” Auditor General Margaret Crawford says in a report handed down on Thursday.

The audit looked at the state’s 138 councils and 13 joint organisations, which share revenue of $15.3 billion, assets of $166 billion and liabilities of $7.3 billion.

It identified 1,947 issues, of which 41 per cent related to IT. Of those, 68 per cent of issues related to access management.

At total of 575 issues relating to IT were identified, compared to 448 in the previous reporting period.

They related to a range of concerns including IT policies, lack of risk management, shared user accounts, weak passwords and poor system implementation.

The report says cyber security management requires improvement, with “some basic elements of governance not yet in place for many councils”.

The audit found 71 per cent of councils didn’t have IT policies and procedures and 41 per cent didn’t register risks.

Meanwhile, the audit found only twenty per cent of councils had a formal cyber security policy or framework, 84 per cent didn’t budget for cyber security and 76 per cent had not given staff cyber security training.

“We continue to report deficiencies in information technology controls, particularly around user access management. These controls are key to ensuring IT systems are protected from inappropriate access and misuse,” Ms Crawford said.

The report, based on audits to the end of 2019 , also says councils could be better prepared for new accounting standards being implemented this year and should bolster asset management practices.

It identified 59 prior period errors with a value of $1.3 million, with 59 per cent of those the result of poor asset management.

However, the report gives councils a pat on the back for reducing errors and improving fraud control.

“Fewer errors were identified. More councils have audit, risk and improvement committees and internal audit functions. Risk management
practices, including fraud control systems, have also improved,” Ms Crawford said.

“These are very pleasing indicators of the gradual strengthening of governance and financial oversight of the sector.”

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.

Sign up to the Government News newsletter

Judy Skatssoon

Councils told to step up on cyber security

Related stories

Australia Post fails cyber security test

Cyber security a road block to digital innovation

Cyber security: call for mandatory APS training

Cyber security: collaboration key as government sets sights on zero risks

TAGS

Leave a comment: Cancel reply

Latest comments

J Knight on: Mannoun re-elected Liverpool mayor amid corruption inquiry

J Knight on: Qld boasts largest publicly owned wind farm

Flying Penguin on: Victoria perceived as a corrupt state

Most read

Free fares roll-on for NT bus passengers

Councillor kickbacks for favours, IBAC finds

Victoria perceived as a corrupt state

NT teachers score top pay rise

NT Gov incentivises tourism

Popular posts

Latest news

School phone ban improves learning

Queenslanders back local action

LGAQ teams with Granicus to boost digital engagement

Unlocking the door to government services

Historic rental reforms before NSW parliament