SUMMARY
DEPARTMENT
Matters from the current audit
There are no new recommendations to the Department of Infrastructure in this report.
Matters from prior audits
The department has implemented our 2009 recommendation to develop and implement an IT risk assessment framework.
FINDINGS AND RECOMMENDATIONS
Matters from prior audits
IT risk assessment—implemented
Our audit findings
The department implemented our 2009 recommendation1 to develop and implement an IT risk assessment framework by designing a process to assess IT risks within IT projects, the IT group and the department.
The department is maintaining a register of information technology threats and risks that could have an impact on business activities. The department’s threat and risk management team assesses risks at the department level. The team includes the Information Technology group and is led by the business area. The Information Technology group, with business area participation, assesses risk at the IT group and IT project level.