Matters from the current audit

There are no new recommendations to the Department of Infrastructure in this report.

Matters from prior audits

The department has implemented our 2009 recommendation to develop and implement an IT risk assessment framework.


Matters from prior audits

IT risk assessment—implemented

Our audit findings

The department implemented our 2009 recommendation1 to develop and implement an IT risk assessment framework by designing a process to assess IT risks within IT projects, the IT group and the department.

The department is maintaining a register of information technology threats and risks that could have an impact on business activities. The department’s threat and risk management team assesses risks at the department level. The team includes the Information Technology group and is led by the business area. The Information Technology group, with business area participation, assesses risk at the IT group and IT project level.

Share Report