Public sector entities hold vast amounts of information, some of which is highly sensitive. Entities must understand their information, classify it correctly, and have appropriate controls to secure it.

The ramifications of not protecting information can be significant. Poor practice can lead to sensitive information being exposed. It can jeopardise a person’s safety, have reputational risks, and result in significant revenue loss.

Audit Objective

This audit will examine how effectively public sector entities maintain confidentiality, integrity, and availability of their information, including their data. We will assess how entities classify, store, report, and retain information.

Who we might audit

• Department of Treaty, Aboriginal and Torres Strait Islander Partnerships, Communities and the Arts (as the department responsible for administering the Public Records Act 2002)
• Department of Transport and Main Roads (as the department responsible for digital services)
• selected public sector entities.

Area of focus
Governance of government
Parliamentary Committee
Community Support and Services Committee
Anticipated tabling: to be advised