Our work across Queensland’s public sector and local government entities gives us a wealth of insights.

Over the years, we have provided advice and recommendations to entities on cyber risk and security through our reports to parliament, better practice guidance, blogs, and events.

Podcast Cyber risk: what do we do now?

Listen in as 2 of our senior directors and the Queensland Government's Cyber Security Unit chat about what chief executives need to consider, including risk management, controls, and what to do if you experience a cyber attack. We share some interesting findings and important recommendations from our recent report Responding to and recovering from cyber attacks.

Listen on Spotify


New better practice guides

Our Cyber response and recovery governance checklist provides key questions that those charged with governance should consider with respect to their entity’s cyber security incident response and recovery. 

Cyber response and recovery governance checklist 

And entities can use our Role capability checklist for cyber attack response and recovery as a prompt to think about where they do or do not hold relevant capabilities across their people, processes, or through technology, note when they were last tested, and address any gaps. 

Role capability checklist for cyber attack response and recovery


Related resources

Blog posts

More better practice tools

Reports to parliament

View all QAO reports to parliament

Image of a view over Brisbane

State entities 2023 (Report 11: 2023–24)
Sunrise over Queensland landscape

2023 status of Auditor-General’s recommendations (Report 3: 202324)
Time lapse image of people walking through an office

Implementing machinery of government changes (Report 17: 202223)
Image of people in a meeting looking at data on a laptop

Delivering successful technology projects (Report 7: 2020–21)
Image of staff in a meeting and online.

Effectiveness of audit committees in state government entities (Report 2: 2020–21)
Person typing on a computer keyboard

Managing cyber security risks (Report 3: 201920)


Image of computer chips and boards.

Monitoring and managing ICT projects (Report 1: 2018–19)
Image of a water treatment plant

Security of critical water infrastructure (Report 19: 2016–17)
Image of ipswich roadside at sunrise

Traffic Management Systems (Report 5: 2013–14)