Appendices - Department of Business - Northern Territory Government

More documents

Recommendations

Info

APPENDICESAPPENDIX IIAudits by the Auditor-General for year ending 30 June 2010Audit Audit Outcome or Recommendation Summary ActionDBE End of Year Review 2008–09NT Fleet Financial Statement Audit 2008–09Government Printing Office FinancialStatement Audit 2008–09Data Centre Services Financial StatementAudit 2008–09IT Outsourcing 2009Records Management System Audit – TRIMEmployees with negative recreation and long serviceleave balances were noted during the audit.No new matters were identified since the completionof the interim financial statement audit.Payments made by Electronic Funds Transfer (EFT)do not require a second employee to process thepayment.No major matters were identified during the audit.Alignment of the Northern Territory GovernmentICT Strategy, ICT Strategic drivers and the StrategicSourcing Strategy should be confirmed.Northern Territory Government Records ManagementStandards were out of date.Annual survey results are not being used to improveprocesses, efficiencies or controls.Agencies are developing their own policies andprocedures which could be standardised anddistributed by DBE.There is no charter or terms of reference for recordmanagement responsibilities of DBE and agencies.There is a single point of failure of data containedwithin TRIM.There is no periodic testing of restoration ofTRIM data.6 terminated users within an agency hadaccess to TRIM.A systems enhancement has been implemented thatprevents part-time employees recording a negativeleave balance.No action was required.Procedures were updated to require 2 persons toprocess EFT payments.No action was required.The government strategic technology drivers, the ICTStrategy Strategic Intent and the ICT Outsourcing Strategywere reviewed and confirmed that they were aligned.New standards approved by the Minister and arebeing gazetted.Surveys are currently used for process improvement andwill be used on an ongoing basis. No action required.Legislation allows agencies to develop their ownpolicies. DBE will continue to promote the sharing ofinformation. No action required.The Information Act outlines roles and responsibilities.No action required.Data Centre Services is currently reviewing disasterrecovery procedures.Data Centre Services is currently implementing a newback-up/restore product.Agency has resolved the issue. In addition, ePassdeactivates user access to whole-of-governmentservices on resignation.Department of Business and Employment Annual Report 2009–10184
appendicesAPPENDIX IIAudit Audit Outcome or Recommendation Summary ActionmyHR Web Application Security AssessmentAlthough the tests conducted in this assignmentdid not prove that information within myHR couldbe easily breached, a number of opportunitieswere identified to improve security controls over themyHR application:• production data used in development and testenvironments• information in myHR has not been classifiedaccording to government requirements• general security observations – special charactersare accepted in scripts• lack of myHR data encryption• excessive user logon attempts are possible via theweb (http) logon process• myHR server house-keeping is required.All required actions have been completed.It was noted that the security vulnerability andpenetration testing of myHR did not succeed inbreaching myHR controls:• system controls for training and test environmentsof PIPS and myHR implemented and scheduledfor review quarterly• no action is required –myHR is a user interfacefor the Nomad system (PIPS) and only displaysinformation that is part of this system. RecordsManagement Standards are applied to allpersonnel files• finding is incorrect as myHR does not allowprogram commands using special characters• myHR sits behind the WAN and is protectedby security protocols used for all governmentapplications. Consideration of suggestedencryption will be included in any modificationof myHR• third party password application is no longerrequired due to migration of myHR to a singleWindows 2003 server• myHR is fully hosted by Data Centre Servicesand subject to standard housekeeping forhosted servers.Department of Business and Employment Annual Report 2009–10185
Page 1 and 2: AppendicesDepartment of Business an
Page 3: appendicesAPPENDIX IService Cost Me
Page 7 and 8: appendicesAPPENDIX IIAudit Audit Ou
Page 9 and 10: appendicesAPPENDIX IVSelf-Insurance
Page 11 and 12: appendicesNORTHERN TERRITORY RESEAR
Page 13 and 14: appendicesAPPENDIX ViLorna Nungala
Page 15 and 16: appendicesAPPENDIX VIIBusiness Grow
Page 17 and 18: appendicesAPPENDIX VIITrade Support
Page 19 and 20: appendicesAPPENDIX VIIIIndustry Ass
Page 21: appendicesAPPENDIX IXNon-Government

Appendices - Department of Business - Northern Territory Government

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?