The Queensland Auditor-General has tabled the Information systems 2025 (Report 6: 2025–26) in Parliament, in what is a first for the Audit Office.
Information technology (IT) systems underpin government services and are a vital component of the state’s assets. Entities need to actively manage these systems to maintain them and keep them secure, the Auditor-General said in a statement accompanying the report’s release.
“Through our information systems audit program, we form opinions about the security and integrity of key IT systems to ensure financial data can be relied upon for financial reporting,” said Auditor-General, Rachel Vagg.
“This is our first report on information systems controls, designed to recognise the collective need across government for more focus on the security of information.”
The report assesses information systems controls that Queensland’s state government entities use. It summarises the results of audits, assesses the quality and effectiveness of related internal controls, and highlights key insights and information from across the Audit Office’s work.
“We found that while entities generally have effective IT controls for finance systems, their defences need strengthening. Entities also need greater focus on addressing unresolved deficiencies from prior years to close security gaps.”
“Half of the finance systems we audited are being used beyond their lifespan. This impacts effective operation of controls and the efficiency of entities’ operations. It also creates security risks.
“We highlight opportunities for entities in the report to strengthen the security of their systems. While we do not make any new recommendations, we draw individual entities’ attention to any recommendations to remedy control deficiencies made during our audits.
“We also provide a better practice guide with key considerations that those with governance oversight can use to assess the effectiveness of controls when implementing new systems,” said Ms Vagg.
Read the report: www.qao.qld.gov.au/reports-resources/reports-parliament/information-systems-2025.
View the better practice guide: Guidelines for implementing new systems.
