Under the Public Accounts and Audit Committee Act 1951, the Joint Committee of Public Accounts and Audit examines all the reports of the Auditor-General tabled in the Parliament. The Committee periodically selects several of those reports for further detailed scrutiny.
This report reflects the Committee’s inquiry into cyber resilience based on two Auditor-General reports.
Auditor-General Report No. 1 (2019-20), Cyber Resilience of Government Business Enterprises and Corporate Commonwealth Entities, assessed the effectiveness of the management of cyber security risks by the Reserve Bank of Australia, the Australian Postal Corporation and the ASC Pty Ltd. The Committee was pleased to note that the Reserve Bank and ASC respectively had the highest and equal third highest level of cyber resilience of 17 entities examined by the ANAO over the past five years.
Auditor-General Report No. 13 (2019-20), Implementation of the My Health Record System, assessed the effectiveness of the implementation of the My Health Record system under the opt-out model by the Department of Health and the Australian Digital Health Agency.
I note that all recommendations made by the ANAO were accepted by the relevant agencies, and that work has progressed to address areas identified for improvement.
It is essential that Commonwealth entities continue their focus on managing cyber security risks and embedding a cyber resilient culture, to reach a mature cyber security posture that meets the evolving threat environment.
I would like to thank the organisations that made submissions and appeared at the public hearings for this inquiry, and Committee Members who have worked together to deliver this report.
Ms Lucy Wicks MP
Chair