The Australian National Audit Office has revealed it will undertake an in-depth audit into the implementation and benefits realised by the myGov service gateway.
MyGov has been progressively rolled out since early 2014, managed by the IT team at the Department of Human Services. It acts as an authentication layer providing single log-on access to a range of government transactions from tax returns to electronic health records.
It has been touted as a success by the Commonwealth, with 8.6 million registered users at last count and almost 200,000 logins every day, but its implementation has not been without controversy.
Soon after launch, an Australian security researcher uncovered cross-site scripting flaws in the portal that could enable a hacker to hijack myGov user accounts.
The portal has also encountered a series of usability obstacles.
Last month DHS spokesman Hank Jongen announced the agency had kicked off a concerted program to prioritise and address the most common customer complaints about myGov.
It includes giving users the option of creating their own username in a bid to reduce a hefty 15 percent failure rate for logins, and making it easier for users who have been locked out of their account to regain access.
The ANAO is currently calling on stakeholders and members of the public to make submissions to its report.
It said it will look into “the effectiveness to date of the Department of Human Services' implementation of myGov, including the delivery of intended benefits”.
The review will also touch on the roles played by the Australian Taxation Office and the Digital Transformation Office in the rollout.
A full report is due to be tabled in parliament in spring this year.
Until then, the ANAO’s digital specialists will have their hands full completing the latest instalment in the agency's progressive check-up on the information security stance of all federal government agencies.
It is marking all commonwealth entities on their compliance with the now-mandatory top four cyber mitigation strategies set out by the Australian Signals Directorate, with the Department of Agriculture, the Department of Industry and Science, the Australian Federal Police, and AUSTRAC next on the list of of targets.
The infosec report is due before the middle of the year.
