IT brain drain hurting infosec in NSW planning agencies

The NSW Audit Office keeps uncovering the same IT deficiencies within the state’s planning and environment portfolio, and has complained that agencies don't have the IT resources to fix them.

Acting auditor-general Tony Whitfield handed down his annual performance review into the cluster of NSW agencies - which includes the Department of Planning and Environment, the Office of Environment and Heritage, the Office of Local Government and various national park and heritage governance committees - today.

The majority of the 17 IT weaknesses the report uncovered are repeat offences, such as lax administration of user privileges, weak passwords and poor security around critical financial systems.

The situation is bad enough for the audit office to conclude that “the integrity and security of financial data in financial systems is at risk”.

The cluster took in revenue of $4.2 billion in the 12 months to 30 June 2015, and manages an asset portfolio worth roughly $12 billion.

Sign up to the iTnews newsletter to keep on top of breaking news

However, Whitfield and his team are not confident the portfolio is in a position to fix its troubles due to IT under-resourcing and an over-reliance on specific individuals within the many organisations bundled together into the cluster.

“IT resourcing constraints contributed to the high number of repeat IT issues,” the report stated.

“Many agencies are dependent on the expertise of a small IT team, or one person, to manage the financial systems.”

The auditors called on the portfolio’s top executives to put in place strategies to ensure agencies aren’t left high and dry by IT brain drain when experienced staff inevitably retire or move to another workplace, taking sometimes unique knowledge of systems and processes at the agency with them.

It wants to see staff cross-trained in multiple IT capabilities and formal processes put in place to centrally record IT information and transfer knowledge to other workers.

“Appropriate IT knowledge management processes equip staff with sufficient, accurate information to perform their roles, effectively manage IT risks and work in a resilient environment that adapts to change,” the report stated.