2007 Report - Volume 3: Government must improve computer security, says Auditor

December 6, 2007

REGINA, December 6, 2007—Provincial Auditor Fred Wendel says that the Government needs to do a better job of protecting its computer systems and data. The comments accompanied the release of the Auditor’s 2007 Report – Volume 3. The Report also describes concerns with how the Government protects public health and investors.

Computer systems play a key role in the delivery of many government services. Government systems often contain critical or confidential information. The Report notes how security practices must improve at many government agencies, but focuses on three agencies that provide information technology services to others. These are the Information Technology Office, the Health Information Solutions Centre at the Department of Health, and the Public Service Commission.

“Because other government agencies rely on these three agencies as service providers, the potential consequences of inadequate security are greater,” said Wendel. The Auditor found that these agencies must implement better security to properly protect the systems and data they manage for others. A security failure could result in the disruption of essential services, unauthorized disclosure of private and confidential information, or the loss of public money.

The Report describes the Auditor’s concerns with certain Government activities intended to protect public health. The Auditor examined how the Sunrise Regional Health Authority manages hospital-acquired infections. Hospital-acquired infections are a serious problem in health care, threatening patient health and increasing costs. Sunrise needs to have an overall plan to prevent infections. It also needs to report and monitor rates and causes of infections.

Public health inspectors employed by regional health authorities inspect restaurants to protect public safety. The Auditor examined how Sun Country Regional Health Authority monitors restaurants. Sun Country inspects 350 locations within the region. Sun Country carried out inspections appropriately, but where it finds problems, it needs to ensure it completes follow-up inspections within the required time.

The Auditor also examined how the Saskatchewan Financial Services Commission protects the public by investigating complaints. The Commission administers Saskatchewan securities law and regulates trading in securities (i.e., stocks, bonds, and units in mutual funds). “The Commission needs to do a much better job of investigating complaints,” said Wendel. The Commission should allocate its resources to complaints that present the greatest risk to the public. The Commission should also develop written policies to guide complaint investigations and monitor their progress.

The Auditor’s 2007 Report—Volume 3 covers 135 government agencies. The rest of the Government’s approximately 275 agencies were covered in Volume 1 of the Report, tabled May 14, 2007. Volume 2, tabled September 6, 2007, described the state of the Government’s finances.

-30-

The 2007 Report—Volume 3 is available on the Internet at www.auditor.sk.ca.

For more information, contact:


Mr. Fred Wendel, CMA, CA
Provincial Auditor Saskatchewan
1500-1920 Broad Street
Regina, Saskatchewan S4P 3V2
Telephone: (306) 787-6361
Fax: (306) 787-6383
 

2007 Report - Volume 3: Government must improve computer security, says Auditor (PDF)

View All News Releases