This audit found the Province has not adequately identified and managed the risks associated with operating aging information systems.
This audit looked at whether the Province of Manitoba identified and managed the risks associated with operating aging information systems.
Information systems include hardware and software used to collect, process, store, and share information. Servers, firewalls, switches, and routers are examples of information system hardware. Software refers to the programs that run on these devices.
The audit found the Province has not adequately identified and managed the risks associated with operating aging information systems. Identifying and managing these risks would reduce the threats of extended system outages, decreased system reliability, and security vulnerabilities.
More specifically, the audit found:
The Province’s inventory of information systems is incomplete and inaccurate.
The process used to analyze and report aging systems risks is inadequate.
There is a lack of practices in place to monitor risk ratings of aging systems and corresponding risk responses not well-defined.
The report includes 8 recommendations to help the Province improve risk assessment process and reduce the probability of adverse impacts to systems.
Published: March 2022
Sector: Government Operations