Auditor General releases 2 reports: cybersecurity audit and annual financial statement audit report
WINNIPEG – Manitoba Auditor General Tyson Shtykalo released 2 reports today: Cybersecurity Incident Response Process at Shared Health and Public Accounts and Other Financial Statement Audits.
The first report looked at whether Shared Health has a process to promptly respond to successful cyberattacks, minimizing the impact to health operations and the loss of data.
Shtykalo found Shared Health has a plan and resources in place, but there remains work to do. The report notes Shared Health must perform exercises to test its Cybersecurity Incident Response Plan, improve training, and complete its external communications plan.
The second report provides an overview of the financial statement audit work the Auditor General conducted in 2023/24. It also highlights several areas of concern, including issues that impacted the preparation of the Public Accounts.
A backgrounder is below this news release.
To view the reports, click here.
To view a 60 second video on the cybersecurity audit, click here.
ABOUT THE AUDITOR GENERAL OF MANITOBA
The Auditor General is an officer of the Legislative Assembly mandated to provide independent assurance and advice to Members of the Legislative Assembly. Through its audits, the Office of the Auditor General seeks to identify opportunities to strengthen government operations and enhance performance management and reporting. For more information visit https://www.oag.mb.ca./
For more information contact:
Frank Landry, Communications Manager204.792.9145
BACKGROUNDER
Auditor General Tyson Shtykalo released 2 reports today. Summaries of these reports can be found below.
Cybersecurity Incident Response Process at Shared Health
This audit found that Shared Health has a process in place to promptly respond to cybersecurity incidents, but there remains work to do. The report notes Shared Health must perform exercises to test its Cybersecurity Incident Response Plan, improve training, and complete its external communications plan.
“Public sector information systems, like those operated by Shared Health, are vital for delivering services to Manitobans,” Shtykalo said. “These systems also hold a lot of sensitive data, and are susceptible to cyberattacks.”
The Auditor General noted that even with the most robust cybersecurity controls in place, successful cyberattacks can still occur.
“Organizations must be prepared to act quickly and effectively in the event of a successful cyberattack, to minimize the impact to their operations and potential loss of data,” Shtykalo said.
This audit includes 4 recommendations to improve Shared Health’s cybersecurity incident response plan.
Public Accounts and Other Financial Statement Audits
This report provides an overview of the financial statement work the Auditor General conducted in 2023/24.
This was the seventh year in a row the Auditor General issued a qualified audit opinion on the Province of Manitoba’s Summary Financial Statements. The Summary Financial Statements are the consolidated financial statements of the Province of Manitoba, sometimes referred to as the Public Accounts. A qualification is a warning to users of the financial statements that there is information that may not be reliable.
The report also notes the Auditor General identified significant weaknesses in financial statement preparation and the control environment. The control environment is the set of financial standards, processes, and structures along with attitudes and competencies that provide the basis for carrying out internal financial controls.
“These weaknesses contributed to an unprecedented number of errors that required correction by the Province during the audit,” Shtykalo said.
Many of the issues related to processes the Province used to consolidate financial information from departments and other entities in the public sector into the Summary Financial Statements.
“The Province can address the issues by building its capacity to produce reliable financial information and strengthening its internal controls,” the Auditor General said.