Province not identifying and managing risks associated with aging information systems
WINNIPEG – The Province of Manitoba is not identifying and managing the risks associated with operating aging information systems, says Auditor General Tyson Shtykalo. This finding is contained in a new report, Audit of Aging Information Systems, released today.
“The Province relies on information systems to deliver a wide-range of services that Manitobans depend on, including online registrations, program applications, and fee payments,” Shtykalo said. As information systems age, there are risks the technology will become obsolete, and support will not available. “Identifying and managing the risks associated with aging systems would reduce threats of adverse impacts, such as extended system outages, decreased system reliability, and security vulnerabilities.”
Information systems include hardware and software used to collect, process, store, and share information. Servers, firewalls, switches, and routers are examples of information system hardware. Software refers to the programs that run on these devices.
Shtykalo noted that modernizing aging information systems or adopting new ones helps create more efficient processes, allows more flexibility in meeting user needs, and may lead to reduced operating costs.
The audit found the Province does not have a complete inventory of all its information systems. “The first step in assessing the risks of aging information systems is to identify all information systems,” Shtykalo said. “It’s only after this is done can threats be determined and appropriate actions be taken.”
The audit also found the Province’s approach to identifying, analyzing, and reporting aging systems risks is inadequate. More specifically, the standards used to rate systems are outdated, the risk factors considered are limited, and the departments are not involved in the ratings process. As a result, the report notes some risk ratings could be inaccurate.
In addition, the report notes there was no centralized monitoring of aging systems risk assessment results. The Department of Labour, Consumer Protection and Government Services’ Business Transformation and Technology (BTT) branch is responsible for annually assessing the technological health of every department’s information systems. The audit found BTT did not prepare a report summarizing the risk ratings of information systems across all departments. “This report would identify recurring themes and root causes,” Shtykalo said. “This would allow BTT and departments to take a system-wide approach to responding to risks.”
The report contains 8 recommendations to help the Province improve the aging system risk assessment process and reduce the probability of adverse impacts to systems.
To view the report, please visit https://oag.mb.ca/reports
About the Auditor General of Manitoba
The Auditor General is an officer of the Legislative Assembly mandated to provide independent assurance and advice to Members of the Legislative Assembly. Through its audits, the Office of the Auditor General seeks to identify opportunities to strengthen government operations and enhance performance management and reporting. For more information visit https://oag.mb.ca/
For more information contact:
Frank Landry, Communications Manager
204.792.9145