In most public sector jurisdictions, internal audit is a mandatory requirement. There will always be some routine “tick and flick” type audits that will be required from time to time to confirm the adequacy of controls for generic activities. But effective Internal Audit is about so much more than the old “tick and flick”. Ever […]

The PCI Security Standards Council (PCI SSC) published a new version of the PCI Data Security Standard (PCI DSS) on 31st March 2022. The new standard V4.0 provides a baseline of technical and operational requirements designed to protect payment data and will replace version 3.2.1 to help combat emerging threats and technologies. The new requirements […]

Over the last few years both State-based and International anti-corruption bodies have been busily dealing with a steady stream of fraud and corruption cases. This has included well-publicised cases involving all levels of Government, as well as organisations across the Not-for-Profit and Private sectors. No industry, occupational group or sector is immune from the threat […]

We all started last year with high hopes, not realising that it would end up being a virtual repeat of 2020. It's taught us to be a little warier. And so, going into 2022, many organisations are feeling more cautious than optimistic. While hope can push us forward, there is nothing wrong with combining this […]

Last Friday, ABC News carried a story about the Board of building materials maker, James Hardie, dismissing its chief executive, Jack Truong. The Board had conducted “extensive due diligence to provide for a sincere change in Mr Truong’s behaviour”, but employees made further complaints about how he treated them. The company shares lost 4.1% on […]

In mid-November 2021, the NSW Independent Commission Against Corruption (the ICAC) made public the report on its investigation into the sourcing of software systems for the Western Sydney Institute of TAFE (WSI). This investigation concerned allegations that the WSI Finance Manager and another Finance Officer accepted payments totalling approximately $449,000. The Finance Manager also accepted […]

Prudential Standard CPS 234, which outlines the information security requirements that APRA regulated organisations must comply with, is a mandatory regulation issued by APRA to ensure that your organisation’s information assets remain safe and secure from breaches. In order to increase the rigour of compliance of CPS 234, Boards of regulated entities are required to […]

Workplace investigations of alleged misconduct can absorb a significant amount of resources and potentially contribute to industrial relations problems and staff morale issues.  A well-conducted, independent investigation of alleged workplace misconduct can greatly assist in effectively and fairly resolving a complaint and mitigating these organisational and employee impacts. But a badly conducted or poorly documented […]

How would you describe your company’s organisational risk culture? Before you answer… Cast your mind over recent publicly prominent investigations that have raised organisational risk management failings, with ever-increasing scrutiny of organisational risk culture. Imagine for a moment a research department seeking to be the first to deliver new technologies. What if, in the race […]

In a month where billionaire entrepreneurs are reaching for the stars (or at least the edge of space), we thought it was timely to share our research and recent experiences about the audit topics that are trending in the Local Government audit universe. Councils are probably aware that the NSW Audit Office has recently published […]

The Australian Cyber Security Centre (ACSC) has updated its Essential Eight (8) Maturity Model in July 2021 to counter the sophistication of different levels of adversaries rather than just being aligned to the intent of a mitigation strategy. The ACSC asserts that the maturity model is focused on "Windows-based internet-connected networks", and while it could […]