P.E.I. auditor general points out flaws in province's IT security, disability supports
Criticism of IT security comes weeks after malware attack on provincial servers
P.E.I. Auditor General Jane MacAdam offered both praise and criticism of the provincial government's handling of its money and other resources in her annual report, released Monday.
As a precaution to prevent the spread of the COVID-19, the province did not hold an in-person news conference, and instead sent a written release.
MacAdam's report focused on disability supports, information technology security, Health PEI's laboratory services, and financial audits. She also looked at whether government had implemented her past recommendations.
Her harshest criticism was for the Department of Social Development and Housing and how it authorizes and provides accessibility supports.
The province's disability support program, or DSP, is now called AccessAbility Supports.
"Implementation of the AccessAbility Supports Program was not well managed," MacAdam said in the release.
"The program was hastily implemented and there was inadequate attention to some basic management practices," she added. "It's concerning that 18 months after the program was implemented, some individuals receiving benefits had not been assessed using the new capability assessment tool, and the department couldn't provide information on the number of assessments outstanding."
'Lack of compliance'
MacAdam was also critical of security access to provincial information technology by the Department of Social Development and Housing and information technology shared services. However, for security reasons, she said she would not disclose detailed findings and recommendations.
"There was a lack of compliance with several access control policies," MacAdam noted, adding "government was not regularly assessing compliance with security policies and standards."
She also said communication of IT security policy requirements "needs improvement."
The auditor general's report comes three weeks after a malware attack on the province's servers that was active for 90 minutes before it was discovered.
MacAdam checked on how many recommendations made in her 2016 and 2017 annual reports had been implemented. As of October 2019 she found 64 per cent of 2016 recommendations had been implemented — unchanged from the previous year — and 43 per cent of 2017 recommendations. She said she was told some of the delays are due to outstanding IT upgrades as well as changes to regulations.
She also noted action was taken on all 15 recommendations in her 2016 report on government involvement with the e-gaming initiative and financial services platform, and said "We do not plan to do any further follow-up work on the recommendations from this special assignment."
MacAdam said the province's finances appear to be in order, with one caveat.
"Similar to prior years, some expenditures were incurred prior to obtaining a special warrant as required," she said in the release. Special warrants are approved by cabinet for spending more than what has been budgeted.
"Most of the financial indicators presented were trending in a positive direction at the end of the 2019 fiscal year," she concluded.