This audit found the Province has not adequately identified and managed the risks associated with operating aging information systems.

This audit looked at whether the Province of Manitoba identified and managed the risks associated with operating aging information systems.

Information systems include hardware and software used to collect, process, store, and share information. Servers, firewalls, switches, and routers are examples of information system hardware. Software refers to the programs that run on these devices.

The audit found the Province has not adequately identified and managed the risks associated with operating aging information systems. Identifying and managing these risks would reduce the threats of extended system outages, decreased system reliability, and security vulnerabilities.

More specifically, the audit found:

  • The Province’s inventory of information systems is incomplete and inaccurate.
  • The process used to analyze and report aging systems risks is inadequate.
  • There is a lack of practices in place to monitor risk ratings of aging systems and corresponding risk responses not well-defined.

The report includes 8 recommendations to help the Province improve risk assessment process and reduce the probability of adverse impacts to systems.

Published: March 2022

Sector: Government Operations

Read the Audit Report

Download a website version of our audit report for future reference. The website version is for information purposes only. Be considerate of the environment. Think before you print it.

Download Audit Report

What we are working on

At any given time, we have several project audits in progress. You can find brief descriptions of these on-going audits here.

Learn More

We want to hear from you

We encourage Manitobans to provide us with information related to one of our on-going project audits, or to potential audits. This information may help our audit teams identify concerns and potentially influence what an audit will examine.

Learn More