This audit found the Province of Manitoba is not adequately controlling privileged access rights to prevent unauthorized users from accessing its information systems.

We looked at the controls in place to manage privileged access for information systems within the Department of Labour, Consumer Protection and Government Services, and at Shared Health.

Adequate controls are needed to ensure only authorized users have privileged access to these systems, allowing them to modify users’ privileges, change system configurations, and alter security settings.

Without adequate controls, there is a greater risk that cyber threat actors could gain privileged access, resulting in data theft, operational disruptions, system outages, and financial losses.

We found the Province is not adequately controlling privileged access rights to prevent unauthorized access to its information systems. Our IT audit report includes 5 recommendations.

Video: Manitoba not adequately controlling privileged access to its information systems: Auditor General

Published: October 2022

Sector: Government Operations

Read the Audit Report

Download a website version of our audit report. The website version is for information purposes only. Be considerate of the environment. Think before you print it.

Download Audit Report

What we are working on

At any given time, we have several project audits in progress. You can find brief descriptions of these on-going audits here.

Learn More

We want to hear from you

We encourage Manitobans to provide us with information related to one of our on-going project audits, or to potential audits. This information may help our audit teams identify concerns and potentially influence what an audit will examine.

Learn More