This audit found the Province of Manitoba is not adequately controlling privileged access rights to prevent unauthorized users from accessing its information systems.
We looked at the controls in place to manage privileged access for information systems within the Department of Labour, Consumer Protection and Government Services, and at Shared Health.
Adequate controls are needed to ensure only authorized users have privileged access to these systems, allowing them to modify users’ privileges, change system configurations, and alter security settings.
Without adequate controls, there is a greater risk that cyber threat actors could gain privileged access, resulting in data theft, operational disruptions, system outages, and financial losses.
We found the Province is not adequately controlling privileged access rights to prevent unauthorized access to its information systems. Our IT audit report includes 5 recommendations.

Video: Manitoba not adequately controlling privileged access to its information systems: Auditor General
Read the Audit Report
Download a website version of our audit report. The website version is for information purposes only. Be considerate of the environment. Think before you print it.
Download Audit Report