Security issues hindering Qld energy companies: report

Fraser Barton |

The financial statements of Queensland energy operators are stable but more can be done to strengthen security processes within organisations, the auditor-general has found.

A financial audit report was issued by Brendan Worrall on Wednesday into the results of Queensland’s energy entities that generate, transmit and distribute electricity across the state.

Mr Worrall found seven issued audit opinions for company financial statements complied with reporting requirements but there remains issues with protection for internal information and assets.

Two particular deficiencies were highlighted which require immediate action, Mr Worrall said.

The first is energy entities cannot continue with a ‘set and forget’ approach to securing information and they must respond promptly to change or risk cyber attacks, non-compliance with security policies and reputational damage.

The auditor-general also recommends an implementation of controls that protect systems from external threats, as previously recommended in audit reports stretching back to 2020.

This includes limiting access to information systems for employees and third-party contractors only where required and updating security settings in line with risk assessments and better practices.

Mr Worrall suggested encrypting sensitive information and upgrades to systems that could be exploited by external parties.

High staff turnovers, a lack of staff awareness of existing policies and a higher reliance on third-party service providers contributed to system weaknesses during the reportable year.

Some 40 deficiencies relating to internal controls were detailed in the report with two being significant.

There were 38 significant and control deficiencies resolved in the reporting year, the audit said.

The report also found total profits have declined by $90 million in 2022-23 and were affected by electricity price volatility, higher operating costs and a reduction in transmission and distribution due to lower tariff rates.

Energy Queensland has been transitioning to digital operations since 2016 but complexities with integrating multiple systems has caused delays.

The original cost of the digital transformation program was slated to be $238 million and complete by June 2020.

However, the budget was revised to $717 million in 2022, and now is expected to be complete in June 2026 at an estimated cost of $952 million.