AG cites fraud, cybersecurity risks
Service Nova Scotia and Internal Services is the worst offender of a government that isn't moving quickly enough to safeguard itself from fraud and cybersecurity risks, according to the province's auditor general report released Tuesday.
The report identified nine significant control weaknesses hampering the department ranging from purchasing to procurement. Eight were previously highlighted by the auditor general's office.
“We reported previously that the (department) may not be able to prevent and detect unauthorized or fraudulent payments or ensure purchases achieve value for money due to these significant control weaknesses,” said acting auditor general Terry Spicer in the report.
“Although SNS-IS has initiated a process to address these weaknesses, there is still work to be done."
More than three years after the province implemented a fraud policy in 2017, SNS-IS is among 10 government departments, nine public service units and 19 government organizations that still haven't completed fraud-risk assessments.
“Fraud in the public sector is concerning because it can result in the loss of taxpayer assets and reduce the public's confidence in the government,” said Spicer. “Overall, I find that government continues to take steps to manage fraud risk, but it's still not acting fast enough.”
Tracy Barron, spokeswoman for SNS-IS, said the department is committed to strengthening internal financial controls and is working on a new policy for purchase orders “and the work we are doing with our accounting staff and suppliers.”
Barron said significant work has been completed to support the government's fraud risk management program. She said Service Nova Scotia's merger with Internal Services last year followed by the pandemic has put the department behind schedule.
“All departments are responsible for completing their own fraud risk assessments, however, it's a significant coordination effort to support the departments and move these initiatives forward.” said Barron.
Tuesday's report also shows that Service Nova Scotia and Internal Services still hasn't finalized regulations to define roles and responsibilities for cybersecurity. But government-wide cybersecurity risk register is still under development, and training programs are not provided to all IT users, the AG noted.
Tory Leader Tim Houston said the province needs to act with more urgency to protect sensitive information of Nova Scotians that's increasingly stored online and vulnerable to data breaches and theft of financial assets and information.
He called on the government to immediately communicate the steps being taken to improve cybersecurity and tell “Nova Scotians exactly how long it will take.”
Nine government organizations, including IWK Health Centre, Nova Scotia Health Authority and Housing Nova Scotia, had a combined 17 significant control weaknesses.
Tuesday's report shows the province is projecting $580 million in COVID stimulus spending by the end of this fiscal year. A big chunk of that includes a controversial $228-million infrastructure fund announced in May.