Queensland Auditor-General Brendan Worrall’s report,tabled on Thursday,found the entities’ internal controls to ensure reliable financial reporting were “generally effective”,though the number of lower-risk matters had increased across the 2019-20 financial year.
“While we were able to rely on them,we identified two significant deficiencies[high-risk issues] in internal controls – both related to security of online payments,” the report said.
“These issues have been resolved.”
Generators CleanCo,CS Energy and Stanwell,along with transmission and distribution corporations Powerlink,Energex and Ergon,and retailer Ergon Energy Queensland,were all included in the audit.
Nine of the 28 deficiencies found were related to Energy Queensland’s rollout of a new information technology system,expected to be finalised by 2021-22 at a cost of 4 per cent more than the $229 million approved by the Australian Energy Regulator.
The reported noted that if the new system did end up overrunning the approved figure,Energy Queensland – which counts all but Powerlink and the generators as subsidiaries – may not be able to recover the cost through network charges for its customers and could see financial returns to the government affected.
The audit office recommended all six of the energy entities strengthen the security of their IT systems through employee training and ensuring user access to sensitive data was was appropriately approved and reviewed.