Log In

Reset Password
BERMUDA | RSS PODCAST

Auditor-General: ‘pressing’ for Government to secure data

First Prev 1 2 Next Last
Heather Thomas, the Auditor-General (File photograph)

Public organisations have demonstrated transparency in their communications with the Auditor-General, she said, after operations were disrupted owing to a massive cyberattack.

Heather Thomas said she would support government-audited units during the crisis and added that the quality of audits will not be compromised.

Her comments came after a cyberattack last week that resulted in the shutdown of government IT systems, which continued to be affected yesterday.

Ms Thomas said the Office of the Auditor-General had “many inquiries” from the public and media on the incident.

She added it was “pressing” that the Government made sure and provided assurances that information about its business, that of its partners, and residents’ personal data was secured.

Ms Thomas said: “As the office responsible for supporting Parliament by scrutinising and providing objective, fact-based information through audits, to hold the Government to account and to promote improvements in public services financial administration, my intention is to continue to work closely with the Government-audited bodies to support them during this disruption, while preserving my objectivity and independence as Auditor-General.

“The government bodies have been transparent in their communication to the office on business disruptions.

“In addition, it is already clear that it’s going to be difficult to carry out the audit of the government accounts and other government work in the current circumstances.

“We will not compromise the quality of public entities’ financial reports or our audits of the information they contain.”

She cited a report from her office, published in 2021, Government of Bermuda’s Response to Covid-19: The Unemployment Benefit Administration, which said: “In times of crisis, the agility and robustness of public finance management systems are truly tested and experience has shown that these types of circumstances can create opportunities for various types of violations that could seriously weaken the effectiveness of government actions.”

Ms Thomas said yesterday: “The Government Department of Internal Audit can provide advice to decision-makers that will protect the Government of Bermuda assets and reputation by providing guidance on their internal control framework to support operational sustainability during this crisis.

“Also, it is important to note the duty of accountability and to document and safeguard records does not cease; it becomes even more essential that the Government documents its decisions and captures critical information as new ways of working are adopted rapidly without the usual processes and infrastructure.

“It is also essential that the basis of those decisions, the decisions themselves and the senior decision-makers involved be safeguarded and thoroughly documented in order for governments to remain accountable both during and after this crisis.

“We will continue to engage the Government on its response measures, and the impact this has on day-to day operations.”

Gitanjali Gutierrez, the Information Commissioner (File photograph)

Gitanjali Gutierrez, the Information Commissioner, said earlier that permanent secretaries, heads of departments and other public officers “transitioned to using mobile phones and personal e-mail accounts to continue government services” in response to the cyberattack.

She added on Monday: “Regardless of the device or platform used, these electronic communications are public records that reflect government decision-making and business.

“The same is true for paper-based communications and business processes being used at this time, as some government processes have reverted to paper-based transactions while their digital system is unavailable.

“Public officers must be mindful that these records are subject to search, retrieval and potentially disclosure in response to public access to information requests.”

Ms Gutierrez highlighted that “once this incident has passed, the public may seek full transparency and accountability of any decisions” made amid the crisis.

She explained that steps to make sure public records were properly preserved could involve the inclusion of government-issued mobile phones — that retain communications — when messages were conveyed by WhatsApp or SMS.

Ms Gutierrez added: “The right to access public records under the Pati Act and public authorities’ obligations to comply with the Pati Act have not been suspended.

“As a practical matter, however, many public authorities continue to be affected by the cybersecurity incident and their ability and capacity to comply with the timelines under the Pati Act impacted.”

The Office of the Auditor-General was open and operational. It can be contacted by phone on 296-3148 or by e-mail at oag@oagbermuda.bm. The Information Commissioner’s Office was also fully operational, and can be contacted by phone on 543-3700 or by e-mail at info@ico.bm

You must be Registered or to post comment or to vote.

Published September 29, 2023 at 7:56 am (Updated September 29, 2023 at 7:56 am)

Auditor-General: ‘pressing’ for Government to secure data

What you
Need to
Know
1. For a smooth experience with our commenting system we recommend that you use Internet Explorer 10 or higher, Firefox or Chrome Browsers. Additionally please clear both your browser's cache and cookies - How do I clear my cache and cookies?
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service
7. To report breaches of the Terms of Service use the flag icon