SlideShare a Scribd company logo

1. Consider a 400-MW, 32 percent efficient coal-fired power plan.docx

Download as DOCX, PDF
S
stilliegeorgiana

1. Consider a 400-MW, 32 percent efficient coal-fired power plant that uses cooling water withdrawn from a nearby river (with an upstream flow of 10-m3/s and temperature 20 °C) to take care of waste heat. The heat content of the coal is 8,000 Btu/lb, the carbon content is 60% by mass, and the sulfur content is 2% by mass. i. How much electricity (in kWh/yr) would the plant produce each year? ii. How many pounds per hour of coal would need to be burned at the plant? iii. Estimate the annual carbon emissions from the plant (in metric tons C/year). iv. Convert the carbon emissions to g C/kJ of energy produced. Compare your answer to that in Problem 2.7 of Homework 3 for petroleum combustion, and Example 2-3 for methane combustion. Comment on why coal is considered the “dirtiest” fossil fuel! v. If the cooling water is only allowed to rise in temperature by 10 °C, what flow rate (in m3/s) from the stream would be required? Is this sustainable? What would you recommend? vi. What would be the river temperature if all the waste heat was transferred to the river water assuming no heat losses during transfer? Would that be a problem? Why or why not. vii. Estimate the hourly SO2 emissions (in kg/h) from the plant assuming that all the sulfur is oxidized to SO2 during combustion. viii. What would be the problem in releasing SO2 to the atmosphere? Is sulfur dioxide a regulated priority pollutant? If yes, report the NAAQS? ix. How would you propose to remove sulfur dioxide at the power plant? x. Report on the required efficiency (in removal %) of the SO2 scrubber, if the plant is only allowed to emit the legal limit of 0.6 lb SO2 per million Btu of heat input. xi. How much particulate matter could be released (in kg/year particulates) if the plant met New Source Performance Standards (NSPS) that limit particulate emissions to 0.03 lb per 106 Btu heat? xii. Comment on the sources of particulates in the plant emissions? We have seen a dramatic decrease in particulate emissions since the 1970 Clean Air Act. How are particulate emissions controlled at stationary sources? 2. Consider an area-source box model for air pollution above a peninsula of land. The length of the box is 50 km, its width is 20 km, and a radiation inversion restricts mixing to 20 m. Wind is blowing clean air into the long dimension of the box at 0.4 m/s. Between 8 and 10 a.m. there are 300,000 vehicles on the road, each being driven 50 km, and each emitting 4 g CO/km. CO gets oxidized to carbon dioxide in the atmosphere. The half-life for CO in the atmosphere is 3 hours. Assume air temperature is 20⁰C. i. Estimate the steady state CO concentration in the air shed (in mg/m3) ii. Convert to ppmv and determine whether it exceeds the NAAQS. iii. If there was no CO at 8 a.m., determine the CO concentration(in mg/m3) at 10 o’clock. iv. How would air quality change if the wind speed picked up to 20 mph (miles per hour)? Here you need to recalculate the steady state CO concentration (in mg/m3)..

Education
1 of 30
1. Consider a 400-MW, 32 percent efficient coal-fired power plant that uses cooling water withdrawn from a nearby river (with an upstream flow of 10-m3/s and temperature 20 °C) to take care of waste heat. The heat content of the coal is 8,000 Btu/lb, the carbon content is 60% by mass, and the sulfur content is 2% by mass. i. How much electricity (in kWh/yr) would the plant produce each year? ii. How many pounds per hour of coal would need to be burned at the plant? iii. Estimate the annual carbon emissions from the plant (in metric tons C/year). iv. Convert the carbon emissions to g C/kJ of energy produced. Compare your answer to that in Problem 2.7 of Homework 3 for petroleum combustion, and Example 2-3 for methane combustion. Comment on why coal is considered the “dirtiest” fossil fuel! v. If the cooling water is only allowed to rise in temperature by 10 °C, what flow rate (in m3/s) from the stream would be required? Is this sustainable? What would you recommend? vi. What would be the river temperature if all the waste heat was transferred to the river water assuming no heat losses during transfer? Would that be a problem? Why or why not. vii. Estimate the hourly SO2 emissions (in kg/h) from the plant assuming that all the sulfur is oxidized to SO2 during combustion. viii. What would be the problem in releasing SO2 to the atmosphere? Is sulfur dioxide a regulated priority pollutant? If yes, report the NAAQS? ix. How would you propose to remove sulfur dioxide at the power plant? x. Report on the required efficiency (in removal %) of the SO2 scrubber, if the plant is only allowed to emit the legal limit of
0.6 lb SO2 per million Btu of heat input. xi. How much particulate matter could be released (in kg/year particulates) if the plant met New Source Performance Standards (NSPS) that limit particulate emissions to 0.03 lb per 106 Btu heat? xii. Comment on the sources of particulates in the plant emissions? We have seen a dramatic decrease in particulate emissions since the 1970 Clean Air Act. How are particulate emissions controlled at stationary sources? 2. Consider an area-source box model for air pollution above a peninsula of land. The length of the box is 50 km, its width is 20 km, and a radiation inversion restricts mixing to 20 m. Wind is blowing clean air into the long dimension of the box at 0.4 m/s. Between 8 and 10 a.m. there are 300,000 vehicles on the road, each being driven 50 km, and each emitting 4 g CO/km. CO gets oxidized to carbon dioxide in the atmosphere. The half- life for CO in the atmosphere is 3 hours. Assume air temperature is 20⁰C. i. Estimate the steady state CO concentration in the air shed (in mg/m3) ii. Convert to ppmv and determine whether it exceeds the NAAQS. iii. If there was no CO at 8 a.m., determine the CO concentration(in mg/m3) at 10 o’clock. iv. How would air quality change if the wind speed picked up to 20 mph (miles per hour)? Here you need to recalculate the steady state CO concentration (in mg/m3). Report 20: May 2019
Western Australian Auditor General’s Report Information Systems Audit Report 2019 Office of the Auditor General Western Australia 7th Floor Albert Facey House 469 Wellington Street, Perth Mail to: Perth BC, PO Box 8489 PERTH WA 6849 T: 08 6557 7500 F: 08 6557 7600 E: [email protected] W: www.audit.wa.gov.au National Relay Service TTY: 13 36 77 (to assist people with hearing and voice impairment) We can deliver this report in an alternative format for those with visual impairment.
© 2019 Office of the Auditor General Western Australia. All rights reserved. This material may be reproduced in whole or in part provided the source is acknowledged. ISSN: 2200-1931 (Print) ISSN: 2200-1921 (Online) WESTERN AUSTRALIAN AUDITOR GENERAL’S REPORT Information Systems Audit Report 2019 Report 20 May 2019 THE PRESIDENT THE SPEAKER LEGISLATIVE COUNCIL LEGISLATIVE ASSEMBLY INFORMATION SYSTEMS AUDIT REPORT 2019 This report has been prepared for Parliament under the provisions of section 24 and 25 of the Auditor General Act 2006.
Information systems audits focus on the computer environments of public sector entities to determine if these effectively support the confidentiality, integrity and availability of information they hold. I wish to acknowledge the cooperation of the staff at the entities included in our audits. CAROLINE SPENCER AUDITOR GENERAL 15 May 2019 Information Systems Audit Report 2019 | 3 Contents Auditor General’s overview ......................................................................................... 4 Application controls audits .......................................................................................... 5 Introduction ............................................................................................... ................... 5 Audit focus and scope ............................................................................................... ... 5 Summary ...............................................................................................
....................... 6 Recruitment Advertisement Management System – Public Sector Commission ........... 8 Advanced Metering Infrastructure – Horizon Power.....................................................16 Pensioner Rebate Scheme and Exchange – Office of State Revenue .........................23 New Land Registry - Titles – Western Australian Land Information Authority ..............29 General computer controls and capability assessments ........................................... 34 Introduction ............................................................................................... ..................35 Conclusion ............................................................................................... ...................35 Background ............................................................................................... ..................35 Audit focus and scope ............................................................................................... ..36 Audit findings ............................................................................................... ................36
Recommendations ............................................................................................... .......46 Appendix 1 – Cloud application (SaaS) better practice principles ............................ 47 4 | Western Australian Auditor General Auditor General’s overview This is the eleventh annual Information Systems Audit Report by my Office. The report summarises the results of the 2018 annual cycle of information systems audits, and application reviews completed by my Office since last year’s report. The report contains important findings and recommendations to address common system weaknesses that can seriously affect the operations of government and potentially compromise sensitive information held by entities. All public sector entities should consider the relevance of the recommendations to their unique operations. The newly funded Office of Digital Government has an important role in supporting entities to address these weaknesses and improve
their capability and cyber resilience. The first section of the report contains the results of our audit of key business applications at 4 public sector entities. All 4 had weaknesses, the most common of which related to poor contract management, policies, procedures and information security. When government outsources any ICT function, or buys cloud hosted applications, it remains responsible for identifying risks and ensuring appropriate functionality, security and availability controls are in place. Proper due diligence processes must be undertaken, when designing the contract and throughout the term of the contract, to ensure government gets the service it needs and the community expects. The potential effect of any weaknesses includes the compromise of sensitive information. Our Software as a Service (SaaS) better practice principles at Appendix 1 can assist entities in assessing whether to move to the cloud, choosing a provider and with ongoing contract management. The second section presents the results of our general computer controls and capability assessments and I have identified 4 entities that have consistently demonstrated good practices over at least the past 3 years. I was pleased to find that 3 more entities were assessed this year as having mature general computer control environments across the 6 control categories of our assessment. However, the 2 categories
of information security and business continuity, continue to show little improvement in the last 11 years. Despite a slight increase in the number of entities assessed as having mature business continuity controls, half of the entities we reviewed still do not manage this area well. Ensuring good security practices are implemented, enforced and regularly tested should be a focus and key responsibility for all entities’ executive teams. Continually raising staff awareness, at all levels, about information and cyber security issues is another proven way to embed good practice and security hygiene into everyday operations. Information Systems Audit Report 2019 | 5 Application controls audits Introduction Applications are software programs that facilitate an organisation’s key business processes including finance, human resources, case management, licensing and billing. Applications also facilitate specialist functions that are unique and essential to individual entities. Each year we review a selection of important applications that entities rely on to deliver
services. We focus on the key controls that ensure data is complete, and accurately captured, processed and maintained. Failings or weaknesses in these controls have the potential to affect other organisations and the public. Impacts range from delays in service and loss of information, to possible fraudulent activity and financial loss. Entities can use our better practice principles at Appendix 1 to help ensure any Software as a Service (SaaS) contracts include measures to mitigate risks and protect entity information. Audit focus and scope We reviewed key business applications at a number of state government entities. Each application is important to the operations of the entity and may affect stakeholders, including the public, if the application and related processes are not managed appropriately. The 4 applications covered in this report are: 1. Recruitment Advertisement Management System – Public Sector Commission 2. Advanced Metering Infrastructure – Horizon Power 3. Pensioner Rebate Scheme and Exchange – Office of State Revenue 4. New Land Register – Western Australian Land Information Authority Our application reviews focused on the systematic processing and handling of data in the
following control categories: 1. Policies and procedures – are appropriate and support reliable processing of information 2. Security of sensitive information – controls exist to ensure integrity, confidentiality and availability of information at all times 3. Data input – information entered is accurate, complete and authorised 4. Backup and recovery – is appropriate and in place in the event of a disaster 5. Data output – online or hard copy reports are accurate and complete 6. Data processing – information is processed as intended, in an acceptable time 7. Segregation of duties – no staff perform or can perform incompatible duties 8. Audit trail – controls over transaction logs ensure history is accurate and complete 9. Masterfile maintenance, interface controls, data preparation – controls over data preparation, collection and processing of source documents ensure information is accurate, complete and timely before the data reaches the application. Our testing was a point in time assessment. We reviewed a
sample of key controls and processes to obtain reasonable assurance that the applications worked as intended and that information they contained and reports were reliable, accessible and secure. Our testing may 6 | Western Australian Auditor General highlight weaknesses in control design or implementation that increase the risk that an application’s information may be susceptible to compromise. However, we do not design our tests to determine if information has been compromised. Summary The 4 applications we reviewed all had control weaknesses. Most related to policies and procedures, and poor information security. We also found weaknesses in controls aimed to ensure the applications function efficiently, effectively and remain available. We reported 37 findings across the 4 applications. Nine findings were rated as significant, 17 moderate and 11 minor. Most of the issues we found are relatively simple and inexpensive to fix. Figure 1 shows the findings for each of the control categories and Figure 2 shows the findings for each of the 4 applications reviewed. Source: OAG
Figure 1: Application audits Information Systems Audit Report 2019 | 7 Source: OAG Figure 2: Findings per application 8 | Western Australian Auditor General Recruitment Advertisement Management System – Public Sector Commission Introduction Western Australian (WA) government entities use the Recruitment Advertisement Management System (RAMS) to manage staff recruitment and redeployments, and to record severance details. The public use the system to apply for WA government jobs. The system is externally hosted, and managed by a third-party vendor in a Software as a Service (SaaS) arrangement. It contains personal identifiable and sensitive information such as names, addresses, work history, qualifications, bank details and tax file numbers. Conclusion RAMS has successfully facilitated a significant number of recruitment processes since the application was implemented in 2003. However, we identified a number of opportunities to
improve application governance. The Public Sector Commission (the Commission) has not undertaken or received independent assurance that key vendor managed information security controls are adequate and operating to ensure the confidentiality, integrity and availability of information in RAMS. Further, the Commission cannot demonstrate it is monitoring and managing vendor compliance in accordance with the service level agreement and so may not be fully informed of any issues with service delivery or not meeting all users’ needs. There is also a risk that insufficient business continuity planning could see an outage impacting recruitment activities across the whole of the WA government. Poor user access management has the potential to expose personal and sensitive information to inappropriate access or misuse, particularly as the Commission has kept all information stored on the system since 2003. Background RAMS is a mandated whole of government e-recruitment solution. All relevant WA state entities must use the application to advertise vacancies, manage redeployments and record severances. Entities access the application via an internet administration portal. A separate portal is provided for data analysis and reporting. The public can view vacancies, create a profile and submit job applications online through multiple job
boards (Figure 3). Information Systems Audit Report 2019 | 9 Source: OAG Figure 3: High-level overview of RAMS In 2017-18, RAMS processed about 238,000 applications for almost 15,400 job advertisements. Currently, there are about 712,000 people with a job seeker profile in the application. The vendor manages the underlying environment (network, storage, servers, virtualisation, operating systems, middleware, runtime, data and applications) and controls to protect the system. The Commission retains ownership of the data and the risks to its confidentiality, integrity and availability (Figure 4). It is also responsible for monitoring delivery of service as per the SaaS contract arrangement. Security responsibility Software (as a service) Governance Entity Data Entity and Vendor Runtime Vendor Middleware Vendor Operating Systems Vendor
Virtualisation Vendor 10 | Western Australian Auditor General Servers Vendor Storage Vendor Network Vendor Data Centres Vendor Source: OAG based on RAMS contract and SaaS principles 1 Figure 4: SaaS security responsibilities The WA public sector has used RAMS since 2003. The most recent contract extension was awarded in April 2018 for 2 years. A service level agreement is in place that sets out expectations of service. Audit findings The Commission has not sought adequate assurance on vendor controls The Commission has not undertaken or received independent assurance that key vendor managed information security controls are adequate and operating effectively. As a result, the Commission does not have assurance that information in RAMS is protected to ensure its confidentiality, integrity and availability. We identified the following control deficiencies: • Unsupported software – Some software components that underpin the application are no longer supported by the software vendors. In addition, 1
component has not had software updates applied that fix known security vulnerabilities. Unsupported and out– of-date software increases the risk of attackers using known vulnerabilities to gain access to sensitive information or disrupt systems. • Disaster recovery not tested – The vendor has not performed a full disaster recovery test since 2015. The Commission cannot be certain that it can recover the application as required. • Outdated technical specification documentation – The technical documentation describing the application does not reflect the current application environment. The Commission cannot be certain that all appropriate controls are in place to protect the application. Lack of a risk assessment has led to inadequate information security requirements in the contract The Commission did not assess the information security risks to the RAMS application and information at the time of contract or extensions. Without a formal risk assessment, the Commission is less likely to know if controls documented in the contract adequately address risks and vulnerabilities. In a SaaS environment, the customer does not directly manage the controls that protect information. Therefore, it is critical that controls are well defined in the service contract.
We found key terms and conditions for security of information are inadequately specified in the contract. Weaknesses we identified include: • No right to conduct security audits – There is no specific right for the Commission to conduct security audits of the RAMS environment. As a result, the Commission may have limited ability to verify security controls. 1 https://cloudsecurityalliance.org/download/security-guidance- v4/ Information Systems Audit Report 2019 | 11 • No controls assurance – There is no requirement for the vendor to provide the Commission with third party assurance reports or certification that controls are in place and operating effectively. The Commission cannot be certain that RAMS and the information it holds are protected. • Unspecified obligation to report data security breaches – The vendor’s obligation and process to report data security breaches to the Commission have not been specified. In addition, there are no defined penalties or indemnities for a security breach. Defining these requirements would allow the Commission to act in a timely
fashion and, if necessary, recover costs in the event of a breach. • Encryption not specified – Data encryption requirements to protect sensitive information in transit, at rest and stored on backups have not been specified. For example, the vendor does not encrypt backup tapes which are stored by a third party offsite. If the tapes are lost or stolen the information on them could be inappropriately accessed. The international standard for information security (ISO27002/2015) advises data owners to encrypt backup media where confidentiality is important. • Unspecified data retention – Data retention requirements have not been specified. All information since 2003 has been retained in the system. This information is vulnerable to exposure if the application is compromised. Further, retaining all this information increases the risk that Australia’s Privacy Act 1988 and the European General Data Protection Regulation may be breached, which could result in infringements and reputational damage. The contract should also be consistent with the State Records Office’s General Disposal Authority. This states that job applicant information should be disposed after 7 years for successful applicants and 1 year for unsuccessful applicants. Inadequate access controls increase the risk of unauthorised access or misuse
We identified the following weaknesses in access controls to minimise the risk of unauthorised access: • Ineffective user account management – The Commission does not have a policy or a procedure to manage entity user accounts, including highly privileged accounts. In addition, there is no process to routinely review user activity and their levels of access. There is an increased risk of unauthorised access to, or misuse of, information in the application. Ineffective user account management may have contributed to the high number of enabled accounts (approximately 30,000). 26% of these (8,000 accounts) have never been used and 50% (15,000 accounts) have not been used in over 6 months. • Weak password configuration – The ‘admin’ portal does not meet good practice requirements for password complexity and does not limit the re- use of passwords. In addition, multi-factor authentication, where user access is only granted after successful presentation of 2 or more pieces of information, is not required to access the application. This leaves the portal susceptible to password guessing attacks and unauthorised access to information. • Unmanaged generic accounts – Fifty five entities use generic accounts to access the internet facing reporting portal and the password for the generic
account is easy to guess. Generic accounts and passwords are shared by email and the Commission does not know who has been given this information. As the password is easy to guess and not changed on a regular basis, staff moving within or leaving an entity may retain access to the reporting portal, increasing the likelihood of unauthorised access and disclosure. 12 | Western Australian Auditor General Inadequate business continuity arrangements We identified the following weaknesses in the Commission’s business continuity arrangements that increase the risk that RAMS may not be restored in a timely manner after a disruption: • Out of date business continuity plan – The Commission has not reviewed the RAMS Business Continuity Plan since 2014. Further, stakeholder entities’ critical functions, processes and their recovery objectives were not considered during the 2014 business impact analysis. There is an increased risk that RAMS may not operate adequately during an incident and key stakeholder recovery requirements have not been specified in the vendor service contract. • Ineffective escrow management – A software escrow
agreement is in place, but the vendor has not deposited the code, data or documentation as required by the contract. The Commission was not aware of this since it had not verified the deposits to confirm that RAMS can be recovered from escrow. Without escrow deposits, the Commission will not be able to recover and continue the use of RAMS if the vendor can no longer provide the services. A software escrow helps protect all parties in a software license by having a third party (escrow agent) hold application source code, data and documentation. It ensures the Commission has access to a copy of the system, under certain contractual conditions. Vendor compliance has not been well monitored to ensure RAMS meets entities’ needs We identified weaknesses in how the Commission manages the service level agreement (SLA). These increase the risk that the Commission will not receive the contracted services, or be aware of issues with the vendor’s service delivery. In particular, the Commission has not implemented key requirements of the SLA to manage the contracted service delivery. For example, the Commission has not: • held annual contract review and periodic contract management meetings • established, or allocated, a governance body to support
forward planning and provide feedback on vendor performance • conducted annual user satisfaction surveys since 2013 • received application backup reports and capacity management plans from the vendor. We note that the Commission does hold quarterly and ad hoc meetings with the vendor. The Commission informed us that the 3rd quarter meeting is considered to be the annual review of the contract. However, we found no documentary evidence of an annual contract or SLA review in our examination of the most recent 3rd quarter meeting agenda or minutes. Important application management processes could be improved to reduce the risk of unplanned system downtime The Commission and vendor have not adequately documented, and do not routinely follow, change and incident management processes to manage issues with the application (e.g. incidents). Inadequate change and incident management can lead to unplanned system downtime and recurring issues. We identified the following weaknesses: • Changes are not properly managed – Change management documentation is unclear and inconsistent. In addition, the vendor had not provided detailed change
Information Systems Audit Report 2019 | 13 process documentation as required by the SLA. We tested 2 changes which identified that: o the formal contract change template is not used o written confirmation of regression testing, to confirm changes have not negatively affected existing functions, and user acceptance testing is not performed. • Incidents are not properly recorded, classified and analysed – The Commission does not record incidents and service requests in an appropriate service desk tool, increasing the risk that incidents may not be resolved in a timely manner. We note that the vendor does provide the Commission with incident volume reports. However, we found that incidents are not classified to allow trend analysis, and there is no documented process for identifying the root cause of recurring incidents. There is an increased risk that recurring incidents may not be identified and addressed. 14 | Western Australian Auditor General Recommendations The Commission should:
1. implement a risk assurance framework for SaaS arrangements and conduct a risk assessment of the RAMS application and information. Update contractual terms based on identified risks Commission response: Agreed Implementation timeframe: by December 2019 2. implement appropriate mechanisms and processes to manage and monitor SLA contractual obligations Commission response: Agreed Implementation timeframe: by December 2019 3. establish a suitable mechanism for obtaining feedback from stakeholders in key entities Commission response: Agreed Implementation timeframe: by July 2019 4. implement appropriate user account management practices and communicate these to all entities Commission response: Agreed Implementation timeframe: by October 2019 5. review and update the RAMS Business Continuity Plan based on an appropriate Business
Impact Analysis involving key stakeholders, and update contractual availability requirements, if required. Commission response: Agreed Implementation timeframe: by December 2019 Information Systems Audit Report 2019 | 15 Response from the Public Sector Commission The Commission notes the feedback and recommendations provided and undertakes to implement these recommendations. The current whole-of-government e-recruitment system (RAMS) has had no security breaches since its inception in 2003. The Commission is confident that users’ information is protected to ensure its confidentiality, integrity and availability. The information provided in the audit will assist the Commission in enhancing the management of this contract, and will guide its future contractual requirements relating to information technology security as well as its auditing and application control requirements.
16 | Western Australian Auditor General Advanced Metering Infrastructure – Horizon Power Introduction Our audit focused on the applications within the Advanced Metering Infrastructure used by the Regional Power Corporation, trading as Horizon Power (Horizon), to record, monitor and bill for the consumption of electricity. The applications store personal and sensitive client information such as customer name, address, date of birth and locations where electricity meters are installed. Conclusion The AMI system achieves its purpose. It collects and stores electricity consumption data and communicates the information to other Horizon business systems. However, the integrity and confidentiality of the system and information it holds is at risk due
to inadequate background checks and contractor access management. Improved network and database security controls would also strengthen system integrity. Background Horizon, is a state government-owned corporation that generates, procures and distributes electricity to residential, industrial and commercial customers in regional towns and remote communities. Currently it provides electricity to over 100,000 residents and 10,000 businesses. Horizon has a suite of applications to manage electricity consumption and billing. Together, they are referred to as Advanced Metering Infrastructure (AMI). These include the MV90, Velocity, MDR, MData21 and SSN systems. Our audit focused on the MV90 commercial metering system, and associated applications including the ‘My Account’ portal. The following figure (Figure 5) shows an overview of information flow across the different parts of the AMI system. Information Systems Audit Report 2019 | 17 Figure 5: High level view of AMI system
In October 2016, more than 47,000 ageing electricity meters across regional WA were replaced with advanced meters. These meters allow Horizon to use the MV90 and other systems to collect electricity consumption data over the network without staff having to physically visit customer sites. Audit findings There are appropriate processes to detect and remedy consumption errors before bills are issued, but the value of errors is high Horizon has good processes to detect and remedy data errors in consumption readings. Consumption readings occur daily for all advanced meters with network access. The Velocity system reports significant billing variances for early corrective action where required, and account managers review bills before they are issued to commercial customers. In 2017-18, Horizon corrected errors valued at $1.43 billion (Figure 6). These comprised errors of $1.42 billion for one commercial customer and $8.5 million for other commercial customers. The $1.42 billion error arose from the manual reading of the customer’s meter which does not have network access and must be read using a handheld device. Remaining errors were due to factors such as incorrect rates being applied to a customer, incorrect data and system changes. While Horizon resolves errors as they arise, their high value is concerning.
18 | Western Australian Auditor General Figure 6: Data errors corrected in FY 2017-18 Inadequate human resource security and contractor access management Horizon’s policies …

Recommended

WIPAC Monthly - August 2023.pdf
WIPAC Monthly - August 2023.pdfWIPAC Monthly - August 2023.pdf
WIPAC Monthly - August 2023.pdfWater Industry Process Automation & Control
 
CARBON AUDIT
CARBON AUDITCARBON AUDIT
CARBON AUDITKhalid Mahmood
 
Cra Round Table.Feb09
Cra Round Table.Feb09Cra Round Table.Feb09
Cra Round Table.Feb09AdamZFP
 
IRJET - Solid Waste Monitoring using IoT
IRJET - Solid Waste Monitoring using IoTIRJET - Solid Waste Monitoring using IoT
IRJET - Solid Waste Monitoring using IoTIRJET Journal
 
The Business Challenges of the future Low Carbon Economy - Niall Brady
The Business Challenges of the future Low Carbon Economy - Niall BradyThe Business Challenges of the future Low Carbon Economy - Niall Brady
The Business Challenges of the future Low Carbon Economy - Niall Bradycatherinewall
 
Connectix Commercial Overview Dc Session 5 The Uk Carbon Reduction Commit...
Connectix Commercial Overview Dc Session 5 The Uk Carbon Reduction Commit...Connectix Commercial Overview Dc Session 5 The Uk Carbon Reduction Commit...
Connectix Commercial Overview Dc Session 5 The Uk Carbon Reduction Commit...paul_mathews
 
E Waste Final
E Waste FinalE Waste Final
E Waste FinalPrabhat Mani Tripathi
 
Reducir la Burocracia en la UE
Reducir la Burocracia en la UEReducir la Burocracia en la UE
Reducir la Burocracia en la UEÁngel Gómez Díaz
 

Recommended

WIPAC Monthly - August 2023.pdf
WIPAC Monthly - August 2023.pdfWIPAC Monthly - August 2023.pdf
WIPAC Monthly - August 2023.pdfWater Industry Process Automation & Control
 
CARBON AUDIT
CARBON AUDITCARBON AUDIT
CARBON AUDITKhalid Mahmood
 
Cra Round Table.Feb09
Cra Round Table.Feb09Cra Round Table.Feb09
Cra Round Table.Feb09AdamZFP
 
IRJET - Solid Waste Monitoring using IoT
IRJET - Solid Waste Monitoring using IoTIRJET - Solid Waste Monitoring using IoT
IRJET - Solid Waste Monitoring using IoTIRJET Journal
 
The Business Challenges of the future Low Carbon Economy - Niall Brady
The Business Challenges of the future Low Carbon Economy - Niall BradyThe Business Challenges of the future Low Carbon Economy - Niall Brady
The Business Challenges of the future Low Carbon Economy - Niall Bradycatherinewall
 
Connectix Commercial Overview Dc Session 5 The Uk Carbon Reduction Commit...
Connectix Commercial Overview Dc Session 5 The Uk Carbon Reduction Commit...Connectix Commercial Overview Dc Session 5 The Uk Carbon Reduction Commit...
Connectix Commercial Overview Dc Session 5 The Uk Carbon Reduction Commit...paul_mathews
 
E Waste Final
E Waste FinalE Waste Final
E Waste FinalPrabhat Mani Tripathi
 
Reducir la Burocracia en la UE
Reducir la Burocracia en la UEReducir la Burocracia en la UE
Reducir la Burocracia en la UEÁngel Gómez Díaz
 
IRJET- Design of Eco Friendly System in Automobile for Environmental Safety
IRJET- Design of Eco Friendly System in Automobile for Environmental SafetyIRJET- Design of Eco Friendly System in Automobile for Environmental Safety
IRJET- Design of Eco Friendly System in Automobile for Environmental SafetyIRJET Journal
 
UK Government Carbon Footprinting of ICT
UK Government Carbon Footprinting of ICTUK Government Carbon Footprinting of ICT
UK Government Carbon Footprinting of ICTICT FOOTPRINT .eu
 
Epc auto idtrackingcarbonemissions2-1
Epc auto idtrackingcarbonemissions2-1Epc auto idtrackingcarbonemissions2-1
Epc auto idtrackingcarbonemissions2-1wn393
 
Epc auto idtrackingcarbonemissions2-1
Epc auto idtrackingcarbonemissions2-1Epc auto idtrackingcarbonemissions2-1
Epc auto idtrackingcarbonemissions2-1wn393
 
Educause Green It Summit Nov 13
Educause Green It Summit Nov 13Educause Green It Summit Nov 13
Educause Green It Summit Nov 13Bill St. Arnaud
 
Cut EU red tape: report from the Business Taskforce
Cut EU red tape: report from the Business TaskforceCut EU red tape: report from the Business Taskforce
Cut EU red tape: report from the Business TaskforceDavid Cameron
 
IRJET - Recovery of Energy from Exhaust Air of Textile Industry with the ...
IRJET - Recovery of Energy from Exhaust Air of Textile Industry with the ...IRJET - Recovery of Energy from Exhaust Air of Textile Industry with the ...
IRJET - Recovery of Energy from Exhaust Air of Textile Industry with the ...IRJET Journal
 
Vayu Eendhan Fuel Recycling Indian Metric Pitch Deck
Vayu Eendhan Fuel Recycling Indian Metric Pitch DeckVayu Eendhan Fuel Recycling Indian Metric Pitch Deck
Vayu Eendhan Fuel Recycling Indian Metric Pitch DeckHemant Sarthak
 
Project Greenland Cost Report - Initial Draft
Project Greenland Cost Report - Initial DraftProject Greenland Cost Report - Initial Draft
Project Greenland Cost Report - Initial DraftRupak Parekh
 
CarbonFit: An Application to Monitor and Calculate Carbon Footprint
CarbonFit: An Application to Monitor and Calculate Carbon FootprintCarbonFit: An Application to Monitor and Calculate Carbon Footprint
CarbonFit: An Application to Monitor and Calculate Carbon FootprintIRJET Journal
 
ENN590-2_15se2_37479162_1799773_project_report (1)
ENN590-2_15se2_37479162_1799773_project_report (1)ENN590-2_15se2_37479162_1799773_project_report (1)
ENN590-2_15se2_37479162_1799773_project_report (1)Balraj Gill
 
Contitech Energy Projects_ARYA DASH
Contitech Energy Projects_ARYA DASHContitech Energy Projects_ARYA DASH
Contitech Energy Projects_ARYA DASHArya dash
 
Responsibility For Carbon Emission Reduction
Responsibility For Carbon Emission ReductionResponsibility For Carbon Emission Reduction
Responsibility For Carbon Emission ReductionMichelle Madero
 
INVESTMENT ANALYSIS OF SMALL SCALE WIND TURBINE INSTALLATIONS IN URBAN AREAS ...
INVESTMENT ANALYSIS OF SMALL SCALE WIND TURBINE INSTALLATIONS IN URBAN AREAS ...INVESTMENT ANALYSIS OF SMALL SCALE WIND TURBINE INSTALLATIONS IN URBAN AREAS ...
INVESTMENT ANALYSIS OF SMALL SCALE WIND TURBINE INSTALLATIONS IN URBAN AREAS ...Eloo Okoye
 
WIPAC Monthly - March 2023.pdf
WIPAC Monthly - March 2023.pdfWIPAC Monthly - March 2023.pdf
WIPAC Monthly - March 2023.pdfWater Industry Process Automation & Control
 
Bioenergy New Review October 2019
Bioenergy New Review October 2019Bioenergy New Review October 2019
Bioenergy New Review October 2019NNFCC
 
IRJET- Diesel Particulate Filter by using Copper Oxide as a Filter Medium
IRJET- Diesel Particulate Filter by using Copper Oxide as a Filter MediumIRJET- Diesel Particulate Filter by using Copper Oxide as a Filter Medium
IRJET- Diesel Particulate Filter by using Copper Oxide as a Filter MediumIRJET Journal
 
Benefits and Challenges of Implementing Carbon Capture and Sequestration Tech...
Benefits and Challenges of Implementing Carbon Capture and Sequestration Tech...Benefits and Challenges of Implementing Carbon Capture and Sequestration Tech...
Benefits and Challenges of Implementing Carbon Capture and Sequestration Tech...theijes
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptxusamabasiony
 
Educause Live
Educause LiveEducause Live
Educause LiveBill St. Arnaud
 
1. The Incident Command System (ICS) is a tool forA. Co.docx
1. The Incident Command System (ICS) is a tool forA. Co.docx1. The Incident Command System (ICS) is a tool forA. Co.docx
1. The Incident Command System (ICS) is a tool forA. Co.docxstilliegeorgiana
 
1. The Thirteenth Amendment effectively brought an end to slaver.docx
1. The Thirteenth Amendment effectively brought an end to slaver.docx1. The Thirteenth Amendment effectively brought an end to slaver.docx
1. The Thirteenth Amendment effectively brought an end to slaver.docxstilliegeorgiana
 

More Related Content

Similar to 1. Consider a 400-MW, 32 percent efficient coal-fired power plan.docx

IRJET- Design of Eco Friendly System in Automobile for Environmental Safety
IRJET- Design of Eco Friendly System in Automobile for Environmental SafetyIRJET- Design of Eco Friendly System in Automobile for Environmental Safety
IRJET- Design of Eco Friendly System in Automobile for Environmental SafetyIRJET Journal
 
UK Government Carbon Footprinting of ICT
UK Government Carbon Footprinting of ICTUK Government Carbon Footprinting of ICT
UK Government Carbon Footprinting of ICTICT FOOTPRINT .eu
 
Epc auto idtrackingcarbonemissions2-1
Epc auto idtrackingcarbonemissions2-1Epc auto idtrackingcarbonemissions2-1
Epc auto idtrackingcarbonemissions2-1wn393
 
Epc auto idtrackingcarbonemissions2-1
Epc auto idtrackingcarbonemissions2-1Epc auto idtrackingcarbonemissions2-1
Epc auto idtrackingcarbonemissions2-1wn393
 
Educause Green It Summit Nov 13
Educause Green It Summit Nov 13Educause Green It Summit Nov 13
Educause Green It Summit Nov 13Bill St. Arnaud
 
Cut EU red tape: report from the Business Taskforce
Cut EU red tape: report from the Business TaskforceCut EU red tape: report from the Business Taskforce
Cut EU red tape: report from the Business TaskforceDavid Cameron
 
IRJET - Recovery of Energy from Exhaust Air of Textile Industry with the ...
IRJET - Recovery of Energy from Exhaust Air of Textile Industry with the ...IRJET - Recovery of Energy from Exhaust Air of Textile Industry with the ...
IRJET - Recovery of Energy from Exhaust Air of Textile Industry with the ...IRJET Journal
 
Vayu Eendhan Fuel Recycling Indian Metric Pitch Deck
Vayu Eendhan Fuel Recycling Indian Metric Pitch DeckVayu Eendhan Fuel Recycling Indian Metric Pitch Deck
Vayu Eendhan Fuel Recycling Indian Metric Pitch DeckHemant Sarthak
 
Project Greenland Cost Report - Initial Draft
Project Greenland Cost Report - Initial DraftProject Greenland Cost Report - Initial Draft
Project Greenland Cost Report - Initial DraftRupak Parekh
 
CarbonFit: An Application to Monitor and Calculate Carbon Footprint
CarbonFit: An Application to Monitor and Calculate Carbon FootprintCarbonFit: An Application to Monitor and Calculate Carbon Footprint
CarbonFit: An Application to Monitor and Calculate Carbon FootprintIRJET Journal
 
ENN590-2_15se2_37479162_1799773_project_report (1)
ENN590-2_15se2_37479162_1799773_project_report (1)ENN590-2_15se2_37479162_1799773_project_report (1)
ENN590-2_15se2_37479162_1799773_project_report (1)Balraj Gill
 
Contitech Energy Projects_ARYA DASH
Contitech Energy Projects_ARYA DASHContitech Energy Projects_ARYA DASH
Contitech Energy Projects_ARYA DASHArya dash
 
Responsibility For Carbon Emission Reduction
Responsibility For Carbon Emission ReductionResponsibility For Carbon Emission Reduction
Responsibility For Carbon Emission ReductionMichelle Madero
 
INVESTMENT ANALYSIS OF SMALL SCALE WIND TURBINE INSTALLATIONS IN URBAN AREAS ...
INVESTMENT ANALYSIS OF SMALL SCALE WIND TURBINE INSTALLATIONS IN URBAN AREAS ...INVESTMENT ANALYSIS OF SMALL SCALE WIND TURBINE INSTALLATIONS IN URBAN AREAS ...
INVESTMENT ANALYSIS OF SMALL SCALE WIND TURBINE INSTALLATIONS IN URBAN AREAS ...Eloo Okoye
 
Bioenergy New Review October 2019
Bioenergy New Review October 2019Bioenergy New Review October 2019
Bioenergy New Review October 2019NNFCC
 
IRJET- Diesel Particulate Filter by using Copper Oxide as a Filter Medium
IRJET- Diesel Particulate Filter by using Copper Oxide as a Filter MediumIRJET- Diesel Particulate Filter by using Copper Oxide as a Filter Medium
IRJET- Diesel Particulate Filter by using Copper Oxide as a Filter MediumIRJET Journal
 
Benefits and Challenges of Implementing Carbon Capture and Sequestration Tech...
Benefits and Challenges of Implementing Carbon Capture and Sequestration Tech...Benefits and Challenges of Implementing Carbon Capture and Sequestration Tech...
Benefits and Challenges of Implementing Carbon Capture and Sequestration Tech...theijes
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptxusamabasiony
 

Similar to 1. Consider a 400-MW, 32 percent efficient coal-fired power plan.docx (20)

IRJET- Design of Eco Friendly System in Automobile for Environmental Safety
IRJET- Design of Eco Friendly System in Automobile for Environmental SafetyIRJET- Design of Eco Friendly System in Automobile for Environmental Safety
IRJET- Design of Eco Friendly System in Automobile for Environmental Safety
 
UK Government Carbon Footprinting of ICT
UK Government Carbon Footprinting of ICTUK Government Carbon Footprinting of ICT
UK Government Carbon Footprinting of ICT
 
Epc auto idtrackingcarbonemissions2-1
Epc auto idtrackingcarbonemissions2-1Epc auto idtrackingcarbonemissions2-1
Epc auto idtrackingcarbonemissions2-1
 
Epc auto idtrackingcarbonemissions2-1
Epc auto idtrackingcarbonemissions2-1Epc auto idtrackingcarbonemissions2-1
Epc auto idtrackingcarbonemissions2-1
 
Educause Green It Summit Nov 13
Educause Green It Summit Nov 13Educause Green It Summit Nov 13
Educause Green It Summit Nov 13
 
Cut EU red tape: report from the Business Taskforce
Cut EU red tape: report from the Business TaskforceCut EU red tape: report from the Business Taskforce
Cut EU red tape: report from the Business Taskforce
 
IRJET - Recovery of Energy from Exhaust Air of Textile Industry with the ...
IRJET - Recovery of Energy from Exhaust Air of Textile Industry with the ...IRJET - Recovery of Energy from Exhaust Air of Textile Industry with the ...
IRJET - Recovery of Energy from Exhaust Air of Textile Industry with the ...
 
Vayu Eendhan Fuel Recycling Indian Metric Pitch Deck
Vayu Eendhan Fuel Recycling Indian Metric Pitch DeckVayu Eendhan Fuel Recycling Indian Metric Pitch Deck
Vayu Eendhan Fuel Recycling Indian Metric Pitch Deck
 
Project Greenland Cost Report - Initial Draft
Project Greenland Cost Report - Initial DraftProject Greenland Cost Report - Initial Draft
Project Greenland Cost Report - Initial Draft
 
CarbonFit: An Application to Monitor and Calculate Carbon Footprint
CarbonFit: An Application to Monitor and Calculate Carbon FootprintCarbonFit: An Application to Monitor and Calculate Carbon Footprint
CarbonFit: An Application to Monitor and Calculate Carbon Footprint
 
ENN590-2_15se2_37479162_1799773_project_report (1)
ENN590-2_15se2_37479162_1799773_project_report (1)ENN590-2_15se2_37479162_1799773_project_report (1)
ENN590-2_15se2_37479162_1799773_project_report (1)
 
Contitech Energy Projects_ARYA DASH
Contitech Energy Projects_ARYA DASHContitech Energy Projects_ARYA DASH
Contitech Energy Projects_ARYA DASH
 
Responsibility For Carbon Emission Reduction
Responsibility For Carbon Emission ReductionResponsibility For Carbon Emission Reduction
Responsibility For Carbon Emission Reduction
 
INVESTMENT ANALYSIS OF SMALL SCALE WIND TURBINE INSTALLATIONS IN URBAN AREAS ...
INVESTMENT ANALYSIS OF SMALL SCALE WIND TURBINE INSTALLATIONS IN URBAN AREAS ...INVESTMENT ANALYSIS OF SMALL SCALE WIND TURBINE INSTALLATIONS IN URBAN AREAS ...
INVESTMENT ANALYSIS OF SMALL SCALE WIND TURBINE INSTALLATIONS IN URBAN AREAS ...
 
WIPAC Monthly - March 2023.pdf
WIPAC Monthly - March 2023.pdfWIPAC Monthly - March 2023.pdf
WIPAC Monthly - March 2023.pdf
 
Bioenergy New Review October 2019
Bioenergy New Review October 2019Bioenergy New Review October 2019
Bioenergy New Review October 2019
 
IRJET- Diesel Particulate Filter by using Copper Oxide as a Filter Medium
IRJET- Diesel Particulate Filter by using Copper Oxide as a Filter MediumIRJET- Diesel Particulate Filter by using Copper Oxide as a Filter Medium
IRJET- Diesel Particulate Filter by using Copper Oxide as a Filter Medium
 
Benefits and Challenges of Implementing Carbon Capture and Sequestration Tech...
Benefits and Challenges of Implementing Carbon Capture and Sequestration Tech...Benefits and Challenges of Implementing Carbon Capture and Sequestration Tech...
Benefits and Challenges of Implementing Carbon Capture and Sequestration Tech...
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptx
 
Educause Live
Educause LiveEducause Live
Educause Live
 

More from stilliegeorgiana

1. The Incident Command System (ICS) is a tool forA. Co.docx
1. The Incident Command System (ICS) is a tool forA. Co.docx1. The Incident Command System (ICS) is a tool forA. Co.docx
1. The Incident Command System (ICS) is a tool forA. Co.docxstilliegeorgiana
 
1. The Thirteenth Amendment effectively brought an end to slaver.docx
1. The Thirteenth Amendment effectively brought an end to slaver.docx1. The Thirteenth Amendment effectively brought an end to slaver.docx
1. The Thirteenth Amendment effectively brought an end to slaver.docxstilliegeorgiana
 
1. The Thirteenth Amendment effectively brought an end to slavery in.docx
1. The Thirteenth Amendment effectively brought an end to slavery in.docx1. The Thirteenth Amendment effectively brought an end to slavery in.docx
1. The Thirteenth Amendment effectively brought an end to slavery in.docxstilliegeorgiana
 
1. The Fight for a True Democracyhttpswww.nytimes.com201.docx
1. The Fight for a True Democracyhttpswww.nytimes.com201.docx1. The Fight for a True Democracyhttpswww.nytimes.com201.docx
1. The Fight for a True Democracyhttpswww.nytimes.com201.docxstilliegeorgiana
 
1. The article for week 8 described hip hop as a weapon. This weeks.docx
1. The article for week 8 described hip hop as a weapon. This weeks.docx1. The article for week 8 described hip hop as a weapon. This weeks.docx
1. The article for week 8 described hip hop as a weapon. This weeks.docxstilliegeorgiana
 
1. The Hatch Act defines prohibited activities of public employees. .docx
1. The Hatch Act defines prohibited activities of public employees. .docx1. The Hatch Act defines prohibited activities of public employees. .docx
1. The Hatch Act defines prohibited activities of public employees. .docxstilliegeorgiana
 
1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docx
1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docx1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docx
1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docxstilliegeorgiana
 
1. Some people say that chatbots are inferior for chatting.Others di.docx
1. Some people say that chatbots are inferior for chatting.Others di.docx1. Some people say that chatbots are inferior for chatting.Others di.docx
1. Some people say that chatbots are inferior for chatting.Others di.docxstilliegeorgiana
 
1. Some people say that chatbots are inferior for chatting.Other.docx
1. Some people say that chatbots are inferior for chatting.Other.docx1. Some people say that chatbots are inferior for chatting.Other.docx
1. Some people say that chatbots are inferior for chatting.Other.docxstilliegeorgiana
 
1. Some people say that chatbots are inferior for chatting. Others d.docx
1. Some people say that chatbots are inferior for chatting. Others d.docx1. Some people say that chatbots are inferior for chatting. Others d.docx
1. Some people say that chatbots are inferior for chatting. Others d.docxstilliegeorgiana
 
1. Tell us about yourself and your personal journey that has to .docx
1. Tell us about yourself and your personal journey that has to .docx1. Tell us about yourself and your personal journey that has to .docx
1. Tell us about yourself and your personal journey that has to .docxstilliegeorgiana
 
1. Tell us what characteristics of Loma Linda University are particu.docx
1. Tell us what characteristics of Loma Linda University are particu.docx1. Tell us what characteristics of Loma Linda University are particu.docx
1. Tell us what characteristics of Loma Linda University are particu.docxstilliegeorgiana
 
1. Tell us about yourself and your personal journey that has lea.docx
1. Tell us about yourself and your personal journey that has lea.docx1. Tell us about yourself and your personal journey that has lea.docx
1. Tell us about yourself and your personal journey that has lea.docxstilliegeorgiana
 
1. The Research paper will come in five parts. The instructions are.docx
1. The Research paper will come in five parts. The instructions are.docx1. The Research paper will come in five parts. The instructions are.docx
1. The Research paper will come in five parts. The instructions are.docxstilliegeorgiana
 
1. The minutiae points located on a fingerprint will help determine .docx
1. The minutiae points located on a fingerprint will help determine .docx1. The minutiae points located on a fingerprint will help determine .docx
1. The minutiae points located on a fingerprint will help determine .docxstilliegeorgiana
 
1. The initial post is to be posted first and have 300-500 words.docx
1. The initial post is to be posted first and have 300-500 words.docx1. The initial post is to be posted first and have 300-500 words.docx
1. The initial post is to be posted first and have 300-500 words.docxstilliegeorgiana
 
1. The key elements of supplier measurement are quality, delivery, a.docx
1. The key elements of supplier measurement are quality, delivery, a.docx1. The key elements of supplier measurement are quality, delivery, a.docx
1. The key elements of supplier measurement are quality, delivery, a.docxstilliegeorgiana
 
1. Search the Internet and locate an article that relates to the top.docx
1. Search the Internet and locate an article that relates to the top.docx1. Search the Internet and locate an article that relates to the top.docx
1. Search the Internet and locate an article that relates to the top.docxstilliegeorgiana
 
1. Text mining – Text mining or text data mining is a process to e.docx
1. Text mining – Text mining or text data mining is a process to e.docx1. Text mining – Text mining or text data mining is a process to e.docx
1. Text mining – Text mining or text data mining is a process to e.docxstilliegeorgiana
 
1. Students need to review 3 different social media platforms that a.docx
1. Students need to review 3 different social media platforms that a.docx1. Students need to review 3 different social media platforms that a.docx
1. Students need to review 3 different social media platforms that a.docxstilliegeorgiana
 

More from stilliegeorgiana (20)

1. The Incident Command System (ICS) is a tool forA. Co.docx
1. The Incident Command System (ICS) is a tool forA. Co.docx1. The Incident Command System (ICS) is a tool forA. Co.docx
1. The Incident Command System (ICS) is a tool forA. Co.docx
 
1. The Thirteenth Amendment effectively brought an end to slaver.docx
1. The Thirteenth Amendment effectively brought an end to slaver.docx1. The Thirteenth Amendment effectively brought an end to slaver.docx
1. The Thirteenth Amendment effectively brought an end to slaver.docx
 
1. The Thirteenth Amendment effectively brought an end to slavery in.docx
1. The Thirteenth Amendment effectively brought an end to slavery in.docx1. The Thirteenth Amendment effectively brought an end to slavery in.docx
1. The Thirteenth Amendment effectively brought an end to slavery in.docx
 
1. The Fight for a True Democracyhttpswww.nytimes.com201.docx
1. The Fight for a True Democracyhttpswww.nytimes.com201.docx1. The Fight for a True Democracyhttpswww.nytimes.com201.docx
1. The Fight for a True Democracyhttpswww.nytimes.com201.docx
 
1. The article for week 8 described hip hop as a weapon. This weeks.docx
1. The article for week 8 described hip hop as a weapon. This weeks.docx1. The article for week 8 described hip hop as a weapon. This weeks.docx
1. The article for week 8 described hip hop as a weapon. This weeks.docx
 
1. The Hatch Act defines prohibited activities of public employees. .docx
1. The Hatch Act defines prohibited activities of public employees. .docx1. The Hatch Act defines prohibited activities of public employees. .docx
1. The Hatch Act defines prohibited activities of public employees. .docx
 
1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docx
1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docx1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docx
1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docx
 
1. Some people say that chatbots are inferior for chatting.Others di.docx
1. Some people say that chatbots are inferior for chatting.Others di.docx1. Some people say that chatbots are inferior for chatting.Others di.docx
1. Some people say that chatbots are inferior for chatting.Others di.docx
 
1. Some people say that chatbots are inferior for chatting.Other.docx
1. Some people say that chatbots are inferior for chatting.Other.docx1. Some people say that chatbots are inferior for chatting.Other.docx
1. Some people say that chatbots are inferior for chatting.Other.docx
 
1. Some people say that chatbots are inferior for chatting. Others d.docx
1. Some people say that chatbots are inferior for chatting. Others d.docx1. Some people say that chatbots are inferior for chatting. Others d.docx
1. Some people say that chatbots are inferior for chatting. Others d.docx
 
1. Tell us about yourself and your personal journey that has to .docx
1. Tell us about yourself and your personal journey that has to .docx1. Tell us about yourself and your personal journey that has to .docx
1. Tell us about yourself and your personal journey that has to .docx
 
1. Tell us what characteristics of Loma Linda University are particu.docx
1. Tell us what characteristics of Loma Linda University are particu.docx1. Tell us what characteristics of Loma Linda University are particu.docx
1. Tell us what characteristics of Loma Linda University are particu.docx
 
1. Tell us about yourself and your personal journey that has lea.docx
1. Tell us about yourself and your personal journey that has lea.docx1. Tell us about yourself and your personal journey that has lea.docx
1. Tell us about yourself and your personal journey that has lea.docx
 
1. The Research paper will come in five parts. The instructions are.docx
1. The Research paper will come in five parts. The instructions are.docx1. The Research paper will come in five parts. The instructions are.docx
1. The Research paper will come in five parts. The instructions are.docx
 
1. The minutiae points located on a fingerprint will help determine .docx
1. The minutiae points located on a fingerprint will help determine .docx1. The minutiae points located on a fingerprint will help determine .docx
1. The minutiae points located on a fingerprint will help determine .docx
 
1. The initial post is to be posted first and have 300-500 words.docx
1. The initial post is to be posted first and have 300-500 words.docx1. The initial post is to be posted first and have 300-500 words.docx
1. The initial post is to be posted first and have 300-500 words.docx
 
1. The key elements of supplier measurement are quality, delivery, a.docx
1. The key elements of supplier measurement are quality, delivery, a.docx1. The key elements of supplier measurement are quality, delivery, a.docx
1. The key elements of supplier measurement are quality, delivery, a.docx
 
1. Search the Internet and locate an article that relates to the top.docx
1. Search the Internet and locate an article that relates to the top.docx1. Search the Internet and locate an article that relates to the top.docx
1. Search the Internet and locate an article that relates to the top.docx
 
1. Text mining – Text mining or text data mining is a process to e.docx
1. Text mining – Text mining or text data mining is a process to e.docx1. Text mining – Text mining or text data mining is a process to e.docx
1. Text mining – Text mining or text data mining is a process to e.docx
 
1. Students need to review 3 different social media platforms that a.docx
1. Students need to review 3 different social media platforms that a.docx1. Students need to review 3 different social media platforms that a.docx
1. Students need to review 3 different social media platforms that a.docx
 

Recently uploaded

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...anjaliyadav012327
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 

Recently uploaded (20)

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 

1. Consider a 400-MW, 32 percent efficient coal-fired power plan.docx

  • 1. 1. Consider a 400-MW, 32 percent efficient coal-fired power plant that uses cooling water withdrawn from a nearby river (with an upstream flow of 10-m3/s and temperature 20 °C) to take care of waste heat. The heat content of the coal is 8,000 Btu/lb, the carbon content is 60% by mass, and the sulfur content is 2% by mass. i. How much electricity (in kWh/yr) would the plant produce each year? ii. How many pounds per hour of coal would need to be burned at the plant? iii. Estimate the annual carbon emissions from the plant (in metric tons C/year). iv. Convert the carbon emissions to g C/kJ of energy produced. Compare your answer to that in Problem 2.7 of Homework 3 for petroleum combustion, and Example 2-3 for methane combustion. Comment on why coal is considered the “dirtiest” fossil fuel! v. If the cooling water is only allowed to rise in temperature by 10 °C, what flow rate (in m3/s) from the stream would be required? Is this sustainable? What would you recommend? vi. What would be the river temperature if all the waste heat was transferred to the river water assuming no heat losses during transfer? Would that be a problem? Why or why not. vii. Estimate the hourly SO2 emissions (in kg/h) from the plant assuming that all the sulfur is oxidized to SO2 during combustion. viii. What would be the problem in releasing SO2 to the atmosphere? Is sulfur dioxide a regulated priority pollutant? If yes, report the NAAQS? ix. How would you propose to remove sulfur dioxide at the power plant? x. Report on the required efficiency (in removal %) of the SO2 scrubber, if the plant is only allowed to emit the legal limit of
  • 2. 0.6 lb SO2 per million Btu of heat input. xi. How much particulate matter could be released (in kg/year particulates) if the plant met New Source Performance Standards (NSPS) that limit particulate emissions to 0.03 lb per 106 Btu heat? xii. Comment on the sources of particulates in the plant emissions? We have seen a dramatic decrease in particulate emissions since the 1970 Clean Air Act. How are particulate emissions controlled at stationary sources? 2. Consider an area-source box model for air pollution above a peninsula of land. The length of the box is 50 km, its width is 20 km, and a radiation inversion restricts mixing to 20 m. Wind is blowing clean air into the long dimension of the box at 0.4 m/s. Between 8 and 10 a.m. there are 300,000 vehicles on the road, each being driven 50 km, and each emitting 4 g CO/km. CO gets oxidized to carbon dioxide in the atmosphere. The half- life for CO in the atmosphere is 3 hours. Assume air temperature is 20⁰C. i. Estimate the steady state CO concentration in the air shed (in mg/m3) ii. Convert to ppmv and determine whether it exceeds the NAAQS. iii. If there was no CO at 8 a.m., determine the CO concentration(in mg/m3) at 10 o’clock. iv. How would air quality change if the wind speed picked up to 20 mph (miles per hour)? Here you need to recalculate the steady state CO concentration (in mg/m3). Report 20: May 2019
  • 3. Western Australian Auditor General’s Report Information Systems Audit Report 2019 Office of the Auditor General Western Australia 7th Floor Albert Facey House 469 Wellington Street, Perth Mail to: Perth BC, PO Box 8489 PERTH WA 6849 T: 08 6557 7500 F: 08 6557 7600 E: [email protected] W: www.audit.wa.gov.au National Relay Service TTY: 13 36 77 (to assist people with hearing and voice impairment) We can deliver this report in an alternative format for those with visual impairment.
  • 4. © 2019 Office of the Auditor General Western Australia. All rights reserved. This material may be reproduced in whole or in part provided the source is acknowledged. ISSN: 2200-1931 (Print) ISSN: 2200-1921 (Online) WESTERN AUSTRALIAN AUDITOR GENERAL’S REPORT Information Systems Audit Report 2019 Report 20 May 2019 THE PRESIDENT THE SPEAKER LEGISLATIVE COUNCIL LEGISLATIVE ASSEMBLY INFORMATION SYSTEMS AUDIT REPORT 2019 This report has been prepared for Parliament under the provisions of section 24 and 25 of the Auditor General Act 2006.
  • 5. Information systems audits focus on the computer environments of public sector entities to determine if these effectively support the confidentiality, integrity and availability of information they hold. I wish to acknowledge the cooperation of the staff at the entities included in our audits. CAROLINE SPENCER AUDITOR GENERAL 15 May 2019 Information Systems Audit Report 2019 | 3 Contents Auditor General’s overview ......................................................................................... 4 Application controls audits .......................................................................................... 5 Introduction ............................................................................................... ................... 5 Audit focus and scope ............................................................................................... ... 5 Summary ...............................................................................................
  • 6. ....................... 6 Recruitment Advertisement Management System – Public Sector Commission ........... 8 Advanced Metering Infrastructure – Horizon Power.....................................................16 Pensioner Rebate Scheme and Exchange – Office of State Revenue .........................23 New Land Registry - Titles – Western Australian Land Information Authority ..............29 General computer controls and capability assessments ........................................... 34 Introduction ............................................................................................... ..................35 Conclusion ............................................................................................... ...................35 Background ............................................................................................... ..................35 Audit focus and scope ............................................................................................... ..36 Audit findings ............................................................................................... ................36
  • 7. Recommendations ............................................................................................... .......46 Appendix 1 – Cloud application (SaaS) better practice principles ............................ 47 4 | Western Australian Auditor General Auditor General’s overview This is the eleventh annual Information Systems Audit Report by my Office. The report summarises the results of the 2018 annual cycle of information systems audits, and application reviews completed by my Office since last year’s report. The report contains important findings and recommendations to address common system weaknesses that can seriously affect the operations of government and potentially compromise sensitive information held by entities. All public sector entities should consider the relevance of the recommendations to their unique operations. The newly funded Office of Digital Government has an important role in supporting entities to address these weaknesses and improve
  • 8. their capability and cyber resilience. The first section of the report contains the results of our audit of key business applications at 4 public sector entities. All 4 had weaknesses, the most common of which related to poor contract management, policies, procedures and information security. When government outsources any ICT function, or buys cloud hosted applications, it remains responsible for identifying risks and ensuring appropriate functionality, security and availability controls are in place. Proper due diligence processes must be undertaken, when designing the contract and throughout the term of the contract, to ensure government gets the service it needs and the community expects. The potential effect of any weaknesses includes the compromise of sensitive information. Our Software as a Service (SaaS) better practice principles at Appendix 1 can assist entities in assessing whether to move to the cloud, choosing a provider and with ongoing contract management. The second section presents the results of our general computer controls and capability assessments and I have identified 4 entities that have consistently demonstrated good practices over at least the past 3 years. I was pleased to find that 3 more entities were assessed this year as having mature general computer control environments across the 6 control categories of our assessment. However, the 2 categories
  • 9. of information security and business continuity, continue to show little improvement in the last 11 years. Despite a slight increase in the number of entities assessed as having mature business continuity controls, half of the entities we reviewed still do not manage this area well. Ensuring good security practices are implemented, enforced and regularly tested should be a focus and key responsibility for all entities’ executive teams. Continually raising staff awareness, at all levels, about information and cyber security issues is another proven way to embed good practice and security hygiene into everyday operations. Information Systems Audit Report 2019 | 5 Application controls audits Introduction Applications are software programs that facilitate an organisation’s key business processes including finance, human resources, case management, licensing and billing. Applications also facilitate specialist functions that are unique and essential to individual entities. Each year we review a selection of important applications that entities rely on to deliver
  • 10. services. We focus on the key controls that ensure data is complete, and accurately captured, processed and maintained. Failings or weaknesses in these controls have the potential to affect other organisations and the public. Impacts range from delays in service and loss of information, to possible fraudulent activity and financial loss. Entities can use our better practice principles at Appendix 1 to help ensure any Software as a Service (SaaS) contracts include measures to mitigate risks and protect entity information. Audit focus and scope We reviewed key business applications at a number of state government entities. Each application is important to the operations of the entity and may affect stakeholders, including the public, if the application and related processes are not managed appropriately. The 4 applications covered in this report are: 1. Recruitment Advertisement Management System – Public Sector Commission 2. Advanced Metering Infrastructure – Horizon Power 3. Pensioner Rebate Scheme and Exchange – Office of State Revenue 4. New Land Register – Western Australian Land Information Authority Our application reviews focused on the systematic processing and handling of data in the
  • 11. following control categories: 1. Policies and procedures – are appropriate and support reliable processing of information 2. Security of sensitive information – controls exist to ensure integrity, confidentiality and availability of information at all times 3. Data input – information entered is accurate, complete and authorised 4. Backup and recovery – is appropriate and in place in the event of a disaster 5. Data output – online or hard copy reports are accurate and complete 6. Data processing – information is processed as intended, in an acceptable time 7. Segregation of duties – no staff perform or can perform incompatible duties 8. Audit trail – controls over transaction logs ensure history is accurate and complete 9. Masterfile maintenance, interface controls, data preparation – controls over data preparation, collection and processing of source documents ensure information is accurate, complete and timely before the data reaches the application. Our testing was a point in time assessment. We reviewed a
  • 12. sample of key controls and processes to obtain reasonable assurance that the applications worked as intended and that information they contained and reports were reliable, accessible and secure. Our testing may 6 | Western Australian Auditor General highlight weaknesses in control design or implementation that increase the risk that an application’s information may be susceptible to compromise. However, we do not design our tests to determine if information has been compromised. Summary The 4 applications we reviewed all had control weaknesses. Most related to policies and procedures, and poor information security. We also found weaknesses in controls aimed to ensure the applications function efficiently, effectively and remain available. We reported 37 findings across the 4 applications. Nine findings were rated as significant, 17 moderate and 11 minor. Most of the issues we found are relatively simple and inexpensive to fix. Figure 1 shows the findings for each of the control categories and Figure 2 shows the findings for each of the 4 applications reviewed. Source: OAG
  • 13. Figure 1: Application audits Information Systems Audit Report 2019 | 7 Source: OAG Figure 2: Findings per application 8 | Western Australian Auditor General Recruitment Advertisement Management System – Public Sector Commission Introduction Western Australian (WA) government entities use the Recruitment Advertisement Management System (RAMS) to manage staff recruitment and redeployments, and to record severance details. The public use the system to apply for WA government jobs. The system is externally hosted, and managed by a third-party vendor in a Software as a Service (SaaS) arrangement. It contains personal identifiable and sensitive information such as names, addresses, work history, qualifications, bank details and tax file numbers. Conclusion RAMS has successfully facilitated a significant number of recruitment processes since the application was implemented in 2003. However, we identified a number of opportunities to
  • 14. improve application governance. The Public Sector Commission (the Commission) has not undertaken or received independent assurance that key vendor managed information security controls are adequate and operating to ensure the confidentiality, integrity and availability of information in RAMS. Further, the Commission cannot demonstrate it is monitoring and managing vendor compliance in accordance with the service level agreement and so may not be fully informed of any issues with service delivery or not meeting all users’ needs. There is also a risk that insufficient business continuity planning could see an outage impacting recruitment activities across the whole of the WA government. Poor user access management has the potential to expose personal and sensitive information to inappropriate access or misuse, particularly as the Commission has kept all information stored on the system since 2003. Background RAMS is a mandated whole of government e-recruitment solution. All relevant WA state entities must use the application to advertise vacancies, manage redeployments and record severances. Entities access the application via an internet administration portal. A separate portal is provided for data analysis and reporting. The public can view vacancies, create a profile and submit job applications online through multiple job
  • 15. boards (Figure 3). Information Systems Audit Report 2019 | 9 Source: OAG Figure 3: High-level overview of RAMS In 2017-18, RAMS processed about 238,000 applications for almost 15,400 job advertisements. Currently, there are about 712,000 people with a job seeker profile in the application. The vendor manages the underlying environment (network, storage, servers, virtualisation, operating systems, middleware, runtime, data and applications) and controls to protect the system. The Commission retains ownership of the data and the risks to its confidentiality, integrity and availability (Figure 4). It is also responsible for monitoring delivery of service as per the SaaS contract arrangement. Security responsibility Software (as a service) Governance Entity Data Entity and Vendor Runtime Vendor Middleware Vendor Operating Systems Vendor
  • 16. Virtualisation Vendor 10 | Western Australian Auditor General Servers Vendor Storage Vendor Network Vendor Data Centres Vendor Source: OAG based on RAMS contract and SaaS principles 1 Figure 4: SaaS security responsibilities The WA public sector has used RAMS since 2003. The most recent contract extension was awarded in April 2018 for 2 years. A service level agreement is in place that sets out expectations of service. Audit findings The Commission has not sought adequate assurance on vendor controls The Commission has not undertaken or received independent assurance that key vendor managed information security controls are adequate and operating effectively. As a result, the Commission does not have assurance that information in RAMS is protected to ensure its confidentiality, integrity and availability. We identified the following control deficiencies: • Unsupported software – Some software components that underpin the application are no longer supported by the software vendors. In addition, 1
  • 17. component has not had software updates applied that fix known security vulnerabilities. Unsupported and out– of-date software increases the risk of attackers using known vulnerabilities to gain access to sensitive information or disrupt systems. • Disaster recovery not tested – The vendor has not performed a full disaster recovery test since 2015. The Commission cannot be certain that it can recover the application as required. • Outdated technical specification documentation – The technical documentation describing the application does not reflect the current application environment. The Commission cannot be certain that all appropriate controls are in place to protect the application. Lack of a risk assessment has led to inadequate information security requirements in the contract The Commission did not assess the information security risks to the RAMS application and information at the time of contract or extensions. Without a formal risk assessment, the Commission is less likely to know if controls documented in the contract adequately address risks and vulnerabilities. In a SaaS environment, the customer does not directly manage the controls that protect information. Therefore, it is critical that controls are well defined in the service contract.
  • 18. We found key terms and conditions for security of information are inadequately specified in the contract. Weaknesses we identified include: • No right to conduct security audits – There is no specific right for the Commission to conduct security audits of the RAMS environment. As a result, the Commission may have limited ability to verify security controls. 1 https://cloudsecurityalliance.org/download/security-guidance- v4/ Information Systems Audit Report 2019 | 11 • No controls assurance – There is no requirement for the vendor to provide the Commission with third party assurance reports or certification that controls are in place and operating effectively. The Commission cannot be certain that RAMS and the information it holds are protected. • Unspecified obligation to report data security breaches – The vendor’s obligation and process to report data security breaches to the Commission have not been specified. In addition, there are no defined penalties or indemnities for a security breach. Defining these requirements would allow the Commission to act in a timely
  • 19. fashion and, if necessary, recover costs in the event of a breach. • Encryption not specified – Data encryption requirements to protect sensitive information in transit, at rest and stored on backups have not been specified. For example, the vendor does not encrypt backup tapes which are stored by a third party offsite. If the tapes are lost or stolen the information on them could be inappropriately accessed. The international standard for information security (ISO27002/2015) advises data owners to encrypt backup media where confidentiality is important. • Unspecified data retention – Data retention requirements have not been specified. All information since 2003 has been retained in the system. This information is vulnerable to exposure if the application is compromised. Further, retaining all this information increases the risk that Australia’s Privacy Act 1988 and the European General Data Protection Regulation may be breached, which could result in infringements and reputational damage. The contract should also be consistent with the State Records Office’s General Disposal Authority. This states that job applicant information should be disposed after 7 years for successful applicants and 1 year for unsuccessful applicants. Inadequate access controls increase the risk of unauthorised access or misuse
  • 20. We identified the following weaknesses in access controls to minimise the risk of unauthorised access: • Ineffective user account management – The Commission does not have a policy or a procedure to manage entity user accounts, including highly privileged accounts. In addition, there is no process to routinely review user activity and their levels of access. There is an increased risk of unauthorised access to, or misuse of, information in the application. Ineffective user account management may have contributed to the high number of enabled accounts (approximately 30,000). 26% of these (8,000 accounts) have never been used and 50% (15,000 accounts) have not been used in over 6 months. • Weak password configuration – The ‘admin’ portal does not meet good practice requirements for password complexity and does not limit the re- use of passwords. In addition, multi-factor authentication, where user access is only granted after successful presentation of 2 or more pieces of information, is not required to access the application. This leaves the portal susceptible to password guessing attacks and unauthorised access to information. • Unmanaged generic accounts – Fifty five entities use generic accounts to access the internet facing reporting portal and the password for the generic
  • 21. account is easy to guess. Generic accounts and passwords are shared by email and the Commission does not know who has been given this information. As the password is easy to guess and not changed on a regular basis, staff moving within or leaving an entity may retain access to the reporting portal, increasing the likelihood of unauthorised access and disclosure. 12 | Western Australian Auditor General Inadequate business continuity arrangements We identified the following weaknesses in the Commission’s business continuity arrangements that increase the risk that RAMS may not be restored in a timely manner after a disruption: • Out of date business continuity plan – The Commission has not reviewed the RAMS Business Continuity Plan since 2014. Further, stakeholder entities’ critical functions, processes and their recovery objectives were not considered during the 2014 business impact analysis. There is an increased risk that RAMS may not operate adequately during an incident and key stakeholder recovery requirements have not been specified in the vendor service contract. • Ineffective escrow management – A software escrow
  • 22. agreement is in place, but the vendor has not deposited the code, data or documentation as required by the contract. The Commission was not aware of this since it had not verified the deposits to confirm that RAMS can be recovered from escrow. Without escrow deposits, the Commission will not be able to recover and continue the use of RAMS if the vendor can no longer provide the services. A software escrow helps protect all parties in a software license by having a third party (escrow agent) hold application source code, data and documentation. It ensures the Commission has access to a copy of the system, under certain contractual conditions. Vendor compliance has not been well monitored to ensure RAMS meets entities’ needs We identified weaknesses in how the Commission manages the service level agreement (SLA). These increase the risk that the Commission will not receive the contracted services, or be aware of issues with the vendor’s service delivery. In particular, the Commission has not implemented key requirements of the SLA to manage the contracted service delivery. For example, the Commission has not: • held annual contract review and periodic contract management meetings • established, or allocated, a governance body to support
  • 23. forward planning and provide feedback on vendor performance • conducted annual user satisfaction surveys since 2013 • received application backup reports and capacity management plans from the vendor. We note that the Commission does hold quarterly and ad hoc meetings with the vendor. The Commission informed us that the 3rd quarter meeting is considered to be the annual review of the contract. However, we found no documentary evidence of an annual contract or SLA review in our examination of the most recent 3rd quarter meeting agenda or minutes. Important application management processes could be improved to reduce the risk of unplanned system downtime The Commission and vendor have not adequately documented, and do not routinely follow, change and incident management processes to manage issues with the application (e.g. incidents). Inadequate change and incident management can lead to unplanned system downtime and recurring issues. We identified the following weaknesses: • Changes are not properly managed – Change management documentation is unclear and inconsistent. In addition, the vendor had not provided detailed change
  • 24. Information Systems Audit Report 2019 | 13 process documentation as required by the SLA. We tested 2 changes which identified that: o the formal contract change template is not used o written confirmation of regression testing, to confirm changes have not negatively affected existing functions, and user acceptance testing is not performed. • Incidents are not properly recorded, classified and analysed – The Commission does not record incidents and service requests in an appropriate service desk tool, increasing the risk that incidents may not be resolved in a timely manner. We note that the vendor does provide the Commission with incident volume reports. However, we found that incidents are not classified to allow trend analysis, and there is no documented process for identifying the root cause of recurring incidents. There is an increased risk that recurring incidents may not be identified and addressed. 14 | Western Australian Auditor General Recommendations The Commission should:
  • 25. 1. implement a risk assurance framework for SaaS arrangements and conduct a risk assessment of the RAMS application and information. Update contractual terms based on identified risks Commission response: Agreed Implementation timeframe: by December 2019 2. implement appropriate mechanisms and processes to manage and monitor SLA contractual obligations Commission response: Agreed Implementation timeframe: by December 2019 3. establish a suitable mechanism for obtaining feedback from stakeholders in key entities Commission response: Agreed Implementation timeframe: by July 2019 4. implement appropriate user account management practices and communicate these to all entities Commission response: Agreed Implementation timeframe: by October 2019 5. review and update the RAMS Business Continuity Plan based on an appropriate Business
  • 26. Impact Analysis involving key stakeholders, and update contractual availability requirements, if required. Commission response: Agreed Implementation timeframe: by December 2019 Information Systems Audit Report 2019 | 15 Response from the Public Sector Commission The Commission notes the feedback and recommendations provided and undertakes to implement these recommendations. The current whole-of-government e-recruitment system (RAMS) has had no security breaches since its inception in 2003. The Commission is confident that users’ information is protected to ensure its confidentiality, integrity and availability. The information provided in the audit will assist the Commission in enhancing the management of this contract, and will guide its future contractual requirements relating to information technology security as well as its auditing and application control requirements.
  • 27. 16 | Western Australian Auditor General Advanced Metering Infrastructure – Horizon Power Introduction Our audit focused on the applications within the Advanced Metering Infrastructure used by the Regional Power Corporation, trading as Horizon Power (Horizon), to record, monitor and bill for the consumption of electricity. The applications store personal and sensitive client information such as customer name, address, date of birth and locations where electricity meters are installed. Conclusion The AMI system achieves its purpose. It collects and stores electricity consumption data and communicates the information to other Horizon business systems. However, the integrity and confidentiality of the system and information it holds is at risk due
  • 28. to inadequate background checks and contractor access management. Improved network and database security controls would also strengthen system integrity. Background Horizon, is a state government-owned corporation that generates, procures and distributes electricity to residential, industrial and commercial customers in regional towns and remote communities. Currently it provides electricity to over 100,000 residents and 10,000 businesses. Horizon has a suite of applications to manage electricity consumption and billing. Together, they are referred to as Advanced Metering Infrastructure (AMI). These include the MV90, Velocity, MDR, MData21 and SSN systems. Our audit focused on the MV90 commercial metering system, and associated applications including the ‘My Account’ portal. The following figure (Figure 5) shows an overview of information flow across the different parts of the AMI system. Information Systems Audit Report 2019 | 17 Figure 5: High level view of AMI system
  • 29. In October 2016, more than 47,000 ageing electricity meters across regional WA were replaced with advanced meters. These meters allow Horizon to use the MV90 and other systems to collect electricity consumption data over the network without staff having to physically visit customer sites. Audit findings There are appropriate processes to detect and remedy consumption errors before bills are issued, but the value of errors is high Horizon has good processes to detect and remedy data errors in consumption readings. Consumption readings occur daily for all advanced meters with network access. The Velocity system reports significant billing variances for early corrective action where required, and account managers review bills before they are issued to commercial customers. In 2017-18, Horizon corrected errors valued at $1.43 billion (Figure 6). These comprised errors of $1.42 billion for one commercial customer and $8.5 million for other commercial customers. The $1.42 billion error arose from the manual reading of the customer’s meter which does not have network access and must be read using a handheld device. Remaining errors were due to factors such as incorrect rates being applied to a customer, incorrect data and system changes. While Horizon resolves errors as they arise, their high value is concerning.
  • 30. 18 | Western Australian Auditor General Figure 6: Data errors corrected in FY 2017-18 Inadequate human resource security and contractor access management Horizon’s policies …