We’re here to Assure, Explain and Inspire.
The Auditor General is the statutory external auditor of most of the Welsh public sector.
Our key strength is our wide range of skills and knowledge that has arisen from our position as the the statutory external auditor
See our current and previous consultations
This section sets out how you may request information from us and provides some direct links to information of wider public interest.
Governance and oversight at Audit Wales
Our accounts are audited by an independent firm appointed by the Welsh Parliament.
Our Executive Leadership Team is responsible for directing the organisation
The Auditor General is responsible for auditing most of the public money spent in Wales.
See our work around the COVID-19 pandemic
Audit Services has a reach of over 800 public bodies across Wales covering financial and performance audit
Our programme of shared learning events focusses on topics that are common across public services
Having a strategic, dynamic and high quality audit programme is a key focus of our strategy
The NFI matches data across organisations and systems to help public bodies identify fraud and overpayments.
We work with others from across the Welsh public sector and beyond
See our latest news, blogs, events and more
Find out the latest news
See our blogs on many different topics
Access our data tools and useful data sources
View our videos on our YouTube channel
Our events bring together individuals from across the Welsh public sector
Access all the resources from our shared learning events
We have installed ReadSpeaker’s webReader, which allows visitors to instantly convert online content to audio on our website.
Click on the icon above to try this out, and take advantage of the full range of useful webReader features by clicking the link below.
This accessibility statement applies to www.audit.wales. This website is run by Audit Wales. We want as many people as possible to be able to use this website.
View accessibility statement
We’re always looking to improve the accessibility of this website. If you find any problems not listed on this page or think we’re not meeting accessibility requirements, contact:
A follow on from our Cyber Resilience webinar in September.
Even Billy Idol was talking about cyber back in ’93 (see his ‘Cyberpunk’ album). I’m not a fan by the way, but facts like these are only a quick Google search away.
According to Wikipedia, the album was a critical and financial failure. And strangely, these are the exact kinds of failures that can result from weak organisational cyber resilience.
Cyber resilience is really important. That is one of the key messages that came out of our webinar on cyber resilience at the end of September. And we will reinforce that message when we publish our national report on cyber resilience (focusing on Board level oversight of cyber), which we hope will be out in December or January.
I was happy to play a small role as part of the webinar panel, which also included colleagues from Audit Wales, alongside experts in their field from Welsh Government, the National Cyber Security Centre (NCSC), the NHS and other smaller Welsh public sector organisations.
The panel considered the emerging findings from our survey of Board members and Heads of ITs (or equivalent) at around 70 bodies. The session seemed to go well, and I hope that those that attended felt the same.
The panel were insightful and helped to add useful context to some of the stats and feedback we collected, saying things which others can take away and put to good use in their own organisations. Nuggets included:
We also touched upon the theme of COVID-19, and the associated cyber risks. The kind of people who attack systems are well aware that COVID-19 has put most organisations under extraordinary pressure, so they will use stealth and try and break into systems using COVID-19 as a distraction. 60% of respondents to our survey have changed their approach to cyber resilience because of the pandemic, and we’ve been given around 30 examples of what they’ve done. These include refreshing policies, increasing communications with staff, increasing training and awareness, investing in a security incident event management system, and implementing secure ways of working for remote staff.
Normally these blogs wrap up by referring back to what was said in the first couple of paragraphs alongside another cheesy joke, but I’ll try not to do that. Plus, I can’t think of any linkages to white weddings or wanting more, more, more.
Keep an eye out for our report!