The AGSA assessment of IT system controls for the 2010/11 financial year revealed that a number of control deficiencies over security management, user access control, IT service continuity and program change management. Furthermore, IT governance framework not yet fully developed and implemented. The governance framework was being development and implemented in stages.