Out of 70 findings from a series of conducted audits, over 50 per cent related to the "management of information technology controls", especially the management of privileged user access.
"To reduce the risks associated with this access, the ISM recommends that privileged user access be appropriately restricted and when provided, that the access is logged, regularly reviewed and monitored," the report from the auditor-general said.
"Five moderate and eight minor findings relate to entities that have not implemented adequate logging and monitoring procedures over privileged user accounts. There were also five minor findings relating to access rights for both privileged and regular users not being monitored for appropriateness."
The report went on to recommend that "entities need to focus on processes to monitor IT controls to prevent reccurrence of issues".
In early February, a "limited amount" of non-confidential data was stolen by hackers in a breach against Parliament House, however an investigation revealed that none of the data was deemed sensitive.
"Australian Signals Directorate (ASD) and its Australian Cyber Security Centre will continue to work with DPS to understand the full extent of this network compromise. Meanwhile, the necessary steps are being taken to mitigate the compromise and prevent any harm," a release from ASD said at the time.
"At this early stage, our immediate focus is on securing the network and protecting its users. Proper and accurate attribution of a cyber incident takes time."
Users of the parliamentary computing system were forced to reset their passwords following the breach for "abundance of caution".