You are an external auditor with the federal government audit office responsible for undertaking audits of all federal government departments. In this capacity you conduct audits not only to determine whether government agencies have expended public funds in accordance with government directives but also to evaluate whether public funds have been expended effectively and efficiently.

Recently, one of the large government departments has established a statistical database containing substantial amounts of information on social welfare recipients. For example, the database contains health information, pension entitlements information, and financial status information. Much of the information is considered by the federal government to be confidential. The database has been established, however, under authority from the federal government to allow high-quality research to be undertaken on social-welfare recipients. The federal government has pointed to its burgeoning expenditures on social welfare. It argues that it wishes to expend monies where they are most needed and that research is needed, therefore, to plan expendi-

tures, especially in light of an aging population. Moreover, it is concerned about an apparent rise in social-welfare fraud, and it believes that better research might enable losses to be controlled more successfully.

You are a member of the audit team undertaking the first examination of the system as it progresses through its design phases. When you ask the project manager about the controls to be built into the system to preserve the privacy of information about people, she indicates that query-set size controls will be used. When you ask about the nature of these query-set size controls, she indicates that the query set size must be greater than three records or less than \(n-3\), where \(n\) is the size of the database, before a response will be provided to users.

After some reflection, you express concern that a minimum query-set size of three and a maximum query-set size of \(n-3\) could allow compromise of the database. The project manager responds, however, that the decision on query-set size has been chosen only after extensive consultation with researchers who are likely to use the database. They have argued strongly that the information loss will be too great if the minimum query-set size is increased or the maximum query-set size is decreased. When you ask the project manager whether any other controls will be implemented to preserve the privacy of data about people who have their records stored in the database, she indicates that no other controls will be used. She comments that the government has allocated only limited funds for the project. As a result, the controls chosen must be cheap to implement, operate, and maintain.

Required: Write a brief report for your manager outlining any exposures you believe should be brought to the attention of the government. If you believe any serious exposures exist, provide some brief recommendations to help overcome them. In this regard, be mindful of the tight budget imposed upon the project.