Most of the 75 weaknesses related to poor information security and policies and procedures, Auditor-General Caroline Spencer said.