Internal Controls and Governance 2018
The Auditor-General for New South Wales Margaret Crawford found that as NSW state government agencies’ digital footprint increases they need to do more to address new and emerging information technology (IT) risks. This is one of the key findings to emerge from the second stand-alone report on internal controls and governance of the 40 largest NSW state government agencies, released today.
A key risk area is how agencies manage the many IT vendors they now use to provide their IT services. While using IT vendors does give agencies access to a larger pool of talent and leverage the investments others have made in technology, these arrangements need to be properly managed.
‘While most agencies monitor the performance of their IT vendors, very few seek assurance that vendor supplied performance data, often used to enforce penalties or determine performance based payments, is accurate and complete,’ said the Auditor-General.
Agencies annual reports are also not giving a clear and comprehensive picture of their performance. The use of targets and reporting over time was limited and applied inconsistently. And only 57 percent of agencies linked reporting on their performance to their strategic objectives.
Reporting on projects could also be improved. Common deficiencies included not reporting on costs to date, expected completion dates, significant cost overruns, delays, amendments, deferments or cancellations.
The report provides insights into the effectiveness of controls and governance processes across the NSW public sector. It evaluates how agencies identify, mitigate and manage risks related to:
information technology (IT), including IT vendor management
transparency and performance reporting
management of purchasing cards and taxis
fraud and corruption control.
Overall, the report makes nine recommendations to help agencies improve internal controls and governance, and in turn deliver their services more effectively. It also reviews how agencies have progressed previous recommendations.
Barry Underwood, Director, Office of the Auditor-General, on 0403 073 664 and email email@example.com.