Central Agencies 2020

Executive summary

This report analyses the results of our audits of the financial statements of the Treasury, Premier and Cabinet, Customer Service cluster agencies (central agencies), and the Legislature for the year ended 30 June 2020. The table below summarises our key observations.

1. Financial reporting

Audit opinions and timeliness of reporting

Unqualified audit opinions were issued on the 2019–20 financial statements of central agencies and the Legislature.

The audit opinion on the Social and Affordable Housing NSW Fund's compliance with the payment requirements of the Social and Affordable Housing NSW Fund Act 2016 was qualified.

All agencies met statutory deadlines for submitting
financial statements. 

Agencies were financially impacted by recent emergency events The NSW Government allocated $1.4 billion to provide small business support and bushfire recovery relief, support COVID-19 quarantine compliance management, recruit more staff to respond to increased customer demand, and meet additional COVID-19 cleaning requirements. Agencies spent $901 million (64 per cent of the allocated funding) for the financial year ended 30 June 2020. NSW Self Insurance Corporation reported an increase of $850 million in its liability for claims related to emergency events.
AASB 16 'Leases' resulted in significant changes to agencies' financial position The implementation of new accounting standards was challenging for many agencies. The New South Wales Government Telecommunications Authority was not well-prepared to implement AASB 16 'Leases' and had not completely assessed contracts that contained leases. This resulted in understatements of leased assets and liabilities by $56 million which were subsequently corrected.
Implementation of new revenue standards NSW Treasury did not adequately implement the new revenue standard AASB 1058 ‘Income of Not-for-Profit Entities’ for the Crown Entity. This resulted in understatements of $274 million in opening equity and $254 million to current year revenue, which have been corrected in the final financial statements.

2. Audit observations

Management letter findings and repeat issues Our 2019–20 audits identified nine high risk and 122 moderate risk issues across central agencies and the Legislature. The high risk issues were identified in the audits of:
  • Insurance and Care NSW
  • New South Wales Government Telecommunications Authority
  • Rental Bond Board
  • Independent Commission Against Corruption
  • NSW Treasury
  • Crown Entity
  • Department of Premier and Cabinet.

High risk findings include:

  • Insurance and Care NSW (icare) allocates service costs to the Workers Compensation Nominal Insurer, and the other schemes it supports. The documentation supporting cost allocations does not demonstrate how these allocations reflect actual costs. There is a risk of the Workers Compensation Nominal Insurer being overcharged.
  • New South Wales Government Telecommunications Authority's delay in capitalisation and valuation of material capital projects; and insufficient work performed to implement the new accounting standard AASB 16 ‘Leases’.
  • NSW Treasury's four-year plan to transition RailCorp to a for-profit State Owned Corporation called Transport Asset Holding Entity of New South Wales (TAHE) by 1 July 2019, remains to be implemented. On 1 July 2020, RailCorp converted to TAHE. A large portion of the planned arrangements are still to be implemented. As at the time of the audit, the TAHE operating model, Statement of Corporate Intent (SCI) and other key plans and commercial agreements were not finalised. In the absence of commercial arrangements with the public rail operators, there is a lack of evidence to demonstrate TAHE’s ability to create a commercial return in the long term. This matter has been included as a high risk finding in our management letter as there may be financial reporting implications to the State if TAHE does not generate a commercial return for its shareholders in line with the original intent. NSW Treasury and TAHE should ensure the commercial arrangements, operating model and SCI are finalised in 2020–21.

Of the 122 moderate risk issues, 36 per cent were repeat issues. The most common repeat issue related to weaknesses in controls over information technology user access administration, which increases the risk of inappropriate access to systems and records.

Grants administration for disaster relief Service NSW delivers grants responding to emergency events on behalf of other NSW Public Sector agencies. Since the first grant program commenced in January 2020, Service NSW processed approximately $791 million to NSW citizens and businesses impacted by emergency events for the financial year ended 30 June 2020. A performance audit of grants administration for disaster relief is planned for 2020–21. It will assess whether grants programs administered under the Small Business Support Fund were effectively designed and implemented to provide disaster relief.
Internal controls at GovConnect NSW service providers require enhancement

GovConnect NSW provides transactional and information technology services to central agencies. It engages an independent service auditor (service auditor) from the private sector to perform annual assurance reviews of controls at service providers, namely Infosys, Unisys and the Department of Customer Service (DCS). The service auditor issued:

  • unqualified opinions on information technology and business process controls at Infosys and Unisys, but there was an increase in control deficiencies identified in the user access controls at these service providers
  • a qualified opinion on DCS's information technology (IT) security monitoring controls because security tools were not implemented and monitored for the entire financial year. Responsibility for IT security monitoring transitioned from Unisys to DCS in 2019–20. These control deficiencies can increase the risk of fraud and inappropriate use of sensitive data.

These may impact on the ability of agencies to detect and respond to a cyber incident.

Recommendation:

We recommend DCS work with GovConnect service providers to resolve the identified control deficiencies as a matter of priority.

The NSW Public Sector's cyber security resilience needs to improve

The NSW Cyber Security Policy requires agencies to provide a maturity self-assessment against the Australian Cyber Security Centre (ACSC) Essential 8 to the head of the agency and Cyber Security NSW annually. Completed self-assessment returns highlighted limited progress in implementing the Essential 8.

Repeat recommendation:

Cyber Security NSW and NSW government agencies need to prioritise improvements to their cyber security resilience as a matter of urgency

Three Insurance and Care NSW (icare) entities had net asset deficiencies at 30 June 2020 The Workers Compensation Nominal Insurer, NSW Self Insurance Corporation and the Lifetime Care and Support Authority of NSW all had negative net assets at 30 June 2020. These icare entities did not hold sufficient assets to meet the estimated present value of all of their future payment obligations at 30 June 2020. The deterioration in net assets was largely due to increases in outstanding claims liabilities. Notwithstanding the overall net asset deficiencies, the financial statements for these entities were prepared on a going concern basis. This is because future payment obligations are not all due within the next 12 months. Settlement is instead expected to occur over years into the future, depending on the nature of the benefits provided by each scheme.
icare has not been able to demonstrate that its allocation of costs reflects the actual costs incurred by the Workers Compensation Nominal Insurer and other schemes

Costs are incurred by icare as the 'service entity' of the statutory scheme it administers, and then subsequently recovered from the schemes through 'service fees'. In the absence of documentation supported by robust supporting analysis, there is a risk of the schemes being overcharged, and the allocation of costs being in breach of legislative requirements.

Recommendation:

icare should ensure its approach to allocating service fees to the Workers Compensation Nominal Insurer and the other schemes it manages, is transparent and reflects actual costs.

icare did not comply with GIPA requirements icare did not comply with the Government Information (Public Access) Act 2009 (GIPA) contract disclosure requirements in 2019–20 and has not complied for several years. A total of 417 contracts were identified by management as not having been published on the NSW Government’s eTendering website. The final upload of these past contracts occurred on 20 August 2020.
Implementation of Machinery of Government (MoG) changes MoG changes impacted the governance and business processes of some agencies. Our audits identified and reported areas for improvement in the consolidation of corporate functions following MoG implementation processes at Infrastructure NSW and in the Customer Service cluster.

1. Introduction

This report provides Parliament and other users of NSW Government central agencies' financial statements and the Legislature's financial statements with the results of our financial audits, observations, analyses, conclusions and recommendations.

Emergency events, such as bushfires, floods and the COVID-19 pandemic significantly impacted agencies in 2019–20. Our findings on nine agencies that were most impacted by recent emergency events are included throughout this report.

Refer to Appendix one for the names of all central agencies and Appendix four for the nine agencies most impacted by emergency events.

1.1 Snapshot of the clusters

A snapshot of the financial results of the Treasury, Premier and Cabinet, and Customer Service clusters for the year ended 30 June 2020 is illustrated below.

Source: Financial statements (audited).

1.2 Changes to the clusters

The 2018–19 'Central Agencies' Report to Parliament reported significant Machinery of Government (MoG) changes in central agencies. These were implemented through Administrative Changes Orders issued on 2 April 2019 and 1 May 2019 and took effect on 1 July 2019. Since 1 July 2019, there have been further changes in the Premier and Cabinet and Customer Service clusters.

The ‘Administrative Arrangements (Administrative Changes – Resilience NSW) Order 2020’, effective from 1 May 2020, established Resilience NSW as a public service executive agency related to the Department of Premier and Cabinet (DPC) in Part 2 of Schedule 1 of the Government Sector Employment Act 2013. This Order also transferred persons employed in the Office of Emergency Management in the Department of Communities and Justice to Resilience NSW.

The Aboriginal Languages Trust was proclaimed in May 2020 by Aboriginal Affairs NSW, under the Aboriginal Languages Act 2017 following the appointment of members to the inaugural Aboriginal Languages Trust Board.

The ‘Administrative Arrangements (Administrative Changes - Miscellaneous) Order 2020’, effective from 1 July 2020, transferred the Aboriginal Cultural Heritage Regulation Branch from the Department of Planning, Industry and Environment to DPC.

Commencement of the Building and Development Certifiers Act 2018 on 1 July 2020 repealed the Building Professional Act 2005 which dissolved the Building Professionals Board (the Board) at 1 July 2020. The balance of the Board's fund was transferred to the Department of Customer Service and other assets and liabilities were transferred to the Crown Entity in October 2020.

The Crown Entity acts as a residual entity for NSW whole-of-government transactions that are not the responsibility of any other State government agency. It collects State taxation, Commonwealth contributions and financial distributions from certain NSW agencies and pays appropriations to principal general government agencies. The current financial reporting arrangements for transactions reported in the Crown Entity is being reviewed by NSW Treasury.

1.3 Service delivery in the clusters

The Treasury cluster

The Treasury cluster is the government’s principal financial and economic adviser. The cluster reports a large proportion of the State's expenses relating to whole-of-state assets and liabilities.

The State Outcomes assigned to the Treasury cluster are shown below.

State Outcome Description
Driving the economic growth of NSW Driving whole-of-state economic policy and strategy, with a focus on enhancing the wellbeing of NSW citizens, creating a competitive business and investment environment, supporting and attracting new and expanding businesses to create jobs for the people of NSW and growing the visitor economy.
Effective capital and balance sheet optimisation Managing whole-of-state financial asset and liability activities, as measured by investment and debt performance. Maintaining strong financial management through accurate data and advice. Working towards the State’s objective of fully funding Defined Benefit Superannuation by 2030*.
Sustainable fiscal position to enable the delivery of outcomes Providing informed fiscal, economic, commercial and financial analysis and advice. Maintaining the State's triple A rating through implementing comprehensive financial management strategies, and meeting revenue and expenditure growth targets.

* The State’s objective of fully funding of the Defined Benefit Superannuation liability has been changed from 2030 to 2040 per NSW Budget Papers 2020–21.
Source: NSW Budget Papers 2019–20. Delivery of COVID-19
Delivery of COVID-19 relief stimulus packages

From March 2020, NSW Treasury had responsibility for delivering several NSW Government stimulus package initiatives and received $864 million in funding for these initiatives. Of most significance was NSW Treasury's roll out of the $10,000 Small Business Grants Fund and a temporary grants program to support small business and not-for-profit organisations impacted by COVID-19. This program was allocated $750 million in funding. At 30 June 2020, NSW Treasury had spent $533 million. NSW Treasury also received $105 million to implement and fund arrangements for quarantine compliance management of returning international travellers.

A performance audit of grants administration for disaster relief is planned for 2020–21. It will assess whether grants programs administered under the Small Business Support Fund were effectively designed and implemented to provide disaster relief.

New South Wales Treasury Corporation

The New South Wales Treasury Corporation (TCorp) provides financial markets and investment management services to State and Local Governments, public authorities and other public bodies.

Financial markets services include managing the state’s annual funding program, and lending to public sector clients. In 2019–20 this included raising $27.8 billion from debt markets to fund NSW Government spending initiatives, which increased TCorp’s assets to $99.7 billion at 30 June 2020 ($74.5 billion at 30 June 2019).

Investment management services provided by TCorp comprises managing the investments of public sector clients through the TCorpIM Funds and other customised portfolios, in return for investment management fees. TCorp managed funds of $103 billion at 30 June 2020 ($107 billion at 30 June 2019). The decrease of $4.0 billion was primarily due to spending from the NSW Infrastructure Future Fund.

Premier and Cabinet cluster

The Premier and Cabinet cluster supports the Premier and the Cabinet in delivering the government’s objectives to the people of New South Wales.

The State Outcomes assigned to the Premier and Cabinet cluster are shown below.

State Outcome Description
Effective and coordinated government Coordinating government policy initiatives, overseeing infrastructure investment and facilitating the delivery of key urban renewal precincts.
Accountable and responsible government Ensuring a robust democracy, upholding the integrity of government, fighting corruption, enhancing public sector capability and improving service delivery.
Empowering Aboriginal communities Transforming the relationship between Aboriginal people and the NSW Government through the delivery of Opportunity, Choice, Healing, Responsibility and Empowerment (OCHRE).
Excellence in arts, culture and heritage Developing and supporting arts and culture, increasing attendance at cultural events, and sustaining cultural precincts and infrastructure. Protecting, preserving and enabling public access to our State's heritage.

Source: NSW Budget Papers 2019–20.
Major capital projects

Infrastructure NSW (INSW) manages the procurement and delivery of nominated priority infrastructure projects including:

  • Sydney Modern Project
  • Walsh Bay Arts Precinct
  • Sydney Football Stadium
  • Powerhouse Parramatta
  • New Sydney Fish Market.

The Premier of NSW signed a Project Authorisation Order on 12 April 2018, declaring INSW responsible for the planning, procuring and delivering redevelopment of the Sydney Football Stadium.

On 28 April 2018, the NSW Government announced its intention to relocate the Powerhouse Museum from Ultimo to Parramatta. On 4 July 2020, the government confirmed the Powerhouse Ultimo will be retained and continue to operate alongside the new Powerhouse in Paramatta.

Budget process for independent oversight bodies and the Parliament of New South Wales

The independent integrity agencies are grouped within the Premier and Cabinet cluster. A performance audit 'The effectiveness of the financial arrangements and management practices in four integrity agencies' was tabled in Parliament in October 2020. The audit made several recommendations to safeguard the financial arrangements and management practices of the Independent Commission Against Corruption, the Law Enforcement Conduct Commission, the NSW Ombudsman and the NSW Electoral Commission.

Promoting public sector diversity

The Public Service Commission (PSC) leads the Premier’s Priority aimed at increasing women and Aboriginal and Torres Strait Islander people in senior leadership roles and the proportion of government sector roles held by people with a disability.

Customer service cluster

The Customer Service cluster aims to deliver and exceed customer expectations of NSW Government services. This includes the accelerated use of digital data and behavioural insights. The State Outcomes assigned to the Customer Service cluster are shown below.

State Outcome Description
Excellence in customer service Improving customers’ satisfaction with NSW Government services through a customer-centred approach to everything we do, resulting in better customer experiences and easier transactions.
Digital leadership and innovation in government services Investing in innovation and technology to improve the availability, reliability and se
Competitive, fair and secure markets Improving and simplifying regulation in New South Wales to make it easier and safer for businesses and consumers to transact.

Source: NSW Budget Papers 2019–20.
State revenue and taxation

Revenue NSW, a division of the Department of Customer Service (DCS) has a key role in managing the State’s finances. It administers State taxation, manages fines, recovers State debt and administers grants and subsidies.

In response to COVID-19, the NSW Government provided the following key tax relief measures:

  • Payroll tax – taxpayers can defer payroll tax payments for their 2019–20 liabilities until 30 October 2020. Businesses with total grouped Australian wages for 2019–20 of $10.0 million or less will have their annual tax liability reduced by 25 per cent.
  • Land tax – commercial and residential landowners are eligible for reduced land tax if they provided rent relief to tenants experiencing financial distress as a result of COVID-19 between 1 April 2020 and 30 September 2020. An additional concession is available from 1 October 2020 to 31 December 2020 if landlords reduced rents before 30 September 2020.
  • Gaming machine taxes – gaming machine tax payments by clubs and hotels for the assessment period 1 December 2019 to 30 June 2020 were deferred until 1 September and 1 October 2020 respectively

The table below shows an overview of the State's revenue administered by Revenue NSW:

State taxation revenue 2019–20 Total $ billion 2018–19 Total $ billion
Payroll tax  9.8 10.6
Duties 8.8 9.3
Land tax 4.6 4.2
Gaming and racing 2 2.3
Mining royalties  1.7 2.1
Other revenue  2.4 2.4
Total  29.3 30.9

Source: Financial statements (audited).
Service NSW

Service NSW is the lead customer service touch point for delivering whole-of-government services and advice. Since its establishment in 2013, the range and volume of services it offers has expanded. It provides customer services to 47 government divisions/agencies and administers 13 programs across these divisions/agencies.

The Minister for Customer Service requested a performance audit to assess how effectively Service NSW handles personal customer and business information to ensure its privacy, following a significant cyber and data breach in 2020. The report is expected to be tabled in December 2020.

The following snapshot shows key programs managed by Service NSW.

Program  Purpose  Period  Total budget/ estimate $ million(a)  Total spend to 30 June 2020 $ million(b)
Small Business COVID-19 (up to $10,000)  Payments of up to $10,000 to eligible business owners who earn 30 per cent less in revenue for the previous three months  April to June 2020  750 533
 Active Kids  Two $100 vouchers for school-enrolled children to use towards sport and active recreation costs each year  31 January 2018 to 31 December 2021  207 116
Creative Kids  One $100 voucher for every school-aged child per year to help meet the cost (of lessons and fees) of creative and cultural learning activities outside school  1 January 2019 to 31 December 2022 216 27
Compulsory Third Party (CTP) Rebate Provides refunds to customers who purchased or renewed their green slip before 1 December 2017 (upon commencement of the new scheme, CTP green slip prices were reduced for most classes of vehicles from 1 December 2017). The concession rebate amount is pro-rated based on the purchase of CTP in 2017 under the old scheme 1 December 2017 to 30 September 2019 197 195
Small Business Bushfire Grant ($10,000) Payments of $10,000 to small businesses that have suffered a decline in revenue of 40 per cent or more in a three month period, compared to the same period in the previous year, as a result of the NSW 2019–20 bushfires (beginning in August 2019). Located within the 30 specified Local Government Areas (LGA) February to target date of 15 December 2020 185 188
Small Business Recovery Grant (up to $50,000) Payments to small business or not-for-profit organisations that suffered direct damage to premises or equipment from the NSW 2019–20 bushfire event (beginning in August 2019), to help pay for costs associated with the clean-up and reinstatement of a small business or not-for-profit organisation’s operations February to target date of 15 December 2020 58 60

Source:
(a) Service NSW (unaudited).
(b) Agencies’ financial statements (audited).
 

Establishment of the Digital Restart Fund

In June 2020, the NSW Government announced a $1.6 billion investment into the Digital Restart Fund (the Fund). The funding is directed at:

  • a commitment of $240 million to enhance NSW Government’s cyber security capability
  • providing more government services online and via Service NSW
  • improving the digital experience across agencies, including education and health.

The Fund will primarily receive Parliamentary appropriations or advances by the Treasurer, and will have initial funding of $100 million over two years. The Minister for Customer Service will control and manage the Fund and will be required to produce a report each year in a form determined by the Treasurer. The report is also to include an audit of the Fund by the Auditor-General on whether the payments from the Fund have been made in accordance with the Act. The annual report will be made publicly available within six months of the end of the year to which it relates.

Digital information security

DCS leads the whole-of-government digital and information and communication technology strategy. The digital transformation initiative includes:

  • the 'Beyond Digital' strategy to update the existing 2017 digital strategy document
  • the establishment of the Digital Restart Fund
  • the development and launch of the digital design system.

2. Financial reporting

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely. This chapter outlines our audit observations on the financial reporting of central agencies and the Legislature for 2020, including the financial implications from recent emergency events.

Section highlights

  • Unqualified audit opinions were issued on the 2019–20 financial statements of central agencies and the Legislature. All agencies met the statutory deadlines for submitting their financial statements.
  • The audit opinion on the Social and Affordable Housing NSW Fund's compliance with the payment requirements of the Social and Affordable Housing NSW Fund Act 2016 was qualified as a result of a payment made without a Treasurer's delegation.
  • Agencies were impacted by emergency events during 2019–20. This included additional grants to fund specific deliverables.
  • The implementation of new accounting standards was challenging for many agencies. The New South Wales Government Telecommunications Authority was not well-prepared to implement AASB 16 'Leases' and had not completely assessed contracts that contained leases. This resulted in understatements of leased assets and liabilities by $56 million which were subsequently corrected.
  • NSW Treasury did not adequately implement the new revenue standard AASB 1058 ‘Income of Not-for-Profit Entities’ for the Crown Entity. This resulted in understatements of $274 million in opening equity and $254 million to current year revenue in the financial statements. These misstatements were due to incorrect revenue calculations performed by the Transport agencies. The Crown Entity relies on information from Transport agencies as they are responsible for carrying out the State’s contractual obligations for Commonwealth funded transport projects. The extent of misstatements could have been reduced with more robust quality review processes in place by Treasury and Transport.

 

2.1 Quality of financial reporting

Unqualified opinions issued on agencies' financial statements

Unqualified opinions were issued on the 2019–20 financial statements of central agencies and the Legislature. Sufficient and appropriate audit evidence was obtained to conclude the financial statements were free of material misstatement.

A qualified opinion was issued on the Social and Affordable Housing NSW Fund's compliance with legislation

The audit opinion on the Social and Affordable Housing NSW Fund's (the Fund) compliance with the payment requirements of the Social and Affordable Housing NSW Fund Act 2016 (the Act) was qualified.

Section 6 of the Act requires the Treasurer to control and manage the Fund, and section 13 allows for the delegation of these functions. In 2019–20, our audit identified an instance where a payment of $197,155 was made from the fund without the Treasurer's delegation under section 13 of the Act. The payment required delegation of that function.

To address any further instances of non-compliance, the Fund withheld payments until the necessary instrument of delegation was signed by the Treasurer in November 2019.

The audit opinion on the Fund's financial statements was unqualified.

2.2 Compliance with financial reporting requirements

Statutory deadlines were extended as a result of COVID-19

The Government Sector Finance Act 2018 (the GSF Act) financial reporting provisions were delayed due to the COVID-19 pandemic. As a result, agencies prepared their financial statements for the 2019–20 financial year in accordance with the Public Finance and Audit Act 1983 (the PF&A Act).

The COVID-19 Legislation Amendment (Emergency Measures—Treasurer) Act 2020 included amendments to the PF&A Act that deferred the statutory deadlines for agencies to submit their financial statements to the Auditor-General and relevant Ministers.

For agencies subject to Treasurer's Directions, NSW Treasury required agencies to submit their financial statements to the Audit Office and NSW Treasury by 5 August 2020.

Financial statements were submitted and audit opinions were issued on time with two exceptions

All agencies met the statutory deadlines for submitting their financial statements for 2019–20.

All audit opinions were issued within the statutory dates, except for the New South Wales Government Telecommunications Authority (the Authority) and the Independent Commission against Corruption (ICAC).

The Independent Auditor’s Reports and Statutory Audit Reports for the Authority and ICAC were issued after the statutory due date due to the delays in resolving financial reporting issues related to the implementation of accounting standards.

Agencies completed early close procedures, but improvements are needed

Agencies completed the NSW Treasurer's mandatory early close procedures. These procedures allow financial reporting issues and risks to be addressed early in the audit process, which helps to ensure and improve both the quality and timeliness of financial reporting.

Our review of agencies' early close procedures found more work needs to be done to:

  • assess the impact of implementing new accounting standards, including documenting and assessing significant assumptions and inputs
  • assess the impacts of the GSF Act
  • perform and document fair value assessments of property, plant and equipment.

The table in Appendix one shows the timeliness of financial reporting for cluster agencies.

2.3 Financial implications of recent emergencies

In 2019–20, some central agencies, including the New South Wales Government Telecommunications Authority, the Department of Customer Service and the Sydney Opera House Trust, incurred financial losses from damages to assets as a result of bushfires and floods, and losses of revenue due to COVID-19. NSW Self Insurance Corporation reported an increase of $850 million in its claims liability for claims related to emergency events.

There were nine agencies most impacted by emergency events:

  • NSW Treasury
  • NSW Self Insurance Corporation
  • Department of Customer Service
  • New South Wales Government Telecommunications Authority
  • Service NSW
  • Department of Premier and Cabinet
  • Infrastructure NSW
  • Resilience NSW
  • Sydney Opera House Trust.

All nine agencies quantified the financial impact of the emergency events in 2019–20. The emergency events resulted in these agencies collectively recognising:

  • $1.4 billion in additional funding to respond to the impacts of the emergency events in order to provide small business support and bushfire recovery efforts, support COVID-19 quarantine compliance management, recruit additional staff to respond to increased customer demand, and meet additional COVID-19 cleaning requirements. Agencies spent $901 million (64 per cent of the allocated funding) for the financial year ended 30 June 2020
  • $101 million in impairment to right of use leased assets (ROU assets) due to changes in market conditions caused by COVID-19
  • $4.3 million increase in the impairment of receivables mainly due to a reduction of tenant occupancy rates of leased buildings caused by COVID-19.

Site closures required by State Public Health Orders negatively impacted revenue for the Sydney Opera House Trust. This mainly related to self-generated revenues across tours, food, beverage and performance revenue streams.

Agency  Funding description Total budget / estimate $'000 (a) Total spend 30 June 2020 $'000 (b)
NSW Treasury  COVID-19 small business grants  750,000 533,000
DCS  Land tax relief  250,000 6,187
Resilience NSW  Small business bushfire grant ($10,000)  185,000 188,000
NSW Treasury  COVID-19 quarantine compliance management  104,500 98,319
Resilience NSW  Small Business Recovery Grant (up to $50,000)  58,000 60,000
Service NSW  Additional 1,000 temporary Service NSW Staff  25,000 9,032
DPC  Arts sector support  15,000 --
NSW Treasury  Support to commercial tenants and landlords  4,000 770
DCS  COVID-19 cleaning stimulus  3,483 2,538
NSW Treasury  COVID-19 cleaning stimulus  3,309 1,990
NSW Treasury  Small business advisors (business connect)  1,200 118
NSW Treasury  R&D commercialisation fund 1,000 1,000
Total    1,400,492 900,954

Source:
(a) Budgeted financial information provided by agencies (unaudited).
(b) Agencies’ financial statements (audited).

Further observations on grant administration is included in Chapter three of this report.

2.4 Key accounting issues

Implementation of new accounting standards

Agencies adopted new accounting standards AASB 16 'Leases', AASB 15 'Revenue from Contracts with Customers' and AASB 1058 'Income of Not-For-Profit Entities' for the first time in their 2019–20 financial statements. Of the three new standards, AASB 16 had the biggest impact on central agencies.

AASB 16 'Leases' resulted in significant changes to agencies' financial statements

The New South Wales Government Telecommunications Authority (the Authority) was not adequately prepared to implement the requirements of the new leasing standard. The Authority has a high volume of lease contracts with external parties. It had not completely assessed contracts that contained leases. This resulted in leased assets and liabilities being understated by $56 million and caused significant delays in the financial statements finalisation process. The Authority had a total expenditure of $88 million in 2019–20 and these misstatements were material to the Authority’s financial statements. The misstatements were corrected.

Most property leases in the central agencies clusters are government property leases managed by Property NSW, which is in the Planning, Industry and Environment cluster. Errors in lease calculations resulted in an asset understatement of $15.1 million in DCS's financial statements. The errors were caused by late revisions to key assumptions, and the accuracy and completeness of lease information used in lease calculations.

Agencies are responsible for reviewing and validating the completeness and accuracy of the leasing information provided by Property NSW. Inadequate scrutiny of the accuracy of the underlying data and the resulting balances can elevate the risk of error leading to misstatement or material disclosure omissions in the financial statements.

AASB 16 became effective for all NSW public sector agencies from 1 July 2019. AASB 16 changes how lessees treat operating leases for financial reporting. Under AASB 16, operating leases are now recorded in an entity’s Statement of Financial Position through the recognition of a right of use leased asset (ROU asset) and a corresponding lease liability. It also changes the timing and pattern of expenses recorded in the Statement of Comprehensive Income by recognising the depreciation on the asset and the financing cost of the lease.

NSW Treasury did not adequately implement the new revenue standards for the Crown Entity

The new revenue standards mainly impacted the Crown Entity, which recognised a $1 billion increase to its opening retained earnings.

Inadequate preparedness to implement the new standards led to understatements of $274 million in opening equity and $254 million to current year revenue. These understatements were due to incorrect revenue calculations performed by Transport agencies, as they are responsible for carrying out the Crown Entity’s contractual obligations relating to Commonwealth funded Transport capital projects.

NSW Treasury, through the Crown Entity, has the responsibility of implementing the new revenue standards for these contracts, as the Crown Entity accounts for the agreements entered with the Commonwealth on behalf of the State. Whilst it relies on agencies to perform revenue calculations for the projects they are delivering, the extent of misstatements could have been reduced with more robust quality review processes in place by Treasury and Transport.

AASB 15 and AASB 1058 became effective for all NSW public sector agencies from 1 July 2019. The introduction of AASB 15 and AASB 1058 required agencies to reassess the way they accounted for revenue, depending on whether it arises from contracts for sales of goods and services, grants and other contributions. Revenue from contracts for services is now recognised only when performance obligations have been satisfied.

Prior period errors corrected retrospectively

The Art Gallery of New South Wales Foundation reported a prior period error

The Art Gallery of New South Wales Foundation (the Foundation) double counted the value of the receivable and investment revenue in prior financial years ($1.5 million in 2018–19 and $2.2 million in 2017–18). These errors were material to the Foundation's financial statements.

The Foundation corrected the misstatements retrospectively in accordance with AASB 108 'Accounting Policies, Changes in Accounting Estimates and Errors'.

Other financial reporting matters

Overstatement of Long Service Corporation's liabilities

The Long Service Corporation manages the Building and Construction Industry Long Service Payments Scheme. One of the assumptions used to measure the Corporation’s liability for payments from this scheme, had not been updated to reflect recent actual experience. When it was updated, it was found that the liability was overstated by $23.6 million as at 30 June 2020 and was subsequently corrected in the Corporation’s financial statements.

3. Audit observations

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines:

  • our observations and insights from the financial statement audits of agencies in the central agencies and the Legislature
  • our assessment of how well agencies adapted their systems, policies, procedures and governance arrangements in response to recent emergencies.

Section highlights

  • The 2019–20 audits identified nine high risk and 122 moderate risk issues across the agencies. Of the 122 moderate risk issues, 44 (36 per cent) were repeat issues. The most common repeat issue relates to weaknesses in controls over information technology user access administration.
  • Service NSW delivers grants responding to emergency events on behalf of other NSW Public Sector agencies. Since the first grant program commenced in January 2020, Service NSW processed approximately $791 million to NSW citizens and businesses impacted by these emergency events for the financial year ended 30 June 2020.
  • GovConnect NSW engaged an independent auditor (the service auditor) from the private sector to evaluate the internal controls of its service providers. DCS's information technology security monitoring controls were qualified by the service auditor because security tools were not implemented and monitored for the entire financial year. These may impact on the ability of agencies to detect and respond to a cyber incident.
  • NSW Government agency self-assessment results show that the NSW Public Sector's cyber security resilience needs urgent attention.
  • The Workers Compensation Nominal Insurer, NSW Self Insurance Corporation and the Lifetime Care and Support Authority of NSW all had negative net assets at 30 June 2020. The financial statements for these entities continued to be prepared on a going concern basis as their liabilities are not all due for settlement within the next 12 months.
  • icare did not comply with the Government Information (Public Access) Act 2009 (GIPA) contract disclosure requirements in 2019–20, and has not complied for several years. A total of 417 contracts were identified by management as not having been published on the NSW Government’s eTendering website. The final upload of these past contracts occurred on 20 August 2020.
  • Machinery of Government (MoG) changes impacted the governance and business processes of affected agencies. Our audits identified and reported areas for improvement in the consolidation of corporate functions following MoG changes at Infrastructure NSW and in the Customer Service cluster.

 

3.1 Internal control deficiencies

Management letter findings

The number of high and moderate risk management letter findings has increased

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. We report deficiencies in internal controls, matters of governance interest and unresolved issues to management and those charged with governance of agencies. We do this through our management letters, which include our observations, related implications, recommendations and risk ratings.

Our 2019–20 audits found nine high risk (two in 2018–19) and 122 moderate risk issues (99 in 2018–19) across the agencies. Of the 122 moderate risk issues, 44 (36 per cent) were repeat issues. The number of high risk issues increased from two in 2018–19 to nine in 2019–20. The two high risk issues reported in the prior year have been resolved.

The most common repeat issue relates to weaknesses in controls over information technology user access administration. The user access weaknesses included:

  • a lack of monitoring and reporting of privileged user access to key databases and systems on a timely basis
  • reliance on incomplete and/or inaccurate information for existing user access review processes.

The table below describes common issues identified by category and risk rating.

Category   Risk rating Issue
Information technology gold circle minus icon

Moderate:
9 new, 17 repeat

 

The financial audits identified opportunities for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with:
  • user access administration
  • privileged user activities
  • program change management
  • business continuity and disaster recovery planning and testing
  • controls over passwords.
mauve circle, white tick Low:
18 new, 16 repeat
Internal control deficiencies or improvements red circle white exclamation mark

High:
1 new

 

 

The financial audits identified internal control weaknesses across key business processes including:

  • a lack of documentation for employee appointments, and remuneration reviews
  • a lack of formal review of payroll and vendor master file changes
  • untimely removal of terminated employees as authorised signatories to bank accounts
  • untimely review of reconciliations.

Our audit identified a high risk issue relating to the allocation of service costs by Insurance and Care NSW (icare). icare allocates service costs to the Workers Compensation Nominal Insurer, and the other schemes it supports. The documentation supporting the allocation of costs does not demonstrate how these costs allocations reflect actual costs. There is a risk of the Workers Compensation Nominal Insurer being overcharged.

gold circle minus icon Moderate:
13 new, 4 repeat
mauve circle, white tick Low:
31 new, 2 repeat
Financial reporting red circle white exclamation mark

High:
6 new

The financial audits identified opportunities for agencies to strengthen financial reporting including:
  • reviewing and documenting the impact assessment of new and updated Australian Accounting Standards issued and implemented this year
  • the removal of terminated employees from annual leave liability reports.

The financial audits The audit teams identified six high risk issues related to:

  • the New South Wales Government Telecommunications Authority's delay in capitalisation and valuation of material capital projects; and insufficient work performed to implement new accounting standard AASB 16 'Leases'
  • a need for the Rental Bond Board to initiate a review of the Residential Tenancies Act 2010 (the Act) to better support its accounting of rental bonds totalling $1.6 billion for residential tenancies as trust money under the Act. The Board treated the rental bonds as off balance sheet items based on management’s judgement that the Board does not have control of these funds. This matter was assessed as high risk as, if not adequately supported, it had the potential to result in material misstatements in the Board's financial statements
  • the adoption of AASB 16 by the Independent Commission against Corruption (ICAC) resulted in an overstatement of $6.4 million of right of use leased assets and corresponding liabilities, and a $1 million overstatement of depreciation. These misstatements were caused by the use of estimated rental payments in the lease calculation. ICAC’s estimation of lease payments did not comply with AASB 16. These misstatements were material to the ICAC's financial statements and were corrected by management
  • NSW Treasury’s inadequate preparedness to implement new accounting standards, mainly relating to the implementation of AASB 15 'Revenue from Contracts with Customers' and AASB 1058 'Income of Not for Profit Entities'. The matter had the potential to result in material misstatements in the financial statements if not adequately resolved
  • NSW Treasury's inadequate preparedness to support the implementation of AASB 1058 'Income of Not for Profit Entities' in the Crown Entity, which led to understatements of $274 million in opening equity and $254 million to current year revenue, and disclosure deficiencies in the financial statements. These misstatements were due to incorrect revenue calculations performed by the Transport agencies. The Crown Entity relies on information from Transport agencies as they are responsible for carrying out the State’s contractual obligations for Commonwealth funded transport projects. The extent of misstatements could have been reduced with more robust quality review processes in place by Treasury and Transport.
gold circle minus icon Moderate:
17 new, 5 repeat
mauve circle, white tick Low: 31 new, 4 repeat
Governance and oversight red circle white exclamation mark

High:
1 new

The financial audits identified opportunities for agencies to improve governance and oversight processes, including issues associated with:

  • outdated policies and procedures
  • deficiencies in contract and procurement management processes.

Our audit identified a high risk issue in NSW Treasury. NSW Treasury's four-year plan to transition RailCorp to a for‑profit State Owned Corporation called Transport Asset Holding Entity of New South Wales (TAHE) by 1 July 2019, remains to be implemented. On 1 July 2020, RailCorp converted to TAHE. A large portion of the planned arrangements are still to be implemented. As at the time of the audit, the TAHE operating model, Statement of Corporate Intent (SCI) and other key plans and commercial agreements were not finalised. In the absence of commercial arrangements with the public rail operators, there is a lack of evidence to demonstrate TAHE’s ability to create a commercial return in the long term. This matter has been included as a high risk finding in our management letter as there may be financial reporting implications to the State if TAHE does not generate a commercial return for its shareholders in line with the original intent. NSW Treasury and TAHE should ensure the commercial arrangements, operating model and SCI are finalised in 2020–21.

gold circle minus icon Moderate:
31 new, 10 repeat
mauve circle, white tick Low:
17 new, 2 repeat
Non-compliance with key legislation and/or central agency policies red circle white exclamation mark

High:
1 new

The financial audits identified instances of non‑compliance with key legislation and/or central agency policies, including compliance with delegations for deemed appropriations in accordance with the Government Sector Finance Act 2018.

A high risk issue was reported to the Department of Premier and Cabinet (DPC) relating to funding provided to the Independent Commission Against Corruption outside the annual budget process. Refer to the performance audit report 'The effectiveness of the financial arrangements and management practices in four integrity agencies' which was tabled in Parliament in October 2020.

gold circle minus icon Moderate: 
8 new, 8 repeat
mauve circle, white tick Low:
7 new, 6 repeat

Extreme risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
red circle white exclamation mark
High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
gold circle minus icon
Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
mauve circle, white tick
Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.

The table in Appendix five shows the management letter findings for each cluster agency.

3.2 Agency response to recent emergencies

Service NSW delivers grant programs for disaster relief

Service NSW delivers grants responding to emergency events on behalf of other NSW Public Sector agencies. To meet the public's immediate needs, the time between announcing the grant programs and delivering on them was short. The urgency of delivery required the responsible agencies to assess the risks involved with the delivery of the programs.

Since the first grant program commenced in January 2020, Service NSW processed approximately $791 million to NSW citizens and businesses impacted by these emergency events for the financial year ended 30 June 2020.

A performance audit on grant administration for disaster relief is planned for 2020–21. It will assess whether grants programs administered under the Small Business Support Fund were effectively designed and implemented to provide disaster relief. This will include:

  • whether funded programs were planned, designed and targeted effectively
  • whether funded programs were implemented in line with grant program objectives and criteria
  • whether measures to monitor intended benefits and outcomes were established.

3.3 Key issues

Internal controls at GovConnect's service providers

GovConnect NSW provides transactional and information technology services to central agencies. It engages an independent service auditor (service auditor) from the private sector to perform annual assurance reviews of controls at GovConnect NSW in accordance with Australian Standard on Assurance Engagements 3402 'Assurance Reports on Controls at a Service Organisation' (ASAE 3402). The service auditor reports on the internal controls at a service organisation, which are relevant to a user entity's internal control environment.

A key change in the 2019–20 ASAE 3402 assurance engagement was the inclusion of the Department of Customer Service (DCS) in the annual assurance review because some controls had transitioned from Unisys to DCS. Together, Infosys, Unisys and DCS are co-providers of the business processes and information technology services that constitute the GovConnect environment.

DCS is leading the governance and project management of the transition of services provided by Unisys to other providers, including the arrangement to provide ASAE 3402 assurance reports to customers in 2020–21. The transition from one service provider to multiple service providers adds complexity to the outsourced service arrangement.

 
Recommendation

DCS should work with GovConnect service providers to resolve the identified internal control deficiencies as a matter of priority.


DCS's information technology security monitoring controls were qualified by the service auditor


The service auditor issued a qualified opinion on DCS's information technology security monitoring controls. The opinion was qualified because security tools were not implemented and monitored for the entire financial year.

The NSW Cyber Security Policy requires agencies to deploy monitoring processes and tools to allow for adequate cyber incident identification and response. Weaknesses in these controls increase the risk of a cyber incident not being detected or not being detected on a timely basis. These risks are amplified because DCS provides these services to not only itself, but to other central agencies.

DCS advised that the issues arose due to the decommissioning and replacement of its security monitoring tools. These controls will be re-examined by the service auditor in 2020–21.

Increased control exceptions identified in user access controls provided by Infosys

Infosys and Unisys received unqualified opinions from the service auditor on the business process controls and information technology general controls (ITGC). The control assurance reports identified internal control deficiencies in user access management services provided by Infosys on the SAP application, where all financial data and reports are stored.

The number of exceptions increased compared to prior years and relate to:

  • Infosys ITGC
    • SAP application access for terminated employees was not removed on a timely basis
    • inappropriate user accounts held administrative or privileged access
    • an absence of audit trail logging
  • Infosys payroll
    • four users had access to maintain employee master data and process payroll payments. The user access to these functions should be segregated.
    • 42 users had access to execute pay runs and generate payment files in the SAP application. This access was not a requirement of their roles
  • Infosys accounts payable
    • six users outside the authorised team retained access to process invoices.

These control weaknesses increase the risk of a breakdown in segregation of duties and/or unauthorised access to the SAP application, which can be used to commit fraud or access and inappropriately use sensitive data. An absence of audit trail logging also increases the risk that any malicious activity can be concealed.

We found that most of these weaknesses were either not mitigated or not sufficiently mitigated by other controls to address the risks. Audit teams were required to perform additional audit procedures to obtain reasonable assurance that these control deficiencies did not materially impact on relevant agencies' financial statements.

Service NSW Cyber Security Breach

Service NSW encountered two significant cyber security breaches

Service NSW's cyber security breaches in March 2020 resulted in the unauthorised access to 47 staff email accounts. These attacks resulted in the breach of a large amount of personal customer information that was contained in these email accounts.

During 2019–20, Service NSW and DCS incurred $4.8 million to investigate and remediate cyber security incidents. Service NSW also disclosed a contingent liability of $7.0 million in 2019–20 financial statements for potential related legal and investigative costs in 2020–21.

Agencies' Cyber Security Essential 8 self-assessment results

The NSW Public Sector's cyber security resilience needs urgent attention

The NSW Cyber Security Policy (the Policy) requires agencies to provide a maturity self-assessment against the Australian Cyber Security Centre (ACSC) Essential 8 to the head of the agency and Cyber Security NSW annually.

The Essential 8 comprises:

  • Mitigation strategies to prevent malware delivery and execution
    • Application whitelisting allows only approved programs to run on systems.
    • Patch applications with security fixes once they are available.
    • Configure Microsoft Office macro settings to only allow trusted macros to run within Office applications.
    • User application hardening, by switching off unneeded parts of applications.
  • Mitigation strategies to limit the extent of cyber security incidents
    • Restrict administrative privileges to minimise the use of the most powerful accounts and protect them from misuse.
    • Patch operating systems with security fixes once they are available.
    • Multi-factor authentication to add extra layers of protection and ensure only approved users can access systems.
  • Mitigation strategies to recover data and maintain system availability
    • Daily backups of important data, software and configuration settings so that it can be restored if systems are compromised.

Refer to the link for the Australian Cyber Security Centre's definition of 'Essential 8' mitigation strategies.

The ACSC Essential 8 model identifies three levels of maturity for organisations to use when assessing the maturity of their Essential 8 implementation. The NSW policy adds Maturity Level Zero to its assessment model to cater for maturity levels lower than Maturity Level One.

Maturity levels explained:

  • Maturity Level Zero: Not aligned with the intent of the mitigation strategy.
  • Maturity Level One: Partly aligned with the intent of the mitigation strategy.
  • Maturity Level Two: Mostly aligned with the intent of the mitigation strategy.
  • Maturity Level Three: Fully aligned with the intent of the mitigation strategy.
  • Refer to NSW Cyber Security Policy: Maturity Model, tab 'Essential 8 Maturity Model'.

Refer to NSW Cyber Security Policy: Maturity Model, tab 'Essential 8 Maturity Model'.

This was the second-time agencies were required to report against the ACSC’s ‘Essential 8’ cyber risk mitigation strategies. The self-assessments were unaudited.

  Number of self‑assessments
Essential 8 mitigation strategies Maturity Level Zero Maturity Level One Maturity Level Two Maturity Level Three Total 
Application whitelisting 72 19 8 4 103
Patch application  39 33 22 9 103
Configure‑Microsoft office macro 23 41 30 7 101
User application hardening 45 21 17 18 101
Restrict administration privileges 17 44 28 14 103
Patch operating system 33 31 30 9 103
Multi‑factor authentication  32 46 18 6 102
Daily back ups 6 28 34 33 101

Note: The total number of self-assessments for each Essential 8 mitigation strategy vary as three agencies included 'not applicable' ratings for at least one requirement. The 'not applicable' ratings were excluded from the table. A higher number of self-assessments were received this year as less agency returns were grouped together.
Source: Individual self-assessed Essential 8 maturity returns (unaudited).

Funding of $240 million was announced by the Premier in June 2020 to uplift agency cyber security capability.

 
Repeat recommendation

Cyber Security NSW and NSW government agencies need to prioritise improvements to their cyber security resilience as a matter of urgency.

A compliance audit on cyber security is scheduled in 2020–21. This review will examine whether agencies are complying with the Policy. The Policy mandates minimum requirements all agencies must implement.

The Minister for Customer Service requested a performance audit of Service NSW’s handling of sensitive customer and business information following the significant cyber and data breaches in 2020. This audit will assess how effectively Service NSW handles personal customer and business information to ensure its privacy, and will also consider its cyber security attestations.

Insurance and Care NSW insurance and compensation schemes

Insurance and Care NSW (icare) provides oversight, management and corporate services to each of the following insurance and compensation agencies for a service fee:

  • The Workers Compensation Nominal Insurer
  • New South Wales Self Insurance Corporation
  • Lifetime Care and Support Authority of NSW
  • Workers Compensation (Dust Diseases) Authority
  • Building Insurers’ Guarantee Corporation
  • Sporting Injuries Compensation Authority.

Financial performance of icare agencies

Three icare agencies had net asset deficiencies at 30 June 2020

The Workers Compensation Nominal Insurer, NSW Self Insurance Corporation and the Lifetime Care and Support Authority of NSW all had negative net assets at 30 June 2020. This means that at 30 June 2020, these icare entities did not hold sufficient assets to meet the estimated present value of all of their future payment obligations. These entities' financial statements are prepared on a going concern basis because the future payment obligations are not all due for settlement within the next 12 months. Their settlement is expected to occur over years into the future, depending on the nature of the benefits provided by each scheme.

The implications of these agencies' net asset deficiencies is that they are not fully funded for all expected future payments from their schemes. Each agency needs to implement solutions to resolve all unfunded scheme positions. Possible actions could include changes to investment strategies or premium and contribution rates, or identifying cost savings in the claims and expense management areas. The reasons for the net asset deficiencies are discussed within each entity below.

The table below summarises the financial performance and position of insurance and compensation agencies.

  Net result Net assets Net cash flows from operating activities
    2020 2019   2020 2019   2020 2019
    $m $m   $m $m   $m $m
Insurance and Care NSW (icare) gold circle minus icon ‑‑ ‑‑ gold circle minus icon 13.1 13.1 mauve circle, white tick 0.8 (14.5)
Workers Compensation Nominal Insurer red circle white exclamation mark (1,894) (876) red circle white exclamation mark (316) 1,578 red circle white exclamation mark 76.9 219
New South Wales Self Insurance Corporation red circle white exclamation mark (744) 406 red circle white exclamation mark (126) 618 red circle white exclamation mark 1,012 1,243
Lifetime Care and Support Authority of NSW red circle white exclamation mark (877) (576) red circle white exclamation mark (298) 580 mauve circle, white tick 64.4 37.5
Workers' Compensation (Dust Diseases) Authority mauve circle, white tick ‑‑ (11.0) gold circle minus icon ‑‑ ‑‑ mauve circle, white tick 10.7 (9.9)
Building Insurers' Guarantee Corporation mauve circle, white tick 9.2 3.9 mauve circle, white tick 48.4 39.2 mauve circle, white tick 6.3 (2.9)
Sporting Injuries Compensation Authority mauve circle, white tick 1.1 0.4 mauve circle, white tick 4.1 3.0 mauve circle, white tick 0.1 (0.2)
                   
Key mauve circle, white tick Increase from 2019 gold circle minus icon No change red circle white exclamation mark Decrease from 2019      

Source: Financial statements (audited).

Workers Compensation Nominal Insurer (the Nominal Insurer)

The value of the Nominal Insurer’s net assets decreased $1.9 billion during 2019–20 to a net asset deficiency of $316 million at 30 June 2020 ($1.6 billion surplus at 30 June 2019). This continues the declining trend over the last two financial years.

The deterioration in the value of Nominal Insurer’s net assets has resulted in its funding ratio at 30 June 2020 being outside of the ‘target operating zone’ set by the Board of icare. The Board is reviewing mechanisms to return the capital funding ratio back within the target operating zone.

The net asset deterioration is due to the Nominal Insurer’s outstanding claims liability increasing by $1.5 billion to $18 billion ($16.5 billion at 30 June 2019), and its cash and investment holdings decreasing by $425 million to $17.6 billion ($18 billion at 30 June 2019).

The increase in the outstanding claims liability (after recoveries) is due to:

  • the growth in claims compared to payments during the year, adding $823 million. This is due to a net increase in the number of claimants, with less claimants exiting the scheme than anticipated due to the deterioration in return to work rates (refer below)
  • changes in claims assumptions in response to recent claims experience (above), adding
  • $221 million
  • differences during the year between the actual and assumed number of catastrophic medical claims and the cost of providing attendant care, and lower return to work rates increasing benefit payments, adding $208 million (i.e. experience impacts)
  • an allowance for the impact of COVID-19, adding $212 million (using economic assumptions at 31 December 2019).

The outstanding claims liability valuation involves significant judgements by icare's Board about future events and how these events will impact future insurance payments. These judgements include:

  • the impact of recent operational and system changes on return to work rates in the future following the introduction of a new claims management model and claims management data system 'Guidewire' (return to work rates have deteriorated - refer below)
  • medical claim costs – the long-term trend indicates medical costs continue to increase. Reasons for the long-term increases include claimants receiving medical services earlier and for more complex procedures, and medical providers recommending more comprehensive service packages during hospital stays
  • the impact of COVID-19 on future claim costs – if claimants cannot access medical services and/or changing economic conditions adversely affect return to work rates
  • the cost of remediating previous errors in Pre-Injury Average Weekly Earnings (PIAWE) calculations. icare has recognised a provision of $21.0 million in the Nominal Insurer’s 2019–20 financial statements to identify and remedy past PIAWE underpayments (refer below).

Return to work rates have deteriorated since 2017

Lower return to work rates means claimants are paid benefits for longer. This increases the Nominal Insurer’s costs. The Nominal Insurer has experienced deteriorating return to work rates since late 2017. In part this is due to operational disruptions caused by:

  • the introduction of a new claims management model on 1 January 2018. The new model involved icare using a single scheme agent (previously five scheme agents) to process all new claims. The Nominal Insurer's actuary has reported that initial case manager capacity and capability issues within the new agent, and time taken upfront to transfer claims between scheme agents, has contributed to increased costs
  • a number of implementation and training issues associated with the implementation of the Guidewire claims management system in February 2019.

The above factors resulted in a decrease in the number of processed Work Capacity Assessments. Worker Capacity Assessments are performed to assess whether a worker receiving weekly benefits has the capacity to return to work. The decrease in assessments meant that claimant workers were on benefits for longer.

Errors in Pre-injury Average Weekly Earnings (PIAWE) calculations

There were errors in the PIAWE calculations that resulted in underpayments of workers compensation benefits paid to members. The Nominal Insurer's financial statements include a provision of $21.0 million to remedy past PIAWE underpayments. The PIAWE remediation provision has two components:

  • an estimate of the extra benefits due to previously underpaid workers
  • an estimate of the remediation project costs.

The PIAWE calculation has been used to determine the amount of weekly benefits due to workers following a successful claim, following reforms to the NSW Workers Compensation Scheme in 2012. The PIAWE calculation requires data from employers on the income a worker received including, but not limited to, wages, holiday pay, benefits, overtime and concurrent jobs. This information had to be received and assessed so the claim could be paid within the statutory seven-day deadline. This resulted in the calculation being susceptible to incomplete data, untimely receipt of data, incorrect application or interpretations of the legislation or transcription issues and error.

Investment income has decreased by $1.3 billion

The Nominal Insurer’s net investment income decreased by $1.3 billion to $401 million ($1.6 billion in 2018–19). This represented a return of 2.3 per cent in 2019–20 (9.5 per cent in 2018–19) on the average investment balance held during the year.

The Nominal Insurer has significant investments in interest bearing securities such as bonds and term deposits, either directly or through TCorp managed investment funds. In 2018–19 the Nominal Insurer benefited from lower bond yields, and higher bond prices.

New South Wales Self Insurance Corporation (SiCorp)

SiCorp operates the following government managed fund schemes:

  • NSW Treasury Managed Fund
  • Home Building Compensation Fund (formerly the Home Warranty Insurance Fund)
  • Construction Risk Insurance Fund
  • Transport Accidents Compensation Fund
  • Pre-Managed Fund Reserve
  • Governmental Workers Compensation Account
  • Residual Workers Compensation Liabilities of the Crown
  • Bush Fire Fighters Compensation Fund
  • Emergency and Rescue Workers Compensation Fund
  • Supplementary Sporting Injuries Fund.

SiCorp reported an underwriting loss of $2.8 billion

In 2019–20, SiCorp reported an:

  • underwriting loss of $2.8 billion ($1.4 billion loss in 2018–19)
  • overall net asset deficiency of $126 million at 30 June 2020 ($618 million net asset surplus at 30 June 2019).

SiCorp’s financial statements disclose an underwriting result and net result, representing the combined performance of all ten schemes. An underwriting result represents the Corporation’s performance from insurance (and insurance-like) activities, while a net result represents the underwriting result plus non-insurance-related income and expenses.

SiCorp's underwriting loss is due to increased claim liabilities

The underwriting loss was impacted by a $2.5 billion rise in outstanding claims liabilities, increasing to $12.2 billion at 30 June 2020 ($9.7 billion at 30 June 2019). Most of the underwriting loss and increase in outstanding claims related to the Treasury Managed Fund (TMF) and Pre-Management Fund (PMF) schemes. The TMF is the NSW Government's main self-insurance scheme, providing coverage over insurable assets and exposures of most government agencies. The PMF is used to fund claims incurred by the NSW Government before 1 July 1989.

The claims liability increased by:

  • $862 million for abuse claims, of which $828 million is due to the first-time recognition of a provision for claims from historic incidents of abuse within NSW Government institutions that had not yet been reported (incurred but not reported claims). Further details are included below
  • $507 million for 2019–20 bushfire claims, excluding claims handling expenses and net of recoveries
  • $545 million for workers compensation claims, largely reflecting cost increases for certain claim types including psychological claims, and claims for emergency services employees
  • $343 million for COVID-19 costs, such as business interruption claims.

Unfunded liabilities within the Home Building Compensation Fund (HBCF) led to SiCorp's net asset deficiency

SiCorp’s overall net asset deficiency was due to unfunded liabilities of $746 million within the Home Building Compensation Fund (HBCF), $599 million of which relates to policies that were issued before 1 July 2018. HBCF does not receive funding from Treasury under the Net Asset Holding Level Policy (NAHLP) referred to below.

While the net asset deficiency means that the HBCF scheme is not fully funded for all expected future payments, Treasury has guaranteed to fund cash shortfalls for policies written before 1 July 2018.

SiCorp’s financial statements were prepared on a going concern basis despite the overall net asset deficiency, because the future payment obligations are not all due for settlement within the next 12 months. Instead their settlement is expected to occur over years into the future, depending on the nature of the benefits provided by each scheme.

The Treasurer approved payments of $2 billion from the consolidated fund on 30 June 2020 ($1.2 billion in 2018–19) to SiCorp to ensure the ratio of financial assets to liabilities for certain schemes remained within the NAHLP target range. Treasury requires the Corporation to maintain financial assets for certain SiCorp managed schemes, including TMF and PMF, at between 105 and 115 per cent.

If not for this grant income, SiCorp’s overall net asset deficiency would have been $2.1 billion ($546 million at 30 June 2020).

The HBCF has unfunded liabilities due to insufficient premium rates on policies issued before 1 July 2018

The HBCF had unfunded liabilities of $746 million at 30 June 2020 ($637 million at 30 June 2019). The unfunded liability is the difference between total assets of $486 million ($420 million at 30 June 2019) and total liabilities of $1.2 billion ($1.1 billion at 30 June 2019). The NAHLP does not apply to HBCF.

The unfunded position has built up over time because HBCF's historic premium rates have not generated sufficient income to meet claims and operating costs. The chart below shows the value of claims in an accident year and premium income (net of payments). The gap between these measures decreased in 2018–19 for the first time since 2010–11, in response to increases in premium rates. The gap, however, increased again in 2019–20.

Source: Financial statements (audited).

NSW Treasury has guaranteed funding the HBCF cash short falls for policies issued before 1 July 2018. The premiums for policies issued before 1 July 2018 were set too low to meet claims and operating costs. Of the $746 million of unfunded liabilities at 30 June 2020, $599 million relates to policies that were issued before 1 July 2018. The HBCF received $28.5 million from the NSW Government in 2018–19 to reimburse it for prior year losses up to 30 June 2017. The HBCF received a further $12.2 million in July 2019 for 2017–18 losses. No additional NSW Government funding was provided to HBCF in 2019–20.

The HBCF was created by the NSW Self Insurance Act 2004. It provides consumer protection to home owners undertaking residential building projects in NSW where the contracted builder, due to certain circumstances, defaults under the contract. The Corporation became the manager of the HBCF from 1 July 2010 and is the sole provider for this type of insurance.

SiCorp recognised an abuse claims liability of $828 million for the first time

SiCorp’s outstanding claims liability at 30 June 2020 included an allowance of $828 million for claims related to historic incidents of abuse within NSW Government institutions that had not yet been reported (i.e. an incurred but not reported allowance). The liability was impacted by legislative changes in response to recommendations from the Royal Commission into Institutional Responses to Child Sexual Abuse.

This is the first time SiCorp has recognised a liability for unreported abuse claims. In the past SiCorp could not reliably measure the liability because of weaknesses in icare’s claims data quality and uncertainties arising from legislative changes at the time. In 2019–20, SiCorp had:

  • improved the quality of its claims data
  • gained twelve more months of claims experience
  • benchmarked its claims experience against other jurisdictions.

Lifetime Care and Support Authority of NSW (the Authority)

The Authority's net assets continue to deteriorate

The value of the Authority’s net assets decreased by $878 million during 2019–20 to a net asset deficiency of $298 million at 30 June 2020 ($580 million surplus at 30 June 2019). In 2018–19, the value of the Authority’s net assets fell $577 million to $580 million at 30 June 2019 ($1.2 billion surplus at 30 June 2018).

The continued deterioration in the value of the Authority’s net assets has resulted in its funding ratio being outside the Board approved target capital operating zone at 30 June 2020. The capital management policy sets out the actions required when capital ratios fall outside target operating zones. According to the Board, the Authority will continue to focus on delivering services at a lower cost and has the option to adjust premiums, should investment returns not recover in the long term.

The Authority’s investment revenue fell $550 million to $9.0 million in 2019–20 ($559 million in 2018–19). The Authority’s investments provide exposure to various international equity markets, and infrastructure, both of which were impacted by COVID-19. The investment revenue represents a return of 0.1 per cent in 2019–20 (nine per cent in 2018–19) on the average investment balance held during the year.

Insurance and Care NSW (icare)

icare’s allocation of service fees to the Workers Compensation Nominal Insurer is not transparent and does not assure they reflect actual costs

 
Recommendation

Insurance and Care NSW should ensure its approach to allocating services fees to the Workers Compensation Nominal Insurer and the other schemes it manages, is transparent and reflects actual costs.

icare has not been able to demonstrate that its allocation of costs reflects the actual costs incurred by each scheme. In the absence of documentation supported by robust supporting analysis, there is a risk of the Workers Compensation Nominal Insurer being overcharged, and the allocation of costs being in breach of legislative requirements.

icare's allocation methodology resulted in the Workers Compensation Nominal Insurer in 2019–20 (the Nominal Insurer) being charged 80 per cent ($188 million) of the indirect costs incurred by icare to manage all of its statutory schemes ($236 million) and 64 per cent of all direct costs.

Costs are incurred by icare as the ‘service entity’ of the statutory schemes it administers, and then subsequently recovered from the schemes through ‘service fees’. The amount of service fees is determined using a pre-determined allocation method. The service fees take the form of:

  • direct service fees, which are recharged directly to the relevant scheme, and
  • indirect service fees, which are allocated to each scheme based on pre-set budgeted amounts, with any differences between the budgeted and actual amounts charged to the Workers Compensation Nominal Insurer.

The Nominal Insurer is primarily funded through premiums from private sector employers, and investment earnings. The purposes for which these funds can be used is set out in the Workers Compensation Act 1987.

icare did not comply with the Government Information (Public Access) Act 2009

icare did not comply with the Government Information (Public Access) Act 2009 (GIPA) contract disclosure requirements in 2019–20 and has not complied for several years. Significant procurements which had not been disclosed include contracts with:

  • Employers Mutual NSW Limited to provide claims management services for the Nominal Insurer from 1 January 2018 to 31 December 2020, for a contract value of $386 million
  • Comensura Pty Ltd for contingent labour requirements for the Nominal Insurer from 3 August 2017 to 2 August 2021, for a contract value of $134.8 million
  • Capgemini Australia Pty Ltd for the build and operation of the Nominal Insurer's core claim platform, Guidewire, for the period 1 February 2016 to 31 October 2020, for a contract value of $91.8 million.

The Audit Office previously raised icare's non-compliance with GIPA in 2016.

icare conducted a remediation program to identify historical contracts which were not disclosed on the government tenders website in breach of GIPA. Investigation by the Board in 2019–20 identified 417 contracts, that should have been included on the NSW Government’s eTendering website, but were not. A final upload of contracts occurred on 20 August 2020.

Our 2016 audit noted that icare’s government contracts register on the government tenders website did not:

  • record all contracts valued at $150,000 or more
  • did not include all information required by GIPA
  • did not contain copies of certain contracts over $5 million as required by section 31 of GIPA.

The Audit Office’s has previously raised with icare's Board that there was:

  • no independent review of icare’s centralised contracts register
  • incomplete disclosure of contracts, and contract information on the government tenders website
  • a lack of formally documented procedures to manage icare’s GIPA reporting
  • delays in uploading GIPA contract information to the government tenders website.

icare’s procurement policies did not reflect government procurement requirements

The procurement policies applied by icare during 2019–20 did not reflect key requirements specified in the NSW Government’s Procurement Policy Framework, including NSW Procurement Board Directions and other better practice procurement processes. Requirements that were omitted include:

  • the Chief Executive Officer or Treasury's Chief Financial Officer (icare's Cluster CFO) to approve the engagement of consultants where the engagement of the supplier is not compliant with NSW Procurement’s Standard Commercial Framework
  • approvals for direct negotiations to be sought using a specified template, and obtained from the procurement business unit before proceeding with the procurement
  • procurement above $650,000 with unaccredited agencies to be conducted by an accredited agency within the Treasury cluster or NSW Procurement
  • tender evaluation plans to be prepared and approved by the tender evaluation committee before the procurement documentation is issued
  • conflict of interest declarations by tender evaluation committee members including nil returns
  • evaluation committees to prepare an evaluation report that sets out the results and makes recommendations for awarding a contract based on overall value for money and capability.

icare’s procurement policies were only recently updated to include the above requirements from August 2020.

The NSW Procurement Board issues policies and directions for procurement under the Public Works and Procurement Act 1912 (PWP Act). The PWP Act provides the legislative framework for procurement for NSW Government agencies. The PWP Act and the NSW Procurement Board’s policies and directions apply to all government agencies except for State-owned corporations.

All of icare’s insurance and compensation agencies are government agencies, except for the Workers Compensation Nominal Insurer.

Inadequate conflict of interest practices in icare's procurement processes

Our 2019–20 audit highlighted significant procurement policy and practice shortcomings:

  • while management have an annual conflict of interest attestation process for senior executives and staff who have a financial or people delegation, 19.6 per cent of senior executive and applicable staff did not complete a conflict of interest declaration in 2019–20
  • icare’s Conflict of Interest Policy does not require Senior Executives to submit ‘nil’ conflict of interest declarations on appointment
  • one in six procurement contracts tested in our audit highlighted that there was no documentation available around the declaration of conflicts of interest
  • icare’s procurement processes do not require checking against their centralised conflict of interest register
  • no centralised storage of procurement documentation within procurement.

icare has a number of IT system user access control weaknesses that require prioritised remediation

Inadequate user access controls increase the risk of inappropriate or invalid access to systems going undetected. This in turn could enable unauthorised (and undetected) activities within systems, such as privacy breaches or possibly fraud.

Our 2019–20 audit procedures identified a number of information technology system user access control weaknesses, including:

  • identified instances where user accounts were not cancelled (revoked) in a timely manner at the network and application layer. This is a repeat finding. The need to cancel access could arise when an employee resigns or transfers to another position
  • icare’s identity and access management tool not explicitly certifying the appropriateness of the specific level or type of access of users. This increases the risk of users not having access rights appropriate for their positions, such as the ability to change records instead of read only.

Prior to March 2020, the reviews of user access to the Guidewire Workers Insurance Claims Centre were performed manually, with the last review conducted in October 2019. We found weaknesses with the manual user access review process. Specifically we noted that:

  • the accounts reviewed did not cover all system users
  • the review didn’t include assessment of the appropriateness of user’s access.

3.4 Agency implementation of MoG changes

Machinery of Government (MoG) impact on Infrastructure NSW

The Administrative Arrangements (Administrative Changes – Public Service Agencies) Order 2019, effective on 1 July 2019, abolished the Barangaroo Delivery Authority (BDA) and UrbanGrowth NSW Development Corporation (UGDC). Their functions and staff, together with associated assets and liabilities, were transferred to Infrastructure NSW (INSW).

INSW managed the operations of the former BDA and UGDC using their respective legacy systems and consolidated the financial information of both entities with its own in 2019–20.

INSW went through an organisational restructure as part of MoG changes. Our audit identified areas for improvement in the consolidation of corporate functions following MoG changes at Infrastructure NSW, relating to the transition of corporate functions and integration of key business systems and processes. The audit team found:

  • a pre-transition plan outlining key responsibilities, accountabilities and ownership of transition arrangements for corporate functions, including finance and business systems, was not implemented
  • corporate support roles and responsibilities in the post-transition phase were not clearly documented to ensure a smooth transition and handover of responsibilities
  • loss of staff and changes to key personnel in corporate functions made it difficult for employees to fulfil their responsibilities.

INSW has harmonised corporate policies and procedures from the former organisations and commenced consolidation of core business systems and information and communication technology environments. INSW has also addressed post-MoG resource gaps in corporate functions.

Delegations were not updated for MoG organisational changes

Jobs for NSW Fund did not update its delegations to reflect the MoG changes. This resulted in grants being paid without the required delegation in place during 2019–20. The delegation referred to a position that was removed by the MoG changes.

Customer Service cluster agencies did not have corporate service agreements in place

Customer Service cluster agencies have adopted centralised corporate service arrangements with DCS. The cluster agencies did not have formal agreements or arrangements in place with DCS for the provision of centralised corporate services. This increases the risks associated with unclear responsibilities and accountabilities for deliverables, and the allocation and recording of centralised corporate services costs. This deficiency resulted in the late recognition of corporate service charges and in-kind contributions in cluster agencies' financial statements.