Report highlights
What the report is about
Result of the Customer Service cluster agencies' financial statement audits for the year ended 30 June 2022.
What we found
Unmodified audit opinions were issued for Customer Service cluster agencies.
What the key issues were
The number and size of Service NSW's administered grant programs have increased significantly in response to emergency events. Improvements are required to address gaps in Service NSW's policies, systems and processes in administering and financial reporting of grant programs.
The Department of Customer Service (the department) reported a retrospective correction of a prior period error of $33.3 million understatement of the land titling database, which is a service concession asset managed by a private operator.
The 2021–22 audits identified five high-risk issues across the cluster:
- the department:
- control weaknesses in user access to GovConnect systems
- significant control deficiencies in information technology change management controls
- Rental Bond Board:
- legislation amendment required to better support the accounting treatment of rental bonds
- no delegation instrument to government officers authorising them to approve expenditures
- Service NSW:
- improvements required in the timeliness and quality of grant administration revenue assessment and controls over the recovery of grant administration costs.
Recommendations were made to address these deficiencies.
Fast facts
1. Introduction
This report provides Parliament and other users of the Customer Service cluster's financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
1.1 Snapshot of the cluster
1.2 Changes to the cluster
Administrative arrangements orders resulted in transfer of agencies, business divisions and a special deposit account
In 2021–22, 'Administrative Arrangements (Second Perrottet Ministry—Transitional) Order 2021', the 'Administrative Arrangements (Second Perrottet Ministry—Allocation of Acts and Agencies) Order 2021' and the 'Administrative arrangements (Administrative Changes—Miscellaneous) Order 2022' resulted in the transfer of the following:
- agencies, business divisions and a special deposit account from the department to the Department of Enterprise, Investment and Trade (DEIT):
- Independent Liquor and Gaming Authority
- Greyhound Welfare and Integrity Commission
- Liquor and Gaming NSW, a division of the department
- Responsible Gambling Fund, a special deposit account
- business divisions from NSW Treasury:
- Office of Small Business Commissioner to the department
- NSW Business Connect to Service NSW.
2. Financial reporting
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Customer Service cluster (the cluster) for 2022.
Section highlights
|
2.1 Cluster financial information 2022
Agency | Total Assets $m | Total liabilities $m | Total income* $m | Total expenses** $m |
---|---|---|---|---|
Principal department | ||||
Department of Customer Service | 1,998.1 | 2,923.2 | 2,231.3 | 2,022.4 |
Other cluster agencies listed in Appendix A of Treasury Direction TD21-02 | ||||
Long Service Corporation | 2,112.6 | 1,605.9 | 78.5 | 97.7 |
New South Wales Government Telecommunications Authority | 804.7 | 234.7 | 293.7 | 181.3 |
State Insurance Regulatory Authority | 486.6 | 292.6 | 624.7 | 551.7 |
Service NSW | 215.2 | 157.1 | 887.7 | 913.6 |
Digital Restart Fund *** | 240.7 | -- | 655.5 | 624.3 |
Rental Bond Board | 194.9 | 0.6 | 65.1 | 77.1 |
Independent Pricing and Regulatory Tribunal | 6.0 | 4.7 | 32.3 | 32.0 |
Office of the Independent Review Officer | 8.6 | 8.6 | 90.1 | 90.1 |
Information and Privacy Commission | 2.1 | 0.9 | 8.2 | 7.2 |
Immaterial agencies | 8.3 | 4.3 | 3.0 | 2.2 |
** Include other losses.
*** A special deposit account (SDA) that prepares a special purpose financial report on a cash basis.
Source: Agencies audited 2021–22 financial statements.
2.2 Quality of financial reporting
Audit opinions
Unqualified audit opinions were issued on agencies' financial statements
Unqualified audit opinions were issued on cluster agencies' 30 June 2022 financial statements. Sufficient and appropriate audit evidence was obtained to conclude the financial statements were free of material misstatement.
An 'other matter' was included in the Rental Bond Board's audit opinion
'Other matter' paragraphs are included in an agency's independent auditor's report for matters that have not been explicitly presented or disclosed by the agency in its certified financial statements. Whilst they do not constitute a qualification, they do highlight matters that are, in our judgement, relevant to Parliament's understanding of the audit.
An 'other matter' paragraph was included in the independent auditor's reports for the Rental Bond Board because the Rental Bond Board paid $4.6 million in operating expenses from the Rental Bond Interest Account without an authorised delegation from the Commissioner for Fair Trading. The Rental Bond Board did not comply with section 186 of the Residential Tenancies Act 2010 and section 5.5 of the Government Sector Finance Act 2018.
The number of identified monetary misstatements decreased in 2021–22
The number of monetary misstatements identified during the audits of cluster agencies' financial statements decreased from 46 in 2020–21 to 39 in 2021–22. A monetary misstatement is an error in amount recognised in the financial statements initially submitted for audit.
Reported corrected misstatements decreased from 33 in 2020–21 to 30 with a gross value of $406 million in 2021–22 ($418.9 million in 2020–21). Reported uncorrected misstatements decreased from 13 in 2020–21 to nine with a gross value of $31.8 million in 2021–22 ($78 million in 2020–21).
The table below shows the number and quantum of monetary misstatements for the past two years.
Year ended 30 June | 2022 | 2021 | ||
Corrected misstatements | Uncorrected misstatements | Corrected misstatements | Uncorrected misstatements | |
Less than $50,000 | 3 | 1 | 1 | 5 |
$50,000 to $249,999 | 3 | 2 | 4 | 2 |
$250,000 to $999,999 | 5 | 2 | 8 | 0 |
$1 million to $4,999,999 | 7 | 2 | 5 | 2 |
$5 million and greater | 12 | 2 | 15 | 4 |
Total number of misstatements | 30 | 9 | 33 | 13 |
Source: Engagement Closing Reports issued by the Audit Office of New South Wales.
Refer to Appendix one for details of corrected and uncorrected monetary misstatements by agency.
Of the 30 corrected monetary misstatements, 12 had a gross value of greater than $5 million (individually) and related to the following:
Agency | Description of corrected misstatements > $5 million |
Department of Customer Service |
The 2021–22 comprehensive revaluation of service concession asset (land titling database) identified that the valuation from 2019 to 2021 were overstated due to incorrect input in the valuation model. These errors were corrected retrospectively in the financial statements by:
The department corrected the misstatements arising from incorrect accounting of data centre head lease modification and the impact on data centre sub-lease arrangements relating to:
The department corrected the misstatements from equity transfer of certain assets and liabilities from the department to DEIT on 1 April 2022 relating to:
The department adjusted the incorrect transfer of funding from the department to the Digital Restart Fund (DRF) by:
The department wrote-off intangible assets that were no longer in use by:
The department adjusted the incorrect classification of costs from 'consultancy expenses' to 'fees and charges' by $5.1 million. |
Long Service Corporation | The liability for the Building and Construction Index scheme was understated by $11.3 million at 30 June 2022 as a result of applying incorrect demographic assumptions. |
New South Wales Government Telecommunications Authority (the authority) |
The authority corrected the classification of the unspent funding of $6.6 million from the Critical Communications Enhancement Program from contract liabilities to other liabilities. The authority corrected an understatement of $9 million revaluation increment in its interim revaluation of plants and equipment because of valuation indices movements. The authority adjusted an understatement of $6.3 million make good provision due to increase in costs estimates. |
Service NSW | Service NSW overstated its administration revenue by $3.1 million and incorrectly accounted $256 million grant administration revenue from administering economic stimulus and disaster recovery support programs as 'Sale of goods and services' under AASB 15 ' Revenue from Contracts with Customers'. The administration revenue was reclassified to 'Grants and contributions' under AASB 1058 'Income of Not-for-Profit Entities'. |
Digital Restart Fund (DRF) | The cash at bank balance at 30 June 2022 and total receipts during the year were reduced by $5.8 million due to incorrect transfer of funding from the department. |
Of the nine uncorrected monetary misstatements, two had a gross value of greater than $5 million (individually), which comprise the following:
Agency | Description of uncorrected misstatements > $5 million |
Department of Customer Service | The department incorrectly transferred funding to DRF, which is a special deposit account administered by the department, and posted an incorrect adjusting journal by recognising a receivable from DRF of $5.8 million. This should be adjusted to cash at bank instead as it is an error in bank transfer. |
Long Service Corporation (the corporation) |
The corporation reassessed when it should recognise building and construction levies as income, and when they are payable to the corporation under instalment plans. Legal advice obtained in 2021–22 supported the recognition of instalment plan levies as income entirely up front, whereas in previous years the corporation recognised the income in line with agreed instalment plans. Based on the new interpretation, the corporation's:
The corporation's net assets at 30 June 2022 are not impacted by the above misstatement. As the corporation assessed the $19.9 million to be immaterial, it was not corrected in its 2021–22 financial statements. Long Service Levies are payable under the Building and Construction Industry Long Service Payments Act 1986 at the rate of 0.35% of the value of building and construction of $25,000 or above. The levies are due and payable before work commences on the construction of the building. |
2.3 Timeliness of financial reporting
Early close procedures
Seven agencies did not submit or complete early close mandatory procedures on time
NSW Treasury introduced early close procedures to improve the quality and timeliness of year-end financial statements. In April 2022, NSW Treasury reissued Treasurer’s Direction TD19-02 ‘Mandatory Early Close as at 31 March each year’ (TD19-02) and released Treasury Policy and Guidelines TPG22-11 ‘Agency Direction for the 2021–22 Mandatory Early Close’. These pronouncements require the GSF agencies listed in Appendix A of TD19-02 to perform mandatory early close procedures and provide the outcomes to the audit team by 27 April 2022. The 17 mandatory procedures are listed in Appendix two.
Two of the nine agencies met the statutory deadline for submitting their 2021–22 early close financial statements and other mandatory procedures. Seven agencies either delayed their submission of certain early close mandatory procedures or did not complete certain early close mandatory procedures mainly due to significant delays in resolving accounting issues.
Agencies need to improve their completion of early close procedures
The following cluster agencies did not complete all mandatory early close procedures:
Cluster agencies | Not completed | Description of incomplete early close procedures |
Principal department | ||
Department of Customer Service | 3 |
Significant management judgements and assumptions Management has not updated the proforma financial statements with significant judgements and assumptions applied when estimating the following transactions and account balances, except for the valuation of land and buildings. The delay was caused by the following unresolved accounting issues at the time of completing early close procedures:
Finalise right-of-use assets and lease liability balances Management has not performed and documented their review of the department’s lease arrangements. This was due to delay in completing the impact assessment of:
Finalise assessment of all revenue contract Management's assessment of funding arrangements and agreements of appropriations (totalling $12.8 billion), and grants and contributions received during the period against TPP21-03 'Administered items', AASB 15 ' Revenue from Contracts with Customers' and AASB 1058 'Income of Not-for-Profit Entities', was incomplete. It did not include the supporting documents for the assessment and lacked analysis to justify its conclusion. |
Other agencies listed in Appendix A of TD19-02 | ||
Long Service Corporation | 1 |
Significant management judgements and assumptions A paper was not finalised on time for early close to support management's significant judgements and assumptions used when estimating the following transactions and account balances:
|
New South Wales Government Telecommunications Authority | 4 |
Fair value assessment of property, plant and equipment At early close, the authority did not complete an:
Revaluation of property, plant and equipment The authority did not apply relevant indexation to the equipment costs for certain assets as part of its interim valuation of plant and equipment to ensure net carrying amount of plant and equipment remain materially at fair value. Interim valuation could not be completed due to outstanding annual stocktake and impact assessment of natural disaster (for example, recent floods) on plant and equipment. Finalise right-of-use assets and lease liability balances The authority was in the process of migrating lease data from lease system 'Anaplan' to 'SAP RE' at early close and had not finalised its reconciliation between the two systems and the lease-related balances at early close. Significant management judgements and assumptions A paper was not finalised on time for early close to support management's significant judgements and assumptions used when estimating the following transactions and account balances:
|
State Insurance Regulatory Authority | 1 |
Finalise assessment of all revenue contracts Management did not complete its revenue assessment of the claw back of $90.6 million private insurers' profit under AASB 15 ‘Revenue from Contracts with Customers’ or AASB 1058 ‘Income of Not-for-Profit Entities’. |
Service NSW | 3 |
Inter and intra (cluster) agency transactions and balances Service NSW did not confirm the transactions and balances for amounts held on behalf of other agencies and administered items. Significant management judgements and assumptions Significant management judgements and assumptions applied for the following transactions and events were incomplete:
Finalise assessment of all revenue contracts Management has not performed and documented their review of Service NSW’s revenue contracts including the administration revenue of $171 million and $18.5 million grants from Digital Restart Fund. |
Rental Bond Board | 1 |
Material transactions are not supported by appropriate delegations The board did not have delegations in place to expend money from its Rental Bond Interest Account. |
Office of the Independent Review Officer | 2 |
Finalise right-of-use assets and lease liability balances Management did not finalise assessment of its new office accommodation arrangement with the Department of Customer Service against AASB 16 'Leases'. Prior year Management Letter and Engagement Closing Report Management was yet to address prior year Management Letter issues related to:
|
The review of agencies' early close procedures found more work needs to be done to ensure timely completion and submission of early close procedures, particularly relating to:
- documenting significant management judgements and assumptions
- finalising the impact assessment of revenue contracts
- finalising the assessment of right-of-use assets and lease liabilities.
Year-end financial reporting
NSW Treasury required all agencies to submit their financial statements by 1 August 2022
In June 2022, NSW Treasury issued a suite of Treasurer's Directions and Treasury Policy and Guidelines for 2021–22 financial reporting requirements and timetables:
- Treasurer's Direction TD21-02 'Mandatory Annual Returns to Treasury' (TD21-02) and Treasury Policy and Guidelines TPG22-16 'Agency Direction for the 2021–22 Mandatory Annual Returns to Treasury' require agencies listed in the Appendix A of TD21-02 to submit their 2021–22 financial statements to both NSW Treasury and the Audit Office by 1 August 2022.
- Treasury Policy and Guidelines TPG22-17 'Agency guidelines for the 2021–22 Mandatory Annual Returns to Treasury for NSW public sector agencies that are not included in TD21-02' requires NSW public sector agencies not listed in Appendix A of TD21-02 to submit their draft 2021–22 financial statements to NSW Treasury by 1 August 2022.
- Treasurer's Direction TD21-03 'Submission of Annual GSF Financial Statements to the Auditor-General' requires reporting GSF agencies that are not listed in Appendix A of TD21-02 to submit their annual financial statements for audit within six weeks after the year end.
The following agency obtained NSW Treasury's approval to extend submission of 30 June 2022 financial statements:
Cluster agencies | Revised deadline | Reason |
---|---|---|
State Insurance Regulatory Authority (SIRA) | 3 August 2022 | SIRA only received the actuarial valuation for its Insurer Guarantee Fund (IGF) on 1 August 2022. IGF represents a significant liability in SIRA's financial statements. |
On 2 August 2022, SIRA sought an extension from NSW Treasury to submit their financial statements until 3 August 2022. NSW Treasury approved the extension to 3 August 2022 through an email on 2 August and subsequent approval letter on 16 August 2022 pursuant to TD 21-02. It was unclear from the NSW Treasury approval whether this extension applied to the submission of the financial statements to both NSW Treasury and the Auditor-General.
Financial statements were submitted on time
Cluster agencies met the reporting deadlines for submitting their 2021–22 year-end financial statements. SIRA met NSW Treasury's extension timeframe.
The Government Sector Audit Act 1983 does not specify the statutory deadline for issuing the audit reports.
The table below shows the timeliness of the year-end financial reporting for cluster agencies.
Cluster agencies | 2021–22 Financial statements submission | Date audit report was issued |
---|---|---|
Department of Customer Service | ☑ | 2 November 2022 |
Long Service Corporation | ☑ | 23 November 2022 |
New South Wales Government Telecommunications Authority | ☑ | 14 October 2022 |
State Insurance Regulatory Authority | ⊖ | 7 October 2022 |
Service NSW | ☑ | 25 November 2022 |
Digital Restart Fund | N/A | 23 November 2022 |
Rental Bond Board | ☑ | 13 October 2022 |
Independent Pricing and Regulatory Tribunal | ☑ | 19 October 2022 |
Office of the Independent Review Officer | ☑ | 7 November 2022 |
Information and Privacy Commission | ☑ | 26 September 2022 |
NSW Architects Registration Board | ☑ | 27 October 2022 |
Board of Surveying and Spatial Information | ☑ | 20 October 2022 |
Recognition of $256 million administration revenue
Late resolution of the accounting of administration revenue resulted in misstatements and delays in financial reporting and audit
Service NSW and NSW Treasury signed project agreements for Service NSW to administer a range of economic stimulus and disaster recovery support grant programs in 2021–22.
Service NSW recognised $256 million as fee for service revenue under AASB 15 'Revenue from Contracts with Customers' in the financial statements submitted for audit. The administration revenue is related to the recovery of grant programs administration costs.
Grant project agreements were not reviewed by Service NSW to identify whether these agreements met criteria for revenue recognition under AASB 15 'Revenue from Contracts with Customers' or AASB 1058 'Income of Not-for-Profit Entities'. Subsequent discussions with NSW Treasury resulted in Service NSW changing the basis of accounting administration revenue from AASB 15 to AASB 1058. Service NSW reclassified administration revenue from 'Sale of goods and services from contracts with customers' to 'Grants and contributions' in the financial statements.
Refer to Chapter 3 'Audit observations' for further details.
Retrospective correction of prior period errors
Material prior period errors identified in the valuation of service concession asset
The department corrected a prior period error retrospectively in the financial statements. The department engaged an independent valuer to perform a comprehensive valuation of service concession asset (land titling database) at 30 June 2022.
In our review of the valuation report, we noted that one of the key valuation inputs, the staff number allocation to two of the registers in the land titling database, was incorrect in prior years which resulted in material prior period errors in the valuation of service concession asset.
The department obtained revised valuations for 2019 to 2021 from the valuer and corrected these misstatements in the financial statements in September 2022:
- Reduced the prior year comparative for service concession asset by $33.3 million.
- Reduced the prior year comparative for accumulated funds by $34.1 million.
- Increased the prior year comparative for asset revaluation reserve by $880,000.
- Increased the prior year comparative for other losses by $4.8 million.
- Decreased the 1 July 2020 accumulated funds by $29.4 million.
Last year, we recommended in our 2021 Management Letter that the department should establish an independent process to validate various inputs and assumptions provided by the service concession private operator in the valuation model such as total staff number and their allocation to the different registers. This information involved estimations and judgements applied by the service concession private operator.
Recommendation
We recommend the department:
- continue to enhance the data validating process of the valuation of service concession asset
- include the valuation of service concession asset as part of the early close procedures to reduce the risk of material misstatement in the financial statements.
Intra-government property leases managed by Property NSW
The changes in office accommodation arrangement with Property NSW resulted in derecognition of right-of-use assets and lease liabilities
Property NSW (PNSW) is responsible for managing most of the state government agencies' leased real estate property portfolio. During 2021–22, PNSW made some changes to its intra-government lease arrangements, including rewriting the standard client acceptance letter (CAL) to include a 'Relocation and substitution right' clause. This clause allows PNSW to relocate agencies to other locations and remove their right to control the use of the identified accommodations. As a result, the new CALs no longer constitute a lease under AASB 16 'Leases'. The changes became effective from 30 June 2022.
The department and Service NSW accepted the changes to their office lease arrangements with PNSW. The impact on the financial statements is included in the table below:
Cluster agency | Impact on the financial statements |
---|---|
Department of Customer Services |
|
Service NSW |
|
Going forward, these agencies will recognise the office accommodation payments as expenses in the Statement of Comprehensive Income. Agencies will continue to recognise the fit-outs and make good provisions.
2.4 Key financial statement risks
The table below details our specific audit coverage and response over key areas of financial statements risks that had the potential to impact the financial statements of significant cluster agencies.
Department of Customer Service
The Department of Customer Service delivers value by making or enabling sustained improvements to services in New South Wales. It aims to deliver excellence in customer service, digital leadership and innovation in government services, and safe and secure markets.
Key financial statement risk | Audit response | |
Service concession asset $848.8 million |
The department's service concession asset (land titling database) is managed by a private service concession operator. The department engaged an external valuer to value the land titling database. Our audit risk rating is higher because:
|
Our audit procedures included:
|
Administered duties and taxes revenue $41.9 billion Administered taxation and fines receivables $5.6 billion including $351.3 million allowance for impairment for taxation and fines |
The department's administered revenue consists of licences, taxes, levies and certain transfer payments for the Crown. Our audit risk rating is higher due to:
|
Our audit procedures included:
|
Service NSW
Service NSW makes it easier to access government services for people and businesses across NSW. Service NSW administers grants on behalf of other agencies to support individuals and businesses through bushfires, floods and the COVID-19 pandemic. These grants cannot be used for the achievement of Service NSW’s own objectives, therefore transactions related to the fund are not recognised as 'revenue', 'expense', 'assets' and 'liabilities' in the financial statements.
Key financial statement risk | Audit response | |
Note 24 Administered items Transfer payments received: $12.3 billion Administered expenses: $11.6 billion |
Service NSW disclosed the administered expenses paid for a range of economic stimulus and disaster recovery support measures in Note 24 Administered items in the financial statements. Our audit risk rating is higher because:
|
Our audit procedures reviewed management’s assessment of administered programs. The audit tested the design and implementation of key controls, substantive testing of transactions, and assessed the adequacy of financial statement disclosures against applicable Australian Accounting Standards. |
Long Service Corporation
Long Service Corporation (the corporation) administers a long service payments scheme for the building and construction industry in New South Wales.
Key financial statement risk | Audit response | |
The valuation of scheme liabilities of $1.6 billion |
The corporation's provisions include the expected benefit payments from the Building and Construction Industry Long Service Payments Scheme and the Contract Cleaning Industry Long Service Payments Scheme payable over the future working lifetime of current workers. Our audit risk rating is higher because:
|
With the assistance of an actuarial specialist, the audit evaluated the competence, capabilities and objectivity of the corporation’s actuary, and performed an overall assessment of the valuation methodology, key assumptions and models used to value the corporation's scheme liabilities. |
New South Wales Government Telecommunications Authority
The New South Wales Government Telecommunications Authority (the authority) delivers critical radio communications to first responders and essential services to keep people and places in New South Wales safe.
Key financial statement risk | Audit response | |
Property, plant, and equipment $521.5 million |
The authority's property plant and equipment consist of specialised plant and equipment and minor land and leasehold improvements. Our audit risk rating is higher due to the:
|
Our audit procedures included:
|
3. Audit observations
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Customer Service cluster.
Section highlights
|
3.1 Findings reported to management
The number of findings reported to management has decreased and 53% were repeat issues
Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.
In 2021–22, there were 64 findings raised across the cluster (93 in 2020–21). Fifty-three per cent of all issues were repeat issues (42% in 2020–21).
The most common repeat issues related to weaknesses in controls over information technology user access administration.
A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.
2021–22 audits identified five high-risk findings
High-risk findings, including repeat findings, were reported at the following cluster agencies.
Agency | Description |
2021–22 findings | |
Department of Customer Service Repeat finding: Qualifications and control deviations in GovConnect NSW controls assurance reports |
The department's Information Technology General Controls (ITGC) internal control assurance report was qualified. The Infosys ITGC report had three control deviations and Infosys payroll report had one control deviation. The qualification on the department's ITGC report was due to some ineffective controls to ensure all access to systems, applications and data is authorised and appropriate to the user’s job responsibilities during 1 July 2021 to 30 June 2022. The control deficiencies in ITGC increase the risk of:
While improvement was noted in the number of control deficiencies, the qualification in the department and control deviations in Infosys were repeated. Our 2021 Management Letter and 2021 Customer Service Auditor-General’s Report to Parliament recommended management to perform data analytics on GovConnect transactions. This recommendation was not implemented in 2021–22. This matter was assessed as high risk, because if not adequately addressed, it had the potential to result in material fraud and error in the department's financial statements and reputation damages. This issue is further discussed later in this chapter. |
Department of Customer Service Repeat finding: Change management significant control deficiencies |
Revenue NSW, a division of the department, has a key role in managing the State’s finances. It administers State taxes, manages fines, recovers State debt, and administers grants and subsidies. A key control over the IT change process is restricting or limiting the access of staff with system development responsibilities to the live business systems. This ensures appropriate segregation of duties, governance and integrity of the IT system change controls process. Bamboo is a tool used by management to release IT changes to the live business systems. We identified the following access control deficiencies within the Bamboo tool:
The audit assessed this matter as a high-risk management letter finding because it can significantly affect the integrity of tax calculation, business process approvals, invalid changes to bank accounts, unauthorised refunds and write-offs. While management have taken several steps to remediate this issue, the risk is still unresolved in the 2021–22 financial year. |
Service NSW New finding: Grant administration revenue recognition and cost recovery |
Service NSW administered a range of economic stimulus and disaster recovery support programs in 2021–22. Service NSW signed grant project agreements which had a requirement for the Secretary, NSW Treasury, to sign-off the finalised grant administration costings and funding source for the administration costs once they were determined. Service NSW recognised $256 million grant administration revenue and withdrew this amount of cash from a few administered bank accounts without NSW Treasury's approval in 2021–22. The audit identified significant controls deficiencies associated with Service NSW's administration and financial reporting of these programs. The accounting matter discussed above, and these control deficiencies, were assessed as high risk as it could result in material misstatements in the financial statements. This issue is further discussed later in this chapter. |
Rental Bond Board Repeat finding: Accounting treatment of rental bonds held in trust |
The board held rental bonds, totalling $1.8 billion at 30 June 2022 ($1.7 billion at 30 June 2021), paid by tenants to landlords for residential tenancies. The board continues to hold the rental bonds off-balance sheet and disclosed the rental bonds as ‘trust fund’. This treatment is based on management’s judgement that the board does not have control of the bonds. Previously the board obtained advice from the Crown Solicitors. They stated that in their view the rental bond funds held in the rental bond account were not moneys held in trust and the Residential Tenancies Act 2010 (the Act) should be reviewed and amended to better support its accounting treatment of rental bonds. The board has initiated the need to amend the Act, however the implementation of the legislative amendments is still pending. Our 2020 and 2021 Management Letters and Auditor-General’s Reports to Parliament raised this as a high-risk issue and the matter remains unresolved. This matter was assessed as high risk, as if not adequately supported, it had the potential to result in material misstatements in the board's financial statements. |
Rental Bond Board New finding: Delegation instrument for the Rental Bond Interest Account |
The Residential Tenancies Act 2010 established a Rental Bond Interest Account from which the board's operating expenses are paid. There is no delegation instrument from the Commissioner for Fair Trading (the Commissioner) to government officers authorising them to approve expenditure. The Rental Bond Board paid $4.6 million in operating expenses from the Rental Bond Interest Account without an authorised delegation from the Commissioner in 2021–22. This matter was assessed as high risk as this resulted in non-compliance with section 186 of the Residential Tenancies Act 2010 and section 5.5 of the Government Sector Finance Act 2018. This non-compliance is reported in the 2022 Independent Auditor’s Report as an ‘other matter’. |
The table below describes the common issues identified across the cluster by category and risk rating.
Risk rating | Issue |
Information technology | |
High: 2 repeat 1 Moderate: 1 new, 9 repeat 2 Low: 5 repeat 3 |
The financial audits identified opportunities for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with:
|
Internal control deficiencies or improvements | |
High: 1 new 1 Moderate: 6 new, 1 repeat 2 Low: 7 new, 2 repeat 3 |
The financial audits identified internal control deficiencies across key business processes, including:
|
Financial reporting | |
High: 1 repeat 1 Moderate: 4 new, 6 repeat 2 Low: 2 new, 3 repeat 3 |
The financial audits identified opportunities for agencies to strengthen financial reporting, including:
|
Governance and oversight | |
Moderate: 3 new 2 Low: 1 new, 1 repeat 3 |
The financial audits identified opportunities for agencies to improve governance and oversight processes, including:
|
Non-compliance with key legislation and/or central agency policies | |
High: 1 new 1 Moderate: 3 new, 3 repeat 2 Low: 1 new, 1 repeat 3 |
The financial audits identified the need for agencies to improve its compliance with key legislation and central agency policies, including:
|
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have, a negative impact on the entity.
3 Low risk from the consequence and/or likelihood of an event that has had, or may have, a negative impact on the entity.
Source: Management Letters 2022 issued by the Audit Office of New South Wales.
Internal control qualification and deviation matters repeated in GovConnect NSW
In 2021–22, Infosys and the department were co-providers of business processes and information technology services that constitute the GovConnect environment (GovConnect NSW).
The department has several roles in GovConnect. It:
- is the contract authority for the NSW Government and leads the project management of GovConnect services
- engages an independent service auditor (service auditor) from the private sector to perform annual assurance reviews of controls at GovConnect service providers in accordance with Australian Standard on Assurance Engagements 3402 'Assurance Reports on Controls at a Service Organisation' (ASAE 3402)
- is responsible for the remediation of control deficiencies and continuous improvement in the GovConnect internal control environment
- is a service provider in GovConnect and provides information technology services to GovConnect customers.
The controls assurance service auditor issued seven reports under the ASAE 3402 'Assurance reports on controls at the service organisation' covering business processes controls and ITGC provided by Infosys and the department. The department's ITGC internal control assurance report was qualified. Infosys ITGC report had three control deviations and Infosys payroll report had one control deviation. These control deviations did not result in qualifications in Infosys ITGC and payroll reports.
The qualification on the department's ITGC report was due to some ineffective controls to ensure all access to systems, applications and data is authorised and appropriate to the user’s job responsibilities during the reporting period. The qualification matters include:
- no evidence of approval over three user additions on the Windows network. These users did not have SAP accounts
- three user accounts and three generic account additions on the Windows network were not approved before access was provisioned. The user accounts had SAP accounts.
In 2020–21, the controls assurance service auditor issued eight ASAE 3402 reports and four of these reports were qualified. While improvement was noted in the number of control deficiencies in 2021–22, the qualification matter in the department and control deficiencies in Infosys were repeated.
Our 2021 Management Letter and Customer Service 2021 Auditor-General’s Report to Parliament recommended management to perform data analytics on GovConnect transactions. This recommendation was not implemented in 2021–22.
Recommendation
We recommend the department continue:
- uplifting GovConnect internal control environment to address control deficiencies and qualification matters
- developing data analytics to help analyse and identify high risk patterns and anomalies in GovConnect key transaction systems, augmenting their existing monitoring and detective controls.
Cyber security management requires improvement
Our audit assessed some aspects of cyber security governance and controls, including a subset of the Essential 8 Mitigation Strategies, as it relates to the risk assessment in financial statement audit. The NSW Cyber Security Policy (CSP) requires agencies to:
- implement these strategies
- report levels of maturity
- establish and report target levels of maturity. Maturity is measured on a four-point scale from Level Zero to Level Three.
The audit noted:
Audit Observations | Impact |
The department has yet to fully implement all Essential 8 Mitigation Strategies (Essential 8) | The Essential 8 is a series of baseline mitigation strategies taken from the 'Strategies to Mitigate Cyber Security Incidents' recommended for organisations. Implementing these strategies as a minimum makes it much harder for adversaries to compromise systems. |
The maturity level for several Essential 8 strategies is at Level Zero under the maturity model (revised in July 2021) | Maturity Level Zero indicates that there is a need for improved security controls to complement the existing mitigating controls. |
Management has engaged an external service provider to manage long outstanding system patches and is in the process of rolling out system patches. Patch management plan is currently being established. |
As patching addresses known vulnerabilities, leaving IT systems unpatched at the operating system, database or application levels increases the opportunity for attackers to exploit those known vulnerabilities. Patching is also used to provide system functionality updates and fix defects. The long outstanding system patches increase the risk of exploitation. |
These issues also apply to the Customer Service cluster agencies that rely on the IT services provided by the department.
Recommendation
We recommend the department continue:
- prioritising improvements to cyber security resilience as a matter of urgency
- implementing all Essential 8 Mitigation Strategies
- establishing a patch management plan and completing the roll out of long outstanding system patches.
Significant gaps identified in Service NSW's administration and financial reporting of grant programs
In response to the ongoing COVID-19 pandemic, severe storms and flooding, Service NSW continues to administer a range of economic stimulus and disaster recovery support programs. It paid $11.6 billion across 17 different programs in 2021–22, to support the people of New South Wales through these difficult times. The number and size of Service NSW's administered grant programs have increased significantly. In comparison, it paid $263 million across five programs in 2020–21.
The Audit Office acknowledges the significance of Service NSW's work in administering these programs and the speed with which many were implemented. The table below summarises our observations in the audit of Service’s NSW grant administration-related transactions and disclosures.
Key issues | Audit Observations | Impact |
---|---|---|
Accounting assessment of administered grant programs not performed promptly and with sufficient quality |
Late assessment of revenue resulted in misstatements The financial reporting implications associated with administering these programs was not assessed at early close, including whether it administered or controlled each program, and how it would account for the revenue for administering the programs. These assessments were not performed until requested by the audit. Grant project agreements were not reviewed by Service NSW’s finance team to identify whether these agreements met criteria for revenue recognition under AASB 15 'Revenue from Contracts with Customers' or AASB 1058 'Income of Not-for-Profit Entities'. Subsequent discussions with NSW Treasury resulted in Service NSW changing the basis of recognition of administration revenue from AASB 15 to AASB 1058. |
|
Funds withdrawn from administered grant programs without formal authorisation |
Withdrawal of funds without approval from NSW Treasury Many of the project agreements required the Secretary, NSW Treasury, to sign-off on the finalised costings and funding source for Service NSW's administration costs. Service NSW recognised $256 million in grant administration revenue and withdrew this amount of cash from bank accounts related to the administered grant programs without prior written sign-off from NSW Treasury. |
|
Approval to recover administration costs requested post 30 June 2022 |
Late request for approval to recover 2021–22 grant administration costs Service NSW did not write to the Secretary, NSW Treasury, for approval of its administration costs until late September 2022 when requested by the audit. In the letter to NSW Treasury, Service NSW requested approval to recover $252 million administration costs from the grant appropriations given to administer grant programs. The Secretary, NSW Treasury, advised Service NSW that the administration costs it had incurred were reasonable and within an expected range of a program's administration expenditure on 21 November 2022. |
|
Lack of a robust grant administration cost allocation methodology |
Unable to quantify administration costs for each grant program Service NSW had no documentation to support its cost allocation methodology and only prepared assessment at the request of the audit. The methodology to allocate administration costs to different grant programs was not robust, and Service NSW did not have the financial controls, systems and processes to enable it to accurately quantify the costs incurred in administering each program. The methodology was heavily reliant on high-level judgements and assumptions. |
|
Overpayments in administered grants are being reviewed and recovered |
System errors resulted in overpayments Overpayments of grants were caused by system errors where payments were incorrectly triggered more than once. Service NSW is currently reviewing these exceptions before commencing funds recovery. |
|
Recommendation
We recommend Service NSW:
- resolve the significant matters noted above as a matter of urgency
- identify the root causes of control breakdowns
- remediate the gaps in the current policies, systems and processes in administering and financial reporting of grant programs.
Quality and timeliness of accounting assessment for key accounting matters need improvement
NSW Treasury Policy and Guidelines TPG22-11 ‘Agency Direction for the 2021–22 Mandatory Early Close’ requires agencies to document in accounting papers where transactions and balances involve significant management judgements and assumptions.
During the year, there were significant delays in completing the accounting papers to support its accounting treatment of significant transactions and events.
The department did not assess or complete the accounting assessment of the following transactions at early close:
- Funding received for stimulus packages and some whole-of-government initiatives and programs.
- Lease modification resulted from data centre lease contract renegotiation which was signed in September 2021. The accounting paper was provided in June 2022, some nine months since the accounting event.
Service NSW did not perform adequate accounting analysis of revenue contracts including project administration revenue and the accounting treatment of recovery of fraudulent and non-compliant grants at early close, and before submission of financial statements to audit. This has resulted in misstatements and significant audit delays. The accounting paper was provided in August 2022, a year after some of the COVID-19 programs had commenced.
In reviewing the accounting papers, the audit noted that:
- they did not contain sufficient analysis of the transactions against relevant accounting standards and NSW Treasurer's Directions
- accounting of transactions arising from the arrangement were not clearly documented and analysed including their impact on the financial statements
- supporting contracts/agreements and relevant documentation were not provided together with the accounting papers.
The late resolution of accounting issues resulted in material misstatements in the financial statements and significant delays in completing the audit.
Recommendation
We recommend the department and Service NSW:
- implement a process in identifying significant accounting issues, and assign clear responsibilities over assessment and reporting
- improve the timeliness and quality of accounting papers to support accounting treatment by early close
- ensure all analysis is well-supported and audit trail is kept for review purpose.
Data analytics in accounts payable and payroll identified control deficiencies
As part of our audit of the department, we integrated the use of data analytics into the audit approach. We performed data analytics over aspects of payroll, procurement and accounts payable activities. This helped us to highlight anomalies or risks in those data sets that are relevant to the audit of the department, and plan testing procedures to address those risks. Data analytics also assisted us in providing an insight into the internal control environment of the department, highlighting areas where key controls are not in place or are not operating as intended by management.
Controls over accounts payable master data require improvement
Our data analytics for the period 1 July 2021 to 30 April 2022 highlighted:
- 292 different vendors with the same Australian Business Number (ABN). Of the 292 instances, 281 had similar names and 11 were related to instances where the companies have merged or been acquired
- 1,174 vendors with blank ABNs
- 64 vendors with the same name and more than one vendor number.
Maintaining accurate and up-to-date accounts payable master data is important, as this helps to mitigate the risk of fraud and duplicate payments. Our analytics highlighted 18 instances of potential duplicate payments. Seven were confirmed by the department as duplicate payments. Management’s action to recover these overpayments has commenced. These duplicate payments occurred because multiple instances of the same supplier exist within the master data. Current controls cannot confirm if the invoice had already been paid where a separate purchase order and goods receipt were raised for the duplicate invoice.
The timeliness of raising purchase orders and making payments require improvement
Our data analytics for the period 1 July 2021 to 30 April 2022 highlighted that:
- 5,247 invoices or 30.1% of invoices were not paid within 30 days from invoice date. Of these invoices, 5.2% were identified in the department’s finance system as being payments to small business suppliers
- 2,832 purchase orders or 16.9% of purchase orders raised were after the invoice date
- 5,397 invoices or 31.8% of invoices were paid without a purchase order.
Purchase orders help to ensure expenditure is committed and approved by delegated officers prior to expenditure being incurred, and key purchasing terms, including price, are agreed up-front with suppliers. Using purchase orders can also speed up the payment process because pre-approval has been obtained for the purchase, and the accounts payable team can more easily identify the officer responsible for authorising receipt of the good or service. To this end, NSW Treasury Circular TC11/12 requires agencies to pay small business suppliers within 30 days for goods and services (unless an alternative time period is provided) or else automatically pay interest on the amount outstanding.
These matters have been referred to the department for further investigation.
Employees' excessive overtime hours need close monitoring
Our data analytics for the period 1 July 2021 to 30 April 2022 highlighted 135 employees with overtime hours exceeding 120 hours for the period.
Recommendation
We recommend the department:
- address the control exceptions noted in the audit’s data analytics for procurement, accounts payable and payroll
- implement similar data analytics on financial information to enhance detection controls and reduce the risk of material misstatements in the financial statements.
Appendices
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.