Report snapshot
About this report
Internal controls are key to the accuracy and reliability of agencies’ financial reporting processes. This report analyses the internal controls and governance of 26 of the NSW public sector’s largest agencies for the 2023–24 financial year.
Findings
There are gaps in key business processes, which expose agencies to risks. These gaps are identified in 121 findings across the 26 agencies—including 4 high risk, 73 moderate risk and 44 low risk findings. All four high-risk issues related to IT controls and 19% of control deficiencies were repeat issues. Thirty-five per cent of agencies had deficiencies in control over privileged access.
Shared IT services
Six agencies provide IT shared services to 120 other customer agencies. All six had control deficiencies—three of these were high risk. Four agencies provide no independent assurance to their customers about the effectiveness of their own IT controls.
Cyber security
Eighteen agencies assessed cyber risk as being above their risk appetite. Fourteen of these agencies had not set a timeframe to resolve these risks and two agencies have not funded plans to improve cyber security.
Fraud and corruption control
Agencies need to improve fraud and corruption control. Instances of non-compliance with TC18-02 NSW Fraud and Corruption Policy were identified, including gaps such as a lack of comprehensive employment screening policies and not reporting matters to the audit and risk committee.
Gifts and benefits
Management of gifts and benefits requires better governance and transparency. All agencies had policy and guidance but all had gaps in management and implementation—such as not publishing registers nor providing ongoing training.
Information Technology
Nine agencies did not effectively restrict or monitor user access to privileged accounts.
Recommendations
The report makes recommendations to agencies to implement proper controls and improve processes in relation to:
- organisational processes
- information technology
- cyber security
- fraud and corruption, and
- gifts and benefits.