Performance audit insights: key findings from 2014-2018

Overview

A report released today by the Auditor-General for New South Wales, Margaret Crawford, presents key findings from four years of performance audits. The report findings are presented around six areas of government activity including planning for the future, meeting community expectations for key services, investment in infrastructure, managing natural resources, ensuring good governance and digital disruption.

Executive Summary

In this report, we present common findings and lessons from the past four years of performance audits, and offer insights to the public sector on elements of effective performance. We have analysed the key findings and recommendations from 61 performance audits tabled in the NSW Parliament between July 2014 and June 2018, spanning varied areas of government activity. We will also use this report to help determine areas of unaddressed risk across all parts of government, and to shape our future audit priorities.

1. Key findings

Planning for the future

To respond to the range of citizen needs for the future, government agencies need to take a long term, whole-of-government and inter generational view in forecasting future requirements for services and infrastructure. Over the past four years, our audits have found examples where a lack of long term planning has led to unmet demand for programs and services, as well as gaps in service capability. Governments also need to ensure that service providers and staff have the information and resources they need to adapt to changes in the way programs and services are being delivered.
In future audits, our assessments of agency effectiveness will continue to include whether programs and services are likely to meet future needs, as well as their effectiveness in meeting current demand.

Meeting community expectations for key services

Service delivery models are changing. One key change is that government agencies are increasingly moving to commissioning and partnership models with external providers. Some of our audits have found that agencies need to be more effective system stewards by clearly defining the objectives of these approaches, and ensuring the responsibilities of each party are clear. We have also found instances where agencies cannot demonstrate that these arrangements are delivering better value or quality. This is because many agencies do not measure and evaluate the outcomes of their services and initiatives – whether they are delivered in-house or by external providers.

In the context of governments changing the way they deliver services, consultation with stakeholders is essential. Our audits identified several areas where governments can engage more effectively with stakeholders from planning through to delivery stages.

We will continue to highlight instances where measurement and evaluation has been incomplete or absent, where there is scope for greater oversight of outsourced services, or where the perspectives of stakeholders have not been fully considered. Our ongoing ability to do this is affected by our ability to 'follow the dollar', and assess the use of public money by non-government and private sector organisations that are commissioned by government to deliver programs and services. We currently do not have this mandate.

The scale of investment in infrastructure

The NSW Government’s 2018–19 Budget forecasts an $87.2 billion infrastructure investment program over the next four years. Infrastructure investment of this size carries significant opportunities and risks. The government's guidelines on business case development highlight why they are a fundamental feature of planning for infrastructure:

The NSW Government must ensure capital related resource allocation decisions are well timed, offer value for money, provide sound management of risks and are consistent with government priorities and objectives.

Some of our audits have identified infrastructure projects that do not adhere to these guiding principles. In some instances, the actual costs and benefits of particular projects were significantly different from the business case as a result of flawed, rushed or incomplete analysis.

In addition to developing a sound business case, obtaining independent assurance for major projects is critical to ensure that risks are appropriately managed, and that the public is getting value for money.

In future audits, we will continue to assess the justification for and planning of major infrastructure projects. We will be looking to see compliance with all assurance processes for capital works, and business cases that prove more accurate in implementation.

Managing the environment and natural resources

Effective regulation of activities impacting on the environment and natural resources should meet legislative and policy obligations, and seek to balance competing interests. Our audits have highlighted that regulation activities do not need to equate to more red tape, but should be based on effectively identifying and managing risk, as well as regular evaluation and review of their outcomes.

We will continue to look at how effectively the use of natural resources and the environment is being managed through regulation. In line with our focus on long term planning, we will also be assessing whether the use of crucial resources, such as drinking water, is being managed sustainably – taking population growth and change into account.

Ensuring good governance and transparency

The frequency of our recommendations relating to governance demonstrates that this is an area where governments need to improve. Good governance and transparency are fundamental principles that government entities need to prioritise in all aspects of their work. The core principles of good governance are well established, and are clearly set out in our 2015 'Governance Lighthouse' framework. Various public sector resources and policies also outline the processes to ensure effective oversight and accountability.

Nevertheless, we have identified several common gaps in the governance arrangements of NSW Government entities. These include inconsistent risk management practices, lack of consistency or transparency in decision making, low compliance or inadequate frameworks for managing due diligence and conflicts of interest, and lack of clarity in strategic purpose or direction. Gaps in the oversight of outsourced programs or services, including commissioning and partnerships, is also an increasing concern.

Effective record keeping is a legislative requirement and is fundamental to good governance. In line with our ongoing focus on accountability, we also expect to see higher levels of compliance with standards in this area.

Responding to digital disruption

Digital disruption can present particular opportunities and risks for governments. Reliable data can generate creative responses to persistent problems, facilitate joined-up service delivery, and drive contestability through new providers and business models.

Our audits have highlighted that as the volume of data relating to government activities and citizens increases, agencies need to do more to assure the security of data. Working collaboratively across the sector helps agencies identify opportunities to leverage data, as well as better identify and manage cyber security threats.

Cyber security should be at the centre of public sector engagement with technology, and our audits have highlighted some critical problems in this area. Service disruption, theft of information, cyber attacks and fraud are all real and present risks that can have significant impacts on the community, as well as undermining trust in government. We will regularly report on cyber risks and security as part of our program, and will be looking to see significant improvements compared to current and past practice.

This diagram highlights the key findings from performance audits from 2014-2018.  The six key themes for these are planning for the future, meeting community expectations for key services, the scale of investment in infrastructure, managing the environment and natural resources, ensuring good governance and transparency and responding to digital disruption

1. Introduction

1.1 Insights from performance audits

This report presents an overview of key findings arising from performance audits tabled in the NSW Parliament since July 2014. Performance audits determine whether State or local government entities carry out their activities effectively, are doing so economically and efficiently, and in compliance with all relevant laws.

The activities examined by a performance audit may include a government program or service, all or part of an audited entity, or more than one entity. Performance audits can also consider issues which affect the whole state sector and/or the whole local government sector. Through their recommendations, performance audits seek to improve the value for money the community receives from government services.

In this report, we have considered the key findings and recommendations of our performance audit reports from the past four years. We analysed the findings and recommendations from 61 performance audits tabled between July 2014 and June 2018, across many areas of NSW Government activity.

The purpose of this report is to highlight common issues and themes emerging from our performance audit findings, to help State and local government entities learn from and respond to challenges faced by different parts of government. We will also use the findings from this report to help identify key areas of unaddressed risk, and to shape our future audit priorities.

Our findings in this report are presented around six key areas of risk. These areas will also guide the focus of our future audit program:

  • planning for the future
  • meeting community expectations for key services
  • the scale of investment in infrastructure
  • managing the environment and natural resources
  • ensuring good governance and transparency
  • responding to digital disruption.
group of people

2. Planning for the future

Governments play an important stewardship role. Their decisions need to consider intergenerational equity by ensuring that investment strategies are sustainable. Governments also need to consider the impact of their decisions on different parts of the community. We recognise that governments face challenges in delivering programs and services, targeting complex social issues with finite resources.

Governments are changing how they deliver services to respond to citizen needs and deliver greater value for money. In this section, we reflect on audits that looked at how government entities are planning their activities to meet the needs of the community into the future.

People from lots of nationalities with heads facing inwards as in a huddle

2.1 It is important for government entities to:

Understand and plan for future needs

Effective plans to respond to future needs are supported by detailed data on how programs and services are being used now, and how they are projected to perform into the future. They also maximise the use of existing resources, and look to innovative ways of managing demand.

Some of our audits have highlighted elements of successful strategies to plan for future demand and need. These include:

  • defining clear aims and performance targets for initiatives
  • using data to test and validate assumptions
  • coordinating planning within and between agencies
  • seeking expert input
  • seeking stakeholder input in planning and implementation.

A strategy needs adequate administrative oversight and resourcing to ensure its aims are given priority. It also needs to be regularly revisited and kept up to date, based on actual results compared to predicted trends, and to reassess any changes to community needs.

Our audit on 'Planning for school infrastructure' (2017) assessed the Department of Education's Strategic Plan to deliver fit-for-purpose student learning spaces up to 2031. The report concluded that this plan was robust, and benefited from expert input and validation of assumptions, proposed solutions and costs.

Look to examples of good practice

In planning for future activities, government entities should consider lessons from their own past practice, as well as that of other parts of government.

Some of our audit reports have presented principles for better practice that other agencies can consider in their work – particularly in the area of future planning and preparedness. These include:

  • ‘Building the readiness of the non government sector for the NDIS’ (2017) outlined principles to be considered in building the capability of the non government sector to deliver services on behalf of government
  • ‘Security of critical IT infrastructure’ (2015) highlighted lessons to assist agencies improve security practices for managing IT infrastructure.
Box 2.1. Examples of audit recommendations
Several of our audits have recommended ways to help agencies understand and plan for future needs.
Planning for school infrastructure (2017)
We recommended that a strategic plan needs to be regularly revisited and evaluated to ensure it reflects current priorities. We also noted a need for collaboration with the community and other stakeholders on implementation of the plan.
Planning and evaluating palliative care services in NSW (2017)
Our audit recommended that policy frameworks should outline service priorities, define objectives, set performance targets, and support workforce planning and funding allocations.
The Office of Strategic Lands (2017)
To support this entity to achieve its goals, we recommended that an integrated business plan should incorporate outcome based performance measures and financial modelling including resourcing for long term sustainability.
Passenger rail punctuality (2017)
We recommended that improving the measurement of key outcomes, and defining growth trends, will improve the accuracy of demand predictions. It is also necessary to adjust demand management strategies based on actual results compared to predicted trends.
 

Prepare service providers and staff for their changing roles

When agencies change or expand the types of programs they offer, specialist or frontline staff may need support to build their capability to deliver them. Our audits have found that this could include offering training, leadership development and mentoring programs. Effective performance management frameworks are essential, because they identify organisational development needs and allow staff the opportunity to engage constructively in improving their capability.

For government entities transitioning services to non government service providers, there is a need to ensure that the new providers can maintain the existing level of service. We have identified some factors important for building capability of the non government sector. These include allowing time for the service providers to develop capacity, and providing tailored support where necessary, such as one-on-one support. To determine if the service transition has been effective, agencies also need to define desired outcomes and collect performance data before commencing, to allow comparison.

Our audit of 'Building for the readiness of the non-government sector for the NDIS' (2017) outlined eight important principles for building the capability of the non-government sector.

Box 2.2. Examples of audit recommendations
Our audits have recommended ways that agencies can better prepare for changes to services and roles.
Managing demand for ambulance services (2017)
Our audit recommended that staff need support to be as well prepared as possible for their contemporary roles. This could include strengthening performance and development practices, such as mentoring programs.
Building the readiness of the non government sector for the NDIS (2017)
We recommended that continued focus on building capacity and capability in the non government sector should prioritise potential service gaps, as well as those providers needing additional support or assistance.
Public sector management reforms (2016)
We recommended that, to support agencies through a major reform, proactive communication about objectives, outcomes, and anticipated benefits of the reform are essential. This needs to be timely and explain the rationale behind the changes.
Performance frameworks in custodial centre operations (2016)
We recommended that in adopting a commissioning approach, consultation occur with private and public service providers on outcomes, output, and performance requirements.
Transferring out of home care to non government organisations (2015)
We recommended that agencies should have up to date policies and procedures to guide service delivery, as well as aligning the service funding model to support defined outcome measures and performance targets. 
 

3. Meeting community expectations for key services

State and local government exist to provide services to citizens, and citizens are playing a greater role in defining what services they want or need. Expectations about consultation, ease of access, timeliness, and customisation of services are rising. Governments face challenges to continually improve the way they plan and deliver services to meet these expectations. Governments also need to provide quality services for a growing and ageing population whilst working within a constrained financial environment.

Over the past four years, our performance audits have assessed aspects of State and local government services, including education, health services, disability support, corrective services, and many others. In this section, we draw together common findings that government entities should reflect on when providing services to the community.

Family on a beach on sunny day

3.1 It is important for government entities to:

Put people at the centre of service planning

As service delivery models change, government entities are increasingly referring citizens to external service providers. However, our audits have found that agencies can do more to ensure these services are accessible, and achieving quality outcomes for the people who use them.

Our audit on 'Transferring out-of-home care to the non-government sector' (2015) found the agency needed to determine what wellbeing outcomes it wanted to achieve, such as improvements in a child's health, education and welfare. A quality assurance framework for providers covering these outcomes was not in place.

We identified that service providers could do more to conduct analysis to identify service gaps, build capacity and capability within their service, and maximise the accessibility of services to meet a range of needs and locations. In some cases, we found a lack of clarity about which organisation had primary responsibility for providing support or services.

Our audit on 'Reintegrating young offenders into the community after detention' (2016) found that some citizens struggled to access services in a timely way.

Our audits have found that issues with service access, quality and outcomes can affect some people more than others. The most frequently identified groups included Aboriginal and Torres Strait Islander peoples, culturally and linguistically diverse communities, people in regional and rural areas, and people with complex needs like mental illness, developmental issues, involvement in the criminal justice system, or problems finding and keeping housing.

Box 3.1. Examples of audit recommendations
Our audits have made recommendations to help ensure services are reaching those who need them.
Therapeutic programs in prisons (2017)
Recidivism rates in New South Wales and across Australia are high. We recommended that a systematic approach to the use of data be used to ensure that gaps in access to or availability of services can be identified and addressed.
Early childhood education (2016)
We recommended that targeted funding could be used to increase opportunities for disadvantaged children to enrol in education services before starting kindergarten.
Transferring out of home care to non government organisations (2015)
We identified that some Aboriginal and Torres Strait Islander communities lacked access to out-of-home care services, and recommended that a collaborative strategy was needed to improve access in these communities.

Coordinate efforts with other organisations working towards shared goals

Governments across Australia and globally are increasingly moving to commissioning and partnerships with non government and private providers to deliver programs and services. These models aim to achieve better outcomes by improving efficiency, and diversifying knowledge and expertise.

When transferring services to non government or private providers, it is critical that government entities know what they are trying to achieve. In many cases our audits identified that the aims were not well defined, and as a result it was difficult to assess any impact or improvements resulting from the changes. We also often found gaps in the allocation of responsibility to deliver and monitor the outcomes of a service or program.

Our audit of 'Energy rebates for low income households' (2017) highlighted that oversight of external partners provides assurance for the use of public funds, and reduces the risk of fraud.

Formal contracts or service agreements with external partnerships or commissioned services provide an important accountability mechanism. These instruments should specify the required level of service, conditions placed on any expenditure of government funds, clear performance measures and targets, and reporting requirements.

Our audit of 'Sydney region road maintenance contracts' (2017) outlined a better practice contract management framework, including key elements for effective partnerships with external providers.

Entities can also consider incentives and penalties to manage under performance and improve outcomes. Weaknesses in agreements were commonly noted in our audits, including instances of contract variances, delays, and penalties not being upheld.

Box 3.2. Examples of audit recommendations
Our audits have made recommendations for agencies to improve the way they work with external partners and service providers.
Shared services in local government (2018)
To increase opportunities for government entities to use shared service arrangements, we recommended there was a need for structured guidance on the risks and opportunities of shared service governance models, including legal requirements, transparency and accountability.
Monitoring food safety practices in retail food businesses (2016)
We recommended a higher level of monitoring and oversight of activities conducted by local councils and other enforcement agencies, as well as validation of third-party data. This would increase confidence in and accountability for the reported performance figures.
Community housing (2015)
Our audit recommended that contracts should include measurable targets and outcomes for service provider performance. Longer contracts, and public reporting on investment strategies, can allow service providers to align their investment priorities to deliver good outcomes.
Sydney metropolitan bus contracts (2015)
Our audit recommended that a purchaser provider model should have clear separation of accountabilities. Contracts should include relevant and measurable performance targets, as well as incentives and penalties based on performance.    

Involve stakeholders from start to finish

The interests of relevant stakeholders are playing an increasing role in the development of government services or programs. Stakeholders can include the general community, service end users, representative or advocacy groups, consumer groups, non government organisations, private sector entities, and other government agencies.

To effectively engage with stakeholders, our audits have identified the need for a coordinated agency wide, or issue specific, strategy for consultation. This can help to improve the consistency of consultation across services or programs run by a government entity. Our audits have found that engagement should start early during the planning stages, and continue through the life of the project, including during evaluation. This can enable entities to refine their approach, make changes where needed, and to strengthen future decision making.

Our audit 'Planning and evaluating palliative care services in NSW' (2017) found that stakeholder engagement could be improved by developing a publicly available strategy which brings together current activity and good practice.

Some of our audits highlighted innovative ways government entities can engage with the community to encourage better interactions with government services. In our audit of ‘Passenger rail punctuality’ (2017) we noted that the growing field of work on behavioural insights could contribute to greater understanding about citizens' motivations for their public transport use, and offer insights into how to encourage passengers to reduce demand during peak service times.

Box 3.3. Examples of audit recommendations
Our audits have recommended ways that agencies could better engage with relevant stakeholders.
Assessing major development applications (2017)
In order to increase the transparency of decision making, we recommended greater public involvement through forums and consultation meetings.
Supporting students with disability in NSW public schools (2016)
We recommended that services should offer clearer information on what support is available, including at the agency level and for individual schools. More consultation was needed with stakeholders such as carers and families on what was being done to meet the needs of students.
Community housing (2015)
While significant work was done to engage with the community housing sector, we recommended that an integrated strategy would provide guidance for engaging with external service providers, and to assist when setting measurable performance targets.
Mental health post-discharge care (2015)
We recommended that continuity of service and consumer-centred decisions should inform policy and processes for service models, with specific focus on partnerships with external service providers and ensuring timely follow-up of citizens transferred between providers. 

Measure and evaluate outcomes 

Without measuring and evaluating outcomes, government entities cannot show taxpayers that programs or services are achieving their objectives. Many of our audits have found gaps in the way that NSW Government agencies have defined and assessed their activities to demonstrate effectiveness. Some key examples include:

  • absence of defined objectives and appropriate and measurable outcomes
  • inadequate or absent performance targets
  • lack of routine processes for monitoring and measuring outcomes
  • insufficient data to compare before and after implementation.

In several cases these gaps limited our ability to form a conclusion about whether the entity had made good use of public funds. This is an area where many entities need to focus further attention.

Addressing these gaps will allow government entities to track progress and achievements, fill gaps in a service, understand trends, and plan for future service enhancements. Where possible, performance should be measured and evaluated across different levels within the program or service including at a system level, for frontline units, and for groups of service users.

We have outlined a better practice performance management framework, including strategies to improve the measurement and assessment of performance. The NSW Government has also developed guidelines and resources, such as the Evaluation Toolkit, for agencies to support structured program evaluation.

Our audit 'Performance frameworks in custodial centre operations' (2016) described a better practice performance management framework, including a range of strategies to improve the measurement and monitoring of performance.

Box 3.4. Examples of audit recommendations
Many of our audits have recommended ways for agencies to improve their performance measurement.
Performance frameworks in custodial centre operations (2016)
In moving to a commissioning model for the service, we recommended that the performance framework could be expanded to include both system level performance indicators and targets for individual centres.
Implementation of the NSW Government's program evaluation initiative (2016)
We recommended that outcomes of major program evaluations should be used to assess funding proposals for continuing or modifying a program. It should also guide the advice to the State government to support evidence based investment decisions.
Supporting students with disability in NSW public schools (2016)
We recommended that monitoring performance against a framework to assess individual schools, and from a state wide perspective, would help to improve reporting on outcomes for students.

4. The scale and investment of infrastructure

The NSW Government’s 2018–19 Budget forecasts an $87.2 billion infrastructure investment program over the next four years. Infrastructure investment of this size carries significant opportunities and risks. Competition for resources is high and maintaining the capability to manage and deliver projects effectively is challenging. Governments also need to plan effectively to ensure infrastructure built today will meet future needs.

Over the past four years, we have looked at some of the ways NSW Government agencies justify and prioritise projects for funding, work with contractors to deliver projects, and track and report on progress. In this section, we draw together common findings from our audits that government entities should consider when planning future infrastructure projects.

middle of the city on a road with a blur of buildings and lights surrounding the main road image

4.1 It is important for government entities to:

Prioritise projects with sound justification

The future infrastructure needs of the community are complex, and require governments to balance competing priorities and finite resources. Some of our audits have identified that not all infrastructure projects are well timed based on analysis of need, offer value for money, or exhibit sound management of risks. Robust and accurate analysis demonstrating a clear need and value for money should guide decisions on which projects will proceed.

Our audit of 'CBD and South East Light Rail Project' (2016) found that all major projects in NSW should comply with the Infrastructure Investor Assurance Framework to guide the project planning and procurement.

Several of our audits highlighted gaps in the processes used to justify infrastructure projects. Incomplete or flawed needs analyses, business cases or project plans can result in inaccurate proposals that over estimate the benefits, or under estimate the costs of a project. In some cases, the actual costs and benefits of a project were significantly different from those in the original justification.

Guidelines are in place providing agencies with an objective process for developing a case and deciding to proceed with a project. These include central gateway policies and investor assurance frameworks. Agencies should prioritise those projects with strong justification, to maximise value for the public.

Box 4.1. Examples of audit recommendations
Our audits have recommended that agencies define priorities and ensure projects are adequately supported.
WestConnex: Assurance to the government (2014)
For all major capital programs, we recommended that governance and assurance frameworks should be in place from the beginning. We also recommended that business cases and any significant scope changes need to be formally and thoroughly assessed.
Albert ‘Tibby’ Cotter Walkway (2015)
Our audit recommended that compliance with capital program assurance requirements is important to provide assurance that costs and benefits are justified, including for unusually short timelines. Robust analysis should be prepared and externally reviewed prior to any public announcement of a project.
Planning for school infrastructure (2017)
To support infrastructure asset planning, we recommended that a strategic plan should align with asset management plans, and be regularly updated to refine funding priorities based on outcomes.

Follow processes for external review and assurance

Processes for assurance and oversight are required for agencies to keep major infrastructure projects on track and on budget. These include gateway or milestone review stages, to provide an opportunity for external review of progress and next steps.

Independent review is critical at every stage of a major project to assure that risks are appropriately managed, and that the government is getting value for money. However, our audits have found that some of these reviews are not happening, or are missing key elements.

We found gaps at the preliminary business case and project justification stage. Our audits highlighted instances where preliminary analyses were not externally reviewed, or where business cases were not reviewed until after funding approval had been granted. Early external review can help to ensure a project has strong justification and appropriate estimation of costs and benefits, and to pre empt potential issues in later stages.

Our audit of 'Large construction projects independent assurance' (2015) found that, for projects costing over $10 million, only 30 per cent of mandatory early milestone reviews were being completed.

We also identified gaps in external reviews occurring during later stages of planning and delivery, and in the review of any changes to project scope. Our audits have highlighted that scope variations were not always subject to the same level of oversight as the initial approval, and as a result risked delays or cost increases.

Box 4.2. Examples of audit recommendations
Our audits have recommended ways for agencies to improve the assurance practices used for major infrastructure projects.
NorthConnex (2017)
Our audit recommended that the timing of key assurance stages including business case review needed clarification, to ensure that necessary external reviews are obtained at key stages of the project.
CBD and South East Light Rail Project (2016)
Planning and procurement during the initial stages of a project must complete all necessary assurance steps to ensure value for money. We recommended that all capital projects should comply with the Infrastructure Investor Assurance Framework.
Large construction projects: independent assurance (2015)
Our audit recommended that independent assurance should include greater focus on project risk at each stage, as well as additional processes for assessing major scope variations.

Ensure new delivery models are supported by good governance

Increasingly governments are entering into complex partnerships with the private sector to deliver infrastructure. Innovative approaches to deliver major projects can potentially improve outcomes for service users, deliver better value for money, or deliver within shorter timeframes. However, our audits have highlighted that these approaches can also increase risk, making it especially important that necessary probity and assurance elements are not overlooked.

Our audit of 'CBD and South East Rail Project' (2016) highlighted that third-party agreements affecting the design and scope of works need to be finalised before signing a major contract for project delivery.

Several of our audits found that sometimes these necessary elements are missing or inadequate when setting up new partnerships. For example, making sure contract obligations are well defined and that all necessary details are finalised before contracts are signed. Lack of clarity can lead to reduced oversight or accountability of the partnership, and also risks affecting project delivery timelines or budgets.

Box 4.3. Examples of audit recommendations
We have recommended ways that agencies can encourage strong governance to support innovation in infrastructure delivery.
Sydney region road maintenance contracts (2017)
Our audit recommended that contracts should consider including sanctions and penalties for breaches of performance, and clearly defined accountability for operations and reporting.
Planning for school infrastructure (2017)
We recommended that a structured framework for partnering with the private sector would guide opportunities for partnerships to support the planning, building and management of school infrastructure.
Albert ‘Tibby’ Cotter Walkway (2015)
Our audit recommended that for future collaborative alliance partnerships between the public and private sector, there was a need to clarify the approval requirements for this type of arrangement, and ensure relevant assurance and reporting processes are followed in line with alliance guidelines.

5. Managing the environment and natural resources

Governments face challenges in balancing the use of natural resources to meet diverse interests, while supporting a sustainable natural environment for the future. They need to supply communities with water, produce energy, protect natural habitats, and support farming, industry, and economic development.

Some of our recent audits have considered how government agencies are managing natural resources and protecting the environment for future generations. In this section, we have drawn together common findings across our audits that government entities should consider in managing the environment and natural resources.

Field of wheat with the sun setting in the background

5.1 It is important for government entities to:

Ensure the regulation and management of natural resources balances relevant interests, and works towards measurable outcomes

Under New South Wales legislation, the environmental, social, and economic impacts of a proposed development activity should all be given appropriate consideration. Our audits have found that these issues could be assessed more consistently across development applications.

Commercial licensing for activities that impact on the environment is another mechanism used by government entities to balance economic and environmental interests. In practice, our audits have found that these measures should be accompanied by appropriate processes for oversight and transparency in decision-making, as well as in monitoring and enforcing compliance with regulatory requirements.

Our audit of 'Assessing major development applications' (2017) highlighted that the environmental, social and economic impacts should be assessed consistently between proposals.

This would help governments avoid the risk of regulatory capture and provide transparent justification for decisions.

Box 5.1. Examples of audit recommendations
Several of our audits have recommended ways to help agencies balance planning and regulatory decisions.
Regulation of water pollution in drinking water catchments and illegal disposal of solid waste (2018) 
We recommended greater consistency in practice for risk based regulation of licensed activities. This should include better oversight of regulatory activities, and updated procedures for assessing and enforcing compliance.
Assessing major development applications (2017)
To ensure that all matters under the Environmental Planning and Assessment Act 1979 are considered consistently in decision-making, our audit recommended decisions relating to each matter be well documented. More public reporting and opportunities for public involvement will also help to increase transparency.
Sale and lease of Crown land (2016)
Our audit recommended that decisions about how Crown land is used should be guided by a clear strategic direction, with specific performance measures that drive positive social and environmental outcomes. 

Improve long term planning and regulation to manage resources sustainably

Some of our audits identified areas where more effective regulation and long term planning can improve the sustainability of commercial and development activities. For example, we found that a comprehensive plan should be developed for assessing and managing land and resources requiring rehabilitation.

These plans should outline prioritisation processes, resources required, and timeframes for rehabilitation. It should also accurately estimate costs involved. Our audits noted that there was often not enough funding set aside to cover the full cost of resource rehabilitation following commercial activities.

Our audit of 'Managing contaminated sites' (2014) identified that effective rehabilitation is critical to avoid public health risk and improve sustainability of resources.

Application of principles of risk-based regulation, in line with NSW Government guidelines for regulators, can support better outcomes for activities and higher levels of compliance. When rehabilitation activities are undertaken by a private entity, our audits noted a need for reliable practices to detect breaches and non-compliance, including active monitoring, and verification of data and information provided. This increases consistency and quality of enforcement activities, and in risk identification and management. 

We also found that better coordination between agencies with different regulatory functions is needed to ensure the long-term security of vital resources.

Box 5.2. Examples of audit recommendations
Our audits have recommended ways to help improve the regulation of natural resource management.
Regulation of water pollution in drinking water catchments and illegal disposal of solid waste (2018) 
We recommended that key regulators work together to respond to worsening water quality in Sydney's drinking water catchment.
Mining rehabilitation security deposits (2017)
To ensure sufficient contingency for rehabilitation costs, we recommended more comprehensive assessment and additional monitoring of plans and activities. This will provide assurance that the rehabilitation work is adequate and promote transparency between the government and private entities.
Managing contaminated sites (2014)
Our audit recommended that risk based policies and procedures be used to manage contaminated sites, as well as a comprehensive plan for assessment and measurement of contamination. Better prioritisation and active management will ensure the impact of contamination is mitigated. 

Prioritise essential infrastructure

Governments provide funding to build and maintain essential infrastructure such as water, sanitation, and hygiene services for the community.

Our audit of ‘Regulation of water pollution in drinking water catchments and illegal disposal of solid waste' (2018) highlighted weaknesses in regulation and oversight of licenced activities that impact water quality, such as industry discharge of pollutants. Monitoring of licensing conditions, including stronger internal controls and quality assurance processes, is important to ensure licensees meet their obligations and to maintain the quality of water resources.

Our audits have also noted the need for a structured process to prioritise funding for essential infrastructure such as water and sewerage. Up-to-date systems to prioritise funding for infrastructure projects are important to ensure equitable access to these services.

Box 5.3. Examples of audit recommendations
We have recommended ways to improve access to basic infrastructure across New South Wales.
Regulation of water pollution in drinking water catchments and illegal disposal of solid waste (2018)
We recommended a need for greater oversight of the impact of licenced activities on water quality, and for consultative strategies to improve and maintain water quality.
Country towns water supply and sewerage program (2015)
Our audit recommended that funding programs should prioritise financial allocations early, and regularly review priority lists of infrastructure projects needing funding. We also recommended that funding decisions be well documented, to improve the consistency of decision making. 

6. Ensuring good governance and transparency

A range of checks and balances is needed to support public confidence in government decision making. To maintain trust, government agencies should act transparently, and in accordance with relevant legislation and policy. This is particularly important as the public sector increasingly engages with external partners to deliver services and provide a more contestable environment.

Good governance arrangements should result in improved service delivery and more effective and efficient use of resources. Our audits have looked at many different elements of governance, including making sure the necessary processes and workplace cultures are in place to help government entities achieve their aims. In this section, we have drawn together various aspects of governance that government entities should consider.

People in an office meeting room discussing different projects

6.1 It is important for government entities to:

Have sound systems for transparency and oversight

The core principles of good governance are well established, and are clearly set out in our 2015 'Governance Lighthouse' framework. We also published the 2017 'Internal Controls and Governance' report highlighting common findings and risks in the NSW public sector. Various public sector resources and policies also outline the processes for effective oversight and accountability. Government entities use a range of structures to provide oversight, including advisory boards, senior executive committees, audit and risk committees, and various other arrangements depending on the size and complexity of the entity. Governance complexity is increased by changes to service delivery or funding models, as well as changes to the machinery of government.

We published the 'Governance Lighthouse' framework in 2015, highlighting 17 key components of effective governance for public sector agencies.

Our audits have made a range of observations about the effectiveness of governance in New South Wales public sector agencies. We have identified several common gaps. These included:

  • inadequate or unclear processes for accountability and assurance
  • inconsistent risk management, including under utilised central risk function
  • lack of consistency or transparency in decision making
  • insufficient reporting on outcomes
  • outdated policies and procedures, or a lack of clarity in how these should be implemented
  • low compliance or inadequate frameworks for managing due diligence and conflicts of interest
  • lack of clarity in strategic purpose or direction, desired outcomes, and funding priorities
  • insufficient stakeholder input
  • gaps in the oversight of outsourced programs or services, commissioning, partnerships and other models.

A robust governance structure with clearly defined roles and responsibilities also provides the critical structure to support delivery of programs, initiatives and services. Our audits found that this is important to effectively monitor progress against objectives, make key decisions, and manage risks. A clear separation between those responsible for program oversight or decision making, and those with day to day responsibilities of delivery is vital to support impartiality and accountability.

Our audit of 'WestConnex: Assurance to the government' (2014) found a need for clear separation between project assurance and project delivery.

Box 6.1. Examples of audit recommendations
Our audits have recommended ways for agencies to improve the transparency and oversight of entities as well as programs and projects.
Managing unsolicited proposals in New South Wales (2016)
To protect impartiality and manage conflicts of interest, we recommended clarification of the assurance and oversight processes required when assessing an unsolicited proposal, and greater transparency to the general public. In these cases, strong governance should include separation between those assessing proposals and those with responsibility for making the final decision.
CBD and South East Light Rail Project (2016)
Project oversight should provide assurance and be transparent. We recommended that project directors should provide regular updates to department audit and risk committees, and that advisory boards should provide assurance that project budgets are consistent with NSW Treasury guidelines.
WestConnex: Assurance to the government (2014)
We recommended that all major capital projects should develop governance and assurance plans clarifying key assurance steps and responsibilities, including management of potential conflicts.

Follow processes for due diligence and probity

We identified that there is scope for government entities to better manage issues of due diligence and probity, including conflicts of interest. Government entities need to ensure they protect the integrity of their activities, and make decisions in the best interests of the public. Our audits found that agencies need to comply with relevant policies and guidelines for probity and due diligence, actively monitor and manage conflicts as they arise, and keep appropriate records of actions taken.

Our audit of 'Assessing major development applications' (2017) recommended the public release of conflict of interest statements for projects of high public interest.

We have also found that probity processes should be completed at each stage of a project before it progresses to the next stage. For particularly large or complex projects such as unsolicited proposals, the use of external probity advisers is good practice.

Box 6.2. Examples of audit recommendations
Our audits have recommended agencies improve the transparency and oversight of entities as well as programs and projects.
NorthConnex (2017)
We recommended that the guidelines for managing unsolicited proposals need to be clarified, including noting that probity processes should be completed and approved before the decision to move to the next stage. 
Regional assistance programs (2018)
We recommended that probity reports should address the implementation of all elements of a probity plan. Documentation relating to the assessment and management of probity matters should be maintained according to the State Records Act 1998, the NSW Government Standard on Records Management, and relevant probity plans.
Fraud controls in local councils (2018)
We recommended that a common approach to how fraud complaints and incidents are managed and reported will improve fraud controls.

Measure performance against expected benefits

Our audits noted that a formal benefits management plan should be clearly defined at the early stages of project planning and business case preparation. The plan needs to define expected outcomes, savings, and planned benefits of the service or initiative, and provide a framework for measuring and reporting as benefits are realised.

Our audit of 'Sydney region road maintenance contracts' (2017) noted that actual benefits should be measured relative to expected benefits, and strategies put in place to address any short-falls.

A benefits management plan should also assign clear ownership for delivering, measuring, and reporting on each expected benefit. Our audits have found that for more complex programs or those involving multiple government agencies, a clear management plan ensures that all parties are clear about their responsibilities. The responsible parties should also collect sufficient data to compare before and after a service or program has been delivered, to determine whether benefits have been achieved.

Box 6.3. Examples of audit recommendations
Our audits have recommended ways for agencies to improve benefits management and realisation.
HealthRoster benefits realisation (2018)
We recommended that benefits realisation planning should comply with relevant frameworks, and that benefits should be measured at state and local district levels.
Realising the benefits of the Service NSW initiative (2016)
To ensure that expected benefits will be measured and reported on, we recommended that a structured approach such as a benefits register be used to track benefits at a whole of government level. We also noted the need to report on progress relative to projections from the business case analyses.
Public sector management reforms (2016)
We recommended that progress towards realising anticipated benefits should be measured and reported to relevant stakeholders, including other agencies as well as publicly. 


Accurately report on outcomes

The need for greater and more accurate public reporting on government activities and outcomes has been a common finding across many of our audits. Public reporting increases accountability for the use of public funds, and helps to increase community engagement with programs or services.

Our audits have highlighted principles for good practice reporting, such as using a structured approach to reporting on outcomes, and putting the information in context by explaining what the outcomes mean.

Our audit of 'Council reporting on service delivery' (2018) highlighted good practice principles for improving reporting on service delivery.

Good practice also involves ensuring that the reports are widely accessible to internal executives, other government agencies, relevant external stakeholders, the NSW Parliament, and the general public. Our audits have also noted that services should consider public reporting including at a system level and for frontline units, particularly for outsourced services.

Box 6.4. Examples of audit recommendations
Our audits have recommended that agencies practice greater transparency to the public.
Council reporting on service delivery (2018)
We recommended there was a need for further guidelines to support councils to use good practice when reporting on services. Standardising reporting practices will also help to consolidate information on outcomes across the sector.
Red tape reduction (2016)
This report highlighted inaccuracies in how the dollar-value of red tape reduction had been reported. In addition to refining the framework for red tape reduction, it recommended that public access to information about regulatory decisions and assessments, including via a central repository, would increase accountability and improve outcomes.
Identifying productivity in the public sector (2015)
Departments are required to report on efficiency in their annual reports. We recommended that agencies set objectives and track productivity and efficiency, and report to NSW Parliament on productivity trends. Measuring productivity is difficult, and we outlined the Compass method for assessing productivity trends in the public sector.

Be accountable for decisions and keep good records

Governments should be held accountable for their decisions and actions, and this requires good documentation. The State Records Act 1998 and the NSW Government Standard on Records Management specifies minimum standards for government entities to maintain records of business activities.

Our audits identified common gaps in record keeping and documentation across many government entities. Missing or inadequate documentation most commonly related to evidence for key decisions or the justifications underpinning them, as well as records of probity and due diligence documents such as conflicts of interest registers. Complete documentation and recordkeeping is important to provide accountability, show justification for decisions, enable evaluation of performance, and help governments make good decisions on future activities. Accurate records are also necessary to track the acquisition, purchasing, maintenance, replacement and disposal of government assets and equipment.

Our audit of 'Regional assistance programs' (2018) noted that documentation should comply with relevant legislation, standards, and governance policies and procedures.

Box 6.5. Examples of audit recommendations
Our audits have recommended ways for agencies to follow better practice in record keeping.
Medical equipment management in NSW public hospitals (2017)
In addition to refining processes for managing equipment acquisition and replacement, we recommended a need to review business processes for records management. This included maintaining adequate records of testing and maintenance work on assets and equipment.
NorthConnex (2017)
Given the risks associated with unsolicited proposals, we recommended that documentation relating to governance decisions and probity matters should be maintained according to the State Records Act 1998, and the NSW Government Standard on Records Management.
Franchising of Sydney Ferries Network services (2016)
We recommended that future franchising opportunities should adequately document the justification for the decisions to privatise services, including estimates of costs and benefits.

Support effective decision-making

Planning new, expanded or innovative services and programs entails risks. Workplace culture is an important consideration to ensure staff feel supported in the way they manage risks and make effective decisions.

Our audits have found that government agencies can better support staff decision making. This can include asking employees about their attitude to risk and encouraging open communication with management. Other actions can include offering training, monitoring compliance with guidelines and policies, and offering clear avenues for staff to access help when they need it.

Our audit of 'Managing risks in the NSW public sector: risk culture and capability' (2018) noted that agencies face challenges in making risk management a core part of their day-to-day work. 

Box 6.6. Examples of audit recommendations
Our audits have recommended a range of ways that agencies can help their staff to make good decisions.
Managing risks in the NSW public sector: risk culture and capability (2018)
Our audit recommended the review of the whole of government guidance, training, and activities needed to improve risk management in government entities. This should support agency heads to form a view on their risk culture, and identify the steps needed to implement changes.
Contingent workforce: procurement and management (2017)
Our audit outlined sector wide lessons on managing contingent labour, and recommended that good practice workforce planning includes having a system for knowledge transfer between staff, analysis of business needs and staff capability, and regularly reassessing workforce needs.
Sale and lease of Crown land (2016)
To improve the decision making capability of staff, we recommended several steps including producing simplified policies, guidelines and procedures, as well as providing regular training, and reviewing staff compliance with policies.

7. Responding to digital disruption

The global increase in digital technology provides governments with opportunities to interact with citizens in more immediate and responsive ways than was previously possible. Data can be used in powerful ways such as predicting future demand for services, targeting interventions, responding to crises, and evaluating outcomes. Governments face challenges in doing this while maintaining secure digital environments that protect citizen interests, privacy, and autonomy.

Our audits have assessed some of the ways that government entities are incorporating digital change into their work. In this section, we draw together common themes that governments could consider in protecting their digital assets, or expanding their digital capabilities.
 

Adults on computers in a library

7.1 It is important for government entities to:

Practice secure data management

Better use of data can change the way government entities work. It offers innovative ways of delivering services, managing information storage and business processes, and controlling critical infrastructure. As the volume of data on government activities and citizens has increased, so have risks to the security and privacy of data.

Our audit of 'Security of critical IT infrastructure' (2015) highlighted lessons to assist agencies, including ensuring systems cover all business processes, and maintaining a comprehensive security plan.

Our audits have highlighted that agencies need to do more to ensure strong data security to protect the integrity and privacy of this data.

Whole of government digital systems need to effectively prevent, detect, and respond to security breaches. We found large variation in the capability of government entities to protect and manage their systems. Agencies should ensure that information security management systems cover all business processes and technologies, and comply with relevant policies and protocols, such as the NSW Government Digital Information Security Policy.

Working collaboratively across the sector can also enable better management of cyber risk. Sharing information between agencies on incidents and solutions can allow coordinated efforts to detect and respond rapidly to possible security breaches. 

We also found that processes are not always in place for service providers to notify government agencies of any security or data issues. Government agencies need strong contract management and oversight of their service providers to provide assurance that the public's data is being protected.

Box 7.1. Examples of audit recommendations
Several of our audits have recommended that agencies improve the security of their data.
Detecting and responding to cyber security incidents (2018)
To help agencies build detection and response capabilities, our audit recommended the need for whole of government systems to share reported threats and respond rapidly to incidents. Stronger policies and procedures will help to ensure consistency between agencies in incident management practices.
Security of critical IT infrastructure (2015)
Our audit recommended that agencies should adopt a comprehensive security plan, ensuring the management systems cover all business activities and technology. Proactive management should also include a risk based approach for identifying current and target risk levels. 

Collect reliable and relevant data

Fit for purpose data systems are necessary enablers for government entities to measure and evaluate their performance. Our audits have identified that many entities have inadequate data systems, and gaps in the processes used to collect and manage data on activities and performance. Where possible agencies should collect information to reflect not just the output of their activities (such as number of services delivered), but also outcomes and benefits (for example, percentage improvements, costs avoided).

Good quality data can support government entities to gain better insights into what citizens want, how they are using services, as well as guiding future directions. We have found that processes to standardise data collection and implement good quality controls can help to improve data quality and consistency. This can also enable the data to be used in a wider range of applications.

Our audit of 'Activity based funding data quality' (2015) noted that a data system is only as good as the source data feeding it.

Box 7.2. Examples of audit recommendations
Several of our audits have recommended ways to help agencies make better use of performance data.
Managing demand for ambulance services (2017)
Our audit recommended that a fit for purpose data system should provide accurate oversight of activities, and enable routine monitoring of the activity and performance of demand management initiatives.
Planning and evaluating palliative care services in NSW (2017)
We recommended that data collection functionality must be provided across all services. Data systems for palliative care should allow for better monitoring of service quality and quantity, and provide data for service planning. 

Good project management and staff engagement helps to get the most out of new systems

Implementing new business systems to replace or consolidate legacy systems brings challenges and risks. Our audits have found that ensuring strong governance and program management helps to keep the transition on track. Highly engaged leadership staff can also support good practice from the outset.

Our audit of 'The Learning Management and Business Reform Program' (2014) highlighted some of the challenges in replacing legacy systems.

Once a government entity has committed to taking on new digital infrastructure, staff engagement with the technology is an important consideration. Ensuring adequate resourcing and access to technology are two key enablers identified in our audits. In addition, bringing in specialist staff, and upskilling staff in data management and security, can help in maintaining data integrity and quality.

Box 7.3. Examples of audit recommendations
Several of our audits have recommended ways to help agencies better plan and implement digital change.
HealthRoster benefits realisation (2018)
We recommended that staff rostering practices be improved to get the best value out of the new IT system.
ICT in schools for teaching and learning (2017)
Our audit recommended additional focus on factors that enable the effective use of ICT in schools, such as ensuring sufficient resourcing, replacing ageing equipment, providing training and support, and increasing access to devices.
Activity based funding data quality (2015)
Our audit recommended that good documentation of practices and procedures can help to mitigate the impact of staff turnover on the quality of systems management. Addressing resourcing issues such as availability of specialist staff can also improve quality of data management.