State agencies 2024

Report snapshot

About this report

Results and key themes from our audits of the state agencies’ financial statements for the year ended 30 June 2024.

It also includes observations on the following areas of focus:

  • risk management
  • capital projects
  • shared service arrangements.

Findings

The Treasurer did not table the audited Total State Sector Accounts (TSSA) in Parliament as required by the Government Sector Finance Act 2018, and Responsible Ministers did not table 16 annual reports in Parliament by the required date.

Audit results

Unqualified opinions were issued for all but one agency.  The quality of financial statements submitted for audit improved, with reported misstatements down to a gross value of $3.9 billion in 2023–24, compared to $10.8 billion in 2022–23.

Key themes

Errors in accounting for assets led to financial statements adjustments of $1.4 billion. 

Our audits identified deficiencies in key controls across financial management, payroll, contract management and procurement.

Risk management

Risk management maturity is low across most agencies. Some of the largest 40 agencies self-assess their risk maturity as requiring improvement.

Capital projects

There is a lack of transparency in the NSW budget papers relating to significant capital projects. The estimated total costs for some major projects are not published as the amounts are considered commercially sensitive. The budget papers do not provide a complete and accurate reflection of the actual costs of large infrastructure projects.

Shared service arrangements

Three of the five agencies that provide shared services to 108 customer agencies did not obtain independent assurance over the effectiveness of their control environment. 

Recommendations

The report makes recommendations to agencies to improve controls and processes in relation to:

  • financial reporting
  • financial management
  • risk management
  • shared service arrangements
  • capital projects.

Fast facts

1. Executive summary

1.1. Introduction

This report provides Parliament and users of New South Wales (NSW) State sector agencies’ financial statements with the results and key themes from our 30 June 2024 financial audits.

It also includes our observations on the following:

  • risk management
  • capital projects
  • shared service arrangements.

The State sector is made up of a diverse range of agencies, including departments, health services, public schools, police and emergency services, transportation and State-owned enterprises. These agencies provide an extensive range of services that are funded through differing revenue sources, including appropriations from Parliament, grants from external funding bodies, user charges, and taxes and fines.

1.2. Audit results

Unqualified audit opinions were issued for all but one agency

With one exception, unqualified audit opinions were issued for completed 30 June 2024 general purpose financial statements audits of all State agencies.

A qualified opinion was issued on the Wentworth Park Sporting Complex Land Manager financial statements because a non-interest bearing liability of $6.5 million owing to Greyhound Racing NSW continued to be reported at 30 June 2024. The Land Manager was unable to provide sufficient and appropriate evidence to support the recognition of this loan.

The quality of financial statements submitted for audit improved from 2022–23

Reported misstatements decreased from 319 (with a gross value of $10.8 billion) in 2022–23 to 258 (with a gross value of $3.9 billion) in 2023–24. The number of misstatements is a key indicator of the quality of the financial reporting. The reduction in the number of misstatements shows an improvement in overall quality.

The Treasurer did not table the audited Total State Sector Accounts in Parliament by 30 November as required by the Government Sector Finance Act 2018

The 2023–24 Total State Sector Accounts is yet to be tabled in Parliament as at the date of this report. This is a breach of Part 7 of the Government Sector Finance Act 2018.

Delays in reporting the State’s financial information can reduce the ability of users to meaningfully assess the State’s financial results in a timely manner and causes the information to be less relevant to users in making decisions. It also reduces transparency and accountability.

Responsible Ministers did not table all Annual Reports in Parliament by 30 November as required by the Government Sector Finance Act 2018

The annual reports for another 16 agencies are also yet to be tabled by the responsible Minister. A list of agencies that did not table is in Section 3.2.

Delays in tabling annual reports means Parliamentarians have less time and opportunity to enquire about the performance and accountability of the use of resources entrusted to the agency.

1.3. Key themes

Errors in accounting for assets and valuations led to adjustments of $1.4 billion to the financial statements

Errors arising from comprehensive valuations and general accounting for property, plant and equipment led to adjustments to submitted financial statements totalling $1.4 billion.

Our audits found that:

  • some agencies commence the revaluation processes too late in the financial year
  • inaccurate fixed asset register details continue to lead to errors in recording property, plant and equipment in the financial statements
  • agencies are not assessing for indicators of asset impairment, which is contributing to an overstatement of asset values.

Accounting policy information in the financial statements should be decluttered

For the first time in 2023–24, revised accounting standards requires entities to disclose ‘material accounting policy information’ rather than ‘significant accounting policies’.

Our audits identified instances where agencies carried forward the same accounting policy information that was previously considered significant. Preparers of financial statements should only include material accounting policy information that is expected to influence users’ decisions.

Agencies need to prepare for the amendments to AASB 13 ‘Fair Value Measurement’

Some agencies have not commenced assessment or implementation of the amendments to AASB 13 ‘Fair Value Measurement’ (AASB 13), which becomes effective in 2024–25. Agencies should assess whether their current application of AASB 13 is in accordance with the revised accounting standard.

Agencies need to strengthen key controls across financial management, payroll, contract management and procurement

Our audits found:

  • deficiencies in the level of management oversight and review of key reconciliations, external reports prepared by experts and key inputs to financial models
  • deficiencies in the onboarding and termination of staff as well as deficiencies in controls over payroll master file data
  • contract registers not being kept up to date and inconsistent with information published on the eTendering website
  • payments made in excess of delegations, and vendor master files containing outdated information.

Areas of focus

This report also includes our findings on State Government’s risk management, capital projects and shared service arrangements. We focus on these three key areas because:

  • robust risk management supports readiness for unexpected events, enhances decision making, and encourages efficiency and innovation
  • effective management and transparency of capital projects are critical to ensure that the risk of cost and time overruns is minimised
  • effective shared service arrangements help State agencies achieve economies of scale through the efficient shared use of processes, technology and skills.
Risk management

Risk management maturity is low across most agencies

Agencies continue to self-assess that their risk management processes require improvement.

Key findings across the 40 largest State agencies include:

  • not all maturity assessments completed using the NSW Treasury Risk Maturity Assessment Tool have been reassessed or updated in a timely and consistent manner
  • twelve agencies did not complete formal risk maturity assessments
  • four agencies did not prepare formal risk management appetite statements
  • agencies have implemented risk management oversight processes and systems, but improvements are required for some agencies
  • three agencies did not provide training to staff on risk management.
Capital projects

There is a lack of transparency in the Budget Papers in relation to significant capital projects

Estimated total costs (ETC) for some major projects are not published in the NSW Budget Papers because the amounts are considered commercially sensitive. Eight of the 15 most significant ongoing projects in the State did not have an ETC and five of the 15 did not have an estimated completion date. The lack of transparency around expected costs reduces the ability to assess if major projects have been delivered within budget and on time.

Where ETCs cannot be published for commercial reasons, agencies should publish a range of the total cost to provide an indication of the approximate size of the project. Agencies should also disclose the estimated completion date.

The NSW Budget Papers do not provide a complete and accurate reflection of the actual costs of large infrastructure projects

The WestConnex project was delivered and opened to traffic in November 2023. The 2023–24 Budget Papers report the ETC of the WestConnex project as $16.8 billion but total expenditure on the project as being only $6.0 billion.

The NSW Audit Office Performance Audit Report, WestConnex: changes since 2014, published in 2021, found that the NSW Government’s decision to fund WestConnex-related projects outside WestConnex’s $16.8 billion budget had reduced transparency and understated the full cost of WestConnex.

Either NSW Treasury or the individual agency should annually publish a report of projects completed during the preceding financial year. This should include the project completion date and the total actual expenditure at the completion of the project compared to the estimated total project cost included in the NSW Budget Papers.

Shared service arrangements

Three shared service provider agencies did not obtain independent assurance over the effectiveness of their control environment

Shared service arrangements centralise corporate service functions such as finance, human resources, procurement and information technology (IT).

Key findings across the 40 largest State agencies include:

  • eleven customer agencies’ shared service-level agreements were not signed or updated during 2023–24
  • three of the five agencies that provide shared services to 108 customer agencies did not obtain independent assurance over the effectiveness of, or deficiencies in, their control environment
  • agencies should set clearer performance standards and monitor them more effectively
  • only four out of the 20 customer agencies benchmarked their pricing to assess value for money.

2. Introduction

2.1. The State sector agencies

This report covers the findings and recommendations from our 2023–24 financial audits of agencies comprising the NSW State sector, including agencies from the general government (GG) sector, the public non-financial corporation (PNFC) sector and the public financial corporation (PFC) sector.

The GG sector comprises agencies that provide public services (e.g., Health, Education and Police), carry out policy or perform regulatory functions. These agencies are typically funded directly or indirectly by taxation.

The agencies comprising the PNFC and PFC sectors generally provide goods and services, such as water, electricity and financial services that consumers pay for directly.

Together these agencies deliver a variety of services that are exposed to varying degrees of financial, operational and strategic risks.

Appendices 1 and 2 contain lists of the agencies included in this report, and the status of the audits.

2.2. Machinery of government changes

Machinery of government refers to how the government organises the structures and functions of the public service. Machinery of government changes are where the government reorganises these structures and functions, and the changes are given effect by Administrative Arrangements Orders.

A number of machinery of government changes have affected the structure and name of departments in this report. These are listed in the table below.

InstrumentArrangement changes
Administrative Arrangements (Administrative Changes—Miscellaneous) Order (No 4) 2023, effective 1 July 2023

The Department of Premier and Cabinet was renamed the Premier’s Department.

The Cabinet Office was established and various functions from the former Department of Premier and Cabinet were transferred to the Cabinet Office.

Administrative Arrangements (Administrative Changes—Miscellaneous) Order (No 6) 2023, effective 1 January 2024

The Department of Planning and Environment was renamed the Department of Planning, Housing and Infrastructure.

The Department of Climate Change, Energy, the Environment and Water was established and various functions from the former Department of Planning and Environment and the Treasury were transferred to the Department of Climate Change, Energy, the Environment and Water.

Administrative Arrangements Administrative Changes—Miscellaneous) Order (No 6) 2023, effective 1 February 2024Various functions of the Department of Planning, Housing and Infrastructure and Property and Development NSW were transferred to the Department of Communities and Justice.
Administrative Arrangements (Administrative Changes-Miscellaneous) Order (No 2) 2024

Effective 1 July 2024:

  • the name of the Department of Enterprise Investment and Trade (DEIT) was changed to the Department of Creative Industries, Tourism, Hospitality and Sport
  • the name of the Department of Regional NSW was changed to the Department of Primary Industries and Regional Development.

2.3. Financial audit

Financial audits provide independent opinions on the financial statements of NSW State sector entities. They are designed to give reasonable assurance that financial statements are true and fair, thus enhancing the degree of confidence of intended users of financial statements.

In preparing this report, our observations and analysis were drawn from:

  • audited financial statements
  • data collected from agencies
  • audit findings reported to agencies in engagement closing reports and audit management letters.

3. Audit results

Financial reporting is an important element of good governance. Confidence in, and transparency of, public sector decision making is enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations relating to the financial reporting of State Government agencies.

Section highlights

  • With the exception of one agency, unqualified audit opinions were issued for all completed audits of State agencies’ 2023–24 financial statements.
  • A qualified audit opinion was issued to the Wentworth Park Sporting Complex Land Manager on the 30 June 2024 financial statements.
  • Thirty-six unqualified independent auditors’ reports included an ‘emphasis of matter’.
  • Reported misstatements decreased from 319 in 2022–23 (with a gross value of $10.8 billion) to 258 in 2023–24 (with a gross value of $3.9 billion).
  • Sixty agencies did not submit financial statements for audit as required by the Government Sector Finance Act 2018.
  • The Treasurer did not table the audited TSSA in Parliament by 30 November as required by the Government Sector Finance Act 2018.
  • Responsible Ministers did not table 16 annual reports in Parliament by 30 November as required by the Government Sector Finance Act 2018.
  • The key accounting issues that continue to impact the sector include:
    • revaluation of property, plant and equipment and related processes
    • application of recently adopted accounting standards and interpretations.

3.1. Quality of financial reporting

Audit opinions

Unqualified audit opinions were issued for all but one agency

With the exception of one agency, unqualified audit opinions were issued on the completed 30 June 2024 financial statements of all State agencies. Therefore, sufficient and appropriate audit evidence was obtained to conclude that the financial statements of these agencies were free of material misstatement.

A qualified opinion was issued on the Wentworth Park Sporting Complex Land Manager financial statements because a non-interest bearing liability of $6.5 million owing to Greyhound Racing NSW continued to be reported at 30 June 2024, but the Land Manager was unable to provide sufficient and appropriate evidence to support the recognition of this loan.

Thirty-six unqualified independent auditors’ reports included an ‘emphasis of matter’

An ‘emphasis of matter’ is included in an independent auditor’s report when we consider it necessary to draw users’ attention to an agency’s financial statements to a matter presented or disclosed in the financial statements. An emphasis of matter does not modify the audit opinion.

Thirty-six unqualified independent auditors’ reports included an emphasis of matter paragraph on financial statements. These are detailed below:

Portfolio

Number of audits

Reason
Health

23

The financial statements of these agencies included
budgetary information that was not prepared on the same
basis required within AASB 1055 ‘Budgetary Reporting’.
Original budgeted information is not presented.
Planning, Housing
and Infrastructure

1

The financial statements of these agencies were prepared on
a non-going concern basis with disclosures indicating that
the agencies were either dissolved or were planning to be
dissolved within the next 12 months.
Treasury

1

Customer Service

2

The financial statements of 11 funds were prepared in
accordance with a special purpose framework with
disclosures indicating the nature of the reporting framework.
These funds included financial statements prepared for
special deposit accounts.
Health

1

Premier

1

Regional

1

Treasury

6

Total

36

 

The quality of financial statements submitted for audit improved from 2022–23

Reported misstatements decreased from 319 in 2022–23 (a gross value of $10.8 billion) to 258 in 2023–24 (a gross value of $3.9 billion), highlighting an improvement in the overall quality of financial statements. A monetary misstatement is an error in an amount recognised in the financial statements initially submitted for audit.

Of these errors, 170 were corrected by management, and 88 remained uncorrected. The uncorrected errors were considered immaterial to agencies’ respective financial statements – individually or in aggregate.

The table below shows the number and value of corrected and uncorrected errors for the current period.

Number of misstatements
Year ended 30 June

2024

2023

 

Corrected

Uncorrected

Corrected

Uncorrected

Less than $249,999

45

36

44

40

$250,000 to $999,999

34

11

37

26

$1 million to $4,999,999

35

22

34

32

$5 million and greater

56

19

70

36

Total number of misstatements

170

88

185

134

Source: Engagement Closing Reports issued by the Audit Office.

Errors in accounting for assets and valuations led to adjustments of $1.4 billion in financial statements

The financial statements of 43 agencies contained monetary misstatements relating to the valuation, completeness and existence of property, plant and equipment. These misstatements were quantitatively significant by dollar value and represented over 36% of all misstatements.

Errors arising from comprehensive valuations and general accounting for property, plant and equipment led to adjustments to submitted financial statements totalling $1.4 billion.

Of the 88 uncorrected errors, one had a gross value of $44.5 million where an agency did not write-down the value of a building asset planned for demolition at 30 June 2024.

Prior period errors

A prior period error is a misstatement made by agencies in previous financial years. It is identified by the auditor or agency in the current financial year, and is corrected retrospectively by restating the opening balances in the financial statements.

Eight of the ten retrospectively corrected prior period errors had values greater than $20 million and related to the following:

Nature of prior period errorDescription of prior period error
Incorrect recognition of administered items as controlled items

An agency corrected and derecognised $233.5 million in administered assets and liabilities previously reported in its Statement of Financial Position.

An agency completed an accounting assessment of the programs it managed and determined that one program was being administered by the agency on behalf of the State. The agency corrected and derecognised $14.3 million in grant revenue and $13.9 million in grant subsidy expenses related to the program reported in its Statement of Comprehensive Income.

Incorrect measurement of provisions

An agency corrected:

  • a $51.5 million understatement in its scheme liabilities related to an error identified in the 2023 scheme liability actuary valuation
  • a $52.6 million understatement in its scheme liabilities to recognise an estimate of administration expenses needed to settle workers’ long service claims.
Incorrect recognition of revenueAn agency corrected and derecognised a liability which should have been included as net revenue of $27.5 million. There was no present obligation in the prior period. The funds related to a restricted bank account.
Capitalisation of software as a service expenseAn agency corrected and expensed costs of $22.4 million incurred for a Software-as-a-Service (SaaS) product incorrectly capitalised as an intangible asset in the prior period.
Grant subsidies funding revenues/expensesA portfolio lead agency overpaid subsidies funding to a recipient agency in the prior period. This was the result of inaccuracies in data submitted by the recipient agency used to calculate the subsidy. The recipient agency corrected prior period revenues which were overstated by $28.7 million by the exception.
Overstated valuation of investmentsAn entity corrected a $29 million overstatement in the valuation of its investments carried forward from the prior period.

3.2. Timeliness of financial reporting

Early close procedures

NSW Treasury introduced early close procedures to improve the quality and timeliness of year-end financial statements. In March 2024, NSW Treasury reissued Treasurer’s Direction TD19-02 ‘Mandatory Early Close as at 31 March each year’ (TD19 -02) and issued the Treasury Policy and Guidelines TPG24-03 ‘Agency Direction for the 2023–24 Mandatory Early Close’. These pronouncements required the Government Sector Finance (GSF) agencies listed in Appendix A of TD19-02 to perform the mandatory early close procedures and provide the outcomes to the audit team by 26 April 2024.

Our observations on State agencies’ performance of early close procedures in 2024 can be found in our Internal Controls and Governance 2024 report.

Year-end financial reporting

Sixty agencies did not submit financial statements for audit as required by the Government Sector Finance Act 2018

The Government Sector Finance Act 2018 (GSF Act) requires reporting GSF agencies to prepare financial statements and submit them to the Auditor-General. The following agencies did not submit financial statements:

  • Fifty-three Category 2 Statutory Land Managers (SLMs) that did not meet the exemption criteria
  • Two Commons Trusts that did not meet the exemption criteria
  • Catholic Metropolitan Cemeteries Trust
  • First Australian Mortgage Acceptance Corporation (FANMAC) Master Trust
  • First Australian Mortgage Acceptance Corporation (FANMAC) Pooled Super Trust
  • Home Purchase Assistance Fund
  • NSW Rent Buy Pty Limited.

All other agencies submitted their financial statements to the Audit Office by the required date

NSW Treasury required State agencies consolidated into the Total State Sector Accounts (TSSA) to submit their financial statements by 30 July 2024. Annual reporting information, including the audited financial statements, are then required to be tabled in Parliament by the end of November.

It is accepted that timely year-end financial reporting is an indicator of sound financial management processes. Accordingly, measures aimed at earlier financial reporting should continue to be a priority for all State Government agencies.

The Treasurer did not table the audited TSSA in Parliament by 30 November as required by the Government Sector Finance Act 2018

The 2023–24 TSSA is yet to be tabled in Parliament as at the date of this report. This is a breach of Part 7 of the GSF Act.

The GSF Act also requires the Treasurer to inform the Legislative Assembly before 30 November if the TSSA will not be tabled on time and state the reasons why the Treasurer cannot comply. The Treasurer did not comply with this requirement of the Act.

The last several years has seen a pattern where the preparation and submission, and the subsequent tabling of the TSSA has been significantly delayed, impacting statutory timelines. This is a matter that requires corrective attention. Delays in reporting the State’s financial information can reduce the ability of users to meaningfully assess the State’s financial results and makes the information less relevant to users in making decisions. It also reduces transparency and accountability.

Responsible Ministers did not table all required Annual Reports in Parliament by 30 November as required by the Government Sector Finance Act 2018

The responsible Minister for a reporting GSF agency is responsible for tabling the annual report in each House of Parliament as soon as practicable but no later than within 5 months after the end of the annual reporting period for the agency.

By 30 November 2024, 139 audit reports had been issued to agencies listed in 'Schedule 3 – Transitional reporting GSF agencies' of the Government Sector Finance Regulation 2024.

Of these:

  • 123 agency annual reports were tabled by the responsible Minister by 30 November 2024
  • 16 agency annual reports were not tabled by the responsible Minister by 30 November 2024.

Annual reports were not tabled for:

AgencyResponsible Minister
Water NSWTreasurer and Minister for Finance
The Trustees of the Parliamentary Contributory Superannuation FundTreasurer
Transport Asset Holding Entity of New South WalesTreasurer and Minister for Finance
Forestry Corporation of NSWTreasurer and Minister for Finance
The TreasuryTreasurer
Sydney Water CorporationTreasurer and Minister for Finance
SAS Trustee CorporationTreasurer
Newcastle Port Corporation (Port Authority of NSW)Treasurer and Minister for Finance
New South Wales Treasury CorporationTreasurer
Liability Management Ministerial CorporationTreasurer
LandcomTreasurer and Minister for Finance
Infrastructure NSWPremier and Treasurer
Hunter Water CorporationTreasurer and Minister for Finance
Electricity Retained Interest Corporation – AusgridTreasurer
Electricity Retained Interest Corporation – Endeavour FundTreasurer
Essential EnergyTreasurer and Minister for Finance

Note: All agencies submitted Annual Reports to the responsible Minister by the due date.

Delays in tabling Annual Reports means Parliamentarians have less time and opportunity to enquire about the performance and accountability of the use of resources entrusted to the agency.

On 21 November 2024, nine days before the deadline, 109 annual reports of transitional reporting GSF agencies were tabled in Parliament. Tabling a high volume of annual reports at the same time creates a significant information burden making it challenging to assess agency performance.

A number of audits are still in progress

The following audits are still in progress at the date of this report:

  • C.B. Alexander Foundation
  • Corporation Sole ‘Minister Administering the Heritage Act 1977
  • Biamanga National Park Board of Management
  • Mutawintji Board of Management
  • Worimi Board of Management
  • Rookwood Necropolis Land Manager (for the period of 1 July 2023 to 30 September 2024).

NSW Treasury is planning to trial hard close processes for the 2024–25 financial year

NSW Treasury is currently exploring initiatives to improve the quality and timeliness of year-end financial reporting. A small selection of agencies will be involved in a hard close pilot for the 2024–25 financial year. A hard close process essentially comprises year-end close procedures performed largely at a preliminary month-end date. For an effective hard close, agency staff must treat the hard close process with the same rigour and focus they would treat a full year-end process. In summary:

  • agencies will be required to prepare a complete set of financial statements at an earlier period, such as 31 March, 30 April or 31 May, and confirm that effective controls over key agency balances are in place
  • auditors would plan and perform audit procedures at an earlier period, with roll forward audit procedures for the intervening period to 30 June
  • agencies and the Audit Office would agree on the scope and timing of work and identify areas of work that will have to be either left until year-end or revisited at year-end.

State agencies should consider adopting hard close procedures for 2024–25 onwards as such procedures may assist agencies to:

  • improve the quality and timeliness of year-end financial reporting and audit completion
  • identify, consider and resolve issues and errors earlier
  • reduce the number of reported monetary misstatements
  • better manage peak workloads relating to year-end requirements by bringing work forward.

3.3. Key accounting and audit issues

Asset management

Agencies need to commence asset revaluations earlier

Property, plant and equipment is significant to the financial statements of State sector agencies. NSW Treasury mandates that these assets are to be recorded at fair value and measured in accordance with AASB 13.

Agencies need to assess the fair value of their property, plant and equipment at each balance date. This assessment requires management to exercise judgement and make certain assumptions, which underpin key estimates in the valuation process. Often, this requires the assistance of a qualified valuer.

Our audits continue to identify late adjustments to financial statements relating to the valuation of property, plant and equipment. Performing asset valuations earlier gives management and auditors time to complete procedures and identify potential issues before the financial statements are prepared. It can also improve the timeliness of financial reporting.

The risk of misstatement to the valuation of property, plant and equipment and financial statements increases when:

  • information presented to valuers is not fit for their purposes, and has not been reconciled to the general ledger and financial statements
  • inputs and assumptions used by the valuers are not reasonable
  • valuations are delayed and not completed within statutory deadlines.

Agencies should:

  • ensure information and data provided are complete and accurate, and have been reconciled to the general ledger
  • assess the appropriateness of the methodology, key assumptions and judgements adopted in the valuation
  • ensure that any restrictions attached to the asset have been properly considered
  • assess fair value movements and investigate unexpected changes
  • document management’s review. Matters identified during management’s review should be discussed with the valuer, and documentation evidencing how they were addressed should be retained.

NSW Treasury has commenced a ‘Depreciation and revaluation project’ to explore potential changes to the State’s revaluation process, with the aim of:

  • improving the predictability and consistency of year-end revaluations
  • increasing the efficiency and cost effectiveness of valuation-related processes
  • enhancing the reliability of budget forecasts of depreciation.

We understand the project involves multiple streams of work, including reviewing the current budget guidance and processes, and NSW Treasury’s accounting policies and procedures relating to PPE valuations.

The Audit Office is engaging with NSW Treasury on this project by providing feedback in relation to any proposed changes, ensuring they comply with relevant Australian accounting standards and provide sufficient and appropriate evidence to support the audit process.

Integrity of fixed asset registers

Agencies should ensure their asset registers are complete and accurate

We continue to identify issues with the integrity of fixed asset registers (FARs) as part of our audits of financial statements. This included inaccurate details about assets in asset registers, and issues with processes to ensure registers are complete and accurate.

The risk of misstatement to financial statements increases when:

  • property, plant and equipment general ledger balances are not reconciled in a timely and accurate manner to FAR subsidiary ledgers and asset management systems (AMSs)
  • inaccurate or incomplete data in property, plant and equipment subsidiary ledgers are evident, and are subsequently used in preparation of the financial statements
  • disposed assets are still marked as ‘in use’
  • condition assessments are not completed or regularly reviewed and updated in a timely manner.

Agencies should:

  • perform and review the fixed assets reconciliation at least monthly. Discrepancies should be promptly investigated and resolved
  • ensure subsidiary ledgers are complete and accurate, and omissions and errors are promptly investigated and resolved
  • improve their quality review processes over the accuracy and completeness of fixed asset data supporting the preparation of the financial statements
  • ensure condition assessments are performed for all assets in a timely manner so that they can be incorporated into the valuation process. Regular condition assessments are essential to identify maintenance requirements, maintain service delivery and support the remaining useful lives of assets.

Impairment of assets

Agencies should assess indicators of asset impairment on an annual basis

Agencies must assess at each reporting date whether there is any indication that an asset is impaired. Whilst many public sector assets will be revalued in line with the requirements of AASB 13, this does not exempt agencies from consideration of impairment indicators. There is still an expectation that agencies will consider impairment indicators as part of their regular revaluation processes. This should include considering whether damaged or obsolete assets that continue to be used have not been captured in the revaluation process.

If impairment indicator assessments are not completed on an annual basis to identify at-risk impaired assets, there is a risk that assets will be measured at incorrect values, leading to misstatement of financial statements.

Agencies should develop processes and procedures to ensure impairment indicators are assessed at each reporting period. If indicators are present, agencies should make a formal estimate of the recoverable amount of impacted assets and recognise any computed impairment loss amounts.

Accounting for revenue and income from transactions

Errors continue to arise in the application of recently adopted accounting standards and interpretations

AASB 15 ‘Revenue from Contracts with Customers’, and AASB 1058 ‘Income of Not-For-Profit Entities’ became effective for all NSW public sector agencies from 1 July 2019.

AASB 15 and AASB 1058 require NSW public sector agencies to assess how they account for revenue, depending on whether it arose from contracts for sales of goods and services, or grants and other contributions. These standards are complex, especially when it comes to determining when revenue can be recognised in relation to services provided. Certain complex criteria must be met to allow revenue to be deferred, and agencies must review all their revenue contracts and arrangements to determine if the requirements have been met.

Despite having been introduced in 2019, agencies continue to have difficulty in applying these standards. Our audits found instances where:

  • revenue recognition principles of the relevant accounting standards had been incorrectly applied, leading to an overstatement of revenue in the reporting period
  • the recognition principles were applied using an inappropriate accounting standard, leading to an overstatement of revenue.

Accounting policy information in the financial statements should be decluttered

In 2023–24, for the first time, revised accounting standards required entities to disclose ‘material accounting policy information’, rather than ‘significant accounting policies’.

Our audits identified instances where agencies carried forward the same accounting policy information that was previously considered significant. Preparers of financial statements should only include accounting policy information that is material to the users of the financial statements. In doing so, preparers should consider the relevance of the accounting policy information.

Agencies should:

  • consider which accounting policies are material to the entity in the current or prior year
  • consider what users may need to help them understand the financial statements, for example, information related to key judgements
  • consider how the accounting policy applies to the entity and how that can be explained to assist users of the financial statements.

Accounting for software as a service

In 2020–21, the International Financial Reporting Standards Interpretations Committee issued an agenda decision on 'Configuration or customisation costs in a cloud computing arrangement' (the IFRIC agenda decision).

The IFRIC agenda decision considered how a customer accounts for the configuration and customisation costs of cloud computing arrangements where an intangible asset is not recognised. It clarifies that the vendor – not the customer – controls the cloud application software to which the customer has access. As such, any configuration and customisation costs incurred by the customer do not create an asset separate from the cloud application software.

Despite the clarification in 2020–21, we continue to observe instances where agencies have incorrectly recognised intangible assets for SaaS arrangements, leading to an overstatement of intangible assets in agency financial statements.

Agencies should develop formal policies or procedures for the accounting of SaaS arrangements, including implementing appropriate review processes to ensure consistent accounting of these expenses.

New accounting standards effective for financial year 2025

Given some of the identified challenges in applying new accounting standards for the first time, agencies will need to be better prepared for the new suite of standards and amendments that will become effective in 2024–25.

Agencies need to be prepared for amendments to AASB 13

AASB 13 has been amended for the upcoming 2024–25 reporting period with changes primarily impacting the fair value measurements of non-current financial assets (such as property, plant and equipment) not held primarily for their ability to generate net cash inflows of not-for-profit State agencies. The amendments include, but are not limited to, guidance on how the ‘cost’ valuation approach should be applied to measure the fair value of these assets.

We assessed agencies’ progress towards implementing the amendments to AASB 13 as part of our current period financial audits. While some agencies have advanced their review of the accounting standard updates, others have not commenced assessment or implementation of the amendments. For example, several agencies have not:

  • performed an assessment of the impact of the AASB 13 amendments on their financial statements, existing systems and processes
  • considered or prepared accounting position papers documenting the impact on the fair value measurement of relevant assets, quantifying the impact and highlighting significant management assumptions
  • included qualitative or quantitative information on the financial impact in their 2023–24 financial statements.

In advance of 30 June 2025 agencies should:

  • understand the nature of any of their non-financial assets not held primarily for their ability to generate net cash inflows
  • understand the amendments to AASB 13 and the authoritative implementation guidance, and their impact on agencies’ financial statements
  • assess whether their current application of AASB 13 to their fair value of non-financial assets not held primarily for their ability to generate net cash inflows is in accordance with the revised AASB 13 standard
  • discuss their assessment with their auditors and Audit and Risk Committee early.

4. Audit observations

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are also essential for quality and timely decision making.

This chapter outlines observations and insights from our audits of financial statements of the 40 largest agencies in the State sector. These agencies are listed in Appendix 3.

Section highlights

Across the 40 largest agencies:

  • the number of findings reported to management decreased from 319 in2022–23, to 296 in 2023–24, and 21% were repeat issues (33% in 2022–23)
  • key findings related to financial management, IT, property plant and equipment, and payroll. These areas continue to require improvement
  • seven new high-risk findings were identified during 2023–24 (in 2023 six were high risk)
  • there is a need to strengthen financial management in areas such as management oversight, review of information provided by external experts and appropriate approvals
  • payroll controls, particularly in onboarding and terminations, need strengthening to reduce the risk of fraud
  • contract management deficiencies were found, including missing registers and incomplete information.

4.1. Findings reported to management

The number of findings reported to management has decreased, and 21% were repeat issues

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.

In 2023–24, there were 296 findings raised across the 40 largest agencies (319 in 2022–23). Twenty-one per cent of all issues were repeat issues (compared to 33% in 2022–23).

The most common repeat issues related to financial management, IT and non-current financial assets.

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency to not comply with legislation, regulation and central agency policies.

4.2. High-risk findings

Seven high-risk findings were identified across the 40 largest agencies

Seven high-risk findings were reported to management. These were new issues raised this year; no findings from prior years were repeated as high risk.

  • One agency failed to manage risks in a key system that was being operated independently of the central IT function.
  • One agency inappropriately allocated high-level privileged user access several times to a user who did not require it.
  • One agency failed to restrict privileged access during and after two system upgrades.
  • An attempted cyber-attack on one agency’s finance system was not identified or investigated.
  • One agency had a delayed revaluation process, inconsistencies between the fixed asset register and the technical register, and delayed a quality control review by management.
  • Health entities have been entering into non-standard arrangements with staff specialists and visiting medical officers (VMOs) without the required delegation. Non-standard arrangements are any arrangements that provide benefits to staff specialists or VMOs beyond what is provided in the award or determination. While Health entities can enter into non-standard arrangements with staff specialists, the NSW Health policy directive ‘Non-Standard Remuneration or Conditions of Employment’ requires that such agreements be approved by the Health Secretary or a delegate. The policy directive states that this is also a requirement under section 116A of the Health Services Act 1997.
  • One agency did not have a delegation manual in place during 2023–24 that complied with the requirements of the Government Sector Finance Act 2018 (GSF Act).

4.3. Key audit findings

The Audit Office analysed themes across the 296 issues raised for the 40 largest state agencies. Of these, 213 (72%) were new issues, 62 (21%) were repeat issues and the remaining 21 (7%) were ongoing issues. The number of issues reported by theme is as follows:

The following themes were identified from findings reported to management:

Agencies should improve their key financial controls related to financial management

Our audits continue to identify insufficient review by management of key financial data, reconciliations and approvals. Forty-three per cent of all findings reported to management related to financial management.

Our findings include:

  • instances of insufficient quality review by management of financial data provided by external providers
  • incomplete review of reconciliations that were subsequently found to contain errors
  • lack of documented review of rates and data used to prepare the financial statements
  • management review not in place to ensure refunds and deposits were processed in a timely manner, and no evidence of approval
  • processes not in place to prevent overpayment of subsidy payments
  • instances of old reconciling items not being actioned
  • out-of-date agency compliance audit programs
  • lack of timely provision of documents for audit.

Lack of management oversight, review and approval increases the risk of fraud and error. Agencies need to ensure that the appropriate level of management oversight is exercised over financial reporting information.

Agencies should:

  • ensure all key reconciliations and supporting documents provided to audit are reviewed by an appropriate level of management
  • engage early with external providers of information and perform a quality review of the work produced to ensure management agreement with the information before providing to audit
  • document and review all rates, key assumptions and inputs to financial models
  • review policies and procedures to ensure overpayments and refunds are limited, and perform an investigation of these to ensure mitigating controls are in place
  • update compliance audit programs.

Payroll controls require improvement to increase security over payroll records and reduce the risk of fraud

Deficiencies were found in the onboarding and termination of staff as well as in controls over payroll master file data. These deficiencies increase the risk of payments being made incorrectly and payroll data may be incorrectly or fraudulently modified.

Our findings include:

  • payroll exception reports not being produced or reviewed
  • deficiencies in policies used for screening new employees
  • untimely review and approval of new starters recorded in payroll systems, including untimely granting of user access to new starters
  • untimely processing and deactivation of terminated employees, including existing checklists not being completed for terminated or leaver employees
  • overpayments processed to terminated staff
  • higher duty arrangements not endorsed and approved by the relevant manager
  • access to key Masterfile data not restricted, causing segregation of duties issues, including ability to edit master data and approve changes, ability to modify employee bank account details, and access to change employee position and status
  • payroll files not encrypted for security purposes
  • lack of budget controls over and monitoring of overtime expenses
  • agencies unable to generate complete and accurate payroll reports.

Agencies should ensure that procedures for onboarding of new staff and termination of staff are robust and are being adhered to. This includes appropriate screening of new staff, review and management approval of new staff, and appropriately assigned systems access. Terminated staff should have access to the system removed in a timely manner to ensure no authorised transactions can be processed after they have completed their time with the agency.

Payroll expenses should be closely monitored. Root cause analysis should be performed on any overpayments, or expenses significantly in excess of budget to ensure policies and procedures can be put in place to mitigate reoccurrence.

Agencies should improve their reporting and management of contracts and related controls

Contract registers are not being kept up to date and are inconsistent with information published on the eTendering website.

Our audits found that:

  • one agency did not maintain a central contract register
  • a number of contract registers contained inaccurate information on agency contracts
  • a number of contract and other registers were incomplete, not maintained, and did not contain the necessary information.

The lack of a complete and accurate contract register increases the risk of noncompliance with legislation including the Government Information (Public Access) Act 2009 (GIPA).

Deficiencies found in purchasing include:

  • payments approved outside of delegation authorities
  • deficiencies in vendor Masterfile data, including outdated supplier/grantor details and vendors being inactive for more than three years
  • lack of audit trails to evidence segregation of duties between preparers and approvers of EFT disbursements
  • purchase orders approved after the invoice had already been received
  • annual stock-takes of corporate credit cards not being performed.

Agencies should:

  • review their contract registers and ensure that they are complete and accurate. Agencies also need to ensure that the eTendering website is updated for all reportable contracts, and that this is reconciled to their internal contracts register
  • review their policies and procedures for approval of payments and ensure that controls are in place to ensure payments above delegation cannot be made
  • review vendor Masterfile details and perform data cleansing, including deleting duplicate vendors and inactive vendors.

5. Area of focus – Risk management

This chapter outlines audit observations, conclusions and recommendations from our review of agencies’ risk maturity, assessment processes, governance, systems and culture across the 40 largest agencies in the state sector. These agencies are listed in Appendix 3.

Section highlights

  • Agencies continue to self-assess that their risk management processes require improvement.
  • Not all maturity assessments completed using the NSW Treasury Risk Maturity Assessment Tool have been reassessed or updated in a timely and consistent manner.
  • Twelve agencies did not complete formal risk maturity assessments.
  • Four agencies did not prepare formal risk management appetite statements.
  • Agencies have implemented risk management oversight processes and systems, but improvements are required for some agencies.
  • Three agencies did not provide training to staff on risk management.
  • Agencies should perform periodic assessments of their risk maturity, and implement improvement plans to ensure that processes are consistent with core requirements stipulated by NSW Treasury.

5.1. Overview

The Treasury Policy Paper TPP 20-08 Internal Audit and Risk Management Policy for the General Government Sector (TPP 20-08) is a mandatory policy issued by NSW Treasury to assist agencies to meet their legislative obligations under the GSF Act, and outlines minimum standards for risk management. The policy’s core requirements are founded on Australian Standard AS ISO 31000: 2018 Risk Management Guidelines (AS ISO 31000).

NSW Treasury developed TPP 20-06 Treasury Risk Maturity Assessment Tool Guidance Paper (TPP 20-06) to support improvements in risk management, culture and capability across the NSW public sector including:

  • helping agencies to assess their own maturity level
  • identifying specific areas to improve risk culture and capability
  • supporting whole of government improvements to risk management through a uniform tool
  • allowing agencies to compare their results over time.

Use of the tool is not mandatory.

Treasury is in the process of updating the key sector-wide risk management policy (TPP20-08 Internal Audit and Risk Management Policy for the General Government Sector), to help drive improved risk management practices across the sector and has undertaken a consultation process with key stakeholders during the year.

Our Internal Controls and Governance 2023 report found a number of risk management control gaps in NSW Government.

5.2. Risk maturity level

Risk management maturity is low across most agencies

The 40 largest state agencies self-evaluated the maturity of their risk management processes against the following levels defined in TPP 20-06:

  • 1 – Fundamental: An uncoordinated process, where risk management is ad-hoc, unpredictable and highly dependent on individuals.
  • 2 – Repeatable: A disciplined process where risk management is established and repeatable, documentation is limited and there is continued reliance on individuals.
  • 3 – Systematic: A standard, consistent process, where risk management is proactively managed, supported by defined process, and is stable and measurable.
  • 4 – Embedded: A predictable process, where risk management is formally defined, predictable, consistently delivered and meets defined objectives.
  • 5 – Advanced: A continuously improving process, where risk management is optimised, delivers to stretch objectives and is subject to continuous improvement.
  • 6 – Other: For agencies that did not use the Treasury Risk Maturity Assessment tool defined in TPP 20-06 but self-evaluated using a different method.

The table below displays the results of these self-evaluations:

Percentage of agencies at maturity level

1. Fundamental

2. Repeatable

3. Systematic

4. Embedded

5. Advanced

6. Not assessed*

Risk culture

5%

30%

18%

5%

5%

38%

Risk governance

8%

25%

18%

10%

3%

38%

Capability and training

10%

33%

15%

5%

0%

38%

Methodology and tools

0%

35%

23%

5%

0%

38%

Data and information usage

10%

40%

8%

5%

0%

38%

Strategy and business planning

3%

38%

15%

0%

8%

38%

Project rating

0%

35%

15%

10%

3%

38%

Programs and operational performance

3%

38%

13%

8%

3%

38%

Reporting and communication

8%

40%

8%

5%

3%

38%

Average

5%

35%

14%

6%

3%

38%

* Fifteen agencies either use a different risk maturity assessment model to assess risk maturity or have not completed a risk maturity assessment.

Source: Agencies’ self-assessed risk maturity levels (unaudited).

Agencies primarily self-assessed risk management component maturity at levels below a ‘systematic’ or standard level. Forty per cent of agency self-evaluations determined risk maturity as below standard level. No agency assessed their capability and training functions, methodology and tools, and data and information usage as ‘advanced maturity’. These assessments indicate that improvements are required in agency risk management processes.

5.3. Risk management

Risk maturity assessments

Twenty-five agencies use the ‘Treasury Risk Maturity Assessment tool’ to formally assess their risk maturity, but not on a regular and consistent basis

All of these agencies had prepared risk action plans as a result of completed assessments and updated their risk management processes based on these plans.

The following table shows that some maturity assessments have not been completed since the 2020–21 financial year:

Number of agencies

Financial year last risk maturity assessment was completed

1

2020–21

7

2021–22

3

2022–23

11

2023–24

3

2024–25

Of the remaining 15 agencies that have not used the ‘Treasury Risk Maturity Assessment tool’:

  • three agencies have completed maturity assessments using a different model
  • one agency informally completes risk maturity assessments on an ad-hoc basis
  • three agencies plan to complete a maturity assessment in the next 12 months
  • two agencies’ risk management and assessment processes are managed by a different agency
  • six agencies have not detailed their risk maturity assessment.

Risk management maturity assessments are integral to the development of robust risk management frameworks that support organisational goals and sustainability. They assist agencies in creating targeted action plans to enhance their risk management capabilities.

Agencies should perform periodic assessments/reviews of their risk maturity and implement action plans where required.

Risk appetite statements

Four agencies did not prepare formal risk management appetite statements as part of their risk management processes and 12 agencies have not prepared or updated their risk appetite statement in the last 12 months

Moreover, five agencies have not communicated their risk appetite statement to key staff responsible for decision making.

Risk appetite statements are a formal expression of an agency’s tolerances when dealing with risk. They can lead to improved decision making, better prioritising of risk and ensuring risk management is aligned with the agency’s objectives.

Agencies should prepare risk appetite statements and guides on how risk tolerance is applied when assessing risks. Key agency decision makers should be educated on, understand and act in accordance with defined risk tolerances.

Risk management governance

Agencies have implemented governance and monitoring oversight processes over agency risk management practices, although improvements are required for some agencies

All agencies report risk management results to their Board (or equivalent committee). However, with regard to risk management governance processes:

  • three agencies did not coordinate risk management centrally within the organisation
  • two agencies did not have a management committee that meets regularly to address and oversee key risks
  • one agency did not have risk management responsibilities defined in a committee charter or terms of reference
  • two agencies did not include a review of the strategic risk register as an annual agenda item for their Board (or equivalent committee).

Agencies should establish risk governance structures, roles and responsibilities in line with best practice contained within TPP 20-06.

5.4. Risk management systems

All agencies maintain corporate or enterprise risk registers, however some are deficient

All agencies maintain a corporate or enterprise risk register that lists key risks and their nature. However, we note the following deficiencies with regard to information recorded in these registers:

Number of agencies

Observation on corporate/enterprise risk registers

8

did not contain inherent risk ratings

3

lacked risk causes

3

did not contain mitigating controls

10

did not contain linkage to strategic or operational objectives

32

did not complete cost–benefit analysis of treatment options

13

did not contain an assessment of residual risk ratings to appetite

19

did not have performance measures to help monitor risk and mitigation strategies

3

did not have risk owners clearly identified in the register

Risk management systems, including risk registers, allow for ongoing monitoring of risks, including changes in status, effectiveness of mitigation strategies and new risks that may emerge. They are a formal record of risks and management actions, and support accountability and compliance with regulations or industry standards.

Agencies should integrate risk registers and systems into existing management systems to capture all relevant data on risk, and develop techniques and tools (which might include defined performance indicators) to evaluate and monitor top risk exposures and/or the effectiveness of risk responses.

5.5. Risk culture

Three agencies did not provide risk management training to staff responsible for risk management

A positive risk culture encourages employees to identify and report risks early, leading to proactive management rather than reactive responses. When staff are trained and risk management is well embedded in the culture, agencies can make better-informed decisions that consider potential risks and their impacts.

Agencies should ensure that formal training and development of staff is implemented with a focus on agency-wide risk management.

All agencies participating in the 2023 NSW Government ‘People Matter Employee Survey’ reported results indicating that staff were comfortable with notifying their manager of risks evident at work.

6. Area of focus – Capital projects

This chapter outlines observations, conclusions and recommendations from our review of the 15 most significant capital projects in the State.

Section highlights

  • A significant number of projects did not have an ETC published in the Budget Papers or an estimated completion date.
  • The lack of transparency around expected costs and timing reduces the ability to assess if major projects have been delivered within budget and on time.
  • The publicly available information on the WestConnex project, completed in November 2023, does not provide a complete and accurate reflection of the project’s costs against the published ETC.

The 2024–25 State Budget for investment in public infrastructure over the next four years is $119.4 billion ($116.5 billion in the 2023–24 State Budget). This includes $13.4 billion in Health, $9.5 billion in Education, $62.9 billion in Transport and $22.1 billion in Climate Change, Energy, the Environment and Water1.

Source: NSW Budget 2024–25 Budget Paper No. 3 Infrastructure Statement.

We reviewed the 15 most significant ongoing capital projects in the State. We assessed significance according to the projects’ ETC. This section outlines the findings. This analysis relies on information provided by NSW Treasury or the agencies. Where possible the details of the projects have been agreed to the relevant NSW Budget Papers.

The projects reviewed include:

Agency nameProject name
Sydney MetroSydney Metro West
Transport for NSWWestConnex
Sydney MetroSydney Metro City and Southwest
Sydney Water CorporationGrowth works to service urban development
Sydney MetroSydney Metro-Western Sydney Airport
Transport for NSWWestern Harbour Tunnel
Department of Communities and JusticeBuilding new social housing supply
Transport Asset Holding Entity of New South WalesRail Service Improvement Program
Sydney Water CorporationSewer Network Reliability Upgrades
Transport for NSWRoad Safety
Transport for NSWZero Emissions Buses Program
Transport Asset Holding Entity of New South WalesSafe, Accessible Transport Program
Transport for NSWParramatta Light Rail Stage 1
Transport for NSW M6 Extension Stage 1
Sydney Water CorporationResilient & Reliable Water Supply

Source: NSW Budget 2024–25 and NSW Treasury.

Review of the NSW Budget 2024–25 Budget Paper No. 3 Infrastructure Statement (2024–25 Infrastructure Statement) indicates:

  • eight of the 15 projects did not publish an ETC
  • five of the 15 projects did not publish an estimated time for completion
  • three of the 15 projects moved the original time for completion by up to two years
  • two of the 15 projects revised their ETC.

Clearer and more complete information on capital projects is needed

Clear and complete reporting on capital projects is critical to building public trust and ensuring transparency and accountability.

Each year, the Infrastructure Statement provides information to the NSW public on major capital projects across the State, including the nature of each project, how much it costs and how much has been spent so far. It is an essential source of information on the State’s infrastructure projects. The objective of this information in the Budget Papers is to:

  • present a clear report on the State’s planned capital program covering new works and works in progress
  • explain how resources have been allocated in the current budget and over the forward estimates for both the GG and PNFC sectors
  • explain how infrastructure investment supports the government’s priorities and service delivery objectives, including underlying policies and strategies.

Preparing infrastructure statements is common practice in all Australian States and Territories. As part of the process to prepare the Infrastructure Statement each year, individual agencies are responsible for providing information on their capital projects to NSW Treasury. In NSW, the Infrastructure Statements include information on:

  • project description for key capital projects and programs
  • total estimated project cost
  • total actual project cost to date
  • budgeted project cost for the coming year
  • estimated project completion date.

Premier’s Memorandum ‘M2022-06 Information on Infrastructure Projects’ (M2022-06) provides direction for the provision of reliable information about infrastructure costs and delivery timetables to the public that reflects the relevant stage of an infrastructure project.

M2022-06 states that information on scope, funding, costs and timelines should not be provided until a project is significantly progressed to a point that it can be accurately and confidently confirmed.

A significant number of projects did not have an estimated total cost published in the Budget Papers

Although the Infrastructure Statement requires disclosure of the ETC and estimation completion date, review of the NSW Budget Papers 2020–21 to 2024–25 reveals that many projects note the ETC and completion date as ‘n.a’. This means data are either not available or are not disclosed for commercial reasons.

Specifically, 79% of Transport portfolio projects did not have a published ETC for commercial in-confidence reasons. The Transport portfolio leads some of the most significant projects in the State, such as Sydney Metro West, Sydney Metro Western Sydney Airport, Sydney Metro City and Southwest and Western Harbour Tunnel. Transport is the largest component of the forward estimates spend on infrastructure projects, and accounts for 53% of total infrastructure spend in the next four years. Total ETC for the Transport portfolio in the 2024–25 Infrastructure Statement is $19.5 billion compared to a $62.9 billion expected spend over the next four years (forward estimates years). Most other portfolios appear to disclose ETCs for most of their projects.

It is understandable that there could be commercial reasons for agencies not publishing the ETC. However, agencies should consider whether there are other alternatives to provide an indication of the ETC and size of the project.

For example, for the Sydney Metro City Southwest, the Final Business Case Summary published in 2016 provided a range for the ETC rather than the exact ETC due to commercial reasons. NSW Government requested that the estimated cost of the program not be publicised in the summary at the time as they were in the process of procuring packages for Sydney Metro West. Infrastructure NSW noted in the business case summary that the program cost would be released by the NSW Government at a commercially appropriate time. The business case summary included a range for the ETC of $11.5 billion to $12.5 billion. To date, no other ETC has been published. The Infrastructure Statements continue to state n.a. and do not report the publicly available range for the ETC.

The lack of transparency around expected costs reduces the ability to assess if major projects have been delivered within budget and on time

If projects do not make information on ETCs publicly available, there is a risk around transparency for project cost monitoring and reporting. In the absence of published information on expected completion dates and ETCs, it is difficult for the public to understand whether costs and timing have changed for projects. It also reduces the ability to compare actual costs to budgeted costs. This is especially important given some of the largest ongoing projects in the State do not have any published information on ETCs.

Where the ETC cannot be published for commercial reasons, agencies should disclose a range of the total cost to provide an indication of the approximate size of the project. Agencies should also publish the estimated completion date.

Case Study – Completed Project: WestConnex

The publicly available information on the WestConnex project does not provide a complete and accurate reflection of the project’s costs against the published ETC

WestConnex is a 33-kilometre motorway network that links Sydney’s western and south-western suburbs with the CBD and the Airport/Port Botany precinct. It also connects with proposed motorway links to the north shore, northern beaches and southern Sydney. The project was constructed in three stages:

  • Stage 1 – M4 widening (Parramatta to Homebush) and M4 East (Homebush to Haberfield)
  • Stage 2 – King Georges Road Interchange Upgrade (Beverly Hills) and New M5 (Beverley Hills to St Peters) now known as WestConnex M8
  • Stage 3 – M4-M5 Link (Haberfield to St Peters) and Rozelle Interchange.

The final stage of WestConnex was completed and opened in November 2023.

The ETC in the 2023–24 NSW Budget was $16.8 billion. The NSW Audit Office Performance Audit Report, WestConnex: changes since 2014, published in 2021, found that the NSW Government’s decision to fund WestConnex-related projects outside WestConnex’s $16.8 billion budget had reduced transparency and understated the full cost of WestConnex. The report notes that up to $4.3 billion was funded outside of the $16.8 billion budget.

The total expenditure shown in the NSW Budget 2023–24 Budget Paper No. 3 Infrastructure Statement was $6.0 billion.

There is a disparity of what the ETC represents and what the actual expenditure represents in the NSW Budget Papers. Based on a review of the 2023–24 NSW Budget Papers, it could appear that the project was under budget by approximately $10 billion, which is not a complete and accurate reflection of the WestConnex project.

There is no further information in the 2024–25 NSW Budget Papers on the total expended on the completed project. The 2024–25 Infrastructure Statement only states that this project was delivered and opened to traffic in November 2023.

Transport for NSW has not published the total cost of the project to date or any updated benefit realisation assessment or updated benefit-to-cost ratio. The project was completed one year ago.

Agencies or NSW Treasury should publish accurate and timely information on actual expenditure on projects and reassess the benefits realisation and benefit-to-cost ratios to promote transparency and accountability.

NSW Treasury or the individual agency should publish annually a report of projects completed during the preceding financial year. This should include the project completion date and the total actual expenditure at the completion of the project compared to the budgeted cost.


1 $17.6 billion relates to the commercial water entities.

7. Area of focus – Shared service arrangements

Shared service arrangements can centralise corporate services functions such as finance, human resources, procurement and information technology (IT). Across NSW Government agencies, many business processes and IT functions are provided on a shared services model, that is, one agency operates a business function or IT platform that is used by other agencies rather than each agency maintaining their own. These services are shared by several agencies (‘customers’), but generally are operated and managed by one agency or department (‘provider’).

This chapter outlines audit observations, conclusions and recommendations from our review of shared service arrangements provided and received by the 40 largest agencies in the state sector. These agencies are listed in Appendix 3.

This report outlines the findings on shared service arrangements.

Section highlights

  • Eleven customer agencies’ shared service-level agreements were not signed or updated during 2023–24.
  • Three of the five agencies that provide shared services to 108 customer agencies did not obtain independent assurance over the effectiveness of, or deficiencies in, their control environment.
  • Agencies should set clearer performance standards and monitor them more effectively.
  • Only four out of 20 customer agencies benchmarked their pricing to assess value for money.

Organisation of shared services in large NSW agencies

Nine agencies in the scope of this report are providers of shared services to other agencies. In total, over 115 customer agencies rely on these services, including 20 of the agencies within the scope of this report. Eleven of the agencies in this report neither provide nor rely on the shared services.

Delivery models

The operating model is predominantly portfolio-focused, resulting in the same service being delivered by more than one provider. There are different delivery models for how services are delivered and engaged by the agencies in this report:

  • a centralised in-house function that leads the shared services function for and on behalf of the agencies in the same portfolio (Fire and Rescue NSW, Transport for NSW)
  • a centralised in-house function that leads the shared services functions for and on behalf of the agencies within the same portfolio and across other portfolios (Department of Customer Service, Department of Communities and Justice, Department of Planning, Housing and Infrastructure).

The advantages of relying on other agencies for these functions are shown below.

The risks of shared service reliance are shown below.

These benefits and risks depend on how the agencies relate, their performance and the governance of the services. Formally documented agreements help to clarify expectations and responsibilities for all parties, whether between separate agencies or within different divisions of the same government department. In practice, different models are used in the management of shared services within NSW Government.

Scope of services provided

The nature of shared services provided across NSW Government agencies mainly include:

  • finance function
  • human resources and payroll operations/processing
  • procurement and accounts payable
  • master data management
  • fixed asset management
  • information technology
  • governance support.

Finance function includes transaction processing, general ledger reconciliations, financial statements preparation, management reporting and finance IT system support.

Service-level agreements

Effective service-level agreements (SLAs) are often an important factor for successful shared service arrangements, as they set clear expectations and performance standards. Agencies are better able to manage the quality and timeliness of shared service arrangements if they have a SLA in place. Ideally, the terms of service should be agreed before services are transferred to the provider and they should:

  • specify the controls the provider must maintain
  • specify key performance targets
  • include penalties for non-compliance.

Twenty in-scope agencies use a shared service provider, and 19 of these agencies have SLAs in place.

One customer agency did not have a finalised SLA in place, and 11 agencies’ SLAs were not signed or updated during 2023–24

Previous reports to Parliament recommended agencies establish clear SLAs before providing or receiving a shared service. These should detail the services and the roles, rights and responsibilities of all parties.

Of the 20 customer agencies using shared services:

  • eleven agencies’ SLAs were signed in prior years, but they were not updated or renewed during the 2023–24 period. One of these SLAs has not been updated since it was signed in 2017
  • one agency’s SLA is still in draft
  • one agency’s SLA was signed in the prior year with an extension of the services provided until 2024–25
  • seven agencies’ SLAs were signed or renewed during the 2023–24 period.

An effective SLA can minimise the risk of:

  • gaps in service delivery
  • a lack of accountability for service failures, especially if the agreement has no penalty clause
  • disputes over the service scope, cost, quality and timeliness
  • a lack of ownership for solving problems
  • poorly integrated systems that require manual workarounds that increase the risk of fraud and error.

A review of SLAs indicated some service level agreements do not:

  • specify what controls the service provider must maintain
  • prescribe penalties for underperformance
  • specify requirements for independent assurance over controls to be provided
  • specify key performance targets for reporting
  • regularly report on key performance indicators/targets.

If agreements do not specify the controls that a service provider must maintain, information may be inaccurate, incomplete, untimely, or not properly secured or protected. This can lead to:

  • inaccurate financial reporting
  • breaches of confidentiality
  • failure in the services provided to the public
  • failure to respond to reasonable requests promptly.

When using SLAs, agencies should:

  • consider including a performance component in the fee to encourage quality service
  • properly integrate the provider and user systems
  • regularly monitor service performance through key performance measures
  • renegotiate when services change, or periodically after a performance review
  • detail the controls a service provider must maintain
  • ensure the user of the services has complementary controls
  • specify what reports and assurances the service provider must give the user about the design, implementation and operation of these controls.

The figure below shows the deficiencies we identified in SLAs from the perspective of the customer agency.

Assurance over service providers

Assurance is the independent review and formal reporting of the management processes and controls that a service organisation provides to user entities. ASAE 3402 Standard on assurance engagement is the standard under which an auditor provides assurance on the controls of a service organisation (such as a lead agency) for use by entities (such as dependent agencies) and their auditors. In the type of shared service arrangements described above, audits under ASAE 3402 provide formal assurance over the effectiveness of the design and operating effectiveness of the controls at a service organisation. Whilst providing independent assurance is not mandated, it is considered best practice when providing shared services to multiple agencies.

Three shared service provider agencies did not obtain independent assurance over the effectiveness of their control environment

Only two of the five provider agencies that supply shared services to multiple agencies sought formal external assurance over the design and effectiveness of the controls for which they are responsible, and upon which other agencies rely. The absence of an ASAE 3402 assurance report over the shared service arrangements may limit the formal accountability of the shared service provider to customer agencies. This leads to a lack of consistency in communicating and resolving control issues between provider and customer agencies.

The table below shows provider agencies and the:

  • status of independent assurance under ASAE 3402 over the design and effectiveness of the controls for which they are responsible, and upon which multiple agencies rely on
  • number of customer agencies across NSW Government the provider services.
Provider agency

Independent assurance reported to
customer agencies

Total number of customer agencies
across NSW Government

Department of Communities and Justice

Agency does not provide

18

Department of Customer Service

Agency did provide

35

Department of Planning, Housing and Infrastructure

Agency does not provide

37

The Treasury

Agency did provide

12

Transport for NSW

Agency does not provide

6

Source: Audit Office analysis.

Certifying the effectiveness of internal controls over financial information

Treasury Policy Paper TPP 17-06 ‘Certifying the Effectiveness of Internal Controls Over Financial Information’ requires that chief financial officers (CFOs) certify the effectiveness of internal controls over financial information. CFOs of customer agencies must do this by verifying certifications not just from agency management, but from service providers that record, process and report financial data on their behalf.

One customer agency did not receive a certification about the effectiveness of the service provider’s controls. Two CFO certifications on the effectiveness of agency controls did not reference the control failures in the service provider’s report. This creates a risk that customer agency CFOs may not comply with TPP 17-06.

Given only two of the five agencies that supply shared services to other agencies sought independent assurance over the design and effectiveness of the controls for which they are responsible, all providers should consider obtaining independent assurance over the design and operating effectiveness of controls relating to the information system environment and business processes to provide independent assurance to further support their certification letter to customer agencies.

TPP 17-06 has been replaced by Treasury Policy and Guidelines TPG 24-08 ‘CFO Certification on the Internal Control Framework over Financial Systems and Information’, effective 1 July 2024.

Management letter issues and their impact across agencies

One of the main risks of shared services is that issues and problems become pervasive across all dependent agencies.

Four of the nine provider agencies had high-risk issues that impacted the financial systems and business processes they provide. These related mainly to the gaps in management of information systems’ user access and privileged user access. All nine provider agencies had moderate to low-risk issues that impacted the shared services and systems provided. These related mainly to control deficiencies in key business processes, including payroll and operating expenditure. These issues impacted not only the lead agencies that provided the services, but the customer agencies that used their services.

In most cases, the details of the deficiencies identified in the management letters are not visible to the customer agencies. They are also not always outlined in the certifications of effectiveness of internal controls provided by the service providers.

Shared service performance

Shared service arrangements are popular because they can reduce agencies’ back-office costs. However, this may not always translate into value for money if the service delivered is not at the same (or better) level of service.

For agencies to achieve value for money from shared service arrangements, clear performance standards/indicators should be set and monitored, and service providers should be held accountable for poor results.

Clear performance standards and penalties for failure assist agencies to manage service providers and improve their value for money.

Poor shared service performance could significantly affect user agencies, through:

  • inaccurate, incomplete and untimely data processing
  • control failures over the accuracy, completeness and confidentiality of information
  • inaccurate financial and management reporting
  • manual workarounds by the user agency
  • increased costs.

Five of the customer agencies did not regularly report on key performance indicators, while 15 agencies did report (either monthly or quarterly) on key performance indicators/service performance. Four agencies did not have clear key performance indicators included in their service-level agreements that they could regularly report against.

Only four of the 20 customer agencies benchmarked pricing to assess value for money

Shared service providers set pricing based on the type of services they provide. Six out of nine service providers used a pricing model to set the pricing. Seven SLAs did not contain clauses that require a review of prices at regular intervals by the provider agency. Only one provider agency performed benchmarking for pricing to assess value for money.

Only four of the 20 customer agencies performed benchmarking for pricing to assess value for money over the services they received. In making these decisions, agencies also benefit from benchmarking their results with other government organisations.

Nine customer agencies performed a cost-benefit analysis to support the move to shared service arrangements before these arrangements were implemented. Two customer agencies formally assessed the benefits they realised from their shared service arrangements.

Customer agencies should comprehensively assess services received and test the market to maximise value for money prior to extending or renegotiating a contract.

Agencies should set clearer performance standards and monitor them more effectively

Four agency SLAs did not set minimum standards of acceptable performance within SLAs. This increases the risk of customer agencies being able to monitor their providers’ performance, and hence improve their value for money. Sixteen customer agencies had specific key performance indicators included in their SLA.

Ten out of 20 customer agencies did not present reports on shared services performance to the agency’s Audit and Risk Committee (ARC). Only one provider agency regularly presented their reports on shared service centre performance to the agency’s ARC.

This can affect how those agencies are able to objectively and consistently measure the cost, quality and timeliness of the service provider’s performance. Customer agencies may also find it more challenging to hold the service provider accountable for service failures.

The performance measures agencies use may include:

  • timeliness and accuracy of data processing and reconciliations
  • timeliness of reports and requests for information
  • availability of the system and server
  • response and resolution time to issues or incidents
  • recruitment time and quality of contractors.

Customer agencies can achieve better results from shared service arrangements when they regularly monitor the performance of their shared service providers using key measures for the benefits realised, costs saved and quality of services received.

Sixteen out of 20 customer agencies have the ability to provide feedback on shared services performance. This can assist agencies to determine whether they achieved the efficiencies they expected and whether they should continue, renegotiate or re-tender the shared service arrangement when it expires.

Penalty clauses would help hold shared service providers to account

Penalty clauses in SLAs with external service providers reinforce their obligation to meet minimum standards and address any gaps. Penalties can include service credits or withholding payments for service failure. Without penalty clauses, customer agencies may find it more difficult to hold a service provider accountable for poor service delivery or force them to remedy the issues.

Only five out of 20 customer agencies responded that they have a penalty clause in their SLAs with their service provider. Some agencies who have had unsatisfactory experiences escalated to shared service providers to discuss and resolve service performance issues.

Case study – Process and Technology Harmonisation program to consolidate NSW Government Enterprise Resource Planning systems

The Process and Technology Harmonisation (PaTH) program commenced in November 2021 with the aim of consolidating government Enterprise Resource Planning (ERP) and SAP systems in order to simplify and standardise corporate and shared service systems and support for over 55 NSW Government agencies. The Department of Communities and Justice (DCJ) assumed responsibility to deliver the PaTH program from November 2021.

One of the first initiatives was to roll out a new SAP system called MyWorkZone, which covers multiple business processes such as onboarding, payroll, vendor payments and financial reporting impacting multiple agencies. Participating agencies have been progressively onboarded since April 2023 with most agencies onboarded by October 2024. The delivery of functional day-to-day shared services to these dependent agencies is provided by both the Department of Planning, Housing and Infrastructure (DPHI) and DCJ as two shared services hubs.

When phasing the onboarding of public sector agencies onto a new system, it is common for application controls to not be fully bedded down as there are ongoing changes to the system and user groups. The scale and magnitude of such changes across multiple agencies highlights the challenges faced in delivering a complex program and gives rise to the learnings below. These learnings reflect observations over 2023 and early 2024 while the program was in a period of transition and operating in a project delivery mode to deliver multiple waves of onboarding activity while defining the future business as usual operations. Both DCJ and DPHI have been working to address some of these learnings while moving towards a business as usual status.

Effective training ahead of system implementation reduces operational errors and delays

While comprehensive training curriculum was developed and training attendance was tracked and reported for high-impact business roles, no benchmarks were set or mandated for attendance, leading to less than 70% participation in courses such as purchasing and project portfolio management. Ineffective training ahead of system implementation increases the likelihood of operational errors and delays, reducing staff effectiveness in identifying and responding to issues.

Documentation of project implementation should be available and up to date to support management’s decision-making outcomes

Key documents relating to the implementation of the PaTH project, evidencing management activities such as data migrations plans and tests, data reconciliations, or approvals and sign-offs for key milestones, could not be located and provided within a reasonable timeframe from DCJ. A number of documents had not been updated to accurately reflect the currency of the documents or record the outcomes of any decision making. The absence of complete or available documents can lead to delayed decision making, inaccurate reporting, compliance issues and increased errors, all of which impact project success and stakeholder trust.

When more than one agency is responsible for shared service delivery, clear arrangements need to be agreed upon and in place to support accountability

Arrangements between the two shared service hubs, articulating each hub’s role, responsibility and cost recovery mechanisms in the provision of shared services have yet to be agreed upon. Signed agreements that include clear roles and responsibilities, including cost recovery arrangements between the two shared service hubs, will further support accountability. This will also reduce the likelihood of disputes and misunderstanding regarding the roles and responsibilities of each party, and pricing for the services provided.

Key controls are not fully effective because of the constant changes to the system caused by the onboarding of multiple agencies

Our review of SAP MyWorkZone IT application controls identifies that access to several key SAP transactions was inconsistently restricted and segregated throughout 2023–24 due to ongoing changes to systems, business structures and user groups. The onboarding of a high number of agencies at the same time – each with their unique business process requirements, scale and individual requirements – meant that the internal control environment had not fully settled/matured. This led to excessive user access and inadequate enforcement of segregation of duties that increased the risk of unauthorised transactions or changes not detected in a timely manner.

Increased scale, complexity and individual information needs from agencies within the shared service arrangements can result in delays in providing information to customer agencies

Provision of timely information and documentation to customer agencies was hampered by DCJ’s role in implementing MyWorkZone across multiple participating agencies – with responses to requests for information often delayed. This could potentially impact their ability to meet statutory financial reporting obligations.

Annual certification letters on the effectiveness of internal controls provided to a large number of dependent shared service agencies can be further supported by independent assurance

Both DCJ and DPHI in their capacity as a shared service provider do not provide independent assurance over the design and operating effectiveness of controls relating to business processes and the supporting IT environment, which is necessary to further support certification letters to dependent customer agencies in accordance with TPP17-06.

Work continues to refine the transactional shared services model. We understand the learnings above are now being incorporated into a strategy to define the future roadmap for shared services in NSW.

Appendices

Appendix 1 – Status of audits of consolidated entities

Appendix 2 – Status of audits of non-consolidated entities

Appendix 3 – Forty largest State agencies contents

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.