Stronger Communities 2022

Report highlights

What the report is about

Results of the Stronger Communities cluster agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unqualified audit opinions were issued on all completed 30 June 2022 financial statement audits. One audit is ongoing.

All 13 cluster agencies that have accommodation arrangements with Property NSW derecognised right-of-use assets and lease liabilities of $917 million and $1 billion respectively. The agencies also collectively recorded a gain on derecognition of $136 million.

The Department of Communities and Justice (the department) assumed the responsibility for delivery of the Process and Technology Harmonisation program from the Department of Customer Service. In 2021–22, the department incurred costs of $42.8 million in relation to the project, which remains ongoing.

The number of monetary misstatements identified during the audits decreased from 50 in 2020–21 to 48 in 2021–22.

What the key issues were

Six of the 15 cluster agencies required to submit 2021–22 mandatory early close procedures did not meet the statutory deadlines. One agency did not complete all mandatory procedures.

Five high-risk findings were identified in 2021–22. They related to deficiencies in:

  • user access administration at the department, NSW Rural Fire Service and New South Wales Aboriginal Land Council (NSWALC)
  • segregation of duties at the NSW Trustee and Guardian and NSWALC.

Recommendations were made to those agencies to address these control deficiencies.

Fast facts

1. Introduction

This report provides Parliament and other users of the Stronger Communities cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

1.1 Snapshot of the cluster

Source: NSW Budget Papers 2022–23.

1.2 Changes to the cluster

Impact of administrative arrangements orders

Machinery of Government (MoG) refers to how the government organises the structures and functions of the public service. MoG changes occur when the government reorganises these structures and functions, and these changes are usually given effect by Administrative Orders.

Effective 1 April 2022, the 'Administrative Arrangements (Second Perrottet Ministry - Transitional Order 2021)' issued on 21 December 2021 resulted in:

  • the persons employed in the Women NSW and Office of Community Safety and Cohesion divisions of the Department of Communities and Justice (and related employee benefits and on-costs liabilities of $479,000) transferring to the Department of Premier and Cabinet
  • the Office of Sport, NSW Institute of Sport and Venues NSW moving from the Stronger Communities cluster to the Enterprise, Investment and Trade cluster
  • Resilience NSW moving from the Premier and Cabinet cluster to the Stronger Communities cluster.

The 2020–21 numbers and information have been updated to reflect the current year changes to the cluster throughout the report.

New controlled entity

In 2011–12, the New South Wales Aboriginal Land Council (NSWALC) purchased one million fully paid ordinary shares in Social Enterprise Finance Australia Limited (SEFA). This represented 44.6% equity ownership. On 26 November 2021, NSWALC purchased an additional 270,000 fully paid ordinary shares, increasing its equity ownership of SEFA to 56.7%. As a result, in 2021–22:

  • SEFA is classified as a Government Sector Finance (GSF) agency in accordance with Division 2 paragraph 2.4 of the Government Sector Finance Act 2018 (the GSF Act)
  • Section 34 of the GSF Act mandates the Audit Office of New South Wales to audit the financial statements of SEFA prepared in accordance with section 7.6 of the GSF Act
  • NSWALC assessed SEFA as a controlled entity in accordance with AASB 10 'Consolidated Financial Statements' and the results of SEFA are consolidated for the first time into the financial statements of NSWALC.

2. Financial reporting

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued on all completed 30 June 2022 financial statement audits of cluster agencies, including the acquittal and compliance audits for the Legal Aid Commission of New South Wales and Crown Solicitor's Office. One audit is ongoing.

  • Reported corrected misstatements decreased from 30 in 2020–21 to 23 with a gross value of $187 million in 2021–22 ($101 million in 2020–21). Reported uncorrected misstatements increased from 20 in 2020–21 to 25 with a gross value of $92.3 million in 2021–22 ($107 million in 2020–21).

  • Six of the 15 cluster agencies required to submit 2021–22 early close financial statements and all other mandatory procedures did not meet the statutory deadlines. One agency did not complete all mandatory procedures.

  • All 13 cluster agencies that have accommodation arrangements with Property NSW accepted the changes in the Client Acceptance Letters, resulting in the derecognition of right-of-use assets and lease liabilities of $917 million and $1 billion respectively. The agencies also collectively recorded a gain on derecognition of $136 million.

  • The Department of Communities and Justice (the department) assumed the responsibility to deliver the Process and Technology Harmonisation program from the Department of Customer Service. In 2021–22, the department incurred costs of $42.8 million in relation to the project.

  • In 2021–22, the department continued to implement the International Financial Reporting Standards Interpretations Committee's agenda decision on 'Configuration or customisation costs in a cloud computing arrangement'. The department's review of the remaining arrangements, with a net book value of $233 million at 30 June 2021, resulted in the recognition as an expense (through accumulated funds at 1 July 2020) of previously capitalised intangible assets totalling $106 million.

2.1 Cluster financial information 2022

Agency

Total assets
$m

Total liabilities
$m
Total income*
$m
Total expenses**
$m
Principal department
Department of Communities and Justice 9,940.7 2,520.8 15,210.4 15,238.3
Other cluster agencies listed in Appendix A of Treasury Direction TD21-02
Crown Solicitor's Office 81.2 29.6 76.9 71.7
Fire and Rescue New South Wales 1,341.7 385.7 860.1 921.9
Home Purchase Assistance Fund*** 141.2 0.3 0.4 7.3
Judicial Commission of New South Wales 1.5 1.0 6.6 6.4
Legal Aid Commission of New South Wales 87.8 52.5 439.6 426.0
Multicultural NSW 8.1 7.8 87.0 86.8
New South Wales Crime Commission 6.5 4.5 35.1 33.2
NSW Police Force 3,008.7 1,992.9 4,328.7 4,615.0
NSW Rural Fire Service 662.1 140.0 574.7 502.0
NSW Trustee and Guardian 231.8 38.8 137.6 101.2
Office of the Children's Guardian 13.8 7.4 55.4 54.7
Office of the Director of Public Prosecutions 19.7 23.5 178.0 171.8
Office of the NSW State Emergency Service 215.8 27.7 230.9 189.7
Resilience NSW 973.1 769.3 979.1 944.4
* Includes other gains.
** Includes other losses.
*** The 30 June 2022 financial statements audit is in progress.
Source: Agencies audited 2021–22 financial statements. 

2.2 Quality of financial reporting

Audit opinions

Unqualified audit opinions were issued on all completed 30 June 2022 financial statement audits

Unqualified audit opinions were issued on all completed cluster agencies' 30 June 2022 financial statement audits. Sufficient and appropriate audit evidence was obtained to conclude the financial statements were free of material misstatement.

The 30 June 2022 financial statements audit for the Home Purchase Assistance Fund is in progress.

Unqualified audit opinions were issued on acquittal and compliance audits

The following acquittal and compliance audits were completed during 2021–22, with unqualified audit opinions issued:

  • Legal Aid Commission of New South Wales (the commission) – conducted over the commission's Financial Acquittal Report (the report) for the year ended 30 June 2022
    • relating to the Australian Government Grant Funding for the legal advice supporting the Royal Commission into Violence, Abuse, Neglect and Exploitation of People with Disability program activities under the Commonwealth Standard Grant Agreement (the agreement) between the commission and the Australian Government represented by the Attorney-General’s Department
    • to determine whether the report for the year ended 30 June 2022 was prepared in accordance with the requirements of the agreement
    • to determine whether the expenditure reported in the report for the year ended30 June 2022 was spent in accordance with the requirements of the agreement
  • Crown Solicitor's Office (CSO) – conducted to determine if CSO's Trust Account complied with clause 14 of the Legal Profession Uniform Law Application Regulation 2015 for the year ended 31 March 2022.

The number of identified monetary misstatements decreased in 2021–22

The number of monetary misstatements identified during the audits of cluster agencies' financial statements decreased from 50 in 2020–21 to 48 in 2021–22. A monetary misstatement is an error in amount recognised in the financial statements initially submitted for audit.

Reported corrected misstatements decreased from 30 in 2020–21 to 23 with a gross value of $187 million in 2021–22 ($101 million in 2020–21). Reported uncorrected misstatements increased from 20 in 2020–21 to 25 with a gross value of $92.3 million in 2021–22 ($107 million in 2020–21).

The table below shows the number and quantum of monetary misstatements for the past two years.

Year ended 30 June 2022 2021
  Corrected misstatements Uncorrected misstatements* Corrected misstatements Uncorrected misstatements*
Less than $50,000 2 11 11 5
$50,000 to $249,999 6 5 7 7
$250,000 to $999,999 6 4 5 5
$1 million to $4,999,999 4 1 3 1
$5 million and greater 5 4 4 2
Total number of misstatements 23 25 30 20

* Agencies concluded the effect of not correcting the misstatements was immaterial, individually and in aggregate to their financial statements as a whole.
Source: Engagement Closing Reports issued by the Audit Office of New South Wales.

Refer to Appendix one for details of corrected and uncorrected monetary misstatements by agency.

Of the 23 corrected monetary misstatements, five had a gross value of greater than $5 million and related to the following:

Agency Description of corrected misstatements > $5 million
Department of Communities and Justice (the department)

The department:

  • continued to implement the International Financial Reporting Standards Interpretations Committee's decision on 'Configuration or customisation costs in a cloud computing arrangement' in 2021–22. The department's review of the remaining arrangements, with a net book value of $233 million at 30 June 2021, resulted in the recognition as an expense (through accumulated funds at 1 July 2020) of previously capitalised intangible assets totalling $106 million. Refer to section 2.4 for further details

  • misclassified expenditure related to the Process and Technology Harmonisation program as accrued capital expenditure. This resulted in an $11.5 million understatement of accrued operating expenditure in 2021–22.

NSW Police Force (NSWPF)

NSWPF:

  • understated its annual leave provision at 30 June 2022 by $35.9 million due to an incorrect calculation of worker's compensation on-cost

  • recorded an invoice relating to 2022–23 expenditure that was not paid until after 30 June 2022. This resulted in a $10 million overstatement of the prepayment and payable balances at 30 June 2022.

Fire and Rescue New South Wales (FRNSW)

FRNSW's provision for remediation at 30 June 2022 was understated by $8.9 million. The provision relates to contamination by perfluoroalkyl and polyfluoroalkyl substances on its land.


Of the 25 uncorrected monetary misstatements, four had a gross value of greater than $5 million, which comprise the following:

Agency Description of corrected misstatements > $5 million
Department of Communities and Justice (the department)

The department:

  • uses a system in its Corrective Services division, which has a limitation that prevents the recording of revaluation movements in the fair value of sub-assets into the fixed assets register. This resulted in an understatement of land and buildings by $31 million at 30 June 2022

  • incorrectly classified the Grafton Correctional Centre as a non-current asset held for sale, as it does not meet the recognition criteria in AASB 5 ‘Non-current Assets Held for Sale and Discontinued Operations’. Consequently, non-current asset held for sale and property, plant and equipment are overstated and understated respectively by $15.4 million at 30 June 2022.

NSW Police Force (NSWPF) NSWPF's revenue and expenses for the year ended 30 June 2022 did not account for the fair value of services ($27.6 million) it received free of charge from the Commonwealth Department of Defence, under a Defence Assistance to Civil Communities Agreement. Refer to section 2.4 for further details.
Fire and Rescue New South Wales (FRNSW) Management identified $10.7 million of completed projects were not reclassified from work in progress to fire appliances at 30 June 2022.

Four agencies were exempted from financial reporting in 2021–22

Part 3A Division 2 of the Government Sector Finance Regulation 2018 (GSF Regulation) prescribes certain kinds of GSF agencies not to be a reporting GSF agency. For 2021–22, the following cluster agencies have assessed and determined they met the reporting exemption criteria under the GSF Regulation, and therefore were not required to prepare annual financial statements:

Exempted agencies GSF Regulation reference Basis for reporting exemption
Special purpose staff agencies

Legal Aid Commission of New South Wales (Staff Agency)

New South Wales Crime Commission (Staff Agency)

Multicultural NSW (Staff Agency)

Part 3A, Division 2, Section 9F of the GSF Regulation

GSF Regulation prescribes that a GSF agency that comprises solely of persons who are employed to enable another particular GSF agency to exercise its function not to be a reporting GSF agency.

Staff agencies satisfy this requirement and therefore are exempted from preparing financial statements in 2021–22. These exemptions are standing in nature and continue from the previous year.

Small agency
Bush Fire Coordinating Committee Part 3A, Division 2, Section 9D of the GSF Regulation

GSF Regulation prescribes that a GSF agency that meets all of the following requirements is not to be a reporting GSF agency:

  • the assets, liabilities, income, expenses, commitments and contingent liabilities of the agency are each less than $5 million

  • the total cash or cash equivalents held by the agency is less than $2.5 million

  • at least 95% of the agency’s income is derived from money paid out of the Consolidated Fund or money provided by other GSF agencies

  • the agency does not administer legislation for a minister by or under which members of the public are regulated.


 

2.3 Timeliness of financial reporting

Early close procedures

Early close mandatory procedures were submitted on time with six exceptions

NSW Treasury introduced early close procedures to improve the quality and timeliness of year-end financial statements. In April 2022, NSW Treasury reissued Treasurer’s Direction TD19-02 ‘Mandatory Early Close as at 31 March each year’ (TD19-02) and released Treasury Policy and Guidelines TPG22-11 ‘Agency Direction for the 2021–22 Mandatory Early Close’. These pronouncements require the GSF agencies listed in Appendix A of TD19-02 to perform the mandatory early close procedures and provide the outcomes to the audit team by 27 April 2022. The 17 mandatory procedures are listed in Appendix two.

Eight of the 15 agencies met the statutory deadline for submitting their 2021–22 early close financial statements and other mandatory procedures. The following agencies delayed their submission of certain early close mandatory procedures, mainly due to agency resourcing constraints:

  • Department of Communities and Justice
  • Crown Solicitor's Office
  • Fire and Rescue New South Wales
  • NSW Police Force
  • Office of the NSW State Emergency Service
  • Resilience NSW.

NSW Treasury granted the Home Purchase Assistance Fund an exemption from performing early close procedures.

Agencies need to improve their completion of early close procedures

One cluster agency did not complete all mandatory early close procedures:

Cluster agency Not completed Description of incomplete early close procedures
Fire and Rescue New South Wales (FRNSW) 3

Finalise right-of-use (ROU) assets and lease liability balances

FRNSW did not include adequate disclosures in their proforma financial statements detailing the accounting policies and impact of the derecognition of the ROU asset and lease liability at 30 June 2022.

The disclosures did not include:

  • all the proforma disclosures provided by NSW Treasury
  • the significant judgements made in the process of applying the accounting policy for the changes to the office accommodation arrangements
  • an estimate of the gain/loss expected on derecognition of the ROU asset and lease liability.

Monthly management reports

Management performed the variance analysis for the Statement of Comprehensive Income balances but not for the Statement of Financial Position items.

Significant management judgements and assumptions

While management documented significant judgements and assumptions relating to the contamination calculation and annual leave provision, they did not document those in relation to:

  • changes to the office accommodation arrangements
  • fair value assessment for the fire appliances.

 Source: Reports on early close procedures 2022 issued by the Audit Office of New South Wales.

 The review of agencies' early close procedures found more work needs to be done to:

  • finalise the right-of-use assets and lease liabilities or perform an impairment assessment of right-of-use assets
  • complete the revaluation or fair value assessment of property, plant and equipment
  • prepare proforma financial statements in accordance with the NSW Treasury mandates, Australian Accounting Standards and the Financial Reporting Code.

Recommendation

Cluster agencies should ensure all applicable mandatory early close procedures are completed and the outcomes provided to the audit team in accordance with the deadlines set by NSW Treasury.

Year-end financial reporting

NSW Treasury required all agencies to submit their financial statements by 1 August 2022

In June 2022, NSW Treasury issued a suite of Treasurer's Directions and Treasury Policy and Guidelines for 2021–22 financial reporting requirements and timetables:

  • Treasurer's Direction TD21-02 'Mandatory Annual Returns to Treasury' (TD21-02) and Treasury Policy and Guidelines TPG22-16 'Agency Direction for the 2021–22 Mandatory Annual Returns to Treasury' require agencies listed in Appendix A of TD21-02 to submit their 2021–22 financial statements to both NSW Treasury and the Audit Office of New South Wales by 1 August 2022
  • Treasury Policy and Guidelines TPG22-17 'Agency guidelines for the 2021–22 Mandatory Annual Returns to Treasury for New South Wales public sector agencies that are not included in TD21-02' requires NSW public sector agencies not listed in Appendix A of TD21-02 to submit their draft 2021–22 financial statements to NSW Treasury by 1 August 2022
  • Treasurer's Direction TD21-03 'Submission of Annual GSF Financial Statements to the Auditor-General' requires reporting GSF agencies that are not listed in Appendix A of TD21-02 submit their annual financial statements for audit within six weeks after the year end.

The following agency obtained NSW Treasury's approval to revise the deadline to submit one specific disclosure in their 30 June 2022 financial statements:

Cluster agencies Revised deadline Reason
Department of Communities and Justice 8 August 2022* To incorporate the impact of the guidance on summary of compliance disclosures provided by NSW Treasury on 30 June and 11 July 2022.

* The revised deadline related to the summary of compliance disclosures only. The deadline for the remainder of the department's financial statements remained 1 August 2022.

Financial statements were submitted on time for all cluster agencies

Cluster agencies met the revised or approved reporting deadlines for submitting their 2021–22 year-end financial statements.

The Government Sector Audit Act 1983 does not specify the statutory deadline for issuing the audit reports. At the date of this report, the audit of one cluster agency's financial statements is ongoing.

The table in Appendix three shows the timeliness of the year-end financial reporting for cluster agencies.

Retrospective correction of prior period errors

The department continued to implement the International Financial Reporting Standards Interpretations Committee's agenda decision

The department previously capitalised some or all costs related to cloud computing arrangements as intangible assets. The department was not able to implement the International Financial Reporting Standards Interpretations Committee's agenda decision on 'Configuration or customisation costs in a cloud computing arrangement' in a single year. Instead, it adopted a two-phased approach in implementing the decision:

  • initial implementation in 2020–21 covered $115 million (net book value) of the intangible asset balance at 30 June 2021, which was treated as a change in accounting policy in accordance with AASB 108 ‘Accounting Policies, Changes in Accounting Estimates and Errors’
  • continued implementation in 2021–22 covered the remaining arrangements, with a net book value of $233 million at 30 June 2021. The continued implementation did not qualify to be treated as a change in accounting policy.

On continued implementation in 2021–22, the department:

  • recognised an expense (through accumulated funds) of $106 million at 1 July 2020, relating to previously capitalised intangible assets
  • disclosed the impact as a 'prior period adjustment'. In our view this treatment is not in accordance with AASB 108 ‘Accounting Policies, Changes in Accounting Estimates and Errors’, which requires that corrections not taken within in the year of the change in accounting policy are disclosed as 'prior period errors'.

Refer to section 2.4 for further details.

Salary and wage payment adjustments at the Legal Services Council

The Legal Services Council corrected errors in prior periods in accordance with ‘AASB 108 Accounting policies, Changes in Accounting Estimates and Errors’. The corrections related to payroll errors over the period 1 July 2017 to 20 September 2021.

2.4 Key accounting issues

Asset accounting

In 2021–22, agencies within the Stronger Communities cluster reported property, plant and equipment of $12.5 billion ($11.9 billion in 2020–21). Land and buildings, measured at fair value in accordance with Australian Accounting Standards and NSW Treasury financial reporting requirements, represent 87% of these assets and are controlled predominantly by the department.

The buildings controlled by the department are mostly specialised in nature. They are either purpose-built group homes, significantly modified buildings used in the provision of care to disability clients, large residential centres and institutional style buildings, court houses, or correctional and youth justice centres. Due to their specialised nature, the fair value of these specialised assets is determined with reference to their current replacement cost.

The value of land, which is not a specialised asset, is determined with reference to market prices considering any restrictions that apply to that land.

Deferral of the department's comprehensive revaluation and fair value assessment

The department was due to perform the triennial comprehensive revaluation of its land and buildings in 2020–21. However, due to site access restrictions resulting from the COVID-19 pandemic, NSW Treasury approved the department to perform an indexation of its correctional and youth justice facilities in 2020–21, with a view to comprehensively revaluing them in 2021–22.

In January 2022, NSW Treasury approved the department to further defer the comprehensive revaluation of its correctional and youth justice facilities to 2023–24 to align with the next comprehensive revaluation of other land and buildings. The exemption was provided because of the limitations on site access for physical inspections due to COVID-19. The delivery of the Process and Technology Harmonisation program also requires significant involvement from the department's employees, including those involved in fixed assets and revaluation management.

The department engaged an external valuer to conduct an indexation review of all land and building asset classes at 30 June 2022. This resulted in a cumulative increase of $511 million or 6.2% of the total land and buildings at 30 June 2021. The department considered the movement material and increased the carrying values recorded in the department's financial statements at 31 March 2022 and 30 June 2022 by $285 million and $226 million respectively.

Intra-government property leases managed by Property NSW

The changes in office accommodation arrangements with Property NSW resulted in derecognition of right-of-use assets and lease liabilities

Property NSW (PNSW) is responsible for managing most of the state government agencies' leased real estate property portfolio. During 2021–22, PNSW made some changes to its intra-government lease arrangements, including rewriting the standard Client Acceptance Letter (CAL) to include a 'Relocation and substitution right' clause. This clause allows PNSW to relocate agencies to other locations and remove their right to control the use of the identified accommodations. As a result, the new CALs no longer constitute a lease under AASB 16 'Leases'. The changes became effective from 30 June 2022.

All 13 cluster agencies that have accommodation arrangements with PNSW accepted the changes in the CALs. This resulted in:

  • the derecognition of $917 million of right-of-use assets
  • the derecognition of $1 billion of lease liabilities
  • a gain on derecognition of $136 million.

Going forward, these agencies will recognise the office accommodation payments as expenses in the Statement of Comprehensive Income. Agreements between the agencies and PNSW mean agencies will continue to recognise leasehold improvement (or fit-out) assets and liabilities for the make good of premises.

Emerging matter – superannuation guarantee contributions for annual leave loading

Superannuation Guarantee Charges are payable on ordinary time earnings. Annual leave loading was originally an entitlement incorporated into awards to compensate employees for the lost opportunity to receive overtime and/or penalty rates while on annual leave. However, few employers retained evidence that there was a nexus between paying leave loading and the lost opportunity to receive overtime or penalty rates. The Australian Taxation Office's guidance was that in these circumstances the leave loading was ordinary time earnings, upon which the Superannuation Guarantee Levy was payable. The department had commenced paying superannuation on leave from 2019, in accordance with that guidance.

Subsequent to balance date, a decision was handed down in the Federal Court of Australia. The case was the Finance Sector Union of Australia v Commonwealth Bank of Australia (2022) FedCFamC2G 409. It confirmed that, in relation to the industrial agreement considered in that case, annual leave loading did not form part of ordinary time earnings. The decision found the payment of annual leave loading was not referable to ordinary hours of work or to ordinary rates of pay. Therefore, there was no requirement for employers to pay superannuation contributions under superannuation guarantee legislation.

The department re-evaluated their position and determined that it was not probable a liability arose to pay superannuation on annual leave loading. This position will be reassessed in future reporting periods.

Other key accounting issues

Process and Technology Harmonisation (PaTH) program

On 1 November 2021, the department assumed responsibility to deliver the PaTH program. This was approved by the Expenditure Review Committee and the Minister for Customer Service and Digital Government. Previously called ERP 2.0 and managed by the Department of Customer Service (DCS), PaTH aims to improve customer experience, boost productivity across the clusters, and harmonise essential government processes and services.

PaTH has been divided into three 'horizons'. The first horizon will involve delivering a scalable platform and operating model for future reforms for up to 40 agencies from the Stronger Communities, Planning and Environment, Regional NSW and Premier and Cabinet clusters.

To support the change, $19.1 million of intangible assets under construction were transferred from DCS to the department. The department initially treated the transaction as an equity transfer in accordance with TPP 21-08 'Contributions by owners made to wholly-owned Public Sector entities'.

The department engaged consultants to review the accounting treatment of:

  • costs arising from the PaTH contract between the department and the configuration and cloud host service provider (the provider)
  • existing PaTH implementation costs transferred from DCS to the department.

The consultant's review concluded that:

  • costs arising from PaTH should be treated as expenses because:

    • the right to derive benefit from the implementation services provided by the provider contains neither a software lease nor an intangible software asset, but rather is a service the department receives
    • these expenses are considered distinct costs that would be recognised as incurred (rather than over time) given that a third party has been engaged by the department to provide these services
    • configuration costs which do not create a resource controlled by the department that is separate to the software, do not give rise to a separate intangible asset
  • existing PaTH implementation costs transferred from DCS did not relate to coding or configuration work or any changes to the department’s current systems. They should be recognised as expenses because:

    • expenditure on research (planning, investigation and feasibility activities) should be recognised as an expense when incurred in accordance with AASB 138 'Intangible Assets'
    • the configuration and implementation services are not recognised as a software intangible asset by the department and the software is available for use without the configuration and implementation services.

Following receipt of this advice, the department subsequently transferred the $19.1 million of intangible assets under construction (received from DCS) to expenses.

In 2021–22, the department incurred additional costs of $42.8 million in relation to the implementation of PaTH.

Continued implementation of the International Financial Reporting Standards Interpretations Committee's agenda decision

In 2020–21, the International Financial Reporting Standards Interpretations Committee issued an agenda decision on 'Configuration or customisation costs in a cloud computing arrangement' (the IFRIC agenda decision).

The IFRIC agenda decision considers how a customer accounts for configuration and customisation costs of cloud computing arrangements where an intangible asset is not recognised. It clarifies that the vendor, not the customer, controls the cloud application software to which the customer has access. As such, any configuration and customisation costs incurred by the customer do not create an asset separate from the cloud application software.

The first phase of the department's adoption of the IFRIC agenda decision in 2020–21:

  • utilised a risk-based approach due to the complexity of the arrangements, size of the underlying agreements and time/resource constraints to incorporate the impact on the 30 June 2021 financial statements
  • covered material arrangements worth $115 million of the department’s net book value of intangible assets (pre-adoption of the IFRIC agenda decision).

The department's 30 June 2021 financial statements disclosed that the process to quantify the impact of the IFRIC agenda decision on the remaining arrangements was ongoing and the impact could not be reasonably estimated at 30 June 2021.

The department planned to use the same approach in 2021–22 to assess the remaining arrangements. Intangible assets of $233 million (net book value) were recorded at 30 June 2021 in relation to these arrangements. However, it changed the approach after further investigation due to the:

  • high volume of contracts, some of which are difficult to locate
  • complexity and/or age of the contractual arrangements
  • resource constraints due to COVID-19 and staff resignations.

Based on this, the department assumed the remaining arrangements were not likely to meet the definition of an intangible asset, unless they were supported by a completed assessment checklist and relevant evidence from the business. This resulted in the derecognition of previously capitalised intangible assets as an expense (through accumulated funds) of $106 million at 1 July 2020.

The department disclosed the impact of the IFRIC agenda decision identified in 2021–22 as a 'prior period adjustment'. In our view the characterisation of the correction as an 'adjustment' is not in accordance with AASB 108 ‘Accounting Policies, Changes in Accounting Estimates and Errors’, which requires the impact to be disclosed and described as a prior period error. However, the result in the department’s primary financial statements at 30 June 2022 is not impacted as a retrospective restatement of the prior year figures remains appropriate.

Commonwealth assistance to state emergencies

Over the last three years, the State requested assistance from the Commonwealth Government to help support the response to natural disasters and the COVID-19 pandemic. Under the agreements negotiated between the State and the Commonwealth, services were provided free of charge to the NSW Police Force (NSWPF), the Office of the NSW State Emergency Service (SES) and the NSW Rural Fire Service (RFS), which are within the cluster. The services included:

  • bushfire response and recovery assistance to the RFS
  • flood response and relief assistance to the SES
  • supporting NSWPF quarantine, reception and repatriation efforts at Sydney Airport, hotels and borders.

The NSWPF received services to the value of $27.6 million (2021: $94.4 million) that should have been recognised within the 2021–22 financial statements. The NSWPF determined the amounts were not material and did not record the related revenue and expenses within its 2021–22 financial statements.

The SES received assistance which is not a volunteer service as the services received would not have otherwise been purchased. The RFS did not receive defence assistance from the Commonwealth Government in 2021–22.

Estimation of Victims Support Scheme claims liabilities

The Victims Services division within the department provides support, information, referrals, counselling and financial support to victims of violent crimes and witnesses to violent crimes in New South Wales. The VS Connect System (the system) is the case management system used by the department to manage these services. The department uses information in the system for financial reporting purposes. The department engages an actuary to use the information in the system to estimate its liability for Victims Support Scheme (VSS) claims.

VSS claims liabilities are composed of lodged but not paid claims of $162 million (2021: $202 million) and Incurred But Not Reported (IBNR) claims. IBNR claims relate to acts of violence which have already occurred, but where the victim has not yet come forward to lodge a claim and seek assistance from the VSS. IBNR claims have three main categories of offence namely child sexual assault, domestic violence and others (including assault, adult sexual assault, robbery, homicide and other). At 30 June 2022, the department’s actuary provided the following central estimates for the IBNR claims liability relating to:

  • domestic violence: $164 million (2021: $157 million)
  • sexual assault (adult): $34.2 million (2021: $18.6 million)
  • others – assault, robbery, homicide and other: $31.4 million (2021: $24.7 million).

A provision of $230 million (2021: $200 million) has been recognised by the department on the basis that the liability for the above IBNR claims can be reliably measured.

For child sexual assault, the large variance and high uncertainty of the results of the plausible IBNR scenarios developed by the actuary mean they remain unable to recommend a central estimate of the liability for these claims or estimate a probability of likelihood for each scenario. The wide range of estimates for the plausible scenarios are due to:

  • the lack of time limits within which victims can access counselling, recognition payments, justice-related and other out-of-pocket expenses, which likely contributed to a lack of stabilisation in claim lodgements
  • growth rates increasing year on year and for development years decades after the incident
  • the uncertainty of the number of years the growth will persist.

The department's actuary indicated the child sexual assault IBNR liability at 30 June 2022 could reasonably lie within a range of $549 million to $1.1 billion (2021: $493 to $997 million). Consistent with the department’s approach in prior years, where a central estimate has not been provided by the actuary, a contingent liability has been disclosed in the financial statements on the basis that the inability to reliably measure the child sexual assault IBNR claims prevents recognition of a provision.

We engaged an independent actuary to review the valuation performed by the department's actuary. In 2020–21, our independent actuary made several recommendations for the department and its actuary to consider, including:

  • splitting the valuation analysis for domestic violence claims between adult and child victims for future valuations. This applies to valuations of both lodged and IBNR claims
  • clarifying within the actuarial results and the financial statements that the liability determined is based on the initial, rather than the ultimate classification, of offence type for each claim
  • the actuary to work with the department to better understand the prevalence of reclassifications of offence types between lodgement and determination of the claim, and the potential impacts of this on the valuation of outstanding claims
  • considering extending the scope of the actuary's valuation of the outstanding claims liability in respect of lodged and IBNR claims to include the valuation of restitution recoveries, in respect of both past and future restitution orders. This included a review of the quality of the data in the system which underpins the valuation.

Our independent actuary considered the above recommendations in the 30 June 2022 valuation and found the department had responded appropriately.

2.5 Key financial statement risks

The tables below detail our specific audit coverage and response over key areas of financial statements risks that had the potential to impact the financial statements of significant cluster agencies.

Department of Communities and Justice

The Department of Communities and Justice (the department) was formed on 1 July 2019 following NSW Government Machinery of Government changes that brought together the former Department of Justice and Department of Family and Community Services. The department is the lead agency in the Stronger Communities cluster which aims to achieve safe, just, inclusive and resilient communities.

  Key financial statement risk Audit response
Property, plant and equipment - $9 billion*

The department's property, plant and equipment consist of land and specialised and unique assets such as court houses, community centres and correctional facilities which are measured at fair value.

Our audit risk rating for property, plant and equipment is higher because the assets are specialised and unique in nature, significant to the department's financial statements and subject to management judgements and estimates when determining their fair values. These judgements and estimates often require the assistance of a qualified valuer.

Our audit procedures included:

  • testing the accuracy and completeness of the asset register

  • reviewing the appropriateness of the valuation methods, assumptions and judgements applied

  • assessing the adequacy of the financial statement disclosures against the requirements of applicable Australian Accounting Standards.

Costs in cloud computing arrangements -
$11.4 million**

In April 2021, the International Financial Reporting Standards Interpretation Committee issued an agenda decision on 'Configuration or customisation costs in a cloud computing arrangement' (the decision). The decision discusses the treatment of expenditure on configuring and customising cloud computing arrangements.

The department previously capitalised some or all costs related to cloud computing arrangements as intangible assets. It adopted a two-phased approach in implementing the decision:

  • the initial implementation in 2020–21 covered $115 million (net book value) of the intangible asset balance at 30 June 2021

  • the continued implementation in 2021–22 covered the remaining arrangements, with a net book value of $233 million at 30 June 2021.

Our audit risk rating for costs in cloud computing arrangements is higher because of the financial significance of intangible assets to the department's financial statements, significant complexity and judgement involved in interpreting the department's cloud computing agreements and extent of information within the agreements relevant to the complete and accurate calculation and reporting of configuration or customisation costs.

Our audit procedures included:

  • evaluating the department's assessment of its cloud computing arrangements, including the reasonableness of key assumptions

  • reviewing the terms of the third-party vendor agreements

  • testing the mathematical accuracy of the adjustments

  • assessing the adequacy of the financial statement disclosures against the requirements of applicable Australian Accounting Standards.

Victims Support Scheme claims liabilities -
$392 million*

Contingent liability relating to child sexual assault IBNR claims -
$549 million to $1.1 billion*

The liability for Victim Support Scheme (VSS) claims relates to lodged but not yet paid claims and Incurred But Not Reported (IBNR) claims. A contingent liability is disclosed in the department's financial statements for child sexual assault IBNR claims because a provision cannot be reliably measured.

Our audit risk rating for VSS claims liabilities is higher because of the financial significance to the department's financial statements. Management also uses significant judgements in estimating and reliably measuring the liabilities and a minor change in assumptions can result in a material change in the liability and net result.

Management also engaged an independent actuary to determine the department's outstanding claims liability.

Our audit procedures included:

  • evaluating the design and implementation of relevant controls

  • assessing the competence, capability and objectivity of management's independent actuary

  • evaluating the nature and extent of management's oversight and review of the estimates.

With the assistance of our own independent expert, we assessed the reasonableness of the valuation methodology and key actuarial assumptions and judgements, including the accuracy and completeness of data and appropriateness of management's conclusions.

We assessed the adequacy of the financial statement disclosures against the requirements of applicable Australian Accounting Standards.


 * At 30 June 2022.
** Year ended 30 June 2022.

Resilience NSW

Resilience NSW (RNSW) helps communities rebuild and recover after natural disasters like floods, droughts and bushfires. It leads disaster and emergency efforts from prevention to recovery. 

  Key financial statement risk Audit response

Natural disaster grants expenditure -
$857 million**

Disaster grants payable -
$730 million*

RNSW reimburses several NSW government agencies for incurring eligible natural disaster expenditure. In 2021–22, the agency recorded disaster response grants expenditure of $857 million, of which $730 million remained unpaid at 30 June 2022.

Our audit risk rating for natural disaster grants expenditure is higher because of the financial significance to RNSW's financial statements. There is also an element of management judgement that is applied in recognising the expenditure appropriately under the relevant Australian Accounting Standards.

Our audit procedures included:

  • obtaining an understanding of the approach taken by RNSW in identifying and recording claims received but not yet assessed by agencies

  • evaluating the design and implementation of key controls

  • reviewing inter-agency confirmations RNSW obtained from the relevant agencies

  • checking the validity of the financial delegation limits of officers approving the expenditures

  • assessing the adequacy of the financial statement disclosures against the requirements of applicable Australian Accounting Standards.


 * At 30 June 2022.
** Year ended 30 June 2022.

Fire and Rescue New South Wales

Fire and Rescue New South Wales (FRNSW) is one of the world’s largest urban fire and rescue services. It aims to enhance community safety, quality of life and confidence by minimising the impact of hazards and emergency incidents on the people, property, environment and economy of New South Wales. 

  Key financial statement risk Audit response
Property, plant and equipment - $1.2 billion*

FRNSW's property, plant and equipment includes land, residential properties and specialised assets such as fire stations, and firefighting equipment which are measured at fair value.

Our audit risk rating for property, plant and equipment is higher because the assets are specialised and unique in nature, significant to FRNSW's financial statements and subject to management judgements and estimates when determining their fair values. These judgements and estimates require the assistance of a qualified valuer.

Our audit procedures included:

  • testing the accuracy and completeness of the asset register
  • reviewing the appropriateness of the valuation methods, assumptions and judgements applied
  • assessing the adequacy of the financial statement disclosures against the requirements of applicable Australian Accounting Standards.

Death and Disability Scheme liability - $196 million*

FRNSW records a death and disability benefits liability under the Crown Employees (NSW Fire Brigades Firefighting Staff Death and Disability) Superannuation Fund.

Our audit risk rating for the liability is higher because of its financial significance to FRNSW’s financial statements. It involves significant management judgements in estimating and reliably measuring the liability. A minor change in assumptions can result in a material change in the liability and net result. Management also engaged an independent actuary to determine FRNSW’s liability.

Our audit procedures included assessing the competence, capability and objectivity of management’s independent actuary.

With the assistance of our own independent expert, we assessed the reasonableness of the methodology and key actuarial assumptions and judgements, and performed testing to ensure the accuracy and completeness of data used by the actuary.

We assessed the adequacy of the financial statement disclosures against the requirements of applicable Australian Accounting Standards.


 * At 30 June 2022.

NSW Police Force

The NSW Police Force (NSWPF) operates under the Police Act 1990 and the Police Regulation 2015. It aims to provide a safer New South Wales and work with the community to reduce violence, crime and fear.

  Key financial statement risk Audit response
Property, plant and equipment - $1.9 billion*

NSWPF has a diverse property portfolio that is measured at fair value, including land, police residences and stations, aircraft and vessels.

Our audit risk rating for property, plant and equipment is higher because the assets are specialised and unique in nature, significant to NSWPF's financial statements, and subject to management judgements and estimates when determining their fair values. These judgements and estimates require the assistance of a qualified valuer.

Our audit procedures included:

  • testing the accuracy and completeness of the asset register
  • reviewing the appropriateness of the valuation methods, assumptions and judgements applied
  • assessing the adequacy of the financial statement disclosures against the requirements of applicable Australian Accounting Standards.

Death and Disability Scheme liability - $204 million*

NSWPF recognises a liability related to benefits provided to injured officers in the case of incapacity or death under the Police Blue Ribbon Insurance Scheme.

Our audit risk rating for the liability is higher because it involves significant estimates.

Management also engaged an independent actuary to determine the scheme liability.

Our audit procedures included assessing the:

  • competence, capability and objectivity of management’s independent actuary
  • reasonableness of the calculation and assumptions applied by the actuary
  • adequacy of the financial statement disclosures against the requirements of applicable Australian Accounting Standards.

 * At 30 June 2022.

NSW Trustee and Guardian

NSW Trustee and Guardian helps support and protect some of the most vulnerable members of the New South Wales community. It provides independent and impartial financial management, guardianship and trustee services that support customers and help them manage their health, lifestyle and financial affairs. 

  Key financial statement risk Audit response

Property, plant and equipment - $8.5 million*

NSW Trustee and Guardian's property, plant and equipment mainly consists of land and buildings, which are measured at fair value.

Our audit risk rating for property, plant and equipment is higher because the assets are significant to NSW Trustee and Guardian's financial statements and subject to management judgements and estimates when determining their fair values. These judgements and estimates often require the assistance of a qualified valuer.

Our audit procedures included:

  • testing the accuracy and completeness of the asset register

  • reviewing the appropriateness of the valuation methods, assumptions and judgements applied

  • assessing the adequacy of the financial statement disclosures against the requirements of applicable Australian Accounting Standards.


 * At 30 June 2022.

Legal Aid Commission of New South Wales

Legal Aid Commission of New South Wales (the commission) provides legal services to socially and economically disadvantaged people across New South Wales. It is the largest legal aid commission in Australia and employs over 1,300 staff. 

  Key financial statement risk Audit response

Sales of good and services receivable - $11.3 million*

Accrued estimated legal expenses - $15.3 million*

The commission accrues the estimated net cost of work in progress by external legal practitioners who have yet to submit claims and the value of secured and unsecured legal debtors.

Our audit risk rating for the accrued estimated legal expenses and receivable is higher because of their financial significance to the commission’s financial statements. These balances also involve significant management judgements and assumptions in estimating and reliably measuring the liability and the recoverability of debts. Management also engaged an independent actuary to determine the commission's liability and receivable.

Our audit procedures included assessing the competence, capability and objectivity of management’s independent actuary.

With the assistance of our own independent expert, we assessed the reasonableness of the valuation methodology and key actuarial assumptions and judgements including compliance with the relevant actuarial and accounting standards.

We assessed the adequacy of the financial statement disclosures against the requirements of applicable Australian Accounting Standards.


 * At 30 June 2022.

New South Wales Aboriginal Land Council

New South Wales Aboriginal Land Council (NSWALC) was constituted as a statutory corporation under the New South Wales Aboriginal Land Rights Act 1983 (the Act). It aims to protect the interests and further the aspirations of its members and the broader Aboriginal community.

  Key financial statement risk Audit response

Investments - $600 million*

The Act requires NSWALC to maintain a capital value of $485 million. NSWALC actively manages its investment strategies and is closely monitoring spending to maintain capital in the long term.

Our audit risk rating for investments is higher because of its financial significance to NSWALC’s financial statements and exposure to market conditions which can impact the net assets of NSWALC. NSWALC’s long-term financial sustainability is also at risk if it earns lower than expected investment returns.

Our audit procedures included:

  • evaluating the design of relevant key controls over investments and assessing on a sample basis whether the controls were implemented effectively

  • updating our understanding of NSWALC's investment strategy

  • confirming the existence and completeness of investment balances with external counterparties

  • obtaining valuation confirmations from the external fund managers

  • assessing the reliability of the information received and assessing the adequacy of the financial statement disclosures against the requirements of applicable Australian Accounting Standards.


 * At 30 June 2022.

3. Audit observations

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.

Section highlights

  • The number of issues reported to management has decreased from 130 in 2020–21, to 110 in 2021–22, and 43% were repeat issues (51% in 2020–21). Many repeat issues related to information technology, governance and oversight controls, and non-compliance with key legislation and/or agency policies.

  • Five high-risk issues were identified in 2021–22, all of which are repeat issues and related to user access administration and segregation of duties.

  • Of the 24 newly identified moderate risk issues, 11 related to information technology. The rest related to governance and oversight controls and internal control deficiencies or improvements in payroll, asset management and other processes.

3.1 Findings reported to management

The number of findings reported to management in 2021–22 has decreased, however 43% were repeat issues

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office of New South Wales does this through management letters which include observations, related implications, recommendations, and risk ratings.

In 2021–22, there were 110 findings raised across the cluster (130 in 2020–21). Forty-three per cent of all issues were repeat issues (51% in 2020–21).

The most common repeat issues related to weaknesses in controls over information technology, governance and oversight, and non-compliance with key legislation and/or agency policies.

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.

Five high-risk findings were identified in 2021–22

High-risk findings, including repeat findings, related to information technology are significant control deficiencies. Given the risk they need greater attention, particularly for agencies with sensitive personal data or involved in emergency responses.

In 2021–2022 five high-risk findings were reported to the following four cluster agencies:

Agency Description
2021–22 findings

Department of Communities and Justice (the department) (repeat finding)

Justice SAP incomplete user access reviews

The audit of the department found it has not performed a regular comprehensive review of Justice SAP user access to validate user accounts and the appropriateness of user access rights since 2017–18.

The Justice SAP user access review was not completed for the finance and procurement or people business units during 2021–22. The department’s Access Control Standard states user access reviews should be carried out at least quarterly.

The matter has been identified as a continuing repeat issue and included as a high-risk finding in the management letter. There is an increased risk of unauthorised access and breakdowns in segregation of duties controls which create opportunities for fraud.

New South Wales Aboriginal Land Council (NSWALC) (repeat finding)

Segregation of duties

The audit of the NSWALC's SAP system identified nine end-users with access to create and modify the vendor master file, purchase order and invoice.

The audit of the NSWALC's payroll system identified:

  • 19 user accounts with superuser privileges. These users can perform sensitive payroll administration activities, including providing and modifying user access to the application, processing payroll functions (for example, employee commencements and terminations) and running the fortnightly pay

  • there is no segregation of duties between the human resources function and security administration (providing and modifying user access)

  • the payroll system consultants have access to both the application and database.

Superuser access and activity reviews

The audit of NSWALC's superuser access identified:

  • the system activities of privileged users and accounts are not reviewed on the network and payroll system

  • vendors have 24x7 access to 12 superuser/high privileged accounts (including two generic accounts) on the payroll system application. The password for these accounts is set to ‘never expire’ and have not been changed in 2021–22.

These matters have been identified as continuing repeat issues and included as high-risk findings in the management letter. There is an increased risk of unauthorised access and breakdowns in segregation of duties controls which create opportunities for fraud.

NSW Trustee and Guardian (repeat finding)

Critical CIS and TEAMS change management functions are not segregated

The audit of NSW Trustee and Guardian's Client Information System (CIS) and TEAMS systems identified there is a lack of segregation of duties between system developers and the Information Technology (IT) staff who can implement program changes.

While there is a change management process to ensure program changes are authorised, tested and approved prior to implementation, a developer can perform any program changes and deploy it to the production environment without following the process or being detected.

The audit also noted NSW Trustee and Guardian's IT unit does not maintain a complete list of changes to CIS and TEAMS systems and there is no independent review of changes made to the production environment.

The matter has been identified as continuing repeat issue and included as a high-risk finding in the management letter. There is an increased likelihood of unauthorised or untested changes to application programs, configurations, databases and operating systems that can impact the integrity and operations of the systems.

NSW Rural Fire Service (RFS) (repeat finding)

SAP user access review

The 2017–18 audit of the RFS highlighted there was no periodic comprehensive SAP user access review performed to validate all user accounts and the appropriateness of user access rights. In 2021–22 we identified a user access review has been initiated, but was not fully completed.

The matter has been identified as a continuing repeat issue and included as high-risk finding in the management letter. There is an increased risk that unauthorised or invalid transactions are processed or confidential information is accessed or released.


Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.
 

Recommendation

Cluster agencies should prioritise and action recommendations to address internal control deficiencies. Focus should be given to addressing high-risk and repeat issues.

The table below describes the common issues identified across the cluster by category and risk rating.

Risk rating Issue
Information technology

Extreme: 0 new, 0 repeat 1

High: 0 new, 3 repeat 2

Moderate: 11 new, 12 repeat 3

Low: 10 new, 3 repeat 4

The financial audits identified significant control deficiencies in IT processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with:

  • user access administration, particularly the timing and frequency of reviews over the granting and revocation of access to key systems relevant to financial reporting

  • monitoring of privileged user activities

  • cyber security, including governance arrangements, monitoring of third-party system access and patch management

  • development, review and testing of disaster recovery plans.

Internal control deficiencies or improvements

Extreme: 0 new, 0 repeat 1

High: 0 new, 2 repeat 2

Moderate: 5 new, 4 repeat 3

Low: 7 new, 1 repeat 4

The financial audits identified significant internal control deficiencies across key business processes, including:

  • procurement practices, including the timely creation and approval of purchase orders

  • supplier and employee masterfile maintenance and review

  • segregation of duties.

Financial reporting

Extreme: 0 new, 0 repeat 1

High: 0 new, 0 repeat 2

Moderate: 1 new, 0 repeat 3

Low: 7 new, 3 repeat 4

The financial audits identified control deficiencies in financial reporting processes, including:

  • valuation of non-financial assets

  • assessment and review of new and existing revenue streams in accordance with applicable accounting standards

  • estimation of leave provision on-costs in accordance with applicable NSW Treasury guidelines and accounting standards.

Governance and oversight

Extreme: 0 new, 0 repeat 1

High: 0 new, 0 repeat 2

Moderate: 5 new, 3 repeat 3

Low: 7 new, 5 repeat 4

The financial audits identified control deficiencies across governance and oversight processes, including:

  • reviewing and updating policies and procedures

  • completeness of management registers, including contracts and legislative compliance

  • formalising existing key business arrangements.

Non-compliance with key legislation and/or central agency policies

Extreme: 0 new, 0 repeat 1

High: 0 new, 0 repeat 2

Moderate: 2 new, 8 repeat 3

Low: 8 new, 3 repeat 4

The financial audits identified control deficiencies in agencies' compliance with key legislation and central agency policies, including:

  • management of excessive annual leave balances

  • compliance with gifts and benefits, and contract and procurement management policies.


1 Extreme risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
3 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
4 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.

The number of moderate risk findings decreased from prior year

Fifty-one moderate risk findings were reported in 2021–22, representing a seven per cent decrease from 2020–21. Of these, 27 were repeat findings, and 24 were new issues.

Moderate risk findings mainly related to:

  • weaknesses in user access management, including:

    • timely removal of access for terminated staff
    • monitoring of privileged user activities
    • password policy configuration
  • cyber security management, including:

    • implementation and updates of governance arrangements
    • monitoring of third-party system access
    • patch management improvement
  • management of excessive annual leave balances and formalising key business arrangements.

Appendices

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.