What this report is about 

This report assesses how effectively SafeWork NSW, a part of the Department of Customer Service (DCS), has performed its regulatory compliance functions for work health and safety in New South Wales. 

The report includes a case study examining SafeWork NSW's management of a project to develop a realtime monitoring device for airborne silica in workplaces. 

Findings 

There is limited transparency about SafeWork NSW's effectiveness as a regulator. The limited performance information that is available is either subsumed within DCS reporting (or other sources) and is focused on activity, not outcomes. 

As a work health and safety (WHS) regulator, SafeWork NSW lacks an effective strategic and data-driven approach to respond to emerging WHS risks. 

It was slow to respond to the risk of respirable crystalline silica in manufactured stone. 

SafeWork NSW is constrained by an information management system that is over 20 years old and has passed its effective useful life. 

While it has invested effort into ensuring consistent regulatory decisions, SafeWork NSW needs to maintain a focus on this objective, including by ensuring that there is a comprehensive approach to quality assurance. 

SafeWork NSW's engagement of a commercial partner to develop a real-time silica monitoring device did not comply with key procurement obligations. 

There was ineffective governance and process to address important concerns about the accuracy of the real-time silica monitoring device. 

As such, SafeWork NSW did not adequately manage potential WHS risks. 

Recommendations 

The report recommended that DCS should: 

• ensure there is an independent investigation into the procurement of the research partner for the real-time silica detector 
• embed a formal process to review and set its annual regulatory priorities 
• publish a consolidated performance report 
• set long-term priorities, including for workforce planning and technology uplift 
• improve its use of data, and start work to replace its existing complaints handling system 
• review its risk culture and its risk management framework 
• review the quality assurance measures that support consistent regulatory decisions

Read the PDF report.

Parliamentary reference - Report number #390 - released 27 February 2024
 

What this report is about

Transport for NSW (TfNSW) uses the Driver vehicle System (DRIVES) to support its regulatory functions. The system covers over 6.2 million driver licences and over seven million vehicle registrations.

DRIVES first went live in 1991 and has been significantly extended and updated since, though is still based around the same core system. The system is at end of life but has become an important service for Service NSW and the NSW Police Force.

DRIVES now includes some services to other parts of government and non-government entities which have little or no connection to transport. There are 141 users of DRIVES in total, including commercial insurers, national regulators, and individual citizens.

This audit assessed whether TfNSW is effectively managing DRIVES and planning to transition it to a modernised system.

Audit findings

TfNSW has not effectively planned the replacement of DRIVES.

It is now working on its third business case for a replacement system but has failed to learn lessons from its past attempts.

In the meantime, TfNSW has not taken a strategic approach to managing DRIVES’ growth.

TfNSW has been slow to reduce the risk of misuse of personal information held in DRIVES. With its delivery partner Service NSW, TfNSW has also been slow to develop and implement automatic monitoring of access.

TfNSW uses recognised processes for managing most aspects of DRIVES, but has not kept the system consistently available for users. TfNSW has lacked accurate service availability information since June 2022, when it changed its technology support provider.

TfNSW needs to significantly prioritise cyber security improvements to DRIVES. TfNSW is seeking to lift DRIVES’ cyber defences, but it will not achieve its stated target safeguard level until December 2025.

Even then, one of the target safeguards will not be achieved in full until DRIVES is modernised.

Audit recommendations

TfNSW should:

• implement a service management framework including insight into the views of DRIVES users, and ensuring users can influence the service
• ensure it can accurately and cost effectively calculate when DRIVES is unavailable due to unplanned downtime
• ensure implementation of a capability to automatically detect anomalous patterns of access to DRIVES
• ensure that DRIVES has appropriate cyber security and resilience safeguards in place as a matter of priority
• develop a clear statement of the future role in whole of government service delivery for the system
• resolve key issues currently faced by the DRIVES replacement program including by:
  • clearly setting out a strategy and design for the replacement
  • preparing a specific business case for replacement.

Read the PDF report

Parliamentary reference - Report number #388 - released 20 February 2024

What this report is about

The report assesses whether the Department of Customer Service (the department) complied with legislation and NSW government policy when it directly negotiated with Duncan Solutions to procure backend services relating to the Park'nPay app.

The Park'nPay app, developed by the department, enables users to locate and pay for parking remotely using their smart mobile device.

The audit found

The department failed to establish the grounds for entering a direct negotiation procurement strategy, without any competitive tendering, for services for the Park'nPay app. It rushed a decision to trial the app in The Rocks, without considering how this might affect its procurement obligations.

There is no evidence that the procurement achieved value for money. Despite being required by legislation, as well as mandatory NSW government policy, the department did not consider how it would ensure value for money, nor did it demonstrate an adequate understanding of what is meant by value for money on this occasion.

The department failed to implement key probity requirements. There was no effective management of conflicts of interest. Key decisions were not documented. There was a lack of clarity, transparency, and oversight of the relationship between the Minister's office and staff in the department.

The audit made recommendations about

1. making and retaining complete and accurate records, particularly on decisions to commit or expend public money
2. ensuring department staff understand how to exercise their financial delegations and procurement processes
3. ensuring that only staff with appropriate delegations are committing or approving the spending of public money
4. consistency with the contract extension provisions of the NSW Government Procurement Policy Framework, particularly regarding ensuring value for money
5. protocols to guide the interactions between department staff and Minister and Minister's staff
6. the need for proper management and oversight of contingent workers, such as contractors.

On 27 February 2019 the then Minister for Finance, Services and Property announced the commencement of a Park’nPay app trial in The Rocks precinct of Sydney.

The app was intended to enable users to locate and pay for parking remotely, using their smart mobile device such as a phone or tablet, rather than needing to physically be at a parking meter.

In July 2019, following a direct negotiation procurement conducted by the then Department of Finance, Services and Innovation, a contract was executed with Duncan Solutions for an estimated value of $1,260,600 over three-years, with three single-year options to extend. The contract required Duncan Solutions to provide development services to link the Park'nPay app to its Parking Enterprise Management System platform and to provide ongoing software support services.

This audit assessed whether the department complied with the procurement obligations that applied at the time it procured these services from Duncan Solutions.

This audit focussed on the department's processes and decision-making relating to:

• the direct negotiation with Duncan Solutions at the exclusion of any other potential supplier
• the negotiation, execution and management of the contract with Duncan Solutions.

As this audit focusses on the department's procurement and contract management processes, it does not comment on the activities of Duncan Solutions. The detailed audit objective, criteria and audit approach are in Appendix three.

The auditee is the Department of Customer Service. As a result of machinery of government changes, the Department of Finance, Services, and Innovation became the Department of Customer Service from 1 July 2019. To avoid confusion, this report simply uses ‘the department’ to refer to either. Where the report refers to the Minister, it relates to the former Minister in office at the time.

Appendix one – Response from auditee

Appendix two – Key requirements of the department's procurement manual 

Appendix three – About the audit 

Appendix four– Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #387 - released 14 December 2023

What the report is about

Effective radio communications are crucial to NSW's emergency services organisations.

The Critical Communications Enhancement Program (CCEP) aims to deliver an enhanced public safety radio network to serve the five emergency services organisations (ESOs), as well as a range of other users.

This report assesses whether the NSW Telco Authority is effectively managing the CCEP.

What we found

Where it has already been delivered (about 50% of the state), the enhanced network meets most of the requirements of ESOs.

The CCEP will provide additional infrastructure for public safety radio coverage in existing buildings agreed to with ESOs. However, radio coverage inside buildings constructed after the CCEP concludes will be at risk because building and fire regulations do not address the need for in-building public safety radio coverage.

Around 98% of radios connected to the network can be authenticated to protect against cloning, though only 42% are.

The NSW Telco Authority has not settled with ESOs on how call encryption will be used across the network. This creates the risk that radio interoperability between ESOs will not be maximised.

When completed, the public safety radio network will be the only mission critical radio network for ESOs. It is unclear whether governance for the ongoing running of the network will allow ESOs to participate in future network operational decisions.

The current estimated capital cost for the NSW Telco Authority to complete the CCEP is $1.293 billion. This is up from an estimated cost of $400 million in 2016. The estimated capital cost was not publicly disclosed until $1.325 billion was shown in the 2021–22 NSW Budget Papers.

We estimate that the full cost to government, including costs to the ESOs, of implementing the enhanced network is likely to exceed $2 billion.

We made recommendations about

• The governance of the enhanced Public Safety Network (PSN) to support agency relationships.
• The need to finalise a Traffic Mitigation Plan for when the network is congested.
• The need to provide advice to the NSW Government about the regulatory gap for ensuring adequate network reach in future buildings.
• The need to clarify how encryption and interoperability will work on the enhanced network.
• The need for the NSW Telco Authority to comply with its policy on Infrastructure Capacity Reservation.
• Expediting measures to protect against the risk of cloning by unauthenticated radios.

Public safety radio networks are critical for operational communications among Emergency Services Organisations (ESOs), which in New South Wales include:

• NSW Ambulance
• Fire and Rescue NSW
• NSW Police Force
• NSW Rural Fire Service
• NSW State Emergency Service.¹

Since 1993, these five ESOs have had access to a NSW Government owned and operated radio communications network, the Public Safety Network (PSN), to support their operational communications. Around 60 to 70 other entities also have access to this network, including other NSW government entities, Commonwealth government entities, local councils, community organisations, and utility companies.

Pursuant to the Government Telecommunications Act 2018 ('the Act'), the New South Wales Government Telecommunications Authority ('NSW Telco Authority') is responsible for the establishment, control, management, maintenance and operation of the PSN.²

Separate to the PSN, all ESOs and other government entities have historically maintained their own radio communication capabilities and networks. Accordingly, the PSN has been a supplementary source of operational radio communications for these entities.

These other radio networks maintained by ESOs and other entities are of varying size and capability, with many ageing and nearing their end-of-life. There was generally little or no interoperability between networks, infrastructure was often co-located and duplicative, and there were large gaps in geographic coverage.

In 2016, the NSW Telco Authority received dedicated NSW Government funding to commence the Critical Communications Enhancement Program (CCEP).

According to NSW Telco Authority's 2021–22 annual report, the CCEP is a transformation program for operational communications for NSW government agencies. The CCEP '…aims to deliver greater access to public safety standard radio communications for the State’s first responders and essential service agencies'. The objective of CCEP is to consolidate the large number of separate radio networks that are owned and operated by various NSW government entities and to enhance the state’s existing shared PSN. The program also aims to deliver increased PSN coverage throughout New South Wales.

The former NSW Government intended that as the enhanced PSN was progressively rolled-out across NSW, ESOs would migrate their radio communications to the enhanced network, before closing and decommissioning their own networks.

About this Audit

This audit assessed whether the CCEP is being effectively managed by the NSW Telco Authority to deliver an enhanced PSN that meets ESOs' requirements for operational communications.

We addressed the audit objective by answering the following two questions:

1. Have agreed ESO user requirements for the enhanced PSN been met under day-to-day and emergency operational conditions?
2. Has there been adequate transparency to the NSW Government and other stakeholders regarding whole-of-government costs related to the CCEP?

In answering the first question, we also considered how the agreed user requirements were determined. This included whether they were supported by evidence, whether they were sufficient to meet the intent of the CCEP (including in considering any role for new or alternative technologies), and whether they met any relevant technical standards and compliance obligations (including for cyber security resilience).

While other NSW government agencies and entities use the PSN, we focused on the experience of the five primary ESOs because these will be the largest users of the enhanced PSN.

Both the cost and time required to complete the CCEP roll-out have increased since 2016. While it was originally intended to be completed in 2020, this is now forecast to be 2027. Infrastructure NSW has previously assessed the reasons for the increases in time and cost. A summary of the findings made by Infrastructure NSW is presented in Chapter 1 of this report. Accordingly, as these matters had already been assessed, we did not re-examine them in this performance audit.

The auditee for this performance audit is the NSW Telco Authority, which is a statutory authority within the Department of Customer Service portfolio.

In addition to being responsible for the operation of the PSN, section 5 of the Act also prescribes that the NSW Telco Authority is:

• to identify, develop and deliver upgrades and enhancements to the government telecommunications network to improve operational communications for government sector agencies
• to develop policies, standards and guidelines for operational communications using telecommunications networks.

The NSW Telco Authority Advisory Board is established under section 10 of the Act. The role of the board is to advise the NSW Telco Authority and the minister on any matter relating to the telecommunications requirements of government sector agencies and on any other matter relating to the functions of the Authority. As of 2 June 2023, the responsible minister is the Minister for Customer Service and Digital Government.

The five identified ESOs are critical stakeholders of the CCEP and therefore they were consulted during this audit. However, the ESOs were not auditees for this performance audit.

The NSW Telco Authority established and tracked its own costs for the CCEP

Over the course of the program from 2016, the NSW Telco Authority prepared a series of business cases and program reviews that estimated its cost of implementing the program in full, including those shown in Exhibit 6 below.

In response to the 2016 CCEP business case, the then NSW Government approved the NSW Telco Authority implementing the CCEP in full, with funding provided in stages. The NSW Telco Authority tracked its costs against approved funding, with monthly reports provided to the multi-agency Program Steering Committee

Throughout the program, the NSW Government was informed of increasing costs being incurred by the NSW Telco Authority for the CCEP

The various business cases, program updates, and program reviews prepared by the NSW Telco Authority were provided to the NSW Government through the required Cabinet process when seeking approval for the program proceeding and requests for both capital and operational funding. These provided clear indication of the changing overall cost of the CCEP to the NSW Telco Authority, as well as the delays that were being experienced.

There was no transparency to the Parliament and community about changes in the capital cost of the CCEP until the 2021–22 NSW Budget

As the business cases for the CCEP were not publicly available, the only sources of information about capital cost were NSW Budget papers and media releases. The information provided in the annual Budget papers prior to the 2021–22 NSW Budget provided no visibility of the estimated full capital cost to complete all stages of the CCEP. As shown in Exhibit 7 below, this information was fragmented and complex.

Media releases about the progress of the CCEP did not provide the estimated total cost to the NSW Telco Authority of $1.325 billion to complete all stages of the CCEP until June 2021. Prior to this date, media releases only provided funding for the initial stages of the program or for the stages subject to a funding announcement.

Even during the September 2019 and March 2020 Parliamentary Estimate Committee hearings where the costings and delays to the CCEP were raised, the estimated full cost of the CCEP was not revealed.

The original business case for the CCEP included estimated ESO costs, though these costs were not tracked throughout the program

Estimates for ESO costs for operating and maintaining their own radio networks over the four years from 2016–17 were included in the original March 2016 business case. They included $75.2 million for capital expenditure and $95 million for one-off operating costs. These costs, as well as costs incurred by ESOs due to the delay in the program, were not subsequently tracked by the NSW Telco Authority.

In January 2017, Infrastructure NSW reviewed the CCEP business case of March 2016. In this review, Infrastructure NSW recommended that the NSW Telco Authority identify combined and apportioned costs and cashflow for all ESOs over the CCEP funding period reflecting all associated costs to deliver the CCEP. These to include additional incidental capital costs accruing to ESOs, transition and migration to the new network and the cost (capital and operational) of maintaining existing networks. This recommendation was implemented in the November 2017 program review, with ESO capital costs estimated as $183 million.

In 2019, Infrastructure NSW conducted a Deep Dive Review on the progress of the CCEP. In this review, Infrastructure NSW made what it described as a 'critical recommendation' that the NSW Telco Authority:

It should be noted that the delay to CCEP completion now is seven years and that further ‘operational bridging solutions’ have been needed by the ESOs.

'Stay Safe and Keep Operational' costs incurred by ESOs will be significantly higher than originally estimated

Stay Safe and Keep Operational (SSKO) funding was established to provide funding to ESOs to maintain their legacy networks while the CCEP was refreshing and enhancing the PSN. This recognised that much of the network infrastructure relied on by ESOs had reached – or was reaching – obsolescence and would either require extensive maintenance or replacement before the PSN was available for ESOs to migrate to it. ESOs may apply to NSW Treasury for SSKO funding, with their specific proposals being reviewed (and endorsed, where appropriate) by the NSW Telco Authority. Accordingly, SSKO expenditure does not fall within the CCEP budget allocation.

As shown in the table below, extracted from the March 2016 CCEP business case, the total expected cost for SSKO purposes over the course of the CCEP was originally $40 million, assuming the enhanced PSN would be fully available by 2020.

In October 2022, the expected completion date for the CCEP was re-baselined to August 2027. Accordingly, ESOs will be required to continue to maintain their radio networks using legacy equipment for seven years longer than the original 2020 forecast. This will likely become progressively more expensive and require additional SSKO funding. For example, NSW Telco Authority endorsed SSKO bids for 2022–23 exceeded $35 million for that year alone.

Compared to the original forecast made in the March 2016 CCEP business case of $40 million, we found ESOs had estimated SSKO spending to 2027 will be $292.5 million.

A refresh of paging network used by ESOs and the decommissioning of redundant sites were both removed from the original 2016 scope of the CCEP

Paging

A paging network is considered an important user requirement by the Fire and Rescue NSW, NSW Rural Fire Service, and NSW State Emergency Service. The 2016 CCEP business case included a paging network refresh within the program scope of works. This was reiterated in the November 2017 internal review of the program. These documents did not estimate a cost for this refresh. The March 2020 and October 2020 business cases excluded paging from the program scope. The audit is unable to identify when, why or by whom the decision was made to remove paging from the program scope, something that was also not well communicated to the affected ESOs.

In 2021, after representations from the affected ESOs, the NSW Telco Authority prepared a separate business case for a refresh of the paging network at an estimated capital cost of $60.31 million. This program was subsequently approved by the NSW Government and included in the 2022–23 NSW Budget.

In determining an estimated full whole-of-government cost of delivering the enhanced PSN, we have included the budgeted cost of the paging network refresh on the basis that:

• it was expressly included in the original approved March 2016 business case
• the capability is deemed essential to the needs of three ESOs.

Decommissioning costs

The 2016 CCEP business case included cost estimates for decommissioning surplus sites (whether ‘old’ GRN sites or sites belonging to ESOs’ own networks). These estimates were provided for both the NSW Telco Authority ($38 million) and for the ESOs ($55 million). However, while these estimates were described, they were not included as part of the NSW Telco Authority's estimated capital cost ($400 million) or (more relevantly) operating cost ($37.3 million) for the CCEP. This is despite decommissioning being included as one of eight planned activities for the rollout of the program.

In the October 2020 business case, an estimate of $201 million was included for decommissioning agency networks based on a model whereby:

• funding would be coordinated by the NSW Telco Authority
• scheduling and reporting through an inter-agency working group and
• where appropriate, agencies would be appointed as the most appropriate decommissioning party.

This estimated cost is not included in the CCEP budget.

In determining an estimated full whole-of-government cost of the enhanced PSN, we have included the estimated cost of decommissioning on the basis that:

• decommissioning was included in the 2016 CCEP business case as one of eight 'planned activities for the rollout of the program'
• effective decommissioning of surplus sites and equipment (including as described in the business case as incorporating asset decommissioning, asset re-use, and site make-good) is an inherent part of the program management for an enhanced PSN
• costs incurred in decommissioning are entirely a consequence of the CCEP program.

The estimated minimum cost of building an enhanced PSN consistent with the original proposal is over $2 billion

We have derived two estimated minimum whole-of-government costs for delivering an enhanced PSN. These are:

• $2.04 billion when calculated from NSW Telco Authority data – shown as estimate A in Exhibit 9 below.
• $2.26 billion when calculated from ESO supplied data – shown as estimate B in Exhibit 9.

Both totals include:

• budgeted amounts for both CCEP capital expenditure ($1,292.8 million) and operating expenditure ($139 million)
• the NSW Telco Authority's 2020 estimated cost for decommissioning ($201 million)
• the NSW Telco Authority's approved funding for paging refresh ($60.3 million).

The two estimated totals primarily vary around the capital expenditure of ESOs (particularly SSKO funding). To determine these costs, we used ESO provided actual SSKO costs to date, as well as their estimates for maintaining their legacy radio networks through to 2027.

The equivalent cost estimates from the NSW Telco Authority were sourced from the November 2017 internal review and the October 2020 business case for CCEP. It should be noted that the amounts for both estimates are not audited, or verified, but do provide an indication of how whole-of-government costs have grown over the course of the program.

The increase in and reasons for the increase in total CCEP costs (capital and one-off operating) incurred or forecast by the NSW Telco Authority (from $437.3 million in 2016 to $1,431.8 million in 2022) have been provided to the NSW Government through various business cases and reviews prepared by the NSW Telco Authority, as well as by reviews conducted by Infrastructure NSW as part of its project assurance responsibilities.

However, the growth in ESO costs and other consequential costs, such as paging and decommissioning, from around $263 million in the 2016 CCEP business case to between $600 million and $800 million, has to a large degree remained invisible and unexplained to the NSW Government and other stakeholders

Appendix one – Response from agency

Appendix two – Trunked public safety radio networks

Appendix three – About the audit

Appendix four – Performance auditing

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #383 - released 23 June 2023

What the report is about

The Government Advertising Act 2011 requires the Auditor-General to undertake a performance audit on government advertising activities each financial year.

This audit examined whether TAFE NSW's annual advertising campaign in 2021–22:

1. was carried out effectively, economically, and efficiently
2. complied with regulatory requirements and the Government Advertising Guidelines.

What we found

TAFE NSW complied with Section 6 of the Act, prohibiting political content.

It also complied with most other advertising requirements.
 
An important exception was that the Managing Director certified that the campaign complied with regulatory requirements and was an efficient and cost-effective means of achieving its public purpose, before a cost-benefit analysis (CBA) was completed.

We have found issues with agencies complying with CBA requirements in previous government advertising audits. This includes the failure to complete them before signing compliance certificates.

The policy owner, the Department of Customer Service (DCS), does not consider oversight of CBAs to be within the scope of their peer review process.  

TAFE NSW evaluated this advertising campaign by surveying a population significantly broader than the target audience. As such, survey results may not accurately reflect the views of the intended audience.

What we recommended

By 30 June 2023, TAFE NSW should:

1. implement processes that ensure:
   1. CBAs are completed before the launch of campaigns over $1 million
   2. compliance certificates are completed only after all regulatory requirements are met
2. consider adding to its current evaluation methods by surveying a population which closely reflects the age profile of its intended target audience.

By June 2023, DCS should:

3. improve whole‑of‑government reporting and monitoring processes to provide the NSW Government with a central view of compliance, including the completion of CBAs by agencies.

The Government Advertising Act 2011 (the Act) sets out requirements that must be followed by a government agency when it carries out a government advertising campaign. The requirements include an explicit prohibition on political advertising, as well as a need to complete a peer review and cost-benefit analysis before the campaign commences. The accompanying Government Advertising Regulation 2018 (the Regulation) and Government Advertising Guidelines (the Guidelines) address further matters of detail.

The Act also requires the Auditor-General to conduct a performance audit on the activities of one or more government agencies in relation to government advertising campaigns in each financial year. The performance audit must assess whether a government agency (or agencies) has carried out activities in relation to government advertising campaigns in an effective, economical and efficient manner. It also assesses compliance with the Act, the Regulation, other laws and the Guidelines.

This audit examined TAFE NSW's advertising campaign for the 2021–22 financial year. TAFE NSW is the NSW Government's public provider of vocational education and training. TAFE NSW carries out an advertising campaign every year. In 2021–22, it spent $15.16 million on developing and implementing advertising. TAFE NSW used channels such as television, radio, internet and social media, press, and out of home advertising in public settings such as bus stops. The advertising aimed to increase the percentage of people considering TAFE NSW for training or education, grow the percentage of people who consider TAFE NSW to be the preferred education provider in NSW, and maintain the proportion of people who are aware of TAFE NSW more generally.

There are a range of private service providers helping to deliver vocational education and training in NSW.

This part of the report sets out key aspects of TAFE NSW's compliance with the government advertising regulatory framework. It considers whether TAFE NSW complied with the:

• Government Advertising Act 2011
• Government Advertising Regulation 2018
• NSW Government Advertising Guidelines 2012 and other relevant policy.

This part of the report considers whether TAFE NSW's advertising program for 2021–22 was carried out in an effective, efficient, and economical manner.

Appendix one – Responses from agencies

Appendix two – About the campaign

Appendix three – About the audit

Appendix four – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #377 - released 28 February 2023

What the report is about

Cyber Security NSW is part of the Department of Customer Service, and aims to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats.

This audit assessed the effectiveness of Cyber Security NSW's arrangements in contributing to the NSW Government's commitments under the NSW Cyber Security Strategy, in particular, increasing the NSW Government's cyber resiliency. The audit asked:

• Are internal planning and governance processes in place to support Cyber Security NSW meet its objectives? 
• Are Cyber Security NSW's roles and responsibilities defined and understood across the public sector?

What we found

Cyber Security NSW has a clear purpose that is in line with wider government policy and objectives. However, it does not clearly and consistently communicate its key objectives, with too few reliable and meaningful ways of measuring progress toward those objectives.

Cyber Security NSW does not provide adequate assurance of the cyber security maturity self assessments performed by NSW Government agencies. Department heads are accountable for ensuring their agency's compliance with NSW government policy.

Cyber Security NSW has a remit to assist local government to improve cyber resilience. However, it cannot mandate action and does not have a strategic approach guiding its efforts.

What we recommended

By 30 June 2023 the Department of Customer Service should:

1. implement an approach that provides reasonable assurance that NSW government agencies are assessing and reporting their compliance with the NSW Government Cyber Security Policy in a manner that is consistent and accurate
2. ensure that Cyber Security NSW has a strategic plan that clearly demonstrates how the functions and services provided by Cyber Security NSW contribute to meeting its purpose and achieving NSW government outcomes
3. ensure that Cyber Security NSW has a detailed, complete and accessible catalogue of services available to agencies and councils
4. develop a comprehensive engagement strategy and plan for the local government sector, including councils, government bodies, and other relevant stakeholders. 

The NSW Cyber Security Strategy details a vision for ‘…NSW to become a world leader in cyber security, protecting, growing, and advancing our digital economy’. Cyber Security NSW, located within the Department of Customer Service, has lead responsibility for one of the four commitments in the strategy: to increase the NSW Government’s cyber resilience.

Cyber Security NSW ‘aims to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats’. It does not provide broader consumer-focused services.

In August 2020, the NSW Government approved a business case to enhance the funding and remit of Cyber Security NSW to include a broader range of services and functions. As a result, Cyber Security NSW is receiving $60 million in funding from 2020–21 to 2022–23, an increase from its previous funding of around $5 million per year (which had been sourced from contributions from each NSW Government department).

The objective of this performance audit was to assess the effectiveness of Cyber Security NSW’s arrangements in contributing to the NSW Government’s commitments under the NSW Cyber Security Strategy, in particular, to increase the NSW Government’s cyber resilience.

We assessed this objective through two lines of inquiry:

1. Are internal planning and governance processes in place to support Cyber Security NSW meet its objectives?
2. Are Cyber Security NSW roles and responsibilities defined and understood across the public sector?

The Audit Office of New South Wales has reported on the topic of cyber security previously. Most recently, the Internal Controls and Governance 2022 report included findings and recommendations relating to cyber security internal controls and governance at 25 of the largest agencies in the NSW public sector. While that report is multi-agency and sought to assess the level of cyber security attained in selected agencies, this current performance audit report focuses specifically on Cyber Security NSW and how well-equipped it is to meet its whole-of-government cyber security leadership and coordination roles.

Cyber security is an evolving landscape where the nature and scale of threats are increasing. The Australian Cyber Security Centre (ACSC), the Australian Government lead agency for cyber security, reported in its in 2020–21 annual report that it received over 67,500 cybercrime reports, equating to one report of a cyber attack every eight minutes, with no sector of the economy or type of government agency immune.

Citizens of NSW are increasingly accessing online government services in this context, providing different types of sensitive personal information. This reliance and transition to digital services has increased in recent times, particularly during the COVID-19 pandemic. The NSW Legislative Council’s Portfolio Committee (the Committee) noted in the March 2021 inquiry report into cyber security in NSW that ‘a failure to get cyber security right in New South Wales represents a significant risk to the State’s economy, business and community, and will affect public trust in government’.

The Committee noted that sound cyber security practices across NSW Government agencies, which Cyber Security NSW was established to drive, will enable the State and community to leverage opportunities from the digital world. Indeed, NSW aims to become a world leader in cyber security by protecting, growing and advancing the digital economy.

Establishment of Cyber Security NSW

Prior to the establishment of Cyber Security NSW, the Office of the Government Chief Information Security Officer was responsible for cyber security across the NSW government sector. This role was announced in March 2017 and was tasked with ‘identifying areas of high risk of attack, and working across NSW agencies to share intelligence, facilitate minimum security standards, and ultimately ensure that citizens can trust in the NSW Government’s delivery of digital transformation’. At the time of this appointment, the Minister for Customer Service and Digital Government stated that ‘cyber security and risk has emerged as one of the most high-profile, borderless and rapidly evolving risks facing government’.

The Office of the Government Chief Information Security Officer was renamed on 20 May 2019 to Cyber Security NSW. Governance updates at the time note that this was undertaken to ‘better reflect the leadership and coordination role required to uplift cyber security and decision-making across NSW Government’. The establishment of Cyber Security NSW was also partly in response to the Audit Office of New South Wales 2018 performance audit report on ‘Detecting and Responding to Cyber Security Incidents’. That audit found that there was no whole-of-government capability to detect and respond effectively to cyber security incidents. Cyber Security NSW is relatively new and is established as a branch within the Department of Customer Service (DCS).

The Office of the Government Chief Information Security Officer, and subsequently Cyber Security NSW, was initially funded through a levy imposed on clusters. Funding arrangements for Cyber Security NSW changed with the announcement in August 2020 of $240 million over three years for the stated purpose of bolstering the NSW Government’s cyber security capability and creating a world leading cyber industry. This funding included direct investment of $60 million from 2020–21 to 2022–23 for Cyber Security NSW to increase its capability and capacity, with the size of the team at the time expected to grow from 25 to 100 staff. In announcing this funding, the Minister for Customer Service and Digital Government stated that ‘…this is the biggest single cyber security investment in national history and will strengthen the government's capacity to detect and respond to the fast-moving cyber threat landscape’.

Cyber Security NSW is divided into two directorates, with one directorate having a focus on operations, and the other on policy and awareness. In turn, there are seven teams within the two directorates. As at March 2022, Cyber Security NSW had 76 ongoing positions filled, five contractors and 22 vacancies.

Cyber Security NSW states that its aim ‘…is to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats. By building a stronger cyber resilience across whole-of-government, Cyber Security NSW is able to support the economic growth prosperity and efficiency of NSW’.

NSW Government Cyber Security Strategy

The NSW Government Cyber Security Strategy was released in September 2018 to ‘…guide and inform the safe management of government’s growing cyber footprint’. The 2018 Cyber Security Strategy also set out an action plan with success criteria against each of the six themes of the NSW cyber security framework. Based on a framework from the US National Institute of Standards and Technology (NIST), these themes are:

• lead
• prepare
• prevent
• detect 
• respond 
• recover.

The Strategy was revised in 2021 and combined with the Cyber Security Industry Development Strategy. The aim of this current strategy is to ‘…outline the key strategic objectives, guiding principles, and high-level focus areas that the NSW Government will use to align existing and future programs of work’. The strategy includes four NSW Government commitments to:

• increase NSW Government cyber resiliency
• help NSW cyber security businesses grow
• enhance cyber security skills and workforce 
• support cyber security research and innovation.

Cyber Security NSW has responsibility as ‘lead agency’ on the first commitment. This role requires it to set commitment objectives and focus areas for the strategy and provide central leadership and coordination of programs and initiatives.

NSW Government Cyber Security Policy

The NSW Government’s Cyber Security Policy was released in February 2019, replacing the former Digital Information Security Policy. All NSW Government agencies must comply with the Cyber Security Policy, and it was recommended for adoption by State Owned Corporations (SOC), local councils, and universities.

The current version of the Cyber Security Policy sets out a range of mandatory requirements for agencies, including: 

• annual reporting of their self-assessed levels of maturity against all the mandatory requirements of the Policy and the Australian Cyber Security Centre’s ‘Essential Eight’ requirements 
• that agencies must provide a list of their ‘crown jewels’ and high and extreme risks to their cluster Chief Information Security Officer (CISO).

The Policy sets out that Cyber Security NSW:

• may assist agencies with their implementation of the Policy with an FAQ document and guidelines on several cyber security topics
• will summarise the maturity reports provided by agencies and provide the results to the relevant governance bodies including the Cyber Security Steering Group, Secretaries’ Board, relevant committees of Cabinet, Cyber Security Senior Officers’ Group, and the ICT and Digital Leadership Group, as well as use these reports to identify common themes and areas for improvement across NSW Government.

As discussed further in Chapter 3, a mandatory guideline issued by the Secretary of the Department of Customer Service in 2020 established that departments and agencies will be subject to audits by Cyber Security NSW. This is to test compliance with the Cyber Security Policy and report these outcomes to the Secretaries’ Board.

This chapter considers whether the Department of Customer Service has a strategic plan for Cyber Security NSW that includes a consistent hierarchy of priorities, which are then reflected in workplans, and inform decisions about specific functions and activities. It also considers whether:

• there was a sound, evidence-based rationale for why Cyber Security NSW was established
• the specific services and functions Cyber Security NSW provides are adequately targeted to agency and council needs
•  there is adequate performance assessment of how the services and functions performed by Cyber Security NSW contribute to uplifting cyber maturity and increasing cyber resilience.

This chapter considers the distribution of responsibility for cyber security in the NSW public sector, as well as whether the responsibilities and roles of Cyber Security NSW are clear and understood by agencies and councils. It also considers whether Cyber Security NSW has sufficient authority and mandate to fulfill its responsibilities for both NSW Government agencies and the local government sector.

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #374 - released 8 February 2023

What the report is about

The report focuses on how effectively the Department of Customer Service (DCS) and Department of Planning and Environment (DPE) led reforms addressing the unsafe use of combustible external cladding on existing residential and public buildings.

Nine local councils were included in the audit because they have responsibilities and powers needed to implement the NSW Government’s reforms.

What we found

After the June 2017 Grenfell Tower fire in London, the NSW Government committed to a ten-point action plan, which included establishing the NSW Cladding Taskforce, chaired by DCS, and with DPE as a key member. The Taskforce co-ordinates and oversees the implementation of the plan.

Depending on the original source of development approval, either individual local councils or DPE are responsible for ensuring that buildings are identified, assessed, and remediated. NSW Government-owned buildings are the responsibility of each department.

Identifying buildings potentially at risk was complex and resource intensive. However, on balance, it is likely that most affected buildings have now been identified.

By October 2021, around 40 per cent of assessed high-risk buildings that are the responsibility of local councils had either been remediated or found not to pose an unacceptable fire risk.

By February 2022, almost 50 per cent of affected NSW Government-owned buildings, and 90 per cent of buildings that are the responsibility of DPE, have either been cleared or are in the process of being remediated.

Earlier guidance on some key issues could have been provided by DCS and DPE in the two years after the Grenfell Tower fire. This may have reduced confusion and inconsistency across local councils we audited, and in some NSW Government departments. This especially relates to the application of the Fair Trading Commissioner's product use ban.

Given the inherent risks posed by combustible external cladding, buildings initially assessed as low-risk may also still warrant further action.

While most high-risk buildings have likely been identified, poor information handling makes it difficult to keep track of all buildings from identification, through to risk assessment and remediation.

What we recommended

DCS and DPE should:

1. address the confusion surrounding the application of the Commissioner for Fair Trading's product use ban for aluminium composite panels with polyethylene content greater than 30 per cent
2. develop an action plan to address buildings assessed as low-risk
3. improve information systems to track all buildings from identification through to remediation.

NSW Government's response to the risks posed by combustible external cladding

The NSW Government first became aware of the potential heightened risks posed by combustible external cladding on building exteriors after the 2014 Lacrosse Tower fire in Melbourne. However, it was the tragic loss of life from the Grenfell Tower fire in London, in June 2017, that gave added urgency to the need to address these risks.

Within six weeks of the London fire, the NSW Government committed to a ten-point plan of action for NSW to:

• identify and remediate any buildings with combustible external cladding
• ensure that regulation prevented the unsafe use of such cladding
• ensure that experts involved in providing advice and certifying fire safety measures had the necessary skills and experience.

One of the actions in the ten-point plan was the creation of the NSW Government's Fire Safety and External Wall Cladding Taskforce (the Cladding Taskforce) chaired by the Department of Customer Service (DCS) and with the Department of Planning and Environment (DPE) as a key member.

The ten-point plan also specified that NSW Government departments would be responsible, in regard to buildings they owned to '…audit their buildings and determine if they have aluminium cladding'.

Local councils play a key role in implementing the Government's reforms, given their responsibilities and powers under the Environmental Planning and Assessment Act 1979 (EPA Act) and Local Government Act 1993 (Local Government Act) to approve building works (as 'consent authorities'), as well as to ensure fire safety standards are met. DPE plays an equivalent role for a smaller number of 'State Significant Developments' for which it is the consent authority under delegation from the Minister for Planning.

Commissioner for Fair Trading's building product use ban

On 18 December 2017, the Building Products (Safety) Act 2017 (BPS Act) came into effect in NSW, introducing new laws to prevent the use of unsafe building products. Notably, the BPS Act gave the Secretary of DCS and the Commissioner for Fair Trading the power to ban unsafe uses of building products.

After an extensive consultative process, the Commissioner for Fair Trading used these powers to issue a product use ban on 15 August 2018. This banned the use of external wall cladding of aluminium composite panels with a core comprised of more than 30 per cent polyethylene by mass on new buildings, unless the proposed use was subject to independent fire propagation testing of the specific product and method of application to a building in accordance with relevant Australian Standards.

Buildings occupied before the product use ban came into force are not automatically required to have the banned product removed. Under the BPS Act, consent authorities may determine necessary actions to eliminate or minimise the risk posed by the banned material on existing buildings.

Project Remediate

Project Remediate is a three-year NSW Government program announced in November 2020. The program was designed by the NSW Government to assist building owners of multi-storey apartments (two storeys or more) with high-risk combustible cladding to remediate their building to a high standard and for a fair price.

The scheme is voluntary and includes government paying for the interest on ten-year loans, as well as incorporating assurance and project management services to provide technical and practical support to owners’ corporations and strata managing agents. Building remediations under the program are expected to commence in 2022.

About this audit

This audit assessed whether DCS and DPE effectively led reforms to manage the fire safety risk of combustible external cladding on existing residential and public buildings.

In making this assessment, we considered whether the expressed policy intent of the NSW Government's ten-point plan for fire safety reform had been achieved by asking:

• are the fire safety risks of combustible external cladding on existing buildings identified and remediated?
• is there a comprehensive building product safety scheme that prevents the dangerous use of combustible external cladding products on existing buildings?
• is fire safety certification for combustible external cladding on existing buildings carried out impartially, ethically and in the public interest by qualified experts?

Consistent with the focus of the Cladding Taskforce on multi-storey residential buildings and public buildings, the scope of our audit is limited to buildings categorised under the Building Code of Australia (BCA) as class 2, 3 and 9. These classes are defined in detail in section 1.2, but include: multi-unit residential apartments, hotels, motels, hostels, back-packers, and buildings of a public nature, including health care buildings, schools, and aged care buildings. The scope was also limited to existing buildings, which is defined as buildings occupied by 22 October 2018.

Auditees

The Department of Customer Service chairs the NSW Government's Cladding Taskforce, which is responsible for coordinating the combustible external cladding reforms. The Commissioner of Fair Trading sits within DCS and DCS regulates the industry accreditation scheme for fire safety practitioners, as well as administering the BPS Act.

The Department of Planning and Environment administers the EPA Act and the Environmental Planning and Assessment Regulation 2000 (EPA Regulation), which regulate the building development process. As well as being the delegated consent authority for State Significant Developments, DPE is also responsible for maintaining the mandatory cladding register requiring building owners of multi-storey (BCA class 2, 3 or 9) buildings to register buildings with combustible external cladding on an online portal.

Functions and responsibilities between DCS and DPE varied over time. For example, in October 2019, the DPE building policy team responsible for co-ordinating the DPE response to the combustible cladding issue was transferred to DCS, following changes to agency responsibilities resulting from machinery of government changes. DPE advised this resulted in a lessening of DPE's subsequent policy work on combustible cladding and its involvement in the Cladding Taskforce.

While the focus of the audit was on the oversight and coordination provided by DCS and DPE, nine councils were also auditees for this performance audit. Councils play an essential part as consent authorities for building development approvals in NSW, as well as having responsibilities and powers to ensure fire safety standards. To fully understand how well their activities were overseen and coordinated, a sample of councils was included as auditees.

Nine councils were selected to represent both metropolitan and regional areas, noting that there are very few in-scope buildings in rural areas. The audited councils were:

• Bayside Council
• City of Canterbury Bankstown Council
• Cumberland City Council
• Liverpool City Council
• City of Newcastle Council
• City of Parramatta Council
• City of Ryde Council
• City of Sydney Council
• Wollongong City Council.

Terminology

The two NSW Government department auditees have, over time, been subject to machinery of government changes, which have changed some of their functions and what the departments are called.

Relevant to this audit, the effect of these changes has been:

• the Department of Finance, Services, and Innovation (DFSI) became the Department of Customer Services (DCS) on 1 July 2019
• on 1 July 2019, the Department of Planning and Environment became the Department of Planning, Industry, and Environment (DPIE)
• on 21 December 2021, DPIE became the Department of Planning and Environment (DPE).

To avoid confusion, we use the titles by which these departments are known at the date of this report: the Department of Customer Service and the Department of Planning and Environment.

This chapter considers the part played by DCS and DPE as key members of the Cladding Taskforce in ensuring that buildings with combustible external cladding were effectively identified and remediated through processes implemented by:

• local councils or DPE, where those bodies were consent authorities under the EPA Act for the relevant buildings
• in the case of NSW Government buildings, the departments that owned those buildings.

This chapter considers what has been done to deliver a comprehensive building product safety scheme that prevents the dangerous use of combustible external cladding products.

This chapter considers whether reforms have ensured that only people with the necessary skills and experience are certifying buildings and signing off on fire-safety.

Inspections of existing buildings and development of any subsequent action plans to address combustible external cladding are not activities covered by accreditation or registration schemes for building certifiers

Almost all the risk assessment and remediation work done on buildings in the scope of this audit have been undertaken under fire safety orders issued by consent authorities using their powers under the EPA Act. This has been the recommended approach by DPE and DCS since at least 2016 (that is, before the Grenfell Tower fire in London).

While there have been reforms to certifier registrations scheme, these were not intended to ensure that combustible cladding-remediation on existing buildings is supported by people with the necessary skills and experience in fire safety under the fire safety order process. Instead, they are focused on offering better assurance for work done in respect to new building projects where accredited experts certify that building work is carried out in accordance with BCA under the DCS managed certifier registration schemes.

No steps have been taken to ensure the quality of the work done by experts inspecting, assessing the fire risk and developing action plans to address combustible external cladding on existing buildings, other than where consent authorities have chosen to exercise their discretion. This includes requiring fire safety experts to be appropriately qualified and requiring peer review of some cladding risk assessments and remediation plans.

Consent authorities determine whether individuals with accreditation are required for combustible cladding inspection, risk assessments and remediation on existing buildings

Whether an individual with certifier accreditation participates in a cladding inspection, risk assessment, or remediation for an existing building will be determined by what councils as consent authorities specify in their fire safety orders unless building owners opt to use such experts without being directed to do so by the consent authority.

As discussed earlier, councils acting as consent authorities vary in whether they require building owners to engage individuals with certifier accreditation. In most of the councils we audited, A1 or C10 accredited experts were either required, or recommended, to perform functions such as auditing suspected combustible cladding, or conducting fire safety risk assessments and developing plans to rectify combustible cladding.

However, these types of work are not functions covered by the accreditation or registration schemes that apply to building and development certifiers.

Certifier accreditation schemes do not cover cladding remediation work done under fire safety orders

While councils may require or recommend that independent accredited A1 or C10 certifiers be engaged by building owners for cladding risk assessment and remediation, they are not performing those functions as certifiers — they are, in effect, more akin to expert consultants. Accordingly, how they perform their functions and duties is not covered by the legislation supporting the accreditation scheme for certifiers that was operated until July 2020 by the Building Professional Board.

Instead, their use in this process is a convenient and practical way for consent authorities to ensure that building owners use appropriate experts who have the qualifications, skills and experience needed to investigate and identify combustible cladding, and then to formulate appropriate action to deal with such cladding. However, these individuals are not performing regulated or accredited work, are not subject to regulatory oversight, and are not accountable to any accreditation body for the quality of the work they perform.

While councils could (and sometimes do) choose to decline poor quality or incomplete cladding-related work prepared by A1 or C10 certifiers, the burden of resolving poor quality would fall on the building owner, who would have to seek amended or additional risk assessments or rectification plans.

In the absence of regulatory oversight, disincentives for poor quality cladding-related work, may include litigation being commenced by the property owner, harm to the expert's reputation in a small and competitive market, and the potential impact on whether the individual could retain their professional indemnity insurance at a reasonable cost (especially in an environment when many insurance providers withdrew coverage for cladding related work).

Reforms impact on regulated experts doing work on new buildings

The reforms that commenced on 1 July 2020, replaced categories of accreditation with classes of registration, and varied the classes such that:

• accredited building surveyor category A1 became registered building surveyor-unrestricted
• accredited certifier—fire safety engineer category C10 became registered certifiers-fire safety.

The legislation that introduced these reforms, the Building and Development Certifiers Act 2018, also repealed the pre-existing Building Professionals Act 2005 and abolished the Building Professionals Board. The new Act was accompanied by the Building and Development Certifiers Regulation 2020.

While the scope of this audit is limited to existing buildings, we note that there are buildings with combustible external cladding that are yet to be remediated. Just as these processes previously drew on the expertise of A1 and C10 category certifiers, it seems inevitable that the remediation of existing buildings will continue to draw on the expertise of the equivalent new classes of registered building surveyor-unrestricted and registered certifier-fire safety.

Appendix one – Response from agencies

Appendix two – About the audit

Appendix three – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #364 - released 13 April 2022.

What the report is about

The report examined whether NSW Treasury, Service NSW and the Department of Customer Service effectively administered grants programs funded under the $750 million Small Business Support Fund, including:

• $10,000 Small Business Support Grant
• $3,000 Small Business Recovery Grant.

What we found

The agencies effectively implemented the grants within required timeframes, reflecting the NSW Government’s decision to deliver urgent financial support to small businesses impacted by the COVID-19 pandemic.

NSW Treasury met urgent timeframes to design the grants and Service NSW made timely payments in line with the grants' objectives and eligibility criteria.

Service NSW and the Department of Customer Service strengthened processes to detect and minimise fraud in response to identified external fraud risks, and to investigate suspected fraudulent applications.

Fraud security checks and investigations are ongoing, and the agencies will not know the full extent of fraud across the grants until these processes have been completed.

The agencies regularly monitored and reported on the timeliness of payments to small business applicants but have not yet measured all benefits of the grants programs.

The $10,000 Support Grant and the $3,000 Recovery Grant have provided around $630 million in one off grant payments to eligible small businesses.

What we recommended

NSW Treasury should finalise and implement an evaluation of both grants programs, including obtaining feedback from businesses.

Service NSW should develop a framework that documents expected controls for how it administers grants, including business processes, fraud control and governance and probity requirements.

Service NSW should publish information on all grants programs, including grants distribution and uptake.

The Department of Customer Service should ensure its processes for managing conflicts of interest meets its policy requirements.

Upcoming performance audit

The Audit Office is conducting a further performance audit into grants administration for disaster relief focussing on bushfire grants. This is planned to complete in 2021-22.

Further information

Please contact Ian Goodwin, Deputy Auditor-General on 9275 7347 or by email.

The NSW Government responded to the partial shutdown of the NSW economy caused by the COVID-19 pandemic in 2020 by, among other measures, announcing on 3 April 2020 that it would place $750 million into the Small Business Support Fund (the Fund).

Under the Fund, the NSW Government would pay one-off grants of up to $10,000 to small business impacted by the shutdown. The objectives of the $10,000 Small Business Support Grant ($10,000 Support Grant) were to:

• ease the pressure on small businesses that have been affected by the COVID-19 pandemic
• support the ongoing operations of small businesses highly impacted by the COVID-19 restrictions
• deliver cash-flow into small businesses as soon as possible so that small businesses could meet pressing financial needs.

Grant applications were assessed against eligibility criteria that were determined by the NSW Government. The eligibility criteria for the $10,000 Support Grant required an employing small business to demonstrate it was significantly impacted by the COVID-19 pandemic by self-declaring or demonstrating a significant decline of 75 per cent or more in turnover compared to 2019. Documentation requirements were relaxed for small businesses within highly impacted industries.

In June 2020, the NSW Government announced a second round of one-off grants of up to $3,000 to small businesses that were highly impacted by the COVID-19 pandemic ($3,000 Recovery Grant). The objective of the $3,000 Recovery Grant was to help small businesses in 'highly impacted industries' — those directly impacted by the restrictions and closures put in place under the Public Health Orders — to meet the costs of safely reopening or scaling up operations.

The eligibility criteria for the $3,000 Recovery Grant required that a small business be in a highly impacted industry, demonstrate that it was significantly impacted by the COVID-19 pandemic by declaring a significant decline in turnover, and had costs associated with reopening under the 'COVID-Safe' requirements.

NSW Treasury and Service NSW implemented both grants on behalf of the NSW Government. The process of applying for a grant was intended to be quick and easy, with Service NSW using automated assessments and simple online application forms to process applications. Applicants applied for the $10,000 Support Grant through the Service NSW website between 14 April 2020 to 30 June 2020 and applied for the $3,000 Small Business Recovery Grant between 1 July 2020 and 31 August 2020.

At May 2021, around $520 million has been paid to over 52,500 grant applicants under the $10,000 Support Grant and around $109 million had been paid to around 36,700 grant applicants under the $3,000 Recovery Grant.

The Audit Office plans to undertake a performance audit into grants administration for disaster relief focussing on bushfire grants in 2021–22.

This audit assessed whether the grants funded under the $750 million Small Business Support Fund were effectively administered and implemented to provide disaster relief. It addressed the following questions:

• Were funded grants programs planned, designed and targeted effectively?
• Were funded grants programs implemented in line with the objectives and criteria and delivery requirements?
• Have agencies established measures to monitor intended benefits and outcomes?

This audit did not seek to assess the effectiveness of any other grant programs or stimulus measures. It also did not seek to assess the impact of the funding on applicants, or the future prospects of small businesses that received support.

1. Key findings

Around $630 million in timely one-off grant payments have been made to small businesses

Service NSW and NSW Treasury have paid around $630 million in one-off grant payments to small businesses via two grants administered under the $750 million Small Business Support Fund. At May 2021:

• around $520 million has been paid to over 52,500 grant applications received for the $10,000 Small Business Support Grant ($10,000 Support Grant)
• around $109 million has been paid to 36,700 grant applications received for the $3,000 Small Business Recovery Grant ($3,000 Recovery Grant).

Across both grants, over 65,000 small businesses received a payment across either grant, and over 23,000 businesses received payments under both grants.

NSW Treasury advise that, while no data was collected on the time to pay applicants for the $10,000 Support Grant, from its monitoring of the grants' outputs it was satisfied that payment timeframes met its expectations. Service NSW met its targeted time to pay applicants with payments made within ten days for the $3,000 Recovery Grant.

Funds for both grants were not fully spent due to limitations in data and uncertainty of the COVID-19 pandemic's impact. At May 2021, the final demand for the $10,000 Support Grant was around 30 per cent less than initially anticipated and the final demand for the $3,000 Recovery Grant was around 40 per cent less than initially anticipated.

NSW Treasury developed proposals establishing high level design and delivery expectations within rapid timeframes

NSW Treasury put forward proposals to the NSW Government for the two grants administered under the $750 million Small Business Support Fund. It met rapid timeframes for producing this advice: within one day for the $10,000 Support Grant and within four days for the $3,000 Recovery Grant. NSW Treasury's advice to the NSW Government on how to best target the total funding, eligibility criteria and the feasibility of delivering the grants through Service NSW was based on comparable grants programs – including the $10,000 Small Business Bushfire Support Grant – which at that time were ongoing.

The proposals established, at a high-level, the rationale for the grants, expected financial costs, risks and analysis on budget impacts, and confirmation that Service NSW could deliver the grants applications platform. NSW Treasury's demand projections were uncertain due to limited data in the early stages of the pandemic regarding potential economic impact.

Given the tight timeframes, the proposals did not fully consider all planning and design aspects for both grants. For example, there was minimal identification of the costs and benefits of the programs, and a lack of detailed design and delivery requirements. The proposals outlined that arrangements to finalise the risk management, controls, and auditing plan would be agreed by Service NSW and NSW Treasury before implementation.

In future circumstances where urgent advice on program design is required, NSW Treasury could set clearer expectations for the delivery agency, including fully considering costs, benefits and delivery requirements that could be carried through to project governance and implementation.

Service NSW implemented both grants in line with delivery expectations

Service NSW met urgent timeframes to stand-up both grants: 11 days for the $10,000 Support Grant and 26 days for the $3,000 Recovery Grant. Delivery expectations for each grant were established under a grant project agreement (grant agreement). Service NSW delivered the online application platform, assessment of applications, payments and reporting of the grants' uptake as per the grant agreements.

The urgent timeframes to deliver the grants contributed to gaps in Service NSW's project and risk management processes throughout the lifecycle of both grants. For example, the requirement to meet pressing timeframes for the $10,000 Support Grant launch meant agencies had reduced time to achieve sign-off on key documentation. As a result, important documents and processes – including the grant agreement, risk documentation and key business process and quality assurance processes – were not finalised ahead of launch.

Quality assurance and compliance processes for detecting fraud were not settled until after the conclusion of the applications for the $10,000 Support Grant, and were not completed until late 2020. Some project documents, including risk registers, communication plans and project briefs are still not finalised.

The longer timeframe to develop the $3,000 Recovery Grant meant that agencies were able to build on their understanding of the implementation requirements from the $10,000 Support Grant, and better document these expectations and understanding while ensuring that key documents and sign-offs were in place prior to launch.

Service NSW tightened its risk management and controls in response to evidence of fraudulent applications

In May 2020, Service NSW and the Department of Customer Service (DCS) were alerted to suspected fraudulent activity within grants administered by Service NSW. Initially, Service NSW anticipated that up to $8.8 million of the $10,000 Support Grant was at risk of exposure to fraudulent applications. However, Service NSW reported that, at April 2021, $1.9 million for the $10,000 Support Grant and $254,000 for the $3,000 Recovery Grant from paid applications were at risk of fraud exposure.

Following an internal review of the potential exposure to fraudulent or ineligible applications, Service NSW implemented additional automated security checks on applications, increased manual assessments of grant applications, established a dedicated taskforce for grants administration and engaged a unit within DCS to manage high-risk investigations.

Service NSW and DCS's increased governance and oversight has resulted in an established case management function, increased referrals to law enforcement, prioritised investigations of suspicious applications and the development of a 'Fraud Control Framework' aimed at addressing external fraud risks. Given Service NSW had limited experience in these processes in context of administering grant payments, such actions were an appropriate response.

Security checks and investigations of suspicious applications are ongoing. Service NSW will not know the full extent of fraud across the grants until these processes have been fully completed.

Service NSW and Department of Customer Service can improve how conflicts of interest are managed for future programs

Compliance with agency policies and processes to manage conflicts of interest and financial subdelegations demonstrates that investment decisions are being made by appropriately skilled and experienced staff, allowing agencies to operate efficiently, and reducing the risk of internal fraud.

DCS was unable to produce employee conflicts of interest declarations for the $10,000 Support Grant. Therefore, it is not known how many employees had completed conflicts of interest declarations for this round.

DCS provided information on conflicts of interest declarations for the $3,000 Recovery Grant. Twenty-nine per cent of declarations provided for employees undertaking grant assessments for the $3,000 Recovery Grant were incomplete at March 2021, and a further nine per cent were not finalised even though they indicated a real, potential or perceived conflict.

For future grants programs, ensuring compliance with conflicts of interest policies would help DCS and Service NSW to have greater confidence that conflicts of interest are appropriately identified and managed.

NSW Treasury has not yet measured all benefits or outcomes of the grants

In April 2021, NSW Treasury updated its evaluation plan for the $10,000 Support Grant and $3,000 Recovery Grant in support of an economic evaluation to commence from mid-2021. The updated evaluation plan outlines inputs, activities, and outputs as well as immediate, short term and medium term outcomes for both grants.

The evaluation will consider the extent to which both grants achieved their intended outcomes, and whether the economic benefits exceeded the costs to help inform decisions about the nature and design of any future small business support programs. This will complement, and feed into a broader review of all NSW Government COVID-19 stimulus measures.

Service NSW rapidly developed an approach to administer the grants

Over recent disasters, such as the 2019–20 bushfires and the COVID-19 pandemic, Service NSW has been responsible for administering grant programs on behalf of other government agencies.

Service NSW implemented both grants under its Project Management Framework and under each grant agreement with NSW Treasury as it does not have its own grants administration framework. To address the risks that emerged during delivery, Service NSW developed an approach to standardise and monitor the administration of the grants while they were being implemented.

Service NSW now has an opportunity to establish a grants administration framework, based on the processes, lessons and outcomes captured under the grants administration taskforce and in developing its fraud control framework. Embedding these processes into business as usual for grants administration will enable Service NSW to have a consistent set of expectations for controls, business processes and governance and probity requirements for future grants it implements.

2. Recommendations

By December 2021, NSW Treasury should:

1. finalise and implement an evaluation of the $10,000 Support Grant and $3,000 Recovery Grant, including obtaining direct feedback from businesses on how grant funds achieved the grant objectives.

By December 2021, Service NSW should:

2. develop a grants administration framework, which documents expected controls – including fraud controls – business processes and governance and probity requirements

3. publish information on all grants programs, including grants distribution and uptake.

By December 2021, the Department of Customer Service should:

4. ensure its process for managing conflicts of interest meets policy requirements by:

• ensuring employees promptly declare any real, potential or perceived conflicts of interest
• annually producing a list of conflicts of interest for records retention purposes
• requiring a separate register of conflicts of interest declarations where a grant program is deemed as high risk.

3. Lessons for grants administered within urgent timeframes

The two grants this audit examined were administered within a context of urgent timeframes, and increased complexity and uncertainty about the impact of the COVID-19 pandemic. The following lessons are shared to assist sponsor and delivery agencies in administering future grants where rapid implementation is required.

Sponsor agencies should consider the following lessons:

1. develop an approach to define and measure benefits for rapidly developed programs and projects where a full business case and cost-benefit analysis is not feasible

2. establish common processes and expectations for co-administered grants:

• periodically assure agencies' capability to deliver grants programs
• agree and establish risk appetite statements with administering agencies
• clearly establish expected performance levels and targets under any agreement

3. review the processes and outcomes of rapidly developed programs, capture lessons learned, and apply these in planning and delivering future programs.

Delivery agencies should consider the following lessons:

1. risk management and risk appetite:

• perform robust assessment procedures to ensure risks associated with delivery of the project are identified
• ensure the controls implemented adequately address identified risks
• agree and document the acceptable risk appetite at the outset
• review risk management processes after the grants are issued when unable to finalise risk management processes ahead of launch

2. grant agreements between NSW public sector agencies:

• ensure agreements are finalised in a timely manner
• ensure agreements clearly outline:
  • roles and responsibilities of both parties,
  • changes in scope of services provided
  • fees and charges applicable

3. frameworks for grants administration:

• ensure that there is a common set of expectations in place to guide grants administration including standard controls and processes for managing risk, capturing lessons learned and reporting on outcomes.

Appendix one – Response from agencies

Appendix two – Summary of other COVID‑19 Stimulus and Support for small businesses in NSW in April 2020

Appendix three – Public Health Orders

Appendix four – Highly impacted industries

Appendix five – About the audit

Appendix six – Performance auditing

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #352 - released (24 June 2021).

A report released today by the Auditor-General for New South Wales, Margaret Crawford found that select advertising campaigns conducted by Service NSW and the NSW Rural Fire Service met most requirements of the Government Advertising Act, regulations, Guidelines and other laws. However, the audit found that Service NSW inappropriately used its post campaign evaluation to measure sentiment towards and confidence in the NSW Government.  

While agency analysis shows that the ‘Cost of Living’ (phases 2 and 3)  and ‘How Fireproof is Your Plan?’ campaigns achieved most of their objectives, the campaign objectives and targets set by both agencies were not sufficient to measure all aspects of campaign effectiveness. 

The report makes two recommendations to the Department of Customer Service. The first is to review its guidance to ensure agencies are not using post campaign evaluations to measure sentiment towards the government. The second, to review its guidance and the new process of peer review to ensure they support agencies to comply with the Act, the regulations and the Guidelines. 

The Government Advertising Act 2011 requires the Auditor General to conduct an annual performance audit of one or more government agencies to see whether their advertising activities were carried out in an effective, economical and efficient manner and in compliance with the Government Advertising Act 2011.
 

Read full report (PDF)

The Government Advertising Act 2011 (the Act) requires the Auditor-General to conduct a performance audit on the activities of one or more government agencies in relation to government advertising campaigns in each financial year. The performance audit assesses whether a government agency or agencies have carried out activities in relation to government advertising in an effective, economical and efficient manner and in compliance with the Act, the regulations, other laws and the Government Advertising Guidelines (the Guidelines). This audit examined two campaigns run during the 2018–19 and 2019–20 financial years respectively:

• the 'Cost of Living' campaign run by Service NSW (phases 2 and 3 delivered in 2018–19)
• the 'How Fireproof Is Your Plan?' (Fireproof) campaign run by NSW Rural Fire Service (year two of a three-year campaign delivered in 2019–20).

Section 6 of the Act prohibits political advertising. Under this section, material that is part of a government advertising campaign must not contain the name, voice or image of a minister, member of parliament or a candidate nominated for election to parliament or the name, logo or any slogan of a political party. Further, a campaign must not be designed to influence (directly or indirectly) support for a political party.

In 2018–19, Service NSW delivered phases 2 and 3 of the 'Cost of Living' campaign. The Cost of Living advertising campaign aimed to build awareness of the help available to ease the cost of living for people under financial pressure including awareness of specific rebates that can be claimed. As part of the Cost of Living program, Service NSW developed a webpage designed as a single portal to access more than 40 NSW Government savings, rebates and initiatives (which originated from over 12 different agencies). It also launched the Cost of Living service which includes face to face meetings and phone interviews to help people claim rebates from the NSW Government. Phase 2 of the campaign ran from September 2018 to August 2019. Phase 3 of the campaign ran from January 2019 to July 2019. The budgets for phases 2 and 3 were $4.127 million and $934,800 respectively. See Appendix two for more details on this campaign.

Campaign materials we reviewed did not breach section 6 of the Act

The audit team reviewed campaign materials developed as part of the paid advertising campaign including radio transcripts, digital videos and display. The audit team did not review the use of social media outside paid social media content as section four of the Act defines government advertising as the dissemination of information which is funded by or on behalf of a government agency. See Appendix two for examples of campaign materials for this campaign.

Section 6 of the Act prohibits political advertising as part of a government advertising campaign. A government advertising campaign must not:

• be designed to influence (directly or indirectly) support for a political party
• contain the name, voice or image of a minister, a member of parliament or a candidate nominated for election to parliament
• contain the name, logo, slogan or any other reference to a political party.

The audit found no breaches of section 6 of the Act in the campaign material we reviewed. 

Post-campaign evaluations measured sentiment towards and confidence in the NSW Government

The post-campaign evaluation for phases 2 and 3 measured levels of confidence with the statement ‘the NSW Government has your best interests at heart’, despite the fact this was not a stated objective of the campaign. This is not an appropriate use of the post-campaign evaluation, which should measure the success of the campaign against its stated objectives. The post-campaign evaluation for phase 3 found that exposure to the campaign improved sentiment towards the government amongst those who did not have confidence in the NSW Government.

Service NSW advised that it was important to measure the sentiment of the advertising including the wording 'best interests' as it did not want the whole of government brand to be detrimental to customer engagement with applying for the rebates.

Following phase 2, Service NSW conducted analysis of media sentiment using the key words 'cost of living' and the names of the Premier, Treasurer and Minister for Customer Service. The analysis presented the level of positive, negative and neutral media sentiment. The Government Advertising Guidelines 2012 list the purposes that government advertising may serve which do not include improving the perception of the government. The inclusion of this analysis in Service NSW's post-campaign evaluation creates a risk that the results may be used for party political purposes.

Section 10 of the Act restricts agencies from carrying out a campaign after 26 January in the calendar year before the Legislative Assembly is due to expire and before the election for the Legislative Assembly in that year. Service NSW authorised a media agency to book media in line with the media plans for the campaign. The media plans for the campaign show that Service NSW did not authorise or plan to run any advertisements between 27 January 2019 and 23 March 2019.

Service NSW did not set targets for all rebates advertised in phase 2

Service NSW did not set targets for four of the seven rebates that were advertised as part of phase 2 of the campaign. These rebates were the Family Energy Rebate, Appliance Replacement Offer, National Parks Concession Offer and the Pensioner Travel Voucher. As a result, it was unable to evaluate whether the advertisements for these rebates were effective. Service NSW advised that at the time the campaign went to peer review, when campaign objectives are set, it did not know which rebates would be included in the advertisements.

Service NSW stated in its submission to the Department of Premier and Cabinet that it may change the creative content for phase 2 as it announced new initiatives and rebates. The peer review process should have ensured that Service NSW set targets for any additional rebates or savings it intended to advertise before that advertising commenced to ensure a strategic approach to the campaigns that clearly demonstrated anticipated benefits were in place.

The post-campaign evaluation for phase 2 shows that the advertising campaign met most of its objectives

Service NSW set overall campaign objectives and specific targets for some rebates advertised as part of phase 2 of the campaign. The objectives, targets and results for phase 2 are shown in Exhibit 5. In phase 2, Service NSW established baseline data on levels of awareness of government rebates during the peer review process. The baseline level of awareness for government rebates was 44 per cent. The level of awareness for specific rebates was 46 per cent for the Compulsory Third Party (CTP) green slip refund, and 21 per cent for both Active Kids and Toll Relief.

Post-campaign evaluation reports for phase 2 show that the campaign met its objective to raise awareness of NSW Government rebates, achieving a 16 per cent increase in awareness from 44 per cent to 51 per cent. The campaign did not meet its target to increase awareness of the CTP green slip refund by ten per cent.

Service NSW did not report the results of the uptake of the CTP green slip refund, Active Kids and Toll Relief in its post campaign effectiveness report submitted to the Department of Premier and Cabinet. However, other post-campaign evaluation documentation, which Service NSW advise was submitted to the Department of Premier and Cabinet, show that these targets were met.

Service NSW did not report to the Department of Premier and Cabinet on whether it achieved the target of a ten per cent increase of average monthly visits to the Cost of Living webpage. Service NSW reported that it had achieved an average of 11,753 visitors to the webpage per day during the campaign. These average daily results indicate that the target was met.

Exhibit 5: Phase 2 - campaign objectives, targets and results

Campaign objectives and targets	Does the post-campaign evaluation show that the target was met?
1. a) Increase awareness of rebates from the NSW Government by ten per cent.	Image
b) Increase average monthly visits to the Cost of Living webpage by ten per cent.	Image
2. Increase awareness of rebates and savings by ten per cent for:
CTP green slip refund	Image
Active Kids	Image
Toll Relief.	Image
3. Increase awareness that NSW Government initiatives relating to the cost of living are available via Service NSW by ten per cent.	Image
4. Increase the uptake of rebates and savings for the CTP green slip refund, Active Kids and Toll Relief by ten per cent.	Image

Key

Image

Yes

Image

Not Fully

The post-campaign evaluation for phase 3 shows that the advertising campaign met most of its objectives

Service NSW set overall campaign objectives and specific targets for the two rebates advertised as part of phase 3 of the campaign. The objectives, targets and results for phase 3 are shown in Exhibit 6.

In phase 3, Service NSW established baseline data on levels of awareness during the peer review process. The baseline level of awareness for government rebates was 44 per cent. This is the same baseline that was used to measure performance for phase 2 of the campaign. Service NSW did not set baselines for awareness and uptake of Energy Switch and Creative Kids as these were new services.

Post-campaign evaluation reports for phase 3 show that the campaign met its objective to raise awareness of NSW Government rebates by ten per cent, achieving a 30 per cent increase in awareness from 44 per cent to 57 per cent. The overall increase in message take-out was met with 43 per cent agreeing with the message that the NSW Government is taking steps to ease the cost of living. The campaign achieved awareness and uptake targets for the specific rebates included in phase 3, except for awareness of Creative Kids which achieved 28 per cent awareness, falling short of the 30 per cent awareness target.

Exhibit 6: Phase 3 - campaign objectives, targets and results

Campaign objectives and targets	Does the post-campaign evaluation show that the target was met?
1. Increase message takeout that ‘The NSW Government is taking steps to help ease the cost of living in NSW’ by ten per cent for those who can recall the campaign.
2. Increase awareness that the NSW Government has a range of rebates and savings by ten per cent.
3. Generate awareness with NSW residents aged 18+ of:
Energy Switch (15 per cent awareness)
Creative Kids (30 per cent awareness).
4. Create uptake of Energy Switch and Creative Kids (8,356 clicks on the Energy Switch website and 107,938 Creative Kids vouchers downloaded with 70 per cent conversion).

Key

Yes

Not Fully

The timing of campaign phases meant that it was difficult for Service NSW to evaluate each distinct campaign phase and reduced opportunities to incorporate learnings from previous phases

Service NSW commenced planning for phase 2 of the campaign while phase 1 was still underway. This limited the opportunity for Service NSW to incorporate learnings from phase 1 into phase 2. There was some overlap in the timing of phase 2 and the start of phase 3 of the campaign, making it difficult to evaluate the effectiveness of each distinct campaign phase. Both phases 2 and 3 had the same high-level outcome objective to raise awareness of rebates by ten per cent. The baseline measures that were used to evaluate performance for phase 3 were the same as those used to evaluate phase 2. As a result, Service NSW was not able to separately evaluate these two phases of the campaign. This is important given the budgets for phases 2 and 3 were $4.127million and $934,800 respectively.

Service NSW allocated 7.5 per cent of its media budget to communications with culturally and linguistically diverse (CALD) and Aboriginal audiences

The NSW Government CALD and Aboriginal Advertising Policy requires that agencies spend at least 7.5 per cent of an advertising campaign media budget on direct communications with CALD and Aboriginal audiences. Service NSW authorised a media company to book media in line with the media plans for the campaign. The media plans for phases 2 and 3 of the campaign indicate that Service NSW met this requirement, with 7.5 per cent of the budget allocated to these audiences in phase 2 and 10.4 per cent in phase 3.

The post campaign evaluation for phases 1 and 2 of the Cost of Living campaign contained a recommendation to look at other opportunities to reach CALD audiences. Effective communication with CALD audiences was particularly important in phase 3 of the campaign, where they made up 30 per cent of the target audience for the Creative Kids advertisement. The post-campaign analysis for phase 3 showed that the campaign performed well with some, but not all CALD audiences. The post-campaign analysis also showed low awareness and uptake with Aboriginal audiences. Pre-campaign focus groups in phase 3 found Aboriginal audiences had a negative reaction to the campaign tag line ‘NSW Government is helping with the cost of living’ however this tagline was still used in some advertisements in phase 3.

The cost-benefit analysis (CBA) for phase 2 did not accurately assess the benefits of the campaign and did not assess the costs and benefits of alternatives to advertising

Under the Government Advertising Act 2011, agencies are required to prepare a CBA when the cost of the campaign is likely to exceed $1 million. The CBA conducted by Service NSW for phase 2 includes $8 million in benefits attributed to the advertisements for the Energy Switch tool and $6.9 million in benefits attributed to the advertisements for Creative Kids vouchers. These benefits should not have been included in the CBA for phase 2 as they were not included in this phase of the campaign. The CBA did not estimate the benefits of some other rebates and savings advertised in phase 2 of the campaign. This means that the CBA did not accurately assess the benefits of the campaign. Service NSW advised that at the time the CBA was developed it had not selected the rebates to be included in the campaign.

The Government Advertising Guidelines require agencies to consider options other than advertising to achieve the desired objective including a comparison of costs and benefits. The CBA developed as part of phase 2 identified using existing NSW Government communication channels as an alternative to advertising but did not assess the costs and benefits of this alternative.

This is a repeat finding from two previous government advertising audits. The report ‘Government Advertising: 2015–16 and 2016–17’ found that both agencies subject to the audit did not meet the requirements in the guidelines to consider alternatives to advertising. The report made a recommendation to the Department of Premier and Cabinet to work with Treasury to ensure the requirements of the guidelines are fully reflected in the 'Cost-Benefit Analysis Framework for Government Advertising and Information Campaigns'. The report ‘Government advertising 2017–18’ found that one agency subject to the audit did not identify to what extent the benefits could be achieved without advertising, nor did it consider alternatives to advertising which could achieve the same impact as the advertising campaign.

Service NSW negotiated with a single creative agency in phase 2, making it difficult to demonstrate value for money

Agencies are required to obtain three quotes when procuring a creative agency on the prequalification scheme if the estimated cost of the creative content is greater than $150,000. In phase 2 of the campaign, Service NSW extended the contract with the creative agency used for phase 1 of the campaign and did not obtain three quotes despite the cost of the creative content for phase 2 being $731,480. The requirement to obtain three quotes was met in phase 1 when initially selecting this creative agency.

Service NSWs procurement policy details that direct negotiation may be appropriate where there is a compelling reason to renew or rollover a contract beyond temporal or convenience reasons or in the cases of a genuine emergency. In its briefing to the Chief Executive, Service NSW stated that this contract extension was sought due to the time-sensitive nature of the project and that if work was delayed by a tender process, Service NSW may not be able to meet marketing milestones and this could result in limited customer uptake. This reason is not a genuine emergency and is not compelling as it does not explain what consequences would occur if it did not meet the marketing milestones or if there was limited customer uptake.

Service NSW's procurement policy also states that under no circumstances must Service NSW employees enter into discussions with a supplier until the delegate has formally made their decision to enter into direct negotiation. Service NSW briefed the Chief Executive of Service NSW in relation to extending the contract on 5 September 2018. The briefing states that the creative agency had already begun developing creative content for phase 2 and Service NSW had already received quotes from the creative provider for the proposed work prior to 5 September 2018. Procurement sign-offs were not completed until 7 September 2018. The engagement of the creative provider prior to appropriate approvals was contrary to Service NSWs procurement policy.

The economy of the campaign may have been limited by not meeting the procurement requirements in phase 2. It is possible that the creative provider may have offered a more competitive rate if it was aware that Service NSW was seeking quotes from other creative providers. Additionally, it is possible that another creative provider could have provided better value for money.

In phase 3 of the campaign, the estimated cost of the creative exceeded $150,000 however Service NSW chose to contract two different creative agencies, and the cost for each agency fell below the threshold to obtain three quotes. Agencies are permitted to obtain one quote when using a creative provider on the prequalification scheme if the cost is between $50,000 to $150,000. Service NSW advised that it contracted two creative providers as two different project teams were responsible for the rebates, each with separate marketing budgets.

Service NSW allowed sufficient time for cost-efficient media placement

During the peer review process, the Department of Premier and Cabinet advised agencies about the time they should allow to ensure cost-efficient media placement. For example, the Department of Premier and Cabinet advised that agencies book television advertising six to 12 weeks in advance and that agencies book radio advertising two to eight weeks in advance.

Service NSW allowed sufficient time between the completion of the peer review process and the commencement of the first advertising. Service NSW signed the agreement with the approved Media Agency Services provider with sufficient time to achieve cost-efficient media placement for all types of media used in this campaign.

The campaign may have been misleading for some people who were not eligible for rebates

Advertisements we reviewed focused on the amount of savings that could be obtained from rebates, for example ‘Save up to $285’, and ended with a statement ‘To save, visit service.nsw.gov.au. This directed viewers to the Cost of Living website which contains eligibility information. However, the advertisements in phases 2 and 3 we reviewed did not contain any details on the eligibility for these rebates and not all advertisements stated that eligibility criteria apply. Service NSW advised that the eligibility criteria for each rebate is extensive and that it was not possible to include this in the creative material.

Post-campaign evaluations in phase 3 recommended that advertisements for Creative Kids should indicate eligibility (e.g. age criteria) as statements on savings have the potential to be misleading when not all viewers will be eligible for rebates. Social media analysis conducted following phase 2 showed ineligibility or inability to claim rebates or refunds caused anger for some respondents.

Some advertisements in phase 2 stated ‘we've got something for everyone’. However, as rebates were subject to eligibility criteria, it is possible that some residents in NSW would not be eligible for any rebates as part of the Cost of Living initiative. As such, this statement has the potential to be misleading.

The campaign included statements that underestimated the savings that some customers could obtain

The Guidelines require accuracy in the presentation of all facts, statistics, comparisons and other arguments. The Guidelines also require that all claims of fact included in government advertising campaigns must be able to be substantiated.

In phase 2, the possible savings customers could obtain for two rebates or savings exceeded the amounts stated in the advertising campaign. Exhibit 7 shows some advertisements in phase 2 which stated, ‘My Green Slip Saving Save up to $60’. However, the State Insurance Regulatory Authority website shows that savings for some types of motor vehicles under the 2017 CTP scheme exceed $60. The State Insurance Regulatory Authority website states that the average saving under this scheme has been $129. Service NSW advised that these advertisements were designed for regional markets and that it used different advertisements for metropolitan areas which contained different amounts of savings.

Some advertisements in phase 2 stated, ‘My Toll Relief save up to $700’. The Service NSW website states that drivers can obtain free vehicle registration if they have spent $1,352 or more in tolls in the previous financial year. The cost of registration for some vehicles exceeds $700. This means the savings detailed in the advertisement were lower than what some customers could actually save.

NSW Rural Fire Service conducted the 'How FireProof Is Your Plan?' (Fireproof) campaign. The Fireproof campaign is a three-year campaign which ran in 2018–19 (year one), 2019–20 (year two) and is planned for 2020–21 (year three). This audit examined year two of the campaign (2019–20).

The Fireproof campaign is a public safety campaign encouraging people to plan and prepare for bush fires across the summer period. The campaign aims to improve the quality of bush fire planning and preparation in the community and decrease the impact of fires on the community when they occur.

Campaign materials we reviewed did not breach section 6 of the Act

The audit team reviewed campaign materials developed as part of the paid advertising campaign for example radio advertisements, television commercials and digital displays. The audit team did not review the use of social media outside paid social media content as section four of the Act defines government advertising as the dissemination of information which is funded by or on behalf of a government agency. Examples of campaign materials are shown in Appendix two.

Section 6 of the Act prohibits political advertising as part of a government advertising campaign. A government advertising campaign must not:

• be designed to influence (directly or indirectly) support for a political party
• contain the name, voice or image of a minister, a member of parliament or a candidate nominated for election to parliament
• contain the name, logo, slogan or any other reference to a political party.

The audit found no breaches of section 6 of the Act in the campaign material we reviewed. 

NSW Rural Fire Service did not set targets for the second year of the campaign

The second year of the Fireproof campaign (2019–20) had the same objectives as the first year of the campaign (2018–19), however no specific targets were set for the second year. The advertising submission for the first year of the campaign (2018–19) details the targets for each objective as an increase of ten per cent against the baseline data to be achieved by March 2021, at the end of the three-year campaign.

The second year of the Fireproof campaign (2019–20) was one of the first campaigns approved under the new budget and peer review processes introduced by the Department of Customer Service in 2019–20. The new process for peer review introduced a new template for campaign submissions. The former template for campaign submissions contained more prompts for agencies to ensure the submission contained sufficient detail of campaign objectives, baseline measures, targets, dates for measurement and detail on how they would measure objectives. Despite this, the peer review process should have identified that NSW Rural Fire Service did not set targets for the second year of the campaign.

The 2016 Guidelines for Implementing NSW Government Evaluation Framework for Advertising and Communications requires campaign objectives to be SMART (specific, measurable, achievable, realistic and timed). NSW Rural Fire Service did not meet this requirement for year two of the Fireproof campaign.

Post-campaign evaluations showed increases against four out of five objectives, however there were no specific targets

NSW Rural Fire Service set three campaign objectives at the time it submitted the second year of the campaign (2019–20) to the Department of Customer Service for peer review. However, the post-campaign effectiveness report submitted to the Department of Customer Service measured campaign effectiveness against five campaign objectives. The objectives in the post-campaign effectiveness report were the same objectives set for the first year of the campaign, which is appropriate as this was a repeat campaign.

NSW Rural Fire Service achieved increases against four of their five objectives. However, as noted above there were no specific targets (such as percentage increases) against which performance of the 2019–20 campaign could be measured. Despite this, at the end of the second year, the Fireproof campaign had already achieved some of the targets that NSW Rural Fire Service had set for the end of the third year of the campaign. The post-campaign research showed that both audience recall and exposure to the campaign increased significantly from the prior year. The campaign objectives and results are shown in Exhibit 8.

For those people who already have a bush fire plan, the campaign aimed to increase the number of those plans which have included two or more elements from the Guide to Making a Bush Fire Survival Plan. Elements from the Guide to Making A Bush Fire Survival Plan include actions such as deciding what to take with you if you leave, ensuring you have the right equipment for defending your home and allocating responsibilities to members of a household. The post-campaign evaluation showed that the campaign did not achieve an increase against this objective for people who planned to stay and defend their property rather than leave.

Exhibit 8: Campaign objectives and results

Campaign objectives	Does the post-campaign evaluation show increases against the objective?
1. Continue to increase the number of people that have discussed and/or written a plan with regards to what they will do in the event of a fire.
2. Of those who indicate they have a plan, increase the number of people who have included two or more elements from the Guide to Making a Bush Fire Survival Plan:
for those who plan to leave
for those who plan to stay and defend.
3. Increase the frequency in completing preparation activities around a person’s property.
4. Increase the number of people who correctly assess it is their responsibility to complete preparation activities and enact their plan without direct intervention from emergency services.
5. Visits to MyFirePlan website.

Key

Yes

No

NSW Rural Fire Service achieved cost efficiencies by reusing creative content developed in the first year of the campaign

Total creative and production costs incurred in year one of the campaign were $1.08 million. Rather than commissioning new creative materials, NSW Rural Fire Service re-used the same creative content in year two of the campaign. NSW Rural Fire Service incurred $100,000 in creative and production costs in year two of the campaign and achieved cost-efficiencies by reusing the same creative developed in the prior year.

NSW Rural Fire Service allowed sufficient time for cost-efficient media placement and received free media placements

The Department of Customer Service advises agencies to work with media contacts to book media in advance to ensure a cost-efficient placement. Prior to 2019–20, the Department of Premier and Cabinet provided suggested timeframes for agencies to book media as part of the peer review process. For example, it advised agencies to book television six to 12 weeks in advance and book radio advertising two to eight weeks in advance. NSW Rural Fire Service allowed sufficient time for a cost-efficient media placement.

NSW Rural Fire Service received $4 million of free advertising time and space donated by media companies due to the extent and impact of the 2019–20 fire season.

The cost benefit analysis (CBA) did not assess the costs and benefits of alternatives to advertising

Under the Government Advertising Act 2011, agencies are required to prepare a CBA when the cost of the campaign is likely to exceed $1 million. As part of the CBA, the Government Advertising Guidelines require agencies to consider options other than advertising to achieve the desired objective including a comparison of costs and benefits.

The CBA for the Fireproof campaign (year two) notes that the proposed campaign is one component of a broader community engagement strategy which has been developed over time and is based on research and evaluation. The CBA considers two options to achieve the objectives of the campaign. The first option is community engagement activities without an advertising campaign and the second option is community engagement activities alongside an advertising campaign. The CBA does not identify and assess the costs and benefits of both of the options in order to assess the most cost-efficient option.

This is a repeat finding from two previous government advertising audits. The report ‘Government Advertising: 2015–16 and 2016–17’ found that both agencies subject to the audit did not meet the requirements in the guidelines to consider alternatives to advertising. The report made a recommendation to the Department of Premier and Cabinet to work with Treasury to ensure the requirements of the guidelines are fully reflected in the 'Cost-Benefit Analysis Framework for Government Advertising and Information Campaigns'. The report ‘Government advertising 2017–18’ found that one agency subject to the audit did not identify to what extent the benefits could be achieved without advertising, nor did it consider alternatives to advertising which could achieve the same impact as the advertising campaign.

Appendix one – Responses from agencies

Appendix two – About the campaigns

Appendix three – About the audit

Appendix four – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #342 - released 19 November 2020

This report examines whether NSW Health effectively planned and delivered major capital works to meet the demand for health services in New South Wales.

The report found that NSW Health has substantially expanded health infrastructure across New South Wales since 2015. However, the program was driven by Local Health District priorities without assessment of the State’s broader and future‑focussed health requirements.

The report found that unclear decision making roles and responsibilities between Health Infrastructure and the Ministry of Health limited the ability of NSW Health to effectively test and analyse investment options.

Project delays and budget overruns on some major projects indicate that Health Infrastructure's project governance, risk assessment and management systems could be improved.

The Auditor‑General recommends that NSW Health ensure its capital projects offer the greatest value to New South Wales by establishing effective policy guidance and enhancing project governance and management systems.

Read full report (PDF)

Since 2011–12, NSW Health has aimed to improve its facilities and build 'future focused' infrastructure. The NSW Government’s 2015–16 election commitments established a four-year $5.0 billion capital program for NSW Health to build and upgrade more than 60 hospitals and health services. The 2019–20 State Budget committed a further $10.1 billion over four years for another 29 projects. This is the largest investment to date on health capital works in New South Wales.

Recent reviews of infrastructure have recognised that population and demographic growth will require a change in the delivery and composition of health infrastructure, including considering greater use of non-traditional, non-capital health service options and assets.

To ensure that expenditure on capital works represents the best value for money, NSW Health's business cases need to be robust and supported by evidence that demonstrates they are worthy investments. The NSW Process of Facility Planning has been the main framework guiding the detailed planning and development of NSW Health's capital works proposals. This framework was developed by the then NSW Department of Health in 2010. Its aim is to ensure investment proposals are supported by rigorous planning processes that address health service needs and provide value for money.

Infrastructure projects of the complexity and scale being delivered by NSW Health carry inherent risks. For example, unplanned cost escalations can potentially impact on the State’s finances. Unforeseen delays can also reduce the intended benefits. The growth in the State’s health capital spend and project profile, means its exposure to such risks has increased over time.

The objective of this audit was to assess the effectiveness of planning and delivery of major capital works to meet demand for health services in New South Wales. To address this objective, the audit examined whether:

• the Ministry of Health has effective procedures for planning and prioritising investments in major health capital works
• Health Infrastructure develops robust business cases for initiated major capital works that reliably inform government decision making
• Health Infrastructure has effective project governance and management systems that support delivering projects on-time, within budget and achievement of intended benefits.

The audit focused on the Ministry of Health and Health Infrastructure – being the lead agencies within NSW Health responsible for prioritising, planning and delivering major health capital works across the State. The audit examined 13 business cases for eight discrete projects over a ten-year period.

Over the period of review, NSW Government policies for business case development and submission have emphasised that effective governance arrangements are critical to a proposal's successful implementation.

NSW Health's Process of Facility Planning similarly highlights the importance of effective governance and project management for achieving good outcomes. It prescribes a general governance structure managed by Health Infrastructure that can be tailored to the planning and delivery of health infrastructure projects greater than $10.0 million.

The three major hospital redevelopments examined in metropolitan, regional and rural areas had a combined Estimated Total Cost of more than $1.2 billion and comprised eight discrete projects and 13 separate business cases.

Almost all these projects experienced delivery challenges which impacted achievement of their original objectives and intended benefits. This is expected in complex and large-scale health infrastructure programs. However, in some projects the impacts were significant and resulted in substantial delays, unforeseen costs, and diversion of resources from other priority areas.

Our review of the selected case studies highlighted opportunities for enhancing governance and project management. Specifically, it indicates a need for improving transparency in the management of contingencies, risk management and assessments particularly relating to adverse site conditions and the selection of contractors. There is also a need to strengthen forward planning for options to address unfunded priorities within business cases that risk complicating the delivery of future project stages resulting in unforeseen costs and potentially avoidable budget overruns.

In February 2017, the Ministry's Capital Strategy Group approved the use of surplus funds of $13.76 million from Stage 1 of the Hornsby Ku-ring-gai Hospital Redevelopment for new works deemed needed to support Stage 2. Following this decision, Health Infrastructure finalised and submitted a business case addendum for Stage 1 to the Ministry in March 2017, addressing the new works comprising a two-storey building for medical imaging and paediatric floors. The business case addendum also addressed options to fit out and procure major medical imaging equipment. The Ministry approved the Stage 1 business case in July 2017, noting the Ministry's Capital Strategy Group had already approved the use of remaining Stage 1 funds to deliver the new works.

Stage 1 was completed in 2015, almost two years before the Stage 1 business case addendum was prepared in February 2017.

The Ministry's decision to approve the new works using $13.76 million of surplus Stage 1 funds did not comply with the NSW Treasury Circular TC 12/20. This policy establishes the Treasurer's approval must be sought and received before a new capital project with an Estimated Total Cost of $5.0 million or more can be approved by NSW Health. The Ministry therefore exceeded its delegated authority in making this decision, as it was not evident it had sought and received the Treasurer's approval prior to doing so.

Consequently, the surplus Stage 1 funds should not have been used by the Ministry to deliver new works in the circumstances. Instead, they should have been released from the Stage 1 project in accordance with established NSW Health procedures, and the Stage 1 Estimated Total Cost revised down accordingly. This did not occur, and NSW Health ultimately directed $11.0 million in surplus Stage 1 funds to the new works.

These circumstances indicate a need to strengthen transparency and accountability within NSW Health for the approval of new projects, and how contingency funds are used in the management of major health capital works. They also demonstrate the impact of weaknesses with options appraisal as the initial Stage 1 business case did not consider alternative options for addressing the initially unfunded works later covered by the Stage 1 business case addendum and ultimately funded from the Stage 1 contingency provision.

In addition to proposing the above-noted new works, the 2017 Stage 1 Business Case Addendum for the Hornsby-Ku-ring-gai development sought to retrospectively address the estimated funding gap of around $14.0 million for the internal fit out, supply of major medical imaging equipment, and cost to operate the medical imaging service at Hornsby Ku-ring-gai Hospital also not addressed in the originally Stage 1 business case.

The Stage 1 business case addendum considered various procurement options to purchase and run the medical imaging services ranging from State operation purchase options to private operation purchase options.

It recommended outsourcing the operation and provision of equipment to the private sector based on estimated savings to the public sector initially of around $650,000 per annum reducing over time to $270,000. The Ministry endorsed this option in June 2017, but it did not ultimately proceed.

A July 2018 report to the Executive Steering Committee on the project shows NSW Health later decided to deliver operation of the medical imaging unit 'traditionally' with an updated estimate of the cost at approximately $16.4 million. The report also shows the Ministry supported the costs now being met by the Northern Sydney Local Health District.

This means the funding gap previously identified in the Stage 1 business case addendum for fitting out the medical imaging building and supply of major medical equipment would need to be met fully by the State, representing a $16.4 million cost overrun for the project.

Examined reports to the Executive Steering Committee show this was largely funded by the Northern Sydney Local Health District via the disposal of land realising approximately $15.0 million in proceeds.

This initially unforeseen cost, along with the additional $11.0 million for the new works approved under the Stage 1 business case addendum, were ultimately merged with the Stage 2 project initially approved in 2017–18 with an Estimated Total Cost of $200 million.

The 2019–20 State Budget provided an additional $65.0 million for a further Stage 2A to deliver additional built capacity to support outpatient services, enhanced allied health services, re-housed community health services and the delivery of prioritised clinical services unfunded as part of Stage 2. The funds were approved based on an Investment Decision Template (IDT) that examined two options in addition to the base case representing scoping alternatives to the preferred master planned capital solution.

However, we found the IDT showed around 23 per cent of the $65.0 million sought (i.e. $15.0 million) was to be allocated to fund the deficit in Stage 2, which had arisen as a result of project delays due to adverse site conditions. This was not discussed in the IDT.

The February 2020 report to the Executive Steering Committee shows a combined Stage 2 and 2A final forecast cost of $292.6 million against a potential budget of $290.7 million representing an overall deficit for the project of around 0.6 per cent.

However, this favourable final budget position does not transparently show the funding challenges experienced over the project's implementation to-date. The three major budget issues include:

• inappropriate use of around $11.0 million in Stage 1 contingency for originally unfunded works contrary to Treasury policy
• the additional $16.4 million cost unforeseen in the Stage 1 business case for delivering medical imaging services mostly funded through the sale of land
• an additional $15.0 million from Stage 2A to cover the budget overrun in Stage 2 due to adverse site conditions.

The cumulative impact of these events is that Stages 1 and 2 of the Hornsby project cost approximately $42.4 million than it should have in the circumstances around 14 per cent more than what the revised combined Estimated Total Cost for both stages should have been after releasing the $11.0 million in surplus Stage 1 funds, with Stage 2 delayed by around 14 months.

Major construction projects often experience adverse site conditions which can be difficult to fully detect in advance. However, we found this was a common occurrence in the projects we examined sometimes with significant time and/or budget impacts indicating scope to enhance related risk and cost assessments. Specifically:

• Hornsby Ku-ring-gai Hospital Redevelopment Stage 2: adverse site conditions during demolition works resulted in an 11-month delay for delivering the medical imaging unit and 14-month delay completing Stage 2 main works including need for additional $15.0 million in funds to cover the resultant budget deficit for the project.
• Blacktown Mt Druitt Hospital Redevelopment Stage 2: adverse site conditions combined with project complexity delayed completion of the early works by approximately five months. This contributed to the delay in completing the main construction works which occurred around nine months later than planned in the business case.
• Dubbo Health Service Redevelopment Stages 3 and 4: Health Infrastructure advised adverse site conditions including asbestos containing materials and ground conditions delayed works for the main building with completion forecast for March 2021, around 21 months later than planned in the final business case. This resulted in the need for additional $13.5 million to cover increased construction costs and risks, increasing the Stage 3 and 4 forecast final cost from $150 million to $163.5 million as at February 2020.

These examples indicate a risk the cumulative impact of adverse site conditions may be substantial when measured across both time and Health Infrastructure's full delivery program. They also point to potential for Health Infrastructure to achieve efficiencies and improved outcomes from strengthening its approach to assessing and mitigating the risks from adverse site conditions.

Main construction works on Stage 1 of the Dubbo Health Service Redevelopment were completed in October 2015, approximately 13 months later than planned in the final business case. Delays were mainly due to insolvency of the early works contractor resulting in their departure from the project. The ensuing 11-month delay in completing the early works significantly impacted the overall schedule and delivery of main construction works.

The insolvency event was significant as it affected nine separate Health Infrastructure projects – three of which had yet to reach practical completion. It also affected state-funded projects in other sectors. It resulted in the need for additional funding of $11.5 million that was provided in the 2014–15 State Budget increasing the total Stage 1 and 2 budget from $79.8 million to $91.3 million.

Health Infrastructure’s analysis of lessons learned shows it worked actively to mitigate the impacts of the insolvency event across all affected projects. However, it also indicates a risk the lessons were mainly focused on mitigating the impacts after an insolvency event occurred rather than on prevention.

Although Health Infrastructure initially commissioned a financial assessment of the now insolvent early works contractor before engagement, it did not detect any risks of the impending insolvency and instead concluded the contractor was in a strong financial position. However, the contractor became insolvent shortly after commencement approximately seven months later. This indicates a risk of weaknesses in the assessment performed that was not explicitly addressed by the lessons learned.

Delivery of the main construction works were further impacted by disputes with the main works contractor over the scope of works for the renal unit resulting in Health Infrastructure terminating the contract in November 2016 following lengthy negotiations over several months.

The scope of works relating to the renal unit were ultimately transferred to Stages 3 and 4 and were delivered in December 2019, around five years later than originally planned in the business case.

Health Infrastructure advised the delay was ultimately beneficial to the project because the refurbishment works for the renal unit, initially scheduled for Stages 1 and 2, would have been demolished to accommodate the new Western Cancer Centre proposed after Stages 1 and 2 and currently being delivered in parallel with Stages 3 and 4.

Health Infrastructure advised the actual cost of Stages 1 and 2 was $84.7 million against the budget of $91.3 million. The residual $6.6 million relates to the renal works not delivered during Stage 1 and 2 and transferred to Stage 3 and 4.

Health Infrastructure advised the contractual provisions for mitigating insolvency events 'in-flight' are limited highlighting the importance of proactive and effective due diligence prior to engaging contractors for significant construction projects.

Health Infrastructure's 2017-20 Corporate Plan identifies the development of a quality framework to support delivery of future-focused outcomes as a key organisational priority. Related initiatives within the Corporate Plan describe a framework underpinned by a Quality Committee providing advice on:

• records management, to meet the requirements of the State Records Act 1998
• project assurance, to ensure future focused outcomes and enhance Health Infrastructure's Standards, Policies, Procedures and Guidelines, Templates and Design Guidance Notes
• knowledge management and library services, to promote and leverage from project learnings.

Although Health Infrastructure has some elements of a quality framework it is not yet fully in place. Health Infrastructure advised it had yet to establish the quality framework and related committee described in its Corporate Plan due in part to its focus on responding to the growth of its capital program.

Health Infrastructure's Development and Innovation team has been active in supporting continuous improvement in knowledge and project management including development of business cases. Although useful, these initiatives have relied heavily on leveraging and disseminating insights from Gateway reviews and have not formed part of a systematic quality and continuous improvement framework.

The limited focus on the quality of business cases is reflected in internal performance monitoring and reporting which focuses mainly on tracking the delivery of projects against internal benchmarks, often revised from the baselines in the business case, and expenditure against cashflow targets. There is no evident internal monitoring and/or reporting to the Chief Executive and Board on defined quality metrics linked to business case development and staff capability.

Performance reporting on balanced scorecard metrics has similarly focused mainly on process rather than quality and has been inconsistent in recent years.

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

Appendix four – Ministry of Health planning tools and guidelines

Appendix five – Streamlined investment decision process for Health Capital Projects

Appendix six – Timeline of business cases and relevant policy guidelines

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #338 - released 12 August 2020