Refine search Expand filter

Audit progress

- Any -

Sector

- Any -

Year

- Any -

Report type

- Any -

Topic

- Any -

Reports

Published

Stronger Communities 2022

Justice
Community Services
Asset valuation
Compliance
Cyber security
Financial reporting
Information technology
Internal controls and governance
Management and administration
Procurement
Project management
Risk

What the report is about

Results of the Stronger Communities cluster agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unqualified audit opinions were issued on all completed 30 June 2022 financial statement audits. One audit is ongoing.

All 13 cluster agencies that have accommodation arrangements with Property NSW derecognised right-of-use assets and lease liabilities of $917 million and $1 billion respectively. The agencies also collectively recorded a gain on derecognition of $136 million.

The Department of Communities and Justice (the department) assumed the responsibility for delivery of the Process and Technology Harmonisation program from the Department of Customer Service. In 2021–22, the department incurred costs of $42.8 million in relation to the project, which remains ongoing.

The number of monetary misstatements identified during the audits decreased from 50 in 2020–21 to 48 in 2021–22.

What the key issues were

Six of the 15 cluster agencies required to submit 2021–22 mandatory early close procedures did not meet the statutory deadlines. One agency did not complete all mandatory procedures.

Five high-risk findings were identified in 2021–22. They related to deficiencies in:

  • user access administration at the department, NSW Rural Fire Service and New South Wales Aboriginal Land Council (NSWALC)
  • segregation of duties at the NSW Trustee and Guardian and NSWALC.

Recommendations were made to those agencies to address these control deficiencies.

This report provides Parliament and other users of the Stronger Communities cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued on all completed 30 June 2022 financial statement audits of cluster agencies, including the acquittal and compliance audits for the Legal Aid Commission of New South Wales and Crown Solicitor's Office. One audit is ongoing.

  • Reported corrected misstatements decreased from 30 in 2020–21 to 23 with a gross value of $187 million in 2021–22 ($101 million in 2020–21). Reported uncorrected misstatements increased from 20 in 2020–21 to 25 with a gross value of $92.3 million in 2021–22 ($107 million in 2020–21).

  • Six of the 15 cluster agencies required to submit 2021–22 early close financial statements and all other mandatory procedures did not meet the statutory deadlines. One agency did not complete all mandatory procedures.

  • All 13 cluster agencies that have accommodation arrangements with Property NSW accepted the changes in the Client Acceptance Letters, resulting in the derecognition of right-of-use assets and lease liabilities of $917 million and $1 billion respectively. The agencies also collectively recorded a gain on derecognition of $136 million.

  • The Department of Communities and Justice (the department) assumed the responsibility to deliver the Process and Technology Harmonisation program from the Department of Customer Service. In 2021–22, the department incurred costs of $42.8 million in relation to the project.

  • In 2021–22, the department continued to implement the International Financial Reporting Standards Interpretations Committee's agenda decision on 'Configuration or customisation costs in a cloud computing arrangement'. The department's review of the remaining arrangements, with a net book value of $233 million at 30 June 2021, resulted in the recognition as an expense (through accumulated funds at 1 July 2020) of previously capitalised intangible assets totalling $106 million.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.

Section highlights

  • The number of issues reported to management has decreased from 130 in 2020–21, to 110 in 2021–22, and 43% were repeat issues (51% in 2020–21). Many repeat issues related to information technology, governance and oversight controls, and non-compliance with key legislation and/or agency policies.

  • Five high-risk issues were identified in 2021–22, all of which are repeat issues and related to user access administration and segregation of duties.

  • Of the 24 newly identified moderate risk issues, 11 related to information technology. The rest related to governance and oversight controls and internal control deficiencies or improvements in payroll, asset management and other processes.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Health 2022

Health
Whole of Government
Asset valuation
Compliance
Cyber security
Financial reporting
Information technology
Infrastructure
Internal controls and governance
Management and administration
Procurement
Risk
Service delivery
Shared services and collaboration
Workforce and capability

What the report is about

Result of Health cluster (the cluster) agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for the financial statements for all Health cluster agencies.

The COVID-19 pandemic continued to increase the complexity and number of accounting matters faced by the cluster. The total gross value of corrected misstatements in 2021–22 was $353.3 million, of which $186.7 million related to an increase in the impairment provision for Rapid Antigen Tests (RATs).

A qualified audit opinion was issued on the Annual Prudential Compliance Statement related to five residential aged care facilities. There were 20 instances (19 in 2020–21) of non-compliance with the prudential responsibilities within the Aged Care Act 1997.

What the key issues were

The total number of matters we reported to management across the cluster decreased from 116 in 2020–21 to 67 in 2021–22. Of the 67 issues raised, four were high risk (three in 2020-21) and 37 were moderate risk (57 in 2020–21). Nearly half of all control deficiencies reported in 2021–22 were repeat issues.

Three unresolved high-risk issues were:

  • COVID-19 inventories impairment – we continued to identify issues relating to management’s impairment model which relies on anticipated future consumption patterns. RATs had not been assessed for impairment.

  • Asset capitalisation threshold – management has not reviewed the appropriateness of the asset capitalisation threshold since 2006.

  • Forced-finalisation of HealthRoster time records – we continued to observe unapproved rosters being finalised by system administrators so payroll can be processed on time. 2.6 million time records were processed in this way in 2021–22.

What we recommended

  • COVID-19 inventories impairment – ensure consumption patterns are supported by relevant data and plans.

  • Assets capitalisation threshold – undertake further review of the appropriateness of applying a $10,000 threshold before capitalising expenditure on property, plant and equipment.

  • Forced-finalisation of HealthRoster time records – develop a methodology to quantify the potential monetary value of unapproved rosters being finalised.

This report provides Parliament and other users of Health cluster (the cluster) agencies' financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting

  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Health cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued for all cluster agencies required to prepare general purpose financial statements.

  • The total gross value of corrected monetary misstatements for 2021–22 was $353.3 million, of which, $186.7 million related to an increase in the impairment provision for Rapid Antigen Tests.

  • A qualified audit opinion was issued on the ministry's Annual Prudential Compliance Statements.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the cluster.

Section highlights

  • The total number of internal control deficiencies has decreased from 116 in 2020–21 to 67 in 2021–22. Of the 67 issues raised in 2021–22, four were high (2020–21: 3) and 37 were moderate (2020–21: 57); with nearly half of all control deficiencies reported in 2021–22 being repeat issues.

  • The following four issues were reported in 2021–22 as high risk:

    • impairment of COVID-19 inventories

    • inadequate review over the appropriateness of asset capitalisation threshold

    • forced-finalisation of HealthRoster time records

    • COVID-19 vaccination inventories – data quality issue at 31 March 2022.

  • Management of excessive leave balances and poor quality or lack of documentation supporting key agreements continued to be the key repeat issues observed in the 2021–22 financial reporting period.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

New South Wales COVID-19 vaccine rollout

Health
Internal controls and governance
Management and administration
Project management
Risk
Service delivery

What the report is about

The Australian Government led and implemented the Australian COVID-19 vaccine rollout, with the support of state and territory governments. As part of the Australian Government's vaccine rollout, NSW Health launched its vaccination program on 22 February 2021, with responsibility for distributing and administering COVID-19 vaccine stock provided by the Australian Government.

This audit examined the period 1 January 2021 to 31 December 2021 and focused on NSW Health's contribution to the Australian Government led vaccine roll out in four Local Health Districts (LHDs), in particular the administration of two doses of vaccine to people aged 16 and over.

What we found

On 16 October 2021, NSW Health, in partnership with the Australian Government's vaccination program, achieved its first objective to fully vaccinate 80% of people in NSW aged 16 and over. Demand for the vaccine reduced in December 2021, and NSW Health did not reach its target of 95% fully vaccinated for people aged 16 and over until June 2022.

Despite challenges such as uncertain supply and changes to clinical advice affecting vaccine eligibility, NSW Health's overall delivery of vaccination services was effective and efficient.

During the audit period, NSW Health implemented effective strategies to allocate vaccines and reduce wastage to optimise the number of vaccines available.

NSW Health implemented its own booking system after it identified that the Australian Government's system would not manage bookings. There were problems with NSW Health's interim vaccine booking system, and NSW Health fully resolved these issues by September 2021.

As at 19 October 2022, vaccination rates for Aboriginal peoples and culturally and linguistically diverse people remained below the 95% target.

What we recommended

By June 2023, NSW Health should conduct a comprehensive review of the COVID-19 vaccine rollout and incorporate lessons learned into pandemic response plans.

The first three cases of COVID-19 in New South Wales were diagnosed in January 2020. By 30 June 2021, 128 people were being treated in hospital and one person was in intensive care. By the end of December 2021, 187,504 total cases and 663 deaths were reported in New South Wales. As at 27 October 2022, NSW Health reported more than three million total cases and 5,430 deaths.

The COVID-19 pandemic continues to have a significant impact on the people and the health sector of New South Wales. The Australian, state, territory, and local governments have directed significant resources towards health responses and economic recovery.

On 13 November 2020, National Cabinet (comprised of the Australian, state, and territory governments) endorsed the Australian COVID-19 Vaccination Policy. Australia's vaccination program was launched on 21 February 2021 with the goal of providing safe and effective vaccines to the people who most needed them as quickly as possible, to support the physical, mental and economic wellbeing of the nation.

The Australian Government led and implemented the Australian vaccine rollout, with the support of state and territory governments. As part of the Australian Government's vaccine rollout, NSW Health launched its vaccination program on 22 February 2021, with responsibility for distributing and administering COVID-19 vaccine stock provided by the Australian Government.

The overall objective of this audit was to assess the effectiveness and efficiency of NSW Health’s contribution to the Australian COVID-19 vaccine rollout. It is important to note that in New South Wales, primary care providers (GPs and pharmacies) and aged care providers administered the majority of vaccines. Primary care providers and aged care providers are the responsibility of the Australian Government.

The audit had a particular focus on whether NSW Health:

  • set clear vaccination targets underpinned and/or guided by evidence
  • managed the rollout of the vaccination program effectively and efficiently
  • managed demand of vaccines effectively and efficiently.

The audit examined the period 1 January 2021 to 31 December 2021 and focused on NSW Health's contribution to the Australian Government led vaccine rollout in four Local Health Districts (LHDs), in particular the administration of two doses of vaccine to people aged 16 and over. We did not audit the subsequent rollout for ages five to 15, or the booster rollout (third and fourth doses) as these activities mostly occurred outside the date of our review.

This audit also did not assess the Australian Government’s allocation of vaccine supplies to New South Wales because we do not audit the Australian Government's activities. On 17 August 2022, the Australian National Audit Office completed a performance audit which assessed the Australian Department of Health and Aged Care's effectiveness in the planning and implementation of Australia's COVID-19 vaccine rollout.

This audit is one of a series of audits that have been completed or are in progress regarding the New South Wales COVID-19 emergency response. This includes the planned performance audit ‘Coordination of the response to COVID-19 (June to November 2021)’, and financial audit assurance activities focusing on Local Health District processes and controls to manage the receipt, distribution and inventory management of vaccine stock. The Audit Office New South Wales '2022–25 Annual Work Program' details the ongoing focus our audits will have on providing assurance on the effectiveness of emergency responses.

Conclusion

By 12 December 2021, NSW Health had administered two doses of vaccines to one third of eligible people in New South Wales aged 16 and over – contributing significantly to the achievement of the NSW Government vaccination target of 80% fully vaccinated before 31 December 2021. Despite challenges such as uncertain supply and changes to clinical advice affecting vaccine eligibility, NSW Health's overall delivery of vaccination services was effective and efficient.

NSW Health implemented its own booking system after it identified that the Australian Government's system would not manage bookings. There were problems with NSW Health's interim vaccine booking system, and NSW Health fully resolved these issues by September 2021.

Vaccination levels in some vulnerable populations remain below the 95% double dose target currently in place. Access to quality data to regularly measure vaccination rates in some vulnerable populations remains an ongoing challenge for the NSW and Australian Governments. As a result, NSW Health is unable to fully ensure it has delivered on its shared responsibility with the Australian Government to vaccinate vulnerable people.

NSW Health managed challenges regarding the uncertain supply of vaccines from the Australian Government and filled gaps beyond its agreed responsibilities in the National Partnership on COVID-19 Response. During the Delta outbreak of the pandemic, NSW Health sought to achieve the best possible public health outcome from limited vaccine supply by opening up additional vaccination clinics in highly affected areas and redistributing vaccine supplies from areas with fewer cases to highly affected local government areas in south west Sydney.

During the audit period, NSW Health implemented effective strategies to allocate vaccines and reduce wastage to optimise the number of vaccines available. Our financial audit report, 'Health 2022', includes additional information on vaccine supply stock held by NSW Health.

NSW Health demonstrated agility by using a range of strategies to promote vaccination, including direct engagement with communities to develop culturally appropriate services such as pop-up clinics. NSW Heath recruited prominent community members, such as faith leaders, elders and sportspeople, to promote vaccination within their communities. However, at the date of this report, there are still vulnerable populations with vaccination rates lower than the current 95% double dose vaccination target. There is also a lack of regularly updated data for some cohorts which prevents NSW Health from accurately monitoring vaccination rates in some populations it has identified as vulnerable.

In March 2021, NSW Health identified that the booking system provided by the Australian Government was an online directory of vaccine clinics and would not manage bookings. To overcome this, NSW Health amended an internal-use system to be publicly facing. This solution was not user-friendly for staff or those seeking to make an appointment. Between June to September 2021, NSW Health progressively resolved booking system related issues, by developing and rolling out a new purpose-built booking solution for NSW Health vaccination clinics.

Appendix one – Response from agency

Appendix two – Australian audits on the vaccine rollouts

Appendix three – Committee members 

Appendix four – About the audit 

Appendix five – Performance auditing 

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #369 - released 7 December 2022

Published

Education 2022

Education
Asset valuation
Compliance
Cyber security
Financial reporting
Information technology
Internal controls and governance
Procurement
Risk

What the report is about

Result of the Education cluster financial statement audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for Education cluster agencies.

An 'other matter' paragraph was included in the TAFE Commission's independent auditor's report as it did not have a delegation or sub-delegation from the Minister for Education and Early Learning to incur expenditure from cluster grants.

What the key issues were

Annual fair value assessments of land and buildings showed material differences in their carrying values. As a result, the Department of Education and the TAFE Commission completed desktop revaluations of land and buildings, collectively increasing the value of these assets by $1.2 billion and $4.7 billion respectively.

The Department of Education and the NSW Education Standards Authority accepted changes to their office leasing arrangements managed by Property NSW. These changes resulted in the collective derecognition of $270.6 million of right-of-use assets and $382.9 million in lease liabilities.

What we recommended

A high-risk matter was reported in the management letter for the TAFE Commission highlighting non-compliance with policies and procedures guiding appropriate use of purchasing cards.

We recommended cluster agencies prioritise and address internal control deficiencies.

This report provides Parliament and other users of the Education cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued on the financial statements of cluster agencies.
  • An 'other matter' paragraph was included in the independent auditor's report for the Technical and Further Education Commission (TAFE Commission) as they did not have a delegation or sub-delegation from the Minister for Education and Early Learning to incur expenditure from cluster grants.
  • The Department of Education and the TAFE Commission's land and buildings were revalued upwards by a collective $5.9 billion. These uplifts were the result of managerial fair value assessments showing that the carrying values of land and buildings had materially departed from fair value.
  • Changes to accommodation arrangements managed by Property NSW on behalf of the department and the NSW Education Standards Authority resulted in the collective derecognition of approximately $270.6 million in right-of-use assets and corresponding lease liabilities totalling $382.9 million from the balance sheets of these agencies. 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Education cluster.

Section highlights

  • The 2021–22 audits identified 18 moderate issues across the cluster. Seven moderate risk issues were repeat issues related to general and application information technology controls and control deficiencies in key transactional systems used in preparing financial statements.
  • Of the 11 newly identified moderate risk issues, five related to information technology controls deficiencies; and five related to internal control deficiencies in key transactional systems used in preparing financial statements.
  • A high-risk matter was raised at the TAFE Commission relating to identified instances of non-compliance with policies and procedures guiding purchasing card use. 

The number of findings reported to management has increased, and 31% were repeat issues

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.

In 2021–22, there were 29 findings raised across the cluster (28 in 2020–21). Thirty-one per cent of all issues were repeat issues (50% in 2020–21).

The most common new and repeat issues related to internal control deficiencies in agencies’ information technology general controls, application controls, and procurement and payroll practices.

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies. 

A high-risk matter was reported at the TAFE Commission highlighting instances of non-compliance with policies and procedures guiding appropriate purchasing card use

As part of our audit of the TAFE Commission, we integrated the use of data analytics into the audit approach. We performed data analytics over aspects of payroll, procurement and accounts payable activities. This helped us to highlight anomalies or risks in those data sets that are relevant to the audit of the TAFE Commission and plan testing procedures to address those risks. Data analytics also assisted us in providing an insight into the internal control environment of the TAFE Commission, highlighting areas where key controls are not in place or are not operating as management intended.

Our analysis over purchasing card data supplied by the TAFE Commission for the period July 2021 to March 2022 found deficiencies in the provisioning, use and cancellation of purchasing cards. This included identified instances of:

  • controls effectively bypassed when a purchasing card surrendered by a former employee had been used by another employee
  • split payments, circumventing delegation / cardholder limits
  • delays in the submission and approval of purchasing card transactions.

The table below describes the common issues identified across the cluster by category and risk rating:

Risk rating Issue
Information technology

High: 0 new, 0 repeat 1

Moderate: 5 new, 3 repeat 2

Low: 2 new, 1 repeat 3

The financial audits identified areas for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of note were deficiencies identified in:

  • agencies' user access administration and change management procedures, notably in the timing and frequency of managerial reviews over the granting and revocation of access to key systems relevant to financial reporting
  • the level of cyber security maturity
  • the monitoring of privileged user activities.
Internal control deficiencies or improvements

High: 1 new, 0 repeat 1

Moderate: 5 new, 3 repeat 2

Low: 4 new, 1 repeat 3

The financial audits identified internal control weaknesses across key business processes relevant to financial reporting. Of note were deficiencies identified in:

  • the adequacy of monitoring and oversight activities over the use of multiple financial delegation configurations in finance systems for specific users
  • the timely recording and approval of overtime claims and higher duties allowances
  • the timely finalisation of policies and procedures
  • the management of excessive annual leave balances
  • formalisation of service-provider arrangements between government agencies
  • non-compliance with policies and procedures to guide secondary employment and pecuniary interest declarations
  • non-compliance with policies and procedures to guide the appropriate use of purchasing cards.
Financial reporting

High: 0 new, 0 repeat 1

Moderate: 1 new, 1 repeat 2

Low: 2 new, 0 repeat 3

The financial audits identified:

  • opportunities for agencies to strengthen their financial preparation processes to facilitate a timelier and more efficient year-end audit
  • matters in respect of the timely capitalisation of work-in-progress
  • the need for agencies with non-financial assets subject to fair value to reconsider policy settings governing the frequency of revaluations
  • refinements in considering the outcomes of interim fair value assessments to ensure asset carrying values reflect fair value at each balance date.
1 High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
3 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.

 

Recommendation

We recommend cluster agencies prioritise and action recommendations to address the internal control deficiencies outlined above. 

Appendix one – Early close procedures

Published

Audit Insights 2018-2022

Community Services
Education
Environment
Finance
Health
Industry
Justice
Local Government
Premier and Cabinet
Planning
Transport
Treasury
Universities
Whole of Government
Asset valuation
Cross-agency collaboration
Compliance
Cyber security
Financial reporting
Fraud
Information technology
Infrastructure
Internal controls and governance
Management and administration
Procurement
Project management
Regulation
Risk
Service delivery
Shared services and collaboration
Workforce and capability

What the report is about

In this report, we have analysed the key findings and recommendations from our audit reports over the past four years.

This analysis includes financial audits, performance audits, and compliance audits of state and local government entities that were tabled in NSW Parliament between July 2018 and February 2022.

The report is framed by recognition that the past four years have seen significant challenges and emergency events.

The scale of government responses to these events has been wide-ranging, involving emergency response coordination, service delivery, governance and policy.

The report is a resource to support public sector agencies and local government to improve future programs and activities.

What we found

Our analysis of findings and recommendations is structured around six key themes:

  • Integrity and transparency
  • Performance and monitoring
  • Governance and oversight
  • Cyber security and data
  • System planning for disruption
  • Resource management.

The report draws from this analysis to present recommendations for elements of good practice that government agencies should consider in relation to these themes. It also includes relevant examples from recent audit reports.

In this report we particularly call out threats to the integrity of government systems, processes and governance arrangements.

The report highlights the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit.

A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.

Fast facts

  • 72 audits included in the Audit Insights 2018–2022 analysis
  • 4 years of audits tabled by the Auditor-General for New South Wales
  • 6 key themes for Audit Insights 2018–2022.

picture of Margaret Crawford Auditor-General for New South Wales in black dress with city skyline as backgroundI am pleased to present the Audit Insights 2018–2022 report. This report describes key findings, trends and lessons learned from the last four years of audit. It seeks to inform the New South Wales Parliament of key risks identified and to provide insights and suggestions to the agencies we audit to improve performance across the public sector.

The report is framed by a very clear recognition that governments have been responding to significant events, in number, character and scale, over recent years. Further, it acknowledges that public servants at both state and council levels generally bring their best selves to work and diligently strive to deliver great outcomes for citizens and communities. The role of audit in this context is to provide necessary assurance over government spending, programs and services, and make suggestions for continuous improvement.

A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.

However, in this report we particularly call out threats to the integrity of government systems, processes and governance arrangements. We highlight the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit. Arguably, these considerations are never more important than in an increasingly complex environment and in the face of significant emergency events and they will be key areas of focus in our future audit program.

While we have acknowledged the challenges of the last few years have required rapid responses to address the short-term impacts of emergency events, there is much to be learned to improve future programs. I trust that the insights developed in this report provide a helpful resource to public sector agencies and local government across New South Wales. I would be pleased to receive any feedback you may wish to offer.

Margaret Crawford
Auditor-General for New South Wales

Integrity and transparency Performance and monitoring Governance and oversight Cyber security and data System planning Resource management
Insufficient documentation of decisions reduces the ability to identify, or rule out, misconduct or corruption. Failure to apply lessons learned risks mistakes being repeated and undermines future decisions on the use of public funds. The control environment should be risk-based and keep pace with changes in the quantum and diversity of agency work. Building effective cyber resilience requires leadership and committed executive management, along with dedicated resourcing to build improvements in cyber security and culture. Priorities to meet forecast demand should incorporate regular assessment of need and any emerging risks or trends. Absence of an overarching strategy to guide decision-making results in project-by-project decisions lacking coordination. Governments must weigh up the cost of reliance on consultants at the expense of internal capability, and actively manage contracts and conflicts of interest.
Government entities should report to the public at both system and project level for transparency and accountability. Government activities benefit from a clear statement of objectives and associated performance measures to support systematic monitoring and reporting on outcomes and impact. Management of risk should include mechanisms to escalate risks, and action plans to mitigate risks with effective controls. In implementing strategies to mitigate cyber risk, agencies must set target cyber maturity levels, and document their acceptance of cyber risks consistent with their risk appetite. Service planning should establish future service offerings and service levels relative to current capacity, address risks to avoid or mitigate disruption of business and service delivery, and coordinate across other relevant plans and stakeholders. Negotiations on outsourced services and major transactions must maintain focus on integrity and seeking value for public funds.
Entities must provide balanced advice to decision-makers on the benefits and risks of investments. Benefits realisation should identify responsibility for benefits management, set baselines and targets for benefits, review during delivery, and evaluate costs and benefits post-delivery. Active review of policies and procedures in line with current business activities supports more effective risk management. Governments hold repositories of valuable data and data capabilities that should be leveraged and shared across government and non-government entities to improve strategic planning and forecasting. Formal structures and systems to facilitate coordination between agencies is critical to more efficient allocation of resources and to facilitate a timely response to unexpected events. Transformation programs can be improved by resourcing a program management office.
Clear guidelines and transparency of decisions are critical in distributing grant funding. Quality assurance should underpin key inputs that support performance monitoring and accounting judgements. Governance arrangements can enable input into key decisions from both government and non-government partners, and those with direct experience of complex issues.     Workforce planning should consider service continuity and ensure that specialist and targeted roles can be resourced and allocated to meet community need.
Governments must ensure timely and complete provision of information to support governance, integrity and audit processes.          
Read more Read more Read more Read more Read more Read more

 

This report brings together a summary of key findings arising from NSW Audit Office reports tabled in the New South Wales Parliament between July 2018 and February 2022. This includes analysis of financial audits, performance audits, and compliance audits tabled over this period.

  • Financial audits provide an independent opinion on the financial statements of NSW Government entities, universities and councils and identify whether they comply with accounting standards, relevant laws, regulations, and government directions.
  • Performance audits determine whether government entities carry out their activities effectively, are doing so economically and efficiently, and in accordance with relevant laws. The activities examined by a performance audit may include a selected program or service, all or part of an entity, or more than one government entity. Performance audits can consider issues which affect the whole state and/or the local government sectors.
  • Compliance audits and other assurance reviews are audits that assess whether specific legislation, directions, and regulations have been adhered to.

This report follows our earlier edition titled 'Performance Audit Insights: key findings from 2014–2018'. That report sought to highlight issues and themes emerging from performance audit findings, and to share lessons common across government. In this report, we have analysed the key findings and recommendations from our reports over the past four years. The full list of reports is included in Appendix 1. The analysis included findings and recommendations from 58 performance audits, as well as selected financial and compliance reports tabled between July 2018 and February 2022. The number of recommendations and key findings made across different areas of activity and the top issues are summarised at Exhibit 1.

The past four years have seen unprecedented challenges and several emergency events, and the scale of government responses to these events has been wide-ranging involving emergency response coordination, service delivery, governance and policy. While these emergencies are having a significant impact today, they are also likely to continue to have an impact into the future. There is much to learn from the response to those events that will help the government sector to prepare for and respond to future disruption. The following chapters bring together our recommendations for core elements of good practice across a number of areas of government activity, along with relevant examples from recent audit reports.

This 'Audit Insights 2018–2022' report does not make comparative analysis of trends in public sector performance since our 2018 Insights report, but instead highlights areas where government continues to face challenges, as well as new issues that our audits have identified since our 2018 report. We will continue to use the findings of our Insights analysis to shape our future audit priorities, in line with our purpose to help Parliament hold government accountable for its use of public resources in New South Wales.

Appendix one – Included reports, 2018–2022

Appendix two – About this report

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

COVID-19: response, recovery and impact

Community Services
Education
Health
Justice
Premier and Cabinet
Transport
Treasury
Whole of Government
Cross-agency collaboration
Financial reporting
Management and administration
Service delivery
Shared services and collaboration

What the report is about

This report draws together the financial impact of COVID-19 on the agencies integral to responses across the state government sector of New South Wales.

What we found

Since the COVID-19 pandemic hit NSW in January 2020, and until 30 June 2021, $7.5 billion was spent by state government agencies for health and economic stimulus. The response was largely funded by borrowings.

The key areas of spending since the start of COVID-19 in NSW to 30 June 2021 were:

  • direct health response measures – $2.2 billion
  • personal protective equipment – $1.4 billion
  • small business grants – $795 million
  • quarantine costs – $613 million
  • increases in employee expenses and cleaning costs across most agencies
  • vaccine distribution, including vaccination hubs – $71 million.

The COVID-19 pandemic significantly impacted the financial performance and position of state government agencies.

Decreases in revenue from providing goods and services were offset by increases in appropriations, grants and contributions, for health and economic stimulus funding in response to the pandemic.

Most agencies had expense growth, due to additional operating requirements to manage and respond to the pandemic along with implementing new or expanded stimulus programs and initiatives.

Response measures for COVID-19 have meant the NSW Government is unlikely to meet targets in the Fiscal Responsibility Act 2012 being:

  • annual expense growth kept below long-term average revenue growth
  • elimination of State’s unfunded superannuation liability by 2030.

 Fast facts

  • First COVID-19 case in NSW on 25 January 2020
  • COVID-19 vaccinations commenced on 21 February 2021
  • By 31 December 2021, 25.2 million PCR tests had been performed in NSW and 13.6 million vaccines administered, with 93.6% of the 16 and over population receiving two doses
  • During 2020–21, NSW Health employed an extra 4,893 full-time staff and incurred $28 million in overtime mainly in response to COVID-19
  • During 2020–21, $1.2 billion was spent on direct health COVID-19 response measures and $532 million was spent on quarantine for incoming international travellers

Section highlights

  • Up to 30 June 2021, $7.5 billion has been spent by state government agencies for health and economic stimulus.
  • Revenue increased for most agencies as falling revenue from providing goods and services was offset by additional funding from appropriations, grants and contributions.
  • Expenses increased as most agencies incurred additional costs to manage and respond to the pandemic along with delivering stimulus and support programs.
  • Borrowings of $7.5 billion over the last two years helped to fund the response to COVID-19.

Section highlights

  • NSW Government unlikely to meet targets in Fiscal Responsibility Act 2012.

Published

Stronger Communities 2021

Justice
Community Services
Financial reporting
Internal controls and governance

This report analyses the results of our audits of the Stronger Communities cluster agencies for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no outstanding matters relating to audits in the Stronger Communities cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.

What the report is about

The results of the Stronger Communities cluster agencies' financial statement audits for the year ended 30 June 2021.

What we found

Unqualified audit opinions were issued for all 30 June 2021 financial statements of cluster agencies.

Eleven of the 15 cluster agencies required to submit 2020–21 early close financial statements and other mandatory procedures did not meet the statutory deadline. Five agencies did not perform all mandatory procedures.

The implementation of AASB 1059 'Service Concession Arrangements: Grantors' had a significant impact on the Department of Communities and Justice's (the department) 2020–21 financial statements. The department applied a modified retrospective approach upon initial adoption at 1 July 2020 and recognised service concession assets and liabilities of $1.0 billion and $1.2 billion respectively (relating to three correctional centres with private sector operators).

The department was, this year for the first time, able to reliably measure Incurred But Not Reported (IBNR) claims relating to its Victims Support Scheme. The department recorded a liability of $200 million at 30 June 2021. Liabilities for Child Sexual Assault IBNR claim continue to be not recorded on the basis they are unable to be reliably measured.

The number of monetary misstatements identified during the audit of the financial statements for the cluster increased from 61 in 2019–20 to 72 in 2020–21.

What the key issues were

The number of issues reported to management decreased from 191 in 2019–20 to 172 in 2020–21. However, 45 per cent were repeat issues related to information technology, governance and oversight controls.

Seven high risk issues were identified in 2020–21, an increase of five compared to last year. High risk issues related to deficiencies in IT access controls at Sydney Cricket and Sports Ground Trust; a lack of a formal agreement between the Office of Sport and Planning Ministerial Corporation over the management of a sporting venue; asset revaluations at both Fire and Rescue NSW and the Trustees of the Anzac Memorial Building; and three issues related to revenue recognition control deficiencies at New South Wales Aboriginal Land Council and two of its subsidiaries.

What we recommended

Cluster agencies should ensure all applicable mandatory early close procedures are completed and the outcomes provided to the audit team in accordance with the deadlines set by NSW Treasury.

We recommend cluster agencies action recommendations to address internal control weaknesses promptly. Focus should be given to addressing high risk and repeat issues.

Fast facts

The Stronger Communities cluster, consisting of 28 agencies, aims to deliver community services that support a safe and just New South Wales.

  • $14.0b property, plant and equipment as at 30 June 2021 
  • $20.9b total expenditure incurred in 2020–21
  • 100% unqualified audit opinions were issued for all 30 June 2021 financial statements
  • 7 high risk management letter findings were identified
  • 72 monetary misstatements were reported in 2020–21
  • 45% of reported issues were repeat issues.

This report provides Parliament and other users of the Stronger Communities cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster (the cluster) for 2021.

Section highlights

  • Unqualified audit opinions were issued for all 30 June 2021 financial statements of cluster agencies including the acquittal and compliance audits for the Legal Aid Commission of New South Wales and Crown Solicitor's Office.
  • An 'Other Matter' paragraph was included within the Multicultural NSW and Office of the Ageing and Disability Commissioner’s Independent Auditor's Report. While the paragraph did not modify the audit opinion, it noted the agencies did not have a signed instrument of delegation from their responsible Minister(s) to incur expenditure for the 2020–21 financial year and therefore were non‑compliant with section 5.5 of the Government Sector Finance Act 2018 .
  • 11 of the 15 cluster agencies required to submit 2020–21 early close financial statements and all other mandatory procedures did not meet the statutory deadlines. The agencies cited changes in key staff, delays in finalising actuarial and valuation work and the timing of Audit and Risk Committee meetings as the main reasons for not meeting the deadlines. Five agencies did not complete all mandatory procedures.
  • The Department of Communities and Justice (the department) was, for the first time, able to reliably measure and record a liability of $200 million at 30 June 2021 for Incurred But Not Reported (IBNR) claims relating to its Victims Support Scheme. Child Sexual Assault IBNR claim liabilities continue to be not recorded on the basis they are still unable to be reliably measured.
  • The International Financial Reporting Standards Interpretations Committee released an agenda decision on 'Configuration or customisation costs in a cloud computing arrangement' (the IFRIC agenda decision). The department treated the financial impacts of the IFRIC agenda decision as a change in accounting policy and retrospectively recorded prepaid assets and expenses of $52.3 million and $90.5 million respectively relating to intangible assets they had previously capitalised.
  • The implementation of AASB 1059 'Service Concession Arrangements: Grantors' had a significant impact on the department's 2020–21 financial statements. The department applied a modified retrospective approach upon initial adoption at 1 July 2020 and recognised service concession assets and liabilities of $1.0 billion and $1.2 billion respectively in relation to three correctional centres with private sector operators.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.

Section highlights

  • The number of issues reported to management has decreased from 191 in 2019–20 to 172 in 2020–21, and 45 per cent were repeat issues. Many repeat issues related to information technology, governance and oversight controls.
  • Seven high risk issues were identified in 2020–21, an increase of five compared to last year.
  • The two high risk issues identified in 2019–20 relating to New South Wales Institute of Sport were resolved.

Findings reported to management

The overall number of findings has decreased, but the level of repeat issues increased

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.

In 2020–21, there were 172 findings raised across the cluster (191 in 2019–20). 45 per cent of all issues were repeat issues (32 per cent in 2019–20).

Repeat issues largely related to weaknesses in controls over information technology (IT), governance and oversight.

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision‑making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.

2020–21 audits identified seven high risk findings

High risk findings were reported at the following cluster agencies. Two high risk findings reported in 2019–20 were resolved.

Agency Description
2020–21 findings
Sydney Cricket and Sports Ground Trust (new finding) * The audit of Sydney Cricket and Sports Ground Trust's IT access controls identified:
  • activity (audit) logs of privileged access within iPOS (purchasing system) and Microsoft Dynamics (sales system) are not maintained and periodically reviewed by an independent officer
  • the review of privileged activity logs of booking system Event Business Management Software (EBMS) is not formally documented
  • 8 generic super user accounts are being shared across four IT systems including iPOS, Microsoft Dynamics, EBMS and SUN (accounting system).
The matter has been included as a high risk finding in the management letter as there is an increased risk of:
  • unauthorised transactions and changes to financial data
  • unauthorised users gaining access to financial systems
  • data breaches or financial loss.
Fire and Rescue NSW (new finding) Fire and Rescue NSW (FRNSW) completed a comprehensive revaluation of its fire appliances in 2020–21. The audit of the revaluation found there was inadequate analysis and quality control by management over the valuation process prior to the outcomes being included in the financial statements.
FRNSW had 57 fleet assets that have not been revalued due to problems with data supplied by the valuer. The written down value:
  • did not agree to the valuer's calculations for 28 assets
  • was provided by the valuer for 29 assets, but there were no supporting calculations.
These assets have been left at their previous book values of $3.0 million. The accounting standards require the entire class of assets to be revalued when a revaluation is performed.
The review also found:
  • inconsistent valuation of vehicles of the same make, model, age and specifications
  • errors had been made when the previous valuation was uploaded into the fixed asset register
  • the valuer incorrectly included additional equipment in the replacement cost estimate for vehicles that did not have that equipment.
The matter has been included as a high risk finding as it resulted in monetary misstatements and caused delays to the overall timeframes for the audit.
New South Wales Aboriginal Land Council (NSWALC) (new finding) The audit of NSWALC's revenue identified there was no formal assessment of relevant contracts for the nature, amount and timing of revenue recognition before preparing the financial statements.
This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to revenue transactions.
NSWALC Employment and Training Limited (new finding) The audit of NSWALC Employment and Training Limited's revenue found:
  • there was no formal assessment of relevant contracts for the nature, amount and timing of revenue recognition before preparing the financial statements
  • the financial statements' preparation did not include updated accounting policies reflecting the requirements of AASB 15 'Revenue from Contracts with Customers' (AASB 15) and AASB 1058 'Income of Not-for-Profit Entities' (AASB 1058).
This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to revenue transactions.
NSWALC Housing Limited (new finding) The audit of NSWALC Housing Limited's revenue identified it:
  • did not perform formal assessments of relevant contracts for the nature, amount and timing of revenue recognition before preparing the financial statements
  • deferred revenue recognition for funding received from NSWALC  (the parent entity). There are no sufficiently specific performance obligations in the funding letter, hence revenue should be recognised on receipt of the funding
  • recognised rental income from managing properties from the Aboriginal Housing Office (AHO) without considering the agreement, which requires remittance of profit to the AHO
  • the financial statements did not include updated accounting policies according to the requirements of AASB 15 and AASB 1058.
This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to revenue transactions.
Office of Sport (new finding)

The Olympic Co-ordination Authority Dissolution Act 2002 transferred the assets, rights and liabilities relating to the Sydney International Regatta Centre (SIRC) to the Planning Ministerial Corporation (the Corporation) effective from 1 July 2002. The Corporation recognised the related land assets but did not recognise any of the built assets at the time of transfer. The total value of the land and built assets at 30 June 2021 was
$13.8 million and $11.2 million (written down value) respectively.

The SIRC has been managed by the Office of Sport (the Office) for many years in accordance with a not yet executed management agreement.

It appears there was a clear intention in 2005 that the control of SIRC built assets was to be transferred from the then Department of Planning to the then Department of Tourism, Sport and Recreation (a predecessor of the Office), through the exchange of letters between the relevant Ministers and an Administrative Order (the Order). The Order transferred the SIRC staff from the then Department of Planning to the then Department of Tourism, Sport and Recreation. However, it was silent on whether the relevant built assets were transferred.

Currently, the Office recognises the SIRC built assets in the financial statements whilst the Corporation recognises the land assets as the legal owner of the property.

This matter has been included as a high risk finding as the lack of a formal management agreement casts doubt over the accounting treatment of SIRC property.
The Trustees of the Anzac Memorial Building (new finding)

The audit of the Trustees of the Anzac Memorial Building's property, plant and equipment identified:

  • the fixed assets register for plant and equipment had not previously included sufficient detail about the individual assets to which costs related to reconcile it to the work performed by management's valuation expert
  • the financial statements did not meet the requirement of AASB 108 ‘Accounting Policies, Changes in Accounting Estimates and Errors’  to disclose the nature and reason why it corrected a prior period error of $778,000.

This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to property, plant and equipment.
*         The finding related to the former Sydney Cricket and Sports Ground Trust (based on the completion audit for the period 1 March 2020 to 30 November 2020). This agency was dissolved and transferred to Venues NSW on 1 December 2020.
 

Recommendation (repeat issue)

We recommend cluster agencies action recommendations to address internal control weaknesses promptly. Focus should be given to addressing high risk and repeat issues.

The table below describes issues commonly identified across the cluster by category and risk rating.

Risk rating Issue
Information technology

High3
1 new

The financial audits identified weaknesses in information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues with:

  • user access administration
  • cyber security including governance arrangements, monitoring of third-party system access and patch management
  • password security and policy parameters
  • development, review and testing of disaster recovery plans.

Moderate2
8 new,
22 repeat
Low1
5 new,
6 repeat
Internal control deficiencies or improvements

High3
1 new

The financial audits identified internal control weaknesses across the following key business processes: 

  • expenditure, including the approval of purchase requisitions and review of open purchase orders
  • supplier and employee masterfile maintenance
  • segregation of duties.

Moderate2
6 new,
3 repeat

 Low1
23 new,
7 repeat
Financial reporting

High3
4 new

The financial audits identified weaknesses in financial reporting processes, including:

  • fully depreciated assets still in use, indicating the need to perform more frequent assessments of useful lives of assets
  • robustness of property, plant and equipment asset revaluations
  • incomplete or inaccurate recording of balances in the financial statements.

Moderate2
9 new,
1 repeat

Low1
11 new,
5 repeat
Governance and oversight
High3
1 new

The financial audits identified areas where agencies could strengthen governance and oversight processes, including:

  • review and update of policies and procedures
  • formalising existing key business arrangements
  • records management practices.
Moderate2
5 new,
11 repeat
Low1
12 new,
8 repeat
Non-compliance with key legislation and/or central agency policies
Moderate2
7 new,
6 repeat

The financial audits identified the need for agencies to improve their compliance with key legislation and/or central agency policies, including:

  • management of excessive annual leave balances
  • existence of and compliance with financial delegations
  • related party transactions disclosures from key management personnel.
Low1
2 new,
8 repeat
4 Extreme risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
3 High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
1 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.

The number of moderate risk findings decreased from prior year

Seventy‑eight moderate risk findings were reported in 2020–21, representing a 22 per cent decrease from 2019–20. Of these, 43 were repeat findings, and 35 were new issues.

Moderate risk findings reported in 2020–21 include:

  • weaknesses in governance arrangements, including outdated policies and procedures and arrangements that do not align with NSW Government guidelines, such as the NSW Government Procurement Policy Framework and NSW Cyber Security Policy
  • weaknesses in user access administration including:
    • user access reviews
    • monitoring of privileged user access and activities
    • password policy configuration
  • cyber security improvements including:
    • implementation and update of governance arrangements
    • monitoring of third‑party system access
    • patch management improvement
  • outdated instruments of financial delegation and non‑compliance with established financial delegations
  • weaknesses in supplier and employee masterfile maintenance.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Published

Health 2021

Health
Asset valuation
Compliance
Cyber security
Financial reporting
Infrastructure
Internal controls and governance
Procurement

This report analyses the results of our audits of the Health cluster agencies for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no outstanding matters relating to audits in the Health cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.

What the report is about

The results of Health cluster (the cluster) agencies' financial statements audits for the year ended 30 June 2021.

What we found

Unmodified audit opinions were issued for the financial statements of all Health cluster agencies.

The COVID-19 pandemic increased the complexity and number of accounting matters faced by the cluster. The total gross value of corrected misstatements in 2020–21 was $250.2 million, of which $226.0 million were pandemic related.

A qualified audit opinion was issued on the Annual Prudential Compliance Statement. The basis of the qualification related to 19 instances (18 in 2018–19) of non-compliance relating to three of the 20 prudential requirements across five aged care facilities.

What the key issues were

The total number of matters we reported to management across the cluster increased from 112 in 2019–20 to 116 in 2020–21. Of the 116 issues raised in 2020–21, three were high risk (one in 2019–20) and 57 were moderate risk (47 in 2019–20). Nearly one half of the issues were repeat issues.

The three new high-risk issues identified were:

Hotel Quarantine (HQ) fees

The absence of a tailored debt recovery strategy, data integrity issues and uncertainties around future HQ arrangements increased risks around the recoverability of HQ fees from travellers.

COVID-19 inventories

Data errors and anomalies in the impairment model and difficulties forecasting key factors impacting the management of Personal Protective Equipment (PPE) increased uncertainty associated with the valuation and impairment of COVID-19 inventories.

COVID-19 vaccines

The Commonwealth did not provide information about the cost of vaccines provided to NSW free of charge, which required the performance of internal valuations to reflect the consumption of vaccines in the financial statements.

What we recommended

Hotel Quarantine (HQ) fees

Develop a tailored assessment methodology to estimate recoverability of HQ fees and work with Revenue NSW to develop a tailored debt recovery strategy.

COVID-19 inventories

Review the current stocktaking and impairment methodology to incorporate validation of data key to the management of COVID-19 related PPE.

COVID-19 vaccines

Work with the Commonwealth to obtain primary price information on COVID-19 vaccines.

Fast facts

The Health cluster, comprising 15 local health districts, five pillars agencies, two specialty health networks and six shared state-wise services agencies, deliver health services to the people of New South Wales.

  • 100% unqualified audit opinions were issued on agencies' 30 June 2021 financial statements
  • 24 monetary misstatements were reported in 2020–21
  • high risk management letter findings were identified
  • 47.4% of reported issues were repeat issues
  • $23.5b property, plant and equipment as at 30 June 2021
  • $26.8b total expenditure incurred in 2020–21

This report provides Parliament and other users of the Health cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely. This chapter outlines our audit observations related to the financial reporting of agencies in the Health cluster (the cluster) for 2021.

Section highlights

  • Unqualified audit opinions were issued for all cluster agencies required to prepare general-purpose financial statements.

  • The total gross value of all corrected monetary misstatements for 2020–21 was $250.2 million, of which $226.0 million were related to complexities arising from the COVID-19 pandemic.

  • A qualified audit opinion was issued on the Ministry's Annual Prudential Compliance Statement.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making. This chapter outlines our observations and insights from our financial statement audits of agencies in the Health cluster.

Section highlights

  • The total number of internal control deficiencies has increased from 112 issues in 2019–20 to 116 in 2020–21. Of the 116 issues raised in 2020–21, three were high (one in 2019–20) and 57 were moderate (47 in 2019–20); with nearly one half of all control deficiencies reported in 2020–21 being repeat issues.
  • The complexities arising from accounting for agreements between governments to respond to the COVID-19 pandemic presented three new high risk audit findings with respect to the:
    • expected rate of recoverability of outstanding Hotel Quarantine fees
    • procurement, stocktaking and impairment of COVID-19 inventories
    • valuation and recognition of COVID-19 vaccines received from the Commonwealth Government.
  • Management of excessive leave balances and poor quality or lack of documentation supporting key agreements were amongst the repeat issues observed again in the 2020–21 financial reporting period.

Findings reported to management

The number of findings reported to management has increased, with 47.4 per cent of all issues being repeat issues

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of cluster agencies. The Audit Office does this through our management letters, which include observations, implications, recommendations and risk ratings.

In 2020–21, there were 116 findings raised across the cluster (112 in 2019–20). 47.4 per cent of all issues were repeat issues (38.4 per cent in 2019–20).

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.

The table below describes the common issues identified across the cluster by category and risk rating.

Risk rating Issue
Information technology

Moderate2
7 new,
3 repeat

We identified the need for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with:

  • lack of reviews of user access and privileged user access for
  • HealthRoster
  • Assets and Facilities Management Online
  • vMoney Powerhouse
  • Patient Billing and Revenue Collection system.

Repeat issues included:

  • deficient password controls
  • no independent review for data integrity of any changes made to HealthRoster
  • incomplete reviews of StaffLink User Access.

Low1
4 new,
5 repeat
Internal control deficiencies or improvements

High3

1 new, 

0 repeat

We identified internal control weaknesses across key business processes, including new issues relating to:

  • procurement, stocktaking and impairment of COVID-19 inventories (personal protective equipment)
  • instances where employees' timesheets were approved in advance
  •  monthly reconciliations not reviewed in a timely manner
  • asset revaluation processes at Illawarra Shoalhaven Local Health District.
     

Repeat issues included:

  • forced finalisation of rosters in order to finalise processing of payroll
  • partial repeat issue relating to HealthShare NSW's stocktake process, refer to details in the following section of this report.

Moderate2
6 new,
12 repeat

 Low1
10 new,
4 repeat
Financial reporting

High3

2 new, 
0 repeat

We identified weaknesses with respect to financial reporting in relation to the:

  • expected rate of recoverability of outstanding Hotel Quarantine fees
  • valuation and recognition of COVID-19 vaccines received from the Commonwealth Government
  • application of AASB 16 'Leases'
  • improvement in health agencies' grant register to better support management's accounting treatment under the applicable revenue accounting standards.

Moderate2
6 new,
1 repeat

Low1
8 new,
3 repeat
Governance and oversight
Moderate2
9 new,
5 repeat

We identified opportunities for agencies to improve governance and oversight processes, including:

  • ensure better documentation around governance arrangements for major health capital works delivered by Health Infrastructure
  • absence of documented practices at health agencies level relating to Visiting Medical Officer claims.
     

Repeat issues include:

  • delegations manual for Health Infrastructure remains in draft and has done so since 2017.
Low1
2 new,
2 repeat
Non-compliance with key legislation and/or central agency policies
Moderate2
1 new,
7 repeat

We identified the need for agencies to improve compliance with key legislation and central agency policies, with new findings including:

  • bank signatories list not updated to remove terminated employees
  • subsequent changes made to Junior Medical Officers' approved rosters not approved by an authorised delegate.
     

Repeat issues include:

  • management of excessive annual leave
  • non-compliance with the Government Information (Public Access) Act 2009 (GIPA Act) by Ambulance NSW.
Low1
5 new,
13 repeat

4Extreme risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
3 High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
1 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.

Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.

Complexities arising from the COVID-19 response

The 2020–21 audit identified three new high-risk findings

COVID-19 has presented the cluster with several new accounting challenges. New and evolving matters arose from changes to operating conditions, which characterised the 2020–21 financial reporting period. Issues with a high degree of estimation uncertainty will require ongoing attention as the strategies employed to deal with the COVID-19 pandemic evolve.

Expected rate of recovery of outstanding Hotel Quarantine invoices

The estimation of the amount likely to be recovered is complicated not only by the uncertainties that exist regarding the assumptions those estimations rely upon, but also the debt collection processes and strategies put into place to manage the accumulated debtors' balance. Debt collection is not administered by the cluster, but rather Revenue NSW. We observed an absence of a methodology to assess the likelihood of recovery. Instead, Sydney Local Health District was relying on Revenue NSW to develop and execute on a collection strategy. Sydney Local Health District was using the same approach to hotel quarantine debts as it did to other Health receivables. As the approach to managing international borders evolves over time, so too will the cluster's need to develop robust estimation models to assess the likely collectability of debtors. 

Procurement, management and impairment of COVID-19 inventories

$656.2 million of COVID-19 inventories were procured in 2020–21, with $220.2 million consumed; $558.7 million impaired and a further $217.1 million written off. Estimates of the degree to which inventories are expired, not fit for purpose or are faulty is often based on management judgement at all stages in the procurement cycle.

With respect to the stocktaking methodology applied, the following issues were identified:

  • discrepancies noted in the stock bin listing provided for audit
  • discrepancies in the recount sheet generated
  • inconsistent application of the stocktake methodology
  • inconsistent labelling of quarantined stock
  • a lack of an approach for validating stock expiry dates, which is a key input to the impairment calculations.

Although management had developed processes and a methodology to count as well as to assess the level of inventory that was not fit for purpose, ongoing attention to the operating environment that emerges post pandemic will be important in assessing the degree to which existing COVID-19 inventories can be integrated into a ‘business as usual’ model going forward. Further refinement of the key elements of the stocktaking methodology will also be required to ensure that key inputs upon which management relies to calculate the year-end inventory impairment provision can be appropriately validated.

Valuation and recognition of COVID-19 vaccines received from the Commonwealth Government

The 2020–21 financial reporting period saw the Commonwealth acquire COVID-19 vaccines and provide these to state jurisdictions to dispense to their communities. The vaccines, although provided free of charge require recognition. However, Health entities were not responsible for acquiring the vaccines and data on the vaccines' cost was not shared by the Commonwealth. Management undertook a valuation using publicly available data to estimate the value to attribute to the vaccine inventory; developed new systems and leveraged existing pharmacy systems to track physical quantities received from the Commonwealth and ultimately distributed to NSW citizens. As the response to the pandemic evolves, larger quantities, and new lines of vaccine stock will be dealt with, and policy settings will need to adapt when patterns of distribution of those vaccines (e.g., timing of third booster shots) emerge. The Ministry of Health will need to ensure that the valuations applied to the prices of inventory distributed and held in stock are as accurate as possible. This can be done through further refinement of the existing valuation methodology, obtaining price information from the Commonwealth and engaging specialist pharmaceutical valuers.

Emerging trends

Recognition of provisions without sufficient support

Several NSW Health entities raised accruals and provisions in 2020–21, which did not have an appropriate basis for recognition. Liabilities can only be recognised where there is a present obligation to make a payment arising from a past event. A number of these errors remain uncorrected in the financial statements of those entities as they are not material, individually or in aggregate to the financial statements as a whole. Increased training and guidance are required to ensure that treatment within the cluster is consistent and reflects events that have occurred and give rise to obligations.

Treatment of Commonwealth funding

In the 2020–21 and 2019–20 financial reporting periods, we observed prior period errors arising from the treatment of Commonwealth funding. These errors related to recognising revenue under funding agreements entered into with the Commonwealth in the incorrect period. The conditions of these funding arrangements, the transactional information requiring validation and the circumstances when revenue should be recognised are not always clear and can be complex. Early and continuous engagement with the Commonwealth is required to ensure that revenue recognition principles are consistently applied across the cluster.

Key repeat issues

Management of excessive annual leave

NSW Treasury guidelines stipulate annual leave balances exceeding 30 days are considered excess annual leave balances. Managing excess annual leave balances has been reported as an issue for the cluster for more than five years, with the average percentage of employees with excessive leave balances over the last five years being 36.1 per cent (35.5 per cent over five years covering 2015–16 to 2019–20).

The operational demands required to manage the COVID-19 pandemic have presented new challenges for the cluster in trying to manage its excessive leave balances. 39.2 per cent of employees now have excess leave balances at 30 June 2021 (35.4 per cent at 30 June 2020).

The state's leave policy C2020-12 Managing Accrued Recreation Leave Balances requires agencies to manage excessive leave balances to 30 days or less to maintain their workforces physical and mental health.

Accurate time recording

Forced-finalisation of time records by system administrators within HealthRoster remains an issue and we continue to observe time records forced-finalised by system administrators so pay runs can be finalised on a timely basis. During 2020–21, a total of two million (2.2 million in 2019–20) time records were force approved, which represents 5.7 per cent of total time records (6.9 per cent in 2019–20).

Existence, completeness and accuracy of key agreements

Delivery of major capital projects

Health Infrastructure (a division of the Health Administration Corporation) is responsible for the delivery of major capital projects with a budgeted spend of more than $10.0 million. Health Infrastructure oversee the planning, design, procurement, and construction phases. Capital works in progress are recognised in the financial statements of the health entity that intends to use those assets upon completion. The health entities recognise both the capital work in progress and the revenue associated with the capital funding from the Ministry for the construction of the assets. Capital funding is currently agreed with health entities as part of the annual Service Agreement. The assumption that the health entities control the assets during their construction is consistent with Health Infrastructure's role as an agent for the health entity and the Ministry's policy directive PD2020-033 'Management and control of Health Administration Corporation owned Real Property'.

We continued to observe a lack of clarity regarding agreements between Health Infrastructure, the Ministry and the cluster agency that will eventually receive the completed asset. This can lead to confusion and uncertainty around the rights and obligations of each party to the transaction.

Cross border patient funding arrangements

When patients require medical care in a jurisdiction where they are not generally domiciled, there are arrangements in place to provide funding to support cross border patient treatments. We have previously observed that agreements between NSW and other jurisdictions have not been finalised, and this continues to be the case. In the case of Victoria, no agreement has been finalised for the past seven years.

We continue to note that the cluster has long outstanding receivables and payables with other states. The absence of formal agreements between the states hampers the settlement of the debts relating to the treatment of cross border patients. The following table shows the status of Cross Border Agreements between NSW and other jurisdictions:

States 2014–15 2015–16 2016–17 2017–18 2018–19 2019–20 2020–21
Queensland Signed Signed Signed Signed Signed Not finalised Not finalised
Victoria Not finalised Not finalised Not finalised Not finalised Not finalised Not finalised Not finalised
Australian Capital Territory Signed Signed Signed Signed Signed Signed Not finalised
South Australia Signed Signed Signed Signed Signed Signed Not finalised
Tasmania Signed Signed Signed Signed Signed Signed Not finalised
Northern Territory Signed Signed Signed Signed Signed Signed Not finalised
Western Australia Signed Signed Signed Signed Signed Signed Not finalised

Albury Base Hospital

Albury Base hospital is located on the border of NSW and Victoria and services residents of both states. Documentation supporting the extension of the expired Intergovernmental Agreement 2009–2017 between NSW and Victoria in relation to the integration of health services in Wodonga and Albury could not be located.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

COVID Intensive Learning Support Program

Education
Management and administration
Project management
Service delivery
Workforce and capability

What the report is about

This audit examined a state-wide program to provide small-group tuition to students disadvantaged by the move to learning from home during 2020.

The audit assessed the design and implementation of the program.

What we found

The program design was based on research and data showing learning loss during 2020. 

The department rapidly planned and developed the policy design and guidelines for schools. 

Governance arrangements matured during program delivery.

The department changed the models for funding schools but did not clearly explain the reasons for doing so.

Government schools with over 900 students were disadvantaged by the funding model compared to smaller schools. 

Guidelines, resources and professional learning helped schools implement the program.

Staff eligibility for the program was expanded after reported difficulties in recruiting qualified teachers in some areas. 

Online tuition and third-party provider options were developed throughout the program.

There were issues with the quality and timeliness of data used to monitor school progress. 

Evaluation arrangements were developed early in the program.

Data limitations mean the evaluation will not be able to fully assess all program objectives.

What we recommended

  1. Distributing funds between schools more equitably and improving communication of the funding methods. 
  2. Clearer communication about the intended targeted group of students.
  3. Reviewing the time needed to administer the program.
  4. Improve support for educators other than qualified teachers.
  5. Offer the online tuition program to more schools.
  6. Analysis of the effects of learning from home during 2021 across equity groups and geographic areas.
  7. Working with universities to increase use of pre-service teachers in the program.

The report also identifies lessons learned for future programs.
 

Fast facts

  • $337m in total program funding. $289 million for government schools and $31 million for non government schools
  • 12 days to develop the policy and provide costings to Treasury 
  • 290,000 targeted students in government schools and 31,000 in non government schools
  • 80% of schools were providing small group tuition by the target start date of Week 6, Term 1
  • 2–4 months was the estimated student learning loss from the move to learning from home during 2020
  • 7,600 tutors engaged in the program as at September 2021.

The NSW Government announced the COVID Intensive Learning Support Program on 10 November 2020, as part of the 2020–21 NSW Budget. The primary goal of the $337 million program was to deliver intensive small group tuition for students who were disadvantaged by the move to remote and/or flexible learning, helping to close the equity gap. It included:

  • $306 million to provide small-group tuition for eligible students across every NSW Government primary, secondary and special purpose school
  • $31.0 million for around 400 non-government schools to provide small-group tuition to students with the greatest levels of need.

The objective of this audit was to assess the effectiveness of the design and implementation of the COVID Intensive Learning Support Program (the program). To address this objective, the audit assessed whether the Department of Education (the department):

  • effectively designed the program and supporting governance arrangements
  • is effectively implementing the program.

This audit focuses on activities between October 2020 and August 2021, which aimed to address the first session of learning from home in New South Wales. From August to October 2021, students in many areas of New South Wales were learning from home again, but this second period has not been a focus of this audit. On 18 October 2021, the NSW Government announced the program would be extended into 2022.

Conclusion

The COVID Intensive Learning Support Program was effectively designed to help students catch up on learning loss due to the interruptions to schooling caused by COVID-19. The department rapidly stood up a taskforce to implement the program and then developed supporting governance arrangements during implementation.

Most students in New South Wales were required to learn from home for at least seven weeks during 2020 due to the impact of the Novel-Coronavirus (COVID-19). The department researched, analysed and advised government on several options to address the learning loss that resulted. It recommended small group tuition as the preferred option as it was supported by available evidence and could be rolled out at scale with speed. It identified risks of ensuring an adequate supply of educators and options to address those risks. Consistent with its analysis of where the impact of the learning loss was most severe, the department proposed to direct funding to schools with higher concentrations of students from the most disadvantaged backgrounds.

The department established a cross-functional taskforce to conduct detailed planning and support program implementation. Short timeframes meant the taskforce initially sought approval for key decisions from the program sponsor and existing oversight bodies on an as-needed basis before dedicated program governance arrangements were formalised. Once established, the governance body met regularly to oversee program delivery.

The COVID Intensive Learning Support Program is being effectively implemented. The department has refined the program during rollout to respond to risks, issues and feedback from schools. Issues with how schools enter data into department systems have affected the timeliness and accuracy of program monitoring information.

The department provided schools with guidelines, example models of delivery, systems to record student progress and professional learning. Around 80 per cent of schools had begun delivering tuition under the program by the target date. Schools reported issues with sourcing qualified teachers as a key reason they were unable to start the program by the expected date. In response, the department expanded the type of staff schools could employ, developed an online tuition program, and allowed schools to engage third-party providers to help schools that had difficulty finding qualified teachers for the program.

The department used existing systems to monitor school progress in implementing the program. This reduced the administrative burden on schools, but there were several issues with data quality and timeliness. The program included a mid-year review point to check whether schools were on track to spend their funding. This helped focus schools on ensuring funding would be spent and allowed for redistribution between schools.

The department considered program evaluation early in policy design and planning. It embedded an evaluator on the taskforce and expanded a key assessment program to help provide evidence of impact. A process and outcome evaluation is underway which will help inform future delivery. The evaluation will examine educational impacts for students participating in the program but it has not established methods to reliably assess the extent to which the program has met a goal to help 'close the equity gap' for students.

This chapter considers how effectively the COVID Intensive Learning Support Program (the program) was designed and planned for implementation.

This chapter considers how effectively the COVID Intensive Learning Support Program was implemented over our period of review (Terms 1 and 2, 2021).

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #358 - released (15 December 2021).

Published

Education 2021

Education
Asset valuation
Compliance
Financial reporting
Information technology
Internal controls and governance
Procurement

This report analyses the results of our audits of the Education cluster agencies for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no outstanding matters relating to audits in the Education cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.

What the report is about

The results of the Education cluster (the cluster) agencies' financial statements audits for the year ended 30 June 2021.

What we found

Unmodified audit opinions were issued on the Department of Education (the department), the NSW Education Standards Authority and the NSW Skills Board's financial statements.

An 'other matter' paragraph was included in the Technical and Further Education Commission's (the TAFE Commission) audit opinion drawing attention to legislative non-compliance concerning financial delegations during the reporting year.

The number of misstatements identified in the financial statements of cluster agencies decreased from 14 in 2019–20 to seven.

What the key issues were

The department and the TAFE Commission revalued their land assets this year, recognising collective increases of $863.8 million.

The department and the TAFE Commission are not scheduled to perform comprehensive revaluations of their buildings until 2022–23. Construction costs, which are a key input in their current replacement cost valuation methodologies for buildings, may have increased by an estimated nine per cent since the last comprehensive revaluation in 2017–18 based on broad based indices used by the department and the TAFE Commission. While the estimated index increase indicates the fair value of buildings may exceed the carrying values, the use of such high-level indicators has a degree of estimation uncertainty due to the specialised nature of the assets. Therefore, both agencies did not adjust the values of their buildings.

The number of issues we reported to management decreased. Fifty per cent of issues were repeated from prior years.

Of the 11 newly identified moderate rated issues, seven related to internal control deficiencies, with six identified in procurement and payroll controls.

What we recommended

The department and the TAFE Commission reconsider policy settings governing the frequency of revaluations; and refine and consider the outcomes of interim fair value assessments to ensure asset carrying values reflect fair value at each balance date.

Cluster agencies should prioritise and action recommendations to address internal control deficiencies.

Fast facts

The Education cluster, comprising four agencies, administers and delivers education and training services for NSW students, workers and industry.

  • $38.6b property, plant and equipment as at 30 June 2021
  • $21.2b total expenditure incurred in 2020–21
  • 100% unqualified audit opinions were issued on agencies’ 30 June 2021 financial statements
  • 22 moderate risk management letter findings were identified and reported to management
  • monetary misstatements were reported in 2020–21
  • 50% of reported issues were repeat issues

This report provides Parliament and other users of the Education cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster (the cluster) for 2021.

Section highlights

  • Unqualified audit opinions were issued on the financial statements of cluster agencies.

  • Comprehensive revaluations of the Department of Education (the department) and the Technical and Further Education Commission's (the TAFE Commission) land assets resulted in collective net increases of $863.8 million to the carrying values of these entities' land assets.

  • Fair value assessments, based on broad indices, of the department and the TAFE Commission's buildings, indicated that replacement costs may have increased by an estimated nine per cent. Whilst the next comprehensive valuation is not scheduled until 2022–23, the department and the TAFE Commission will need to consider the outcomes of their annual assessments to ensure that the carrying amounts continue to reflect the fair value of these specialised assets in their financial statements.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Education cluster.

Section highlights

  • The 2020–21 audits identified 22 moderate issues across the cluster. Eleven moderate risk issues were repeat issues and related to general and application information technology controls and deficiencies in procurement and payroll practices.
  • Of the 11 newly identified moderate rated issues, seven related to internal control deficiencies and improvements, with identified deficiencies in procurement and payroll accounting for six.
  • A high-risk issue identified in 2019–20 relating to the Department of Education's (the department) monitoring of privileged user activity has largely been addressed.

Findings reported to management

The number of findings reported to management has decreased. Fifty per cent of all issues were repeat issues

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.

In 2020–21, there were 28 findings raised across the cluster (33 in 2019–20). Fifty per cent of all issues were repeat issues (45 per cent in 2019–20).

The most common repeat issues related to weaknesses in controls over information technology general controls, application controls, and identified deficiencies in procurement and payroll practices.

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.

The table below describes the common issues identified across the cluster by category and risk rating.

Risk rating Issue
Information technology

Moderate2
2 new,
6 repeat

 The financial audits identified areas for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of note were deficiencies identified in:
  • agencies' user access administration and change management procedures, notably in the timing and frequency of managerial reviews over the granting and revocation of access to key systems relevant to financial reporting
  • application controls and segregation of duties in payroll systems, allowing certain users to access or modify employee records as well as process payroll
  • system configurations whereby preparers of manual journals can also post without a secondary review
  • password reviews undertaken that align with approved password guidelines
  • the monitoring of privileged user activities.

Low1
2 new,
1 repeat
Internal control deficiencies or improvements

Moderate2
7 new,
4 repeat

 The financial audits identified internal control weaknesses across key business processes relevant to financial reporting. Of note were deficiencies identified in:
  • the adequacy of monitoring and oversight activities over the use of multiple financial delegation configurations in finance systems for specific users
  • the timely recording and approval of overtime claims and higher duties allowances
  • the timely finalisation of policies and procedures
  • procurement practices including a high proportion of retrospective purchase orders and the timely receipting of goods and services
  • the timely notification of employee resignations or employees applying for leave without pay, leading to salary overpayments
  • the management of excessive annual leave balances
  • the extent of review or approval of changes to lease information.

 Low1
1 new,
2 repeat
Financial reporting

Moderate2
2 new,
1 repeat

 The financial audits identified:
  • opportunities for agencies to strengthen their financial preparation processes to facilitate a timelier and more efficient year-end audit
  • the need for agencies with non-financial assets subject to fair value to reconsider policy settings governing the frequency of revaluations; and to refine and consider the outcomes of interim fair value assessments to ensure asset carrying values reflect fair value at each balance date.

Low1
0 new,
0 repeat

3 High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
1 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.

 
Note: Management letter findings are based on final management letters issued to agencies.

The department continues to address recommendations to improve monitoring of privileged user access

Privileged users have higher levels of access to systems, and in some instances, may include access that can bypass segregation of duty controls. If reviews of access logs are not fully embedded in the control environment, the risk of unauthorised transactions occurring and not being detected in a timely manner is elevated.

In 2019–20 a high-risk issue was reported at the department relating to the inadequate monitoring and follow up of privileged user activity in its enterprise resource planning system – SAP. This year the department has largely addressed our findings by initiating a review of the identified instances of privileged user activity and establishing periodic oversight controls. There remains a need to improve the timeliness and completeness of these newly implemented controls.

Data analytics identified the root cause of internal control deficiencies in procurement and payroll

Our 2020–21 agency management letters identified seven new moderate risk internal control deficiency matters, of which six related to payroll and procurement.

To enhance our financial statement audit of the department we applied data analytics over elements of the department's procurement and payroll control processes. Our procedures, conducted over periods across the financial year, helped identify the following:

  • a low level of compliance with procurement practices requiring the creation of purchase orders before invoices are received. The root cause was a lack of understanding by agency staff of the procurement processes
  • transactions related to previous years being recorded in the current year. The root cause was a lack of understanding of the three-way matching process and the goods received/not invoiced facilities within SAP
  • negative payments in fortnightly pay runs, predominantly representing deductions to recover salary payments made in error. The root cause was the lack of timeliness in notifying payroll for cessation of employment, or for employees undertaking secondments who should have been classified as being on leave without pay.
 
 

Recommendation

We recommend cluster agencies prioritise and action recommendations to address the internal control deficiencies outlined above. 

Appendix one – Early close procedures

 

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

View our audit program
View audit program
EXPLORE
upcoming audits
Have your say
CONTRIBUTE