Reports
Actions for Internal controls and governance 2021
Internal controls and governance 2021
This report analyses the internal controls and governance of the 25 largest agencies in the NSW public sector, excluding state owned corporations and public financial corporations, for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the ‘Report on State Finances’ focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the ‘Report on State Finances’ has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no matters in this report impacting the Total State Sector Accounts we have decided to break with normal practice and table this report ahead of the ‘Report on State Finances’.
What the report is about
This report analyses the internal controls and governance of the 25 largest agencies in the NSW public sector, excluding state owned corporations and public financial corporations, for the year ended 30 June 2021.
What we found
Internal control trends
The proportion of control deficiencies identified as high risk this year increased to 2.8 per cent (2.5 per cent in 2019–20). Six high risk findings related to financial controls while three related to IT controls. Two were repeat findings from the previous year.
Repeat findings of control deficiencies now represent 49 per cent of all findings (42 per cent in 2019–20).
Information technology
We continue to see a high number of deficiencies relating to IT general controls, particularly around user access administration and privileged user access which affected 82 per cent of agencies.
Cyber security
Agencies' self-assessed maturity levels against the NSW Cyber Security Policy (CSP) mandatory requirements are low. Although agencies are required to demonstrate continuous improvement against the CSP, 20 per cent have not set target levels and of those that have set target levels, 40 per cent have not met their target levels.
Policies, processes and definition around security incidents and data breaches lack consistency. Improvement is required to ensure breaches are recorded in registers and action taken to address the root cause of incidents.
Conflicts of interest
Agencies' policies generally meet the minimum requirements of the Ethical Framework set out in the Government Sector Employment Act 2013. However, few meet the Independent Commission Against Corruption's best practice guidelines. Policies could be strengthened in relation to requirements around annual declarations of interests from employees and contractors.
Masterfile management
Policies governing the management of supplier masterfiles and employee masterfiles existed in 79 per cent and 54 per cent of agencies respectively.
Weaknesses were identified in those policies. Access restriction, segregation of duties and record keeping were the most common opportunities for improvement.
Tracking recommendations
Most agencies do not maintain a register to monitor recommendations from performance audits and public inquiries. Registers of recommendations could be improved to include risk ratings and record revisions to due dates. While recommendations can take several years to fully address, the oldest open items were originally due for completion by June 2016.
What we recommended
Agencies should:
- prioritise actions to address repeat control deficiencies, particularly those that have been repeated findings for a number of years
- prioritise improvements to their cyber security and resilience as a matter of urgency
- formalise and implement policies on tracking and monitoring the progress of implementing recommendations from performance audits and public inquiries.
Fast facts
The 25 largest NSW government agencies in this report cover all nine clusters and represent over 95 per cent of total expenditure for NSW public sector.
- 9 high risk audit findings were identified this year
- 40% of agencies have not formally accepted residual cyber risk based on their self-assessed maturity levels
- 52% of agencies do not have a policy on tracking recommendations from performance audits and public inquiries
- 50% of all internal control deficiencies identified in 2020–21 were repeat findings
- 75% is the average completion rate of annual staff declarations of interests.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.
The scope of this year's report covers 25 general government sector agencies. Last year's report covered 40 agencies within the total state sector. For consistency and comparability, we have adjusted the 2020 results to include only the agencies remaining within scope of this year's report. Therefore, the 2020 figures will not necessarily align with those reported in our 2020 report.
Section highlights
|
This chapter outlines our audit observations, conclusions and recommendations arising from our review of agency controls to manage key financial systems.
Section highlights
|
This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' cyber security planning and governance arrangements.
Section highlights
|
This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' conflicts of interest management processes.
Section highlights
|
This chapter outlines our audit observations, conclusions and recommendations arising from our review of agency's management of supplier and employee masterfiles.
Section highlights
|
This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' processes to track and monitor the implementation of recommendations from performance audits and public inquiries.
Section highlights
|
Actions for Planning, Industry and Environment 2021
Planning, Industry and Environment 2021
This report analyses the results of our audits of the Planning, Industry and Environment cluster agencies for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no outstanding matters relating to audits in the Planning, Industry and Environment cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.
What the report is about
The results of the Planning, Industry and Environment cluster agencies' financial statements audits for the year ended 30 June 2021.
What we found
Unmodified audit opinions were issued for all completed 30 June 2021 financial statements audits of cluster agencies. Three audits are ongoing.
An 'Other Matter' paragraph was included in the Independent Planning Commission's (the IPC) audit opinion because the prior year comparative figures were not audited. Prior to 2020–21, the IPC was not required to prepare separate financial statements under the Public Finance and Audit Act 1983 (PF&A Act). The financial reporting provisions of the Government Sector Finance Act 2018 now require the IPC to prepare financial statements.
The number of identified misstatements increased from 51 in 2019–20 to 54 in 2020–21.
The 2010–11 to 2019–20 audits of the Water Administration Ministerial Corporation’s (the Corporation) financial statements are incomplete due to insufficient records and evidence to support the transactions of the Corporation, particularly for the earlier years. Management has commenced actions to improve the governance and financial management of the Corporation. These audits are currently in progress and the 2020–21 audit will commence shortly.
There are 609 State controlled Crown land managers (CLMs) across New South Wales that predominantly manage small parcels of Crown land.
Eight CLMs prepared and submitted 2019–20 financial statements by the revised deadline of 30 June 2021. A further 24 CLMs did not prepare financial statements in accordance with the PF&A Act. The remaining CLMs were not required to prepare 2019–20 financial statements as they met NSW Treasury's financial reporting exemption criteria.
The Department of Planning, Industry and Environment's (the department) preliminary assessment indicates that 60 CLMs are required to prepare financial statements in 2020–21. To date, no CLMs have prepared and submitted financial statements for audit in 2020–21.
There are also 120 common trusts that have never submitted financial statements for audit. Common trusts are responsible for the care, control and management of land that has been set aside for specific use in a certain locality, such as grazing, camping or bushwalking.
What the key issues were
The number of matters we reported to management increased from 135 in 2019–20 to 180 in 2020–21, of which 40 per cent were repeat findings.
Seven high-risk issues were identified in 2020–21:
- system control deficiencies at the department relating to user access to HR and payroll management systems, vendor master data management and journal processing, which require manual reviews to mitigate risks
- deficiencies related to the Centennial Park and Moore Park Trust's tree assets valuation methodology
- the Lord Howe Island Board did not regularly review and monitor privileged user access rights to key information systems
- the Natural Resources Access Regulator identified and adjusted three prior period errors retrospectively, which indicate deficiencies within the financial reporting processes
- deficiencies relating to the Parramatta Park Trust's tree assets valuation methodology
- lease arrangements have not been confirmed between the Planning Ministerial Corporation and Office of Sport regarding the Sydney International Regatta Centre
- the Wentworth Park Sporting Complex land manager (the land manager) has a $6.5 million loan with Greyhound Racing NSW (GRNSW). GRNSW requested the land manager to repay the loan. However, the land manager subsequently requested GRNSW to convert the loan to a grant. Should this request be denied, the land manager would not be able to continue as a going concern without financial support. This matter remains unresolved for many years.
There continues to be significant deficiencies in Crown land records. The department uses the Crown Land Information Database (CLID) to record key information relating to Crown land in New South Wales that are managed and controlled by the department and land managers (including councils and land managers controlled by the state). The CLID system was not designed to facilitate financial reporting and the department is required to conduct extensive adjustments and reconciliations to produce accurate information for the financial statements.
The department is implementing a new system to record Crown land (the CrownTracker project). The department advised that the project completion date will be confirmed by June 2022.
What we recommended
The department should ensure CLMs and common trusts meet their statutory reporting obligations.
Cluster agencies should prioritise and action recommendations to address internal control deficiencies, with a focus on addressing high-risk and repeat issues.
The department should prioritise action to ensure the Crown land database is complete and accurate. This will allow the department and CLMs to be better informed about the Crown land they control.
Fast facts
The Planning, Industry and Environment cluster aims to make the lives of people in New South Wales better by developing well-connected communities, preserving the environment, supporting industries and contributing to a strong economy.
There are 54 agencies, 609 State controlled Crown land managers that predominantly manage small parcels of Crown land and 120 common trusts in the cluster.
- 42% of the area of NSW is Crown land
- $33.2b water and electricity infrastructure as at 30 June 2021
- 100% unqualified audit opinions were issued for all completed 30 June 2021 financial statements audits
- 7 high-risk management letter findings were identified
- 54 monetary misstatements were reported in 2020–21
- 40% of reported issues were repeat issues
This report provides parliament and other users of the Planning, Industry and Environment cluster (the cluster) agencies’ financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Planning, Industry and Environment cluster (the cluster) for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statements audits of agencies in the Planning, Industry and Environment cluster.
Section highlights
|
Appendix one - Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Stronger Communities 2021
Stronger Communities 2021
This report analyses the results of our audits of the Stronger Communities cluster agencies for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no outstanding matters relating to audits in the Stronger Communities cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.
What the report is about
The results of the Stronger Communities cluster agencies' financial statement audits for the year ended 30 June 2021.
What we found
Unqualified audit opinions were issued for all 30 June 2021 financial statements of cluster agencies.
Eleven of the 15 cluster agencies required to submit 2020–21 early close financial statements and other mandatory procedures did not meet the statutory deadline. Five agencies did not perform all mandatory procedures.
The implementation of AASB 1059 'Service Concession Arrangements: Grantors' had a significant impact on the Department of Communities and Justice's (the department) 2020–21 financial statements. The department applied a modified retrospective approach upon initial adoption at 1 July 2020 and recognised service concession assets and liabilities of $1.0 billion and $1.2 billion respectively (relating to three correctional centres with private sector operators).
The department was, this year for the first time, able to reliably measure Incurred But Not Reported (IBNR) claims relating to its Victims Support Scheme. The department recorded a liability of $200 million at 30 June 2021. Liabilities for Child Sexual Assault IBNR claim continue to be not recorded on the basis they are unable to be reliably measured.
The number of monetary misstatements identified during the audit of the financial statements for the cluster increased from 61 in 2019–20 to 72 in 2020–21.
What the key issues were
The number of issues reported to management decreased from 191 in 2019–20 to 172 in 2020–21. However, 45 per cent were repeat issues related to information technology, governance and oversight controls.
Seven high risk issues were identified in 2020–21, an increase of five compared to last year. High risk issues related to deficiencies in IT access controls at Sydney Cricket and Sports Ground Trust; a lack of a formal agreement between the Office of Sport and Planning Ministerial Corporation over the management of a sporting venue; asset revaluations at both Fire and Rescue NSW and the Trustees of the Anzac Memorial Building; and three issues related to revenue recognition control deficiencies at New South Wales Aboriginal Land Council and two of its subsidiaries.
What we recommended
Cluster agencies should ensure all applicable mandatory early close procedures are completed and the outcomes provided to the audit team in accordance with the deadlines set by NSW Treasury.
We recommend cluster agencies action recommendations to address internal control weaknesses promptly. Focus should be given to addressing high risk and repeat issues.
Fast factsThe Stronger Communities cluster, consisting of 28 agencies, aims to deliver community services that support a safe and just New South Wales.
|
This report provides Parliament and other users of the Stronger Communities cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster (the cluster) for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.
Section highlights
|
Findings reported to management
The overall number of findings has decreased, but the level of repeat issues increased
Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.
In 2020–21, there were 172 findings raised across the cluster (191 in 2019–20). 45 per cent of all issues were repeat issues (32 per cent in 2019–20).
Repeat issues largely related to weaknesses in controls over information technology (IT), governance and oversight.
A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision‑making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.
2020–21 audits identified seven high risk findings
High risk findings were reported at the following cluster agencies. Two high risk findings reported in 2019–20 were resolved.
Agency | Description |
2020–21 findings | |
Sydney Cricket and Sports Ground Trust (new finding) * | The audit of Sydney Cricket and Sports Ground Trust's IT access controls identified:
|
Fire and Rescue NSW (new finding) | Fire and Rescue NSW (FRNSW) completed a comprehensive revaluation of its fire appliances in 2020–21. The audit of the revaluation found there was inadequate analysis and quality control by management over the valuation process prior to the outcomes being included in the financial statements. FRNSW had 57 fleet assets that have not been revalued due to problems with data supplied by the valuer. The written down value:
The review also found:
|
New South Wales Aboriginal Land Council (NSWALC) (new finding) | The audit of NSWALC's revenue identified there was no formal assessment of relevant contracts for the nature, amount and timing of revenue recognition before preparing the financial statements. This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to revenue transactions. |
NSWALC Employment and Training Limited (new finding) | The audit of NSWALC Employment and Training Limited's revenue found:
|
NSWALC Housing Limited (new finding) | The audit of NSWALC Housing Limited's revenue identified it:
|
Office of Sport (new finding) |
The Olympic Co-ordination Authority Dissolution Act 2002 transferred the assets, rights and liabilities relating to the Sydney International Regatta Centre (SIRC) to the Planning Ministerial Corporation (the Corporation) effective from 1 July 2002. The Corporation recognised the related land assets but did not recognise any of the built assets at the time of transfer. The total value of the land and built assets at 30 June 2021 was The SIRC has been managed by the Office of Sport (the Office) for many years in accordance with a not yet executed management agreement. It appears there was a clear intention in 2005 that the control of SIRC built assets was to be transferred from the then Department of Planning to the then Department of Tourism, Sport and Recreation (a predecessor of the Office), through the exchange of letters between the relevant Ministers and an Administrative Order (the Order). The Order transferred the SIRC staff from the then Department of Planning to the then Department of Tourism, Sport and Recreation. However, it was silent on whether the relevant built assets were transferred. Currently, the Office recognises the SIRC built assets in the financial statements whilst the Corporation recognises the land assets as the legal owner of the property. This matter has been included as a high risk finding as the lack of a formal management agreement casts doubt over the accounting treatment of SIRC property. |
The Trustees of the Anzac Memorial Building (new finding) |
The audit of the Trustees of the Anzac Memorial Building's property, plant and equipment identified:
This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to property, plant and equipment. |
Recommendation (repeat issue)We recommend cluster agencies action recommendations to address internal control weaknesses promptly. Focus should be given to addressing high risk and repeat issues. |
The table below describes issues commonly identified across the cluster by category and risk rating.
Risk rating | Issue |
Information technology | |
High3 |
The financial audits identified weaknesses in information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues with:
|
Moderate2 |
|
Low1 5 new, 6 repeat |
|
Internal control deficiencies or improvements | |
High3 |
The financial audits identified internal control weaknesses across the following key business processes:
|
Moderate2 |
|
Low1 |
|
Financial reporting | |
High3 |
The financial audits identified weaknesses in financial reporting processes, including:
|
Moderate2 |
|
Low1 |
|
Governance and oversight | |
High3 1 new |
The financial audits identified areas where agencies could strengthen governance and oversight processes, including:
|
Moderate2 5 new, 11 repeat |
|
Low1 12 new, 8 repeat |
|
Non-compliance with key legislation and/or central agency policies | |
Moderate2 7 new, 6 repeat |
The financial audits identified the need for agencies to improve their compliance with key legislation and/or central agency policies, including:
|
Low1 2 new, 8 repeat |
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
1 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.
The number of moderate risk findings decreased from prior year
Seventy‑eight moderate risk findings were reported in 2020–21, representing a 22 per cent decrease from 2019–20. Of these, 43 were repeat findings, and 35 were new issues.
Moderate risk findings reported in 2020–21 include:
- weaknesses in governance arrangements, including outdated policies and procedures and arrangements that do not align with NSW Government guidelines, such as the NSW Government Procurement Policy Framework and NSW Cyber Security Policy
- weaknesses in user access administration including:
- user access reviews
- monitoring of privileged user access and activities
- password policy configuration
- cyber security improvements including:
- implementation and update of governance arrangements
- monitoring of third‑party system access
- patch management improvement
- outdated instruments of financial delegation and non‑compliance with established financial delegations
- weaknesses in supplier and employee masterfile maintenance.
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Premier and Cabinet 2021
Premier and Cabinet 2021
This report analyses the results of our audits of the Premier and Cabinet cluster agencies for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no outstanding matters relating to audits in the Premier and Cabinet cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.
What the report is about
The results of the Premier and Cabinet cluster (the cluster) agencies' financial statement audits for the year ended 30 June 2021.
What we found
Unmodified audit opinions were issued for all Premier and Cabinet cluster agencies.
The number of monetary misstatements decreased from 49 in 2019–20 to 38 in 2020–21.
The Library Council of New South Wales corrected a prior period error of $325 million. In 2017, the council split its collection assets into six asset classes, but not the related asset revaluation reserves. To correct this error, some revaluation decrements previously recognised in asset revaluation reserves were reclassified to accumulated funds.
Eight agencies did not complete all of the mandatory early close procedures.
What the key issues were
The Premier and Cabinet cluster was impacted by three Machinery of Government (MoG) changes during 2020–21.
The changes resulted in the transfer of activities and functions in and out of the cluster and the creation of a new entity - Investment NSW.
The transferor entities continued to provide services to Investment NSW subsequent to 30 June 2021. There were no formal service level agreements in place for the provision of these services.
The New South Wales Electoral Commission (the Commission) and Sydney Opera House Trust obtained letters of financial support from their relevant Minister and/or NSW Treasury in 2020–21. The postponement of local government elections impacted the Commission's operations due to increased planned expenditure to support a COVID-safe election. Sydney Opera House Trust's ability to generate revenue was impacted due to the closure of the Concert Hall partly due to COVID-19 and planned renovations.
The number of repeated audit issues raised with management and those charged with governance increased from 22 in 2019–20 to 24 in 2020–21.
There were 47 moderate risk and 28 low risk findings identified. Of the total findings there were 24 repeat issues.
What we recommended
Investment NSW should ensure services received from other agencies are governed by service level agreements.
Fast facts
The Department of Premier and Cabinet supports the Premier and Cabinet to deliver the government's objectives, infrastructure, preparedness for disaster, incident recovery, arts and culture.
- $11.9b of property, plant and equipment as at 30 June 2021
- $4.4b total expenditure incurred in 2020-21
- 100% unqualified audit opinions were issued on agencies' 30 June 2021 financial statements
- 47 moderate risk findings were reported to management
- 38 monetary misstatements were reported in 2020-21
- 32% of all reported issues were repeat issues.
This report provides Parliament and other users of the Premier and Cabinet’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Premier and Cabinet cluster (the cluster) for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Premier and Cabinet cluster.
Section highlights
|
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Education 2021
Education 2021
This report analyses the results of our audits of the Education cluster agencies for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no outstanding matters relating to audits in the Education cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.
What the report is about
The results of the Education cluster (the cluster) agencies' financial statements audits for the year ended 30 June 2021.
What we found
Unmodified audit opinions were issued on the Department of Education (the department), the NSW Education Standards Authority and the NSW Skills Board's financial statements.
An 'other matter' paragraph was included in the Technical and Further Education Commission's (the TAFE Commission) audit opinion drawing attention to legislative non-compliance concerning financial delegations during the reporting year.
The number of misstatements identified in the financial statements of cluster agencies decreased from 14 in 2019–20 to seven.
What the key issues were
The department and the TAFE Commission revalued their land assets this year, recognising collective increases of $863.8 million.
The department and the TAFE Commission are not scheduled to perform comprehensive revaluations of their buildings until 2022–23. Construction costs, which are a key input in their current replacement cost valuation methodologies for buildings, may have increased by an estimated nine per cent since the last comprehensive revaluation in 2017–18 based on broad based indices used by the department and the TAFE Commission. While the estimated index increase indicates the fair value of buildings may exceed the carrying values, the use of such high-level indicators has a degree of estimation uncertainty due to the specialised nature of the assets. Therefore, both agencies did not adjust the values of their buildings.
The number of issues we reported to management decreased. Fifty per cent of issues were repeated from prior years.
Of the 11 newly identified moderate rated issues, seven related to internal control deficiencies, with six identified in procurement and payroll controls.
What we recommended
The department and the TAFE Commission reconsider policy settings governing the frequency of revaluations; and refine and consider the outcomes of interim fair value assessments to ensure asset carrying values reflect fair value at each balance date.
Cluster agencies should prioritise and action recommendations to address internal control deficiencies.
Fast facts
The Education cluster, comprising four agencies, administers and delivers education and training services for NSW students, workers and industry.
- $38.6b property, plant and equipment as at 30 June 2021
- $21.2b total expenditure incurred in 2020–21
- 100% unqualified audit opinions were issued on agencies’ 30 June 2021 financial statements
- 22 moderate risk management letter findings were identified and reported to management
- 7 monetary misstatements were reported in 2020–21
- 50% of reported issues were repeat issues
This report provides Parliament and other users of the Education cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster (the cluster) for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Education cluster.
Section highlights
|
Findings reported to management
The number of findings reported to management has decreased. Fifty per cent of all issues were repeat issues
Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.
In 2020–21, there were 28 findings raised across the cluster (33 in 2019–20). Fifty per cent of all issues were repeat issues (45 per cent in 2019–20).
The most common repeat issues related to weaknesses in controls over information technology general controls, application controls, and identified deficiencies in procurement and payroll practices.
A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.
The table below describes the common issues identified across the cluster by category and risk rating.
Risk rating | Issue |
Information technology | |
Moderate2 |
The financial audits identified areas for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of note were deficiencies identified in:
|
Low1 |
|
Internal control deficiencies or improvements | |
Moderate2 |
The financial audits identified internal control weaknesses across key business processes relevant to financial reporting. Of note were deficiencies identified in:
|
Low1 |
|
Financial reporting | |
Moderate2 |
The financial audits identified:
|
Low1 |
3 High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
1 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
The department continues to address recommendations to improve monitoring of privileged user access
Privileged users have higher levels of access to systems, and in some instances, may include access that can bypass segregation of duty controls. If reviews of access logs are not fully embedded in the control environment, the risk of unauthorised transactions occurring and not being detected in a timely manner is elevated.
In 2019–20 a high-risk issue was reported at the department relating to the inadequate monitoring and follow up of privileged user activity in its enterprise resource planning system – SAP. This year the department has largely addressed our findings by initiating a review of the identified instances of privileged user activity and establishing periodic oversight controls. There remains a need to improve the timeliness and completeness of these newly implemented controls.
Data analytics identified the root cause of internal control deficiencies in procurement and payroll
Our 2020–21 agency management letters identified seven new moderate risk internal control deficiency matters, of which six related to payroll and procurement.
To enhance our financial statement audit of the department we applied data analytics over elements of the department's procurement and payroll control processes. Our procedures, conducted over periods across the financial year, helped identify the following:
- a low level of compliance with procurement practices requiring the creation of purchase orders before invoices are received. The root cause was a lack of understanding by agency staff of the procurement processes
- transactions related to previous years being recorded in the current year. The root cause was a lack of understanding of the three-way matching process and the goods received/not invoiced facilities within SAP
- negative payments in fortnightly pay runs, predominantly representing deductions to recover salary payments made in error. The root cause was the lack of timeliness in notifying payroll for cessation of employment, or for employees undertaking secondments who should have been classified as being on leave without pay.
Recommendation
We recommend cluster agencies prioritise and action recommendations to address the internal control deficiencies outlined above.
Appendix one – Early close procedures
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Universities 2020 audits
Universities 2020 audits
What the report is about
Results of the financial statement audits of the public universities in NSW for the year ended 31 December 2020.
What we found
Unqualified audit opinions were issued for all ten universities.
Two universities reported retrospective corrections of prior period errors.
Universities were impacted by the COVID-19 pandemic with student enrolments decreasing in 2020 compared to 2019 by 10,032 (3.3 per cent). Of this decrease 8,310 students were from overseas.
In response to the pandemic, each university provided welfare support, created student hardship funds, provided accommodation and flexibility on payment of course fees. State and Commonwealth governments provided additional support to the sector.
Six universities recorded negative net operating results in 2020 (two in 2019). The combined revenues of the ten universities from fees and charges decreased by $361 million (5.8 per cent).
Despite the impact of the COVID-19 pandemic, which will continue to impact the financial results of universities in 2021, enrolments of overseas students in semester one of 2021 increased at two universities. This growth meant that total overseas student enrolments increased by 7,944 or 5.8 per cent across the sector as a whole. However, eight universities experienced decreases in overseas student enrolments compared to semester one of 2020. All universities have experienced growth in domestic student enrolments.
What the key issues were
There were 110 findings reported to universities in audit management letters.
Three high risk findings were identified. One related to the continued work by the University of New South Wales to assess its liability for underpayment of casual staff entitlements. The other two deficiencies were at Charles Sturt University, relating to financial reporting implications of major contracts, and resolving issues identified by an internal review of its employment contracts to reliably quantify the university’s liability to its employees.
What we recommended
Universities should prioritise actions to address repeat findings. Forty-five findings were repeated from 2019, of which 23 related to information technology.
Fast factsThere are ten public universities in NSW with 51 local controlled entities and 23 overseas controlled entities.
|
Further information
Please contact Ian Goodwin, Deputy Auditor-General on 9275 7347 or by email.
This report analyses the results of our audits of the financial statements of the ten universities in NSW for the year ended 31 December 2020. The table below summarises our key observations.
1. Financial reporting
Financial reporting | The 2020 financial statements of all ten universities received unmodified audit opinions.
Two universities reported retrospective corrections of prior period errors. The University of Sydney reported errors relating to the underpayment of staff entitlements and the fair value of buildings. Charles Sturt University reported an error relating to how it had calculated right‑of‑use assets and lease liabilities on initial application of the new leasing standard in the previous year. |
Impacts of COVID‑19 |
Student enrolments decreased in 2020 compared to 2019 by 10,032 (3.3 per cent). Of this decrease, 8,310 students were from overseas. The ongoing impact of COVID‑19 in the short‑term, on semester one enrolments for 2021 compared to semester one of 2020, has been mixed:
During 2020, universities provided welfare support to students, created student hardship funds, provided accommodation, and flexibility on payment of course fees. State and Commonwealth governments provided additional support to the sector:
|
Financial results |
Six universities recorded negative net operating results in 2020 (two in 2019). While most universities experienced decreased revenue in 2020, only four had reduced their expenses to a level that was less than revenue. |
Revenue from operations |
Universities' revenue streams were impacted in 2020 by the COVID‑19 pandemic, with fees and charges decreasing by $361 million (5.8 per cent). Government grants as a proportion of total revenue increased for the first time in five years to 34 per cent in 2020. Nearly 40 per cent of universities' total revenue from course fees in 2020 (40.9 per cent in 2019) came from overseas students from three countries: China, India and Nepal (same in 2019). Students from these countries of origin contributed $2.2 billion ($2.4 billion in 2019) in fees. Some universities continue to be dependent on revenues from students from these destinations and their results are more sensitive to fluctuations in demand as a result. |
Other revenues |
Overall philanthropic contributions to universities increased by 32.2 per cent in 2020 to $222 million ($167.9 million in 2019). The University of Sydney and the University of New South Wales attracted 75.2 per cent of the total philanthropic contributions in 2020 (69.5 per cent in 2019). Total research income for universities was $1.4 billion in 20191, with the University of Sydney and the University of New South Wales attracting 66.5 per cent of the total research income of all universities in NSW (65.2 per cent in 2018). |
Expenditure | Universities initiated cost saving measures in response to the COVID‑19 pandemic. The cost of redundancy programs increased employee related expenses in 2020 by 4.4 per cent to $6.5 billion ($6.2 billion in 2019). The cost of redundancies offered in 2020 across the universities totalled $293.9 million. Combined other expenses decreased to $2.8 billion in 2020, a reduction of $436 million (13.4 per cent). |
2. Internal controls and governance
Internal control findings | One hundred and ten internal control deficiencies were identified in 2020 (108 in 2019). Forty‑five findings were repeated from 2019, of which 23 related to information technology.
Recommendation: Universities should prioritise actions to address repeat findings on internal control deficiencies in a timely manner. Risks associated with unmitigated control deficiencies may increase over time. Three high risk internal control deficiencies were identified, namely:
Gaps in information technology (IT) controls comprised the majority of the remaining deficiencies. Deficiencies included a lack of sufficient privileged user access reviews and monitoring, payment files being held in editable formats and accessible by unauthorised persons, and password settings not aligning with the requirements of information security policies. |
Business continuity and disaster recovery planning | All universities have a business continuity policy supported with a business impact analysis.
Except for Macquarie University, all other universities had disaster recovery plans prepared for all of the IT systems that support critical business functions. Macquarie University’s disaster recovery plans were still in progress at 31 December 2020. Only half of the universities' policies require regular testing of their business continuity plans and six universities' plans do not specify staff must capture, asses and report disruptive incidents. |
3. Teaching and research
Graduate employment outcomes | Eight out of ten universities were reported as having full‑time employment rates of their undergraduates in 2020 that were greater than the national average.
Six universities were reported as having full‑time employment rates of their postgraduates in 2020 that were greater than the national average. |
Student enrolments by field of education | Enrolments at universities in NSW decreased the most in Management and Commerce courses and Engineering and Related Technologies courses. The largest increase in enrolments was in Society and Culture courses. |
Achieving diversity outcomes | Five universities in 2019 were reported as meeting the target enrolment rate for students from low socio‑economic status (SES) backgrounds.
Seven universities were reported to have increased their enrolments of students from Aboriginal and Torres Strait Islander backgrounds in 2019. The target growth rate for increases in enrolments of Aboriginal and Torres Strait Islander students (to exceed the growth rate of enrolments of non‑indigenous students by at least 50 per cent) was achieved in 2019. |
This report provides Parliament with the results of our financial audits of universities in NSW and their controlled entities in 2020, including our analysis, observations and recommendations in the following areas:
- financial reporting
- internal controls and governance
- teaching and research.
Financial reporting is an important element of governance. Confidence and transparency in university sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations on the financial reporting of universities in NSW for 2020.
Financial results
The graph below shows the net results of individual universities for 2020.
Appropriate and robust internal controls help reduce risks associated with managing finances, compliance and administration of universities.
This chapter outlines the internal controls related observations and insights across universities in NSW for 2020, including overall trends in findings, level of risk and implications.
Our audits do not review all aspects of internal controls and governance every year. The more significant issues and risks are included in this chapter. These along with the less significant matters are reported to universities for management to address.
Universities' primary objectives are teaching and research. They invest most of their resources to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and their standing in international and Australian rankings.
This chapter outlines teaching and research outcomes for universities in NSW for 2020.