Image
Refine search
Reports
Published
Members’ additional entitlements 2024
Premier and Cabinet
Whole of Government
Compliance
About this report
This report reviews compliance by members of the Parliament of New South Wales with certain requirements outlined in the Parliamentary Remuneration Tribunal’s (the Tribunal) 2024 Annual Determination (the Determination).
Claims made by members for additional entitlements totalling $12.7 million were within the scope of our review. The remaining payments of $12.1 million were not reviewed as there are certain salaries and allowances that the Determination excludes from our compliance review requirements.
Claims relating to annual basic and additional salaries, additional expense allowances, and electoral and committee allowances are excluded by the Determination from the scope of our compliance review.
Findings
From a sample of 56 claims, our compliance review procedures identified 27 departures from requirements of the Determination and/or the administrative guidelines of the Department of Parliamentary Services (the Department).
There were fewer departures this year than in previous years, however late submission of claims and declarations by members continued. The Department needs to provide clarity to members on expenditure claim requirements and processes.
Recommendations
The Department should:
- enhance its assessment as to whether members’ expenditure claims comply with requirements and advise members promptly about whether their claims are ineligible
- improve its quality review processes when reporting the total number and dollar value of members’ additional entitlements claims for each year
- ensure internal audits of members’ additional entitlements are adequately scoped and endorsed prior to their commencement and reflect the requirements of the Determination. These internal audits should be completed prior to the compliance review performed by the Audit Office
- continue to work with members to provide them additional training or education and better help them comply.
This report reviews compliance by members of the Parliament of New South Wales with certain requirements outlined in the Parliamentary Remuneration Tribunal’s (the Tribunal) 2024 Annual Determination (the Determination).
The Determination establishes the annual salaries and additional entitlements allowed to members of the Parliament of New South Wales under the Parliamentary Remuneration Act 1989 and requires members’ claims for additional entitlements to also comply with requirements of the Department of Parliamentary Services’ (the Department) administrative guidelines. The Parliament of New South Wales, through the Department, administers payments of additional entitlements.
There were 32,244 payments made to members for entitlements under the Determination during the 2023–24 financial year totalling $24.8 million. Of these, 30,566 claims for payment of additional entitlements totalling $12.7 million were within the scope of our compliance review under the Determination. The remaining payments of $12.1 million made during the 2023-24 financial year were not reviewed as there are certain salaries and allowances within the Determination that are excluded from compliance review requirements. These payments include:
- annual basic salaries, additional salaries and additional expense allowances
- additional entitlements comprising electoral allowances and committee allowances.
The infographic below outlines which payments made to members for entitlements under the Determination are within the scope of our compliance review, and those which the Determination excludes from our compliance review.
There were fewer departures from requirements of the Determination and/or the administrative guidelines of the Department identified in our 2023–24 compliance review than in previous years. However late submission of claims and declarations by members continue, indicating a need for improved processes and greater clarity, training and education for members.
From a sample of 56 claims, our compliance review procedures identified 27 departures from requirements of the Determination and/or the administrative guidelines of the Department. These included:
- 21 claims for payment were not submitted within 60 days of receipt of invoice or incurring the expense (2022–23: 22 claims)
- 1 claim under the Communications Allowance related to a publication that did not include the required authorisation and attribution (2022–23: two claims)
- 5 members submitted their annual loyalty/incentive scheme declarations after the date specified in the Department’s administrative requirements (2022–23: seven members).
The table below shows the number of departures from requirements of the Determination and/or the administrative guidelines of the Department identified in the past three financial years’ compliance reviews.
| 2023-24 | 2022-23 | 2021-22 | |
| Late submission of claims for payment | 21 | 22 | 12 |
| Late submission of Sydney Allowance reconciliations | -- | 4 | 6 |
| Ineligible claims for Communications Allowance | 1 | 2 | 4 |
| Communications Allowance claims made during blackout period * | -- | 1 | -- |
| Annual loyalty/incentive scheme declarations not submitted | -- | 4 | 2 |
| Late submission of annual loyalty/incentive scheme declarations | 5 | 7 | 16 |
| Total number of departures from the Determination | 27 | 40 | 40 |
* Blackout periods are applicable only to election years.
Members require further clarity to address the continued departures from the Determination
Our past compliance reviews identified departures from the Determination and the administrative requirements of the Department that indicate a need for greater clarity in the current processes and guidance, including increased training or education to help support members comply with the Determination.
Last year we recommended:
- the Tribunal provides greater clarity on current processes and implications of departures from the guidelines to members
- the Department works with members to provide them additional training or education and better help them comply with the Determination and/or the administrative guidelines of the Department.
While an improvement was observed in the number of departures from the Determination and the administrative requirements of the Department over the years, similar departures have been consistently identified in our compliance reviews. This suggests there is still a need for the Department to improve processes and provide greater clarity, training and education to members. It reconfirms the importance of our recommendation in section 3.3, which calls for the Department to be responsible in assessing the eligibility of claims for additional entitlements prior to payment.
Enhanced public reporting
Since 2016, our reports to Parliament have recommended the Tribunal consider requiring the Department regularly publish full details of members’ expenditure claims on its website in an accessible and searchable format.
In response, the Tribunal had developed a plan requiring greater public reporting of members’ expenditure from 1 July 2019. However, Crown Solicitor’s advice sought by the Tribunal confirmed it did not have the power to require the Department publish full details of members’ expenditure claims.
The Department responded to this recommendation by identifying that a significant investment in the required systems was necessary to allow for the detailed publishing of all members’ expenditure claims.
This recommendation has been considered by the Department and to date, there are no imminent plans for any change in the way it publishes the details of members’ expenditure claims during the year. Given our recommendation was to enhance public reporting of members’ expenditure claims, and there is no non-compliance with existing reporting, we will not be repeating this recommendation.
Appendix one - Response from the Department of Parliamentary Services
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Published
Regulation insights
Environment
Finance
Health
Local Government
Whole of Government
Compliance
Cyber security
Internal controls and governance
Management and administration
Procurement
Regulation
Risk
What this report is about
In this report, we present findings and recommendations relevant to regulation from selected reports between 2018 and 2024.
This analysis includes performance audits, compliance audits and the outcomes of financial audits.
Effective regulation is necessary to ensure compliance with the law as well as to promote positive social and economic outcomes and minimise risks with certain activities.
The report is a resource for public sector leaders. It provides insights into the challenges and opportunities for more effective regulation.
Audit findings
The analysis of findings and recommendations is structured around four key themes related to effective regulation:
- governance and accountability
- processes and procedures
- data and information management
- support and guidance.
The report draws from this analysis to present insights for agencies to promote effective regulation. It also includes relevant examples from recent audit reports.
In this report, we also draw out insights for agencies that provide a public sector stewardship role.
The report highlights the need for agencies to communicate a clear regulatory approach. It also emphasises the need to have a consistent regulatory approach, supported by robust information about risks and accompanied with timely and proportionate responses.
The report highlights the need to provide relevant support to regulated parties to facilitate compliance and the importance of transparency through reporting of meaningful regulatory information.
I am pleased to present this report, Regulation insights. This report highlights themes and generates insights about effective regulation from the last six years of audit.
Effective regulation is necessary to ensure compliance with the law. Effective regulation also promotes social, economic, and environmental outcomes, and minimises risks or negative impacts associated with certain activities. But regulation can be challenging and costly for governments to implement. It can also involve costs and impact on the regulated parties, including other public sector and private entities, and individuals. As such, effective regulation needs to be administered efficiently, and with integrity.
Having a clearly articulated and communicated regulatory approach is essential to achieving this outcome, particularly when this promotes voluntary compliance and sets performance standards that are informed by community expectations. A consistent approach to exercising regulatory powers is important: it should be supported by robust information about regulatory risks and issues, and accompanied with timely, proportionate responses. Providing relevant support to the regulated parties and coordinating activities to facilitate compliance and performance can generate efficiencies.
Finally, transparency matters. It matters so that government has oversight of and can be held accountable for its leadership of public sector compliance, and in regulating the activities of third parties. Transparency also matters because it can provide insights into the effective exercise of government power. To achieve this, meaningful regulatory information needs to be reported.
While these issues are most pertinent for government agencies that exercise traditional regulatory functions, they are also relevant to lead government agencies that provide a stewardship role in promoting compliance and performance by other government agencies in relation to particular areas of risk.
Over the past six years, our audit work has found many common and repeat performance gaps, creating risks, inefficiencies, and limiting outcomes of regulatory activities. In considering these gaps, this report provides public sector leaders with insights into the challenges and opportunities they may encounter when aiming for more effective regulation, including the good governance of regulatory activities. This includes insights for lead agencies that provide a public sector stewardship role. Through applying these insights and maximising regulatory effectiveness, unintended impacts on the people and sectors government serves and protects can be avoided or at the very least minimised.
Margaret Crawford PSM
Auditor-General for NSW
This report brings together key findings and recommendations relevant to regulation from selected performance and compliance audits between 2018 and early 2024 (19 in total), and from two reports that summarise results of financial audits during the same period. It aims to provide insights into the challenges and opportunities the public sector may encounter when aiming to enhance regulatory effectiveness.
The report is structured in two sections, each setting out insights from relevant audits and providing summaries as illustrative examples.
Section 3 is focused on insights from audits of agencies that administer regulatory powers and functions over other entities or activities (typically known as 'regulators'). The powers and functions of regulators are defined in law, and often relate to issuing approvals (e.g., licensing) for certain activities, and/or monitoring allowable activities within certain limits. Regulators often have compliance and enforcement powers that can be exercised in particular circumstances, such as when a regulated entity has not complied with relevant requirements.
Agencies may be primarily established as regulators or perform regulatory activities alongside other functions. Depending on the context, the regulated activity may relate to other state agencies, local government entities, non-government entities or individuals.
Section 4 summarises insights from a selection of audits of agencies that provide a stewardship role in promoting compliance by and performance of other state agencies and local government entities in relation to specific regulations or policies. These policies may or may not be mandatory and, unlike a more traditional regulator, the coordinating agency may not have enforcement powers to ensure compliance.
These policies, and accompanying guidelines and frameworks, are typically issued by ‘central agencies’ such as the Premier's Department that have a public sector stewardship role. They can also be issued by agencies with a leadership role in particular policy areas ('lead agencies'). While individual agencies and local government entities implementing these policies are responsible for their own compliance and performance, lead and central agencies have an oversight role including by promoting accountability and coordinating activities towards achieving compliance and performance outcomes across the public sector.
Readers are encouraged to view the full reports for further information. Links to versions published on our website are provided throughout this document, and a full list is in Appendix one. An overview of the rationale for selecting these audits and the approach to developing this report is in Appendix two.
The status of agencies' responses to audit recommendations
Findings from the audits referred to in this report were current at the time each respective report was published. In many cases, agencies accepted audit recommendations, as reflected in the letters from agency heads that are included in the appendix of each audit report.
The Public Accounts Committee of the NSW Parliament has a role in reporting on and ensuring that agencies respond appropriately to audit recommendations. Readers are encouraged to review the Public Accounts Committee's inquiries on agencies' implementation of audit recommendations, which can be found on the Committee's website.
Published
Members' additional entitlements 2023
Premier and Cabinet
Whole of Government
Compliance
What this report is about
This report assesses compliance of claims made by members of the NSW Parliament during the 2022–23 financial year with certain requirements outlined in the Parliamentary Remuneration Tribunal’s Determination (the determination).
What we found
The audit selected a sample of members’ claims. The audit does not test every claim made by members. The audit identified 33 departures from the determination. In addition, we identified seven instances where members did not submit their annual loyalty scheme declarations by the date specified in the Department of Parliamentary Services’ (the department) administrative requirements.
What we recommended
The Parliamentary Remuneration Tribunal should provide greater clarity on current processes and implications of departures from the guidelines to members. The department should work with members to provide them additional training or education to better help them comply with the determination.
The department should continue to work with presiding officers, members, the clerk of the Parliaments and the clerk of the Legislative Assembly to enhance reporting of members’ expenditure.
The Auditor-General has reviewed the compliance of the members of the NSW Parliament (members) with certain requirements outlined in the Parliamentary Remuneration Tribunal’s Determination (the determination) for the year ended 30 June 2023.
The Auditor-General’s review analyses claims made by members during the 2022–23 financial year. We use data analytics to select a sample of members’ claims and focus on claims that our data analysis identifies as being at higher risk. We do not test every claim made by members. Our sample consisted of 70 claims submitted by 64 of 135 Members.
Results
Our audit procedures identified 33 departures from the determination. In addition, we identified seven instances where members did not submit their annual loyalty scheme declarations by the date specified in Department of Parliamentary Services’ (the department) administrative requirements.
Such departures have been consistently identified in the past years and indicate greater clarity is needed in the current processes and where training or education for members is required. These departures were as follows:
- 22 members did not submit their claims for payment within 60 days of receipt of invoice or incurring the expense (2022: 12 members’ claims)
- 4 members submitted their Sydney Allowance reconciliations after the due date (2022: six members’ reconciliations)
- 2 members had claimed for publications under the Communications Allowance but not made the required authorisations and attributions upon publication (2022: four member’s publications)
- 1 member made a claim for a Communication Allowance during the blackout period
- 4 members did not submit their annual loyalty/ incentive scheme declarations (2022: two members)
- 7 members submitted their annual loyalty/ incentive scheme declarations after the date specified in the department’s administrative requirements (2022: 16 declarations).
Background
The Parliamentary Remuneration Tribunal (the tribunal) determines the salary and additional entitlements of the members, details of which are set out in the tribunal’s annual determination. The NSW Parliament, through the department, administers payments of additional entitlements to members. An overview is presented below:
Twenty-two members did not submit their claims for payment within 60 days of receipt of invoice or incurring the expense
The determination requires members to submit expense claims to the department within 60 days of receipt of invoice or incurring the expense. Our audit procedures identified 22 instances where members submitted their claims between three and 284 days late. This includes 18 members who currently sit in the Legislative Assembly or Council.
Four members submitted their Sydney Allowance reconciliations after the due date
At the start of each financial year, a member can choose to receive the Sydney Allowance as either an annual fixed amount paid monthly with their salary, or at a daily rate for each required overnight stay. Members who choose to receive an annual fixed amount must submit reconciliations twice a year to the department and return any excess of the allowance over actual expenses incurred by 30 September each year. Three members were late filing their mid-year reconciliations and one member was late filing their annual reconciliation (includes three sitting members). None of the members who filed late reconciliations needed to refund any unspent portion of their allowance to the department.
Greater clarity in current processes and training or education to members is required to address departures from the determination
There is an increase in the number of departures from the determination reported in our Auditor-General’s Report to Parliament on members’ additional entitlements since 2021–22. There is a need for greater clarity in current processes and guidance including increased training or education to help support members comply with the determination. We recommend the tribunal provides greater clarity on current processes and implications of departures from the guidelines to members. We recommend the department works with members to provide them additional training or education to better help them comply with the determination.
Open prior period recommendations
Enhanced public reporting
In 2016, the Auditor-General’s Report to Parliament recommended the tribunal consider requiring the department to regularly publish full details of members’ expenditure claims on its website in an accessible and searchable format. The tribunal had developed a plan requiring greater public reporting of members’ additional expenditure from 1 July 2019 but it does not have the power to require the department to facilitate this. This matter has been raised every year since 2016 and it continues to remain an open recommendation in 2023.
The Annual Reports of the Legislative Assembly and the Legislative Council, published on the Parliament’s website, currently list the total amount claimed during the year by each member for each allowance. However, transparency around members’ claims would be enhanced if information was more extensively and regularly published on the Parliament’s website. The department should continue to work with the presiding officers, members, the clerk of the Parliaments and the clerk of the Legislative Assembly to enhance reporting of members’ expenditure.
Appendix one – Response from Department of Parliamentary Services
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Published
Audit Insights 2018-2022
Community Services
Education
Environment
Finance
Health
Industry
Justice
Local Government
Premier and Cabinet
Planning
Transport
Treasury
Universities
Whole of Government
Asset valuation
Cross-agency collaboration
Compliance
Cyber security
Financial reporting
Fraud
Information technology
Infrastructure
Internal controls and governance
Management and administration
Procurement
Project management
Regulation
Risk
Service delivery
Shared services and collaboration
Workforce and capability
What the report is about
In this report, we have analysed the key findings and recommendations from our audit reports over the past four years.
This analysis includes financial audits, performance audits, and compliance audits of state and local government entities that were tabled in NSW Parliament between July 2018 and February 2022.
The report is framed by recognition that the past four years have seen significant challenges and emergency events.
The scale of government responses to these events has been wide-ranging, involving emergency response coordination, service delivery, governance and policy.
The report is a resource to support public sector agencies and local government to improve future programs and activities.
What we found
Our analysis of findings and recommendations is structured around six key themes:
- Integrity and transparency
- Performance and monitoring
- Governance and oversight
- Cyber security and data
- System planning for disruption
- Resource management.
The report draws from this analysis to present recommendations for elements of good practice that government agencies should consider in relation to these themes. It also includes relevant examples from recent audit reports.
In this report we particularly call out threats to the integrity of government systems, processes and governance arrangements.
The report highlights the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit.
A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.
Fast facts
- 72 audits included in the Audit Insights 2018–2022 analysis
- 4 years of audits tabled by the Auditor-General for New South Wales
- 6 key themes for Audit Insights 2018–2022.
I am pleased to present the Audit Insights 2018–2022 report. This report describes key findings, trends and lessons learned from the last four years of audit. It seeks to inform the New South Wales Parliament of key risks identified and to provide insights and suggestions to the agencies we audit to improve performance across the public sector.
The report is framed by a very clear recognition that governments have been responding to significant events, in number, character and scale, over recent years. Further, it acknowledges that public servants at both state and council levels generally bring their best selves to work and diligently strive to deliver great outcomes for citizens and communities. The role of audit in this context is to provide necessary assurance over government spending, programs and services, and make suggestions for continuous improvement.
A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.
However, in this report we particularly call out threats to the integrity of government systems, processes and governance arrangements. We highlight the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit. Arguably, these considerations are never more important than in an increasingly complex environment and in the face of significant emergency events and they will be key areas of focus in our future audit program.
While we have acknowledged the challenges of the last few years have required rapid responses to address the short-term impacts of emergency events, there is much to be learned to improve future programs. I trust that the insights developed in this report provide a helpful resource to public sector agencies and local government across New South Wales. I would be pleased to receive any feedback you may wish to offer.
Margaret Crawford
Auditor-General for New South Wales
| Integrity and transparency | Performance and monitoring | Governance and oversight | Cyber security and data | System planning | Resource management |
| Insufficient documentation of decisions reduces the ability to identify, or rule out, misconduct or corruption. | Failure to apply lessons learned risks mistakes being repeated and undermines future decisions on the use of public funds. | The control environment should be risk-based and keep pace with changes in the quantum and diversity of agency work. | Building effective cyber resilience requires leadership and committed executive management, along with dedicated resourcing to build improvements in cyber security and culture. | Priorities to meet forecast demand should incorporate regular assessment of need and any emerging risks or trends. Absence of an overarching strategy to guide decision-making results in project-by-project decisions lacking coordination. | Governments must weigh up the cost of reliance on consultants at the expense of internal capability, and actively manage contracts and conflicts of interest. |
| Government entities should report to the public at both system and project level for transparency and accountability. | Government activities benefit from a clear statement of objectives and associated performance measures to support systematic monitoring and reporting on outcomes and impact. | Management of risk should include mechanisms to escalate risks, and action plans to mitigate risks with effective controls. | In implementing strategies to mitigate cyber risk, agencies must set target cyber maturity levels, and document their acceptance of cyber risks consistent with their risk appetite. | Service planning should establish future service offerings and service levels relative to current capacity, address risks to avoid or mitigate disruption of business and service delivery, and coordinate across other relevant plans and stakeholders. | Negotiations on outsourced services and major transactions must maintain focus on integrity and seeking value for public funds. |
| Entities must provide balanced advice to decision-makers on the benefits and risks of investments. | Benefits realisation should identify responsibility for benefits management, set baselines and targets for benefits, review during delivery, and evaluate costs and benefits post-delivery. | Active review of policies and procedures in line with current business activities supports more effective risk management. | Governments hold repositories of valuable data and data capabilities that should be leveraged and shared across government and non-government entities to improve strategic planning and forecasting. | Formal structures and systems to facilitate coordination between agencies is critical to more efficient allocation of resources and to facilitate a timely response to unexpected events. | Transformation programs can be improved by resourcing a program management office. |
| Clear guidelines and transparency of decisions are critical in distributing grant funding. | Quality assurance should underpin key inputs that support performance monitoring and accounting judgements. | Governance arrangements can enable input into key decisions from both government and non-government partners, and those with direct experience of complex issues. | Workforce planning should consider service continuity and ensure that specialist and targeted roles can be resourced and allocated to meet community need. | ||
| Governments must ensure timely and complete provision of information to support governance, integrity and audit processes. | |||||
| Read more | Read more | Read more | Read more | Read more | Read more |
This report brings together a summary of key findings arising from NSW Audit Office reports tabled in the New South Wales Parliament between July 2018 and February 2022. This includes analysis of financial audits, performance audits, and compliance audits tabled over this period.
- Financial audits provide an independent opinion on the financial statements of NSW Government entities, universities and councils and identify whether they comply with accounting standards, relevant laws, regulations, and government directions.
- Performance audits determine whether government entities carry out their activities effectively, are doing so economically and efficiently, and in accordance with relevant laws. The activities examined by a performance audit may include a selected program or service, all or part of an entity, or more than one government entity. Performance audits can consider issues which affect the whole state and/or the local government sectors.
- Compliance audits and other assurance reviews are audits that assess whether specific legislation, directions, and regulations have been adhered to.
This report follows our earlier edition titled 'Performance Audit Insights: key findings from 2014–2018'. That report sought to highlight issues and themes emerging from performance audit findings, and to share lessons common across government. In this report, we have analysed the key findings and recommendations from our reports over the past four years. The full list of reports is included in Appendix 1. The analysis included findings and recommendations from 58 performance audits, as well as selected financial and compliance reports tabled between July 2018 and February 2022. The number of recommendations and key findings made across different areas of activity and the top issues are summarised at Exhibit 1.
The past four years have seen unprecedented challenges and several emergency events, and the scale of government responses to these events has been wide-ranging involving emergency response coordination, service delivery, governance and policy. While these emergencies are having a significant impact today, they are also likely to continue to have an impact into the future. There is much to learn from the response to those events that will help the government sector to prepare for and respond to future disruption. The following chapters bring together our recommendations for core elements of good practice across a number of areas of government activity, along with relevant examples from recent audit reports.
This 'Audit Insights 2018–2022' report does not make comparative analysis of trends in public sector performance since our 2018 Insights report, but instead highlights areas where government continues to face challenges, as well as new issues that our audits have identified since our 2018 report. We will continue to use the findings of our Insights analysis to shape our future audit priorities, in line with our purpose to help Parliament hold government accountable for its use of public resources in New South Wales.
Appendix one – Included reports, 2018–2022
Appendix two – About this report
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Published
Members' additional entitlements 2021
Whole of Government
Internal controls and governance
What the report is about
The Auditor-General's review analyses claims made by members of the NSW Parliament during the 2020–21 financial year by testing a sample of transactions. Our sample consisted of 67 claims submitted by 52 of the 137 members.
What we found
While we did not identify any instances of material non-compliance with the Parliamentary Remuneration Tribunal's Determination, we did identify 31 departures from the Determination, which were of an administrative nature.
What we recommended
The Department of Parliamentary Services (the department) should continue to work with the Presiding Officers, members, the Clerk of the Parliaments and the Clerk of the Legislative Assembly to enhance reporting of members' expenditure.
In 2020, we recommended the department work with the Tribunal to provide additional guidance to members to clarify:
- the definition of 'parliamentary duties'
- the activities that meet the definition
- requirements for retaining documents.
The department will work with the Tribunal to clarify these items as part of its submission to the 2022 annual Determination.
Fast facts
- 12 claims were submitted after 60 days
- 7 Sydney allowance reconciliations were submitted late
- 10 annual loyalty scheme declarations were submitted late
- 2 publications had not made the required authorisations and attributions
- $22.5m of additional entitlements were claimed in the 2020–21 financial year. This was 4.2% higher than in the 2019–20 financial year.
The Auditor-General has reviewed the compliance of the members of the NSW Parliament (members) with certain requirements outlined in the Parliamentary Remuneration Tribunal's Determination (the Determination) for the year ended 30 June 2021.
The Auditor-General's review analyses claims made by members during the 2020–21 financial year by testing a sample of transactions. Our sample consisted of 67 claims submitted by 52 of the 137 members.
Results
Although our review did not identify any instances of material non-compliance with the Determination for the year ended 30 June 2021, we did identify 31 departures from the Determination, which were of an administrative nature. Such departures may help identify areas in the current processes where greater clarity is needed or where training or education for members is needed. These departures were as follows:
- 12 claims were not submitted for payment within 60 days of receipt or occurrence of the expense
- 10 annual loyalty scheme declarations were submitted by members after the due date specified in the guideline
- 7 reconciliations for the Sydney Allowance were submitted after the due date
- 2 publications claimed under the Communications Allowance had not made the required authorisations and attributions on the publication.
Background
The Parliamentary Remuneration Tribunal (the Tribunal) determines the salary and additional entitlements of members of the NSW Parliament (members), details of which are set out in the Tribunal's annual Determination. The NSW Parliament, through the Department of Parliamentary Services (the department), administers payments of additional entitlements to members in accordance with the Tribunal's annual Determination. An overview is presented below:
Twelve claims were not submitted for payment within 60 days of receipt or occurrence of the expense
The Determination requires members' expense claims to be submitted to the department within 60 days of when the expense is incurred or receipted. Our audit procedures identified 12 instances where members submitted their claims between six and 248 days late.
Ten annual loyalty/incentive scheme declarations were submitted by members after the due date specified in the guidelines
At the end of each financial year, members must declare they have not used loyalty/incentive scheme benefits accrued from their parliamentary duties for private purposes. The Determination requires current members to complete the declarations at the end of each year (by 27 August 2021 per the department's administrative process). Former members must complete the declarations within 30 days of leaving Parliament. We found ten current members submitted their declarations between three and 18 days late. The declaration is important as it affirms that loyalty benefits accrued using the members' parliamentary allowances and entitlements were not used for private purposes.
Seven reconciliations for the Sydney Allowance reconciliations were submitted after the due date
Open prior period recommendations
Enhanced public reporting
In 2016, the Auditor-General's Report to Parliament recommended the Tribunal consider requiring the department to regularly publish full details of members' expenditure claims on its website in an accessible and searchable format. The Tribunal had developed a plan requiring greater public reporting of members' additional expenditure from 1 July 2019 but does not have the power to require the department to facilitate this.
The Annual Reports of the Legislative Assembly and the Legislative Council, published on the Parliament's website, currently list the total amount claimed during the year by each member for each allowance. However, transparency around members’ claims would be enhanced if information was more extensively and regularly published on the Parliament’s website. The department should continue to work with the Presiding Officers, members, the Clerk of the Parliaments and the Clerk of the Legislative Assembly to enhance reporting of members' expenditure.
Clarifying key parameters of the annual Determination
In 2020, the Auditor-General's Reports to Parliament recommended the department work with the Tribunal to provide additional guidance to members to clarify:
- the definition of 'parliamentary duties'
- the activities that meet the definition
- requirements for retaining documents.
To address this recommendation, the department has performed a review of the definitions and activities used by other jurisdictions, in their administration of members' entitlements. The department is also continuing to monitor for changes in the administration of members' entitlements occurring at the Federal level. The department will work with the Tribunal to clarify these items as part of its submission to the 2022 annual Determination.
Resolved prior period recommendations
Recommendations resolved since the 2020 Auditor-General's report
The 2019 Auditor-General's Report recommended the department work with the Tribunal to clarify whether members can claim the cost of travel from their General Travel Allowance when the travel was used to produce communications during the blackout period. Members are not permitted to use their Communications Allowance for the production and distribution of publications that they intended to distribute in a State Election year in the period from 26 January to the election date (the ‘blackout period’).
The 2021 Determination has clarified this matter by stating that during the 'blackout period' travel necessary for parliamentary duties rather than electioneering is acceptable. The 2021 Determination has also included the condition that a member may not use their General Travel Allowance to fund communications that would normally be funded from the Communications Allowance during a 'blackout period'.
Appendix one - Response from Department of Parliamentary Services
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Published
Service NSW's handling of personal information
Premier and Cabinet
Finance
Cyber security
Fraud
Information technology
Internal controls and governance
Management and administration
Risk
Service delivery
The Auditor-General for New South Wales, Margaret Crawford, released a report today examining the effectiveness of Service NSW’s handling of customers’ personal information to ensure its privacy.
The audit found that Service NSW is not effectively handling personal customer and business information to ensure its privacy. Service NSW continues to use business processes that pose a risk to the privacy of personal information. This includes the routine emailing of personal information between Service NSW service centres and other agencies, which is one of the processes that contributed to the data breach earlier this year. The audit found that previously identified risks and recommended solutions had not been implemented on a timely basis.
The Auditor-General made eight recommendations aimed at ensuring improved processes, technologies, and governance arrangements for how Service NSW handles customers’ personal information.
The Hon. Victor Dominello, MP, Minister for Customer Service, requested this audit under section 27(B)(3)(c) of the Public Finance and Audit Act 1983 following public reports in May 2020 of a cyber security attack which had led to a breach of Service NSW customer information. This audit also included the Department of Customer Service which supports Service NSW with privacy, risk and governance functions.
Service NSW was established in 2013 with the intention that it would, over time, 'become the primary interaction point for customers accessing New South Wales Government transaction services'.
Service NSW's functions are set out in the Service NSW (One stop Access to Government Services) Act 2013. This legislation allows for other NSW Government agencies to delegate to and enter into agreements with the Chief Executive Officer of Service NSW in order for Service NSW to undertake service functions for the agency.
Service NSW now has agreements with 36 NSW Government client agencies to facilitate over 1,200 types of interactions and transactions for the community.
The nature of each agreement between Service NSW and its client agencies varies. Some client agencies have delegated authority to allow Service NSW staff to conduct transactions on their behalf in the agencies' systems. Other arrangements do not include the same degree of delegation. In these cases, Service NSW provides services such as responding to enquiries and validating documents.
In addition, Service NSW conducts transactions for its own programs, such as the Seniors Card. Personal information for these programs, as well as information for customers' MyServiceNSW accounts, are stored by Service NSW on its Salesforce Customer Relationship Management (CRM) system.
In March 2020, Service NSW suffered two cyber security attacks in short succession. Technical analysis undertaken by the Department of Customer Service (DCS) concluded that these attacks resulted from a phishing exercise through which external threat actors gained access to the email accounts of 47 staff members. These attacks resulted in the breach of a large amount of personal customer information that was contained in these email accounts. See Section 1.1 for further details.
This audit is being conducted in response to a request from the Hon. Victor Dominello, Minister for Customer Service, under section 27B(3)(c) of the Public Finance and Audit Act 1983. Minister Dominello requested that the Auditor General conduct a performance audit in relation to Service NSW's handling of sensitive customer and business information.
This audit assessed how effectively Service NSW handles personal customer and business information to ensure its privacy.
It addressed the following:
- Does Service NSW have processes and governance in place to identify and manage risks to the privacy of personal customer and business information?
- Does Service NSW have policies, processes and systems in place that support the effective handling of personal customer and business information to ensure its privacy?
- Has Service NSW effectively implemented its policies, processes and systems for managing personal customer and business information?
ConclusionService NSW is not effectively handling personal customer and business information to ensure its privacy. It continues to use business processes that pose a risk to the privacy of personal information. These include routinely emailing personal customer information to client agencies, which is one of the processes that contributed to the March 2020 data breach. Previously identified risks and recommended solutions had not been implemented on a timely basis.Service NSW identifies privacy as a strategic risk in both its Risk Management Guideline and enterprise risk register and sets out a zero level appetite for privacy risk in its risk appetite statement. That said, the governance, policies, and processes established by Service NSW to mitigate privacy risk are not effective in ensuring the privacy of personal customer and business information. While Service NSW had risk identification and management processes in place at the time of the March 2020 data breach, these did not prevent the breach occurring. Some of the practices that contributed to the data breach are still being followed by Service NSW staff. For example, business processes still require Service NSW staff to scan and email personal information to some client agencies. The lack of multi factor authentication has been identified as another key contributing factor to the March 2020 data breach as this enabled the external threat actors to gain access to staff email accounts once they had obtained the user account details through a phishing exercise. Service NSW had identified the lack of multi factor authentication on its webmail platform as a risk more than a year prior to the breach and had committed to addressing this by June 2019. It was not implemented until after the breach occurred. There are weaknesses in the general IT and security controls implemented by Service NSW over its Salesforce Customer Relationship Management (CRM) system, which holds the personal information of over four million NSW residents.Internal audits carried out by Service NSW, including one completed in August 2020, have identified significant weaknesses in the general IT and security controls implemented by Service NSW over its Salesforce CRM system. These include deficiencies in the management of role based access, monitoring and audit of user access, and partitioning of program specific transaction information. These deficiencies create an increased risk of unauthorised access to the personal information of over four million customers held in the system. Lines of responsibility for meeting privacy obligations are not clearly drawn between Service NSW and its client agencies.Service NSW has agreements in place with client agencies. However, the agreements lack detail and clarity about the roles and responsibilities of the agencies in relation to the collection, storage and security of customer's personal information. This lack of clarity raises the risk that privacy obligations will become confused and missed between the agencies. Service NSW carries out privacy impact assessments for major new projects but does not routinely review existing processes and systems.Service NSW carries out privacy impact assessments as part of its routine processes for implementing major new projects, ensuring that privacy management is considered as part of project design. Service NSW does not regularly undertake privacy impact assessments or reviews of existing or legacy processes and systems, which has resulted in some processes continuing despite posing significant risks to the privacy of personal information, such as the scanning, emailing, and storing of identification documents. |
1. Key findings
Service NSW identifies privacy risks, but the controls and processes it put in place to mitigate these privacy risks were not adequate to prevent or limit the extent of the data breach that occurred in March 2020
Service NSW’s approach to risk management is framed by its Risk Management Guideline, which defines 'privacy and compliance' as one of the key types of risk for the agency. Service NSW's enterprise risk register identifies four strategic privacy related risks. Service NSW has set out a zero level appetite for privacy risk in its risk appetite statement.
Service NSW has assessed the adequacy of its controls for privacy risks as needing improvement. To be fully effective, the Risk Management Guideline says that these controls should have a focus that is ‘largely preventative and address the root causes’.
One of the business processes that was a key contributing factor to the data breach was the emailing of personal information by Service NSW staff to client agencies.
This process had been identified as a risk prior to the breach and some steps had been put in place to mitigate the risk. In particular, staff were required to manually delete emails that contained personal information. However, these measures were ineffective in preventing the breach, as the external threat actors still gained access to 47 staff email accounts that contained a large amount of personal information.
It is unclear why Service NSW did not effectively mitigate this risk prior to the breaches. However, Service NSW has advised that it implemented measures in June and October 2020 to automatically archive emails likely to contain personal information. This is expected to limit the quantity of information retained in email accounts for extended periods.
Service NSW has not put in place any technical or other solutions to avoid Service NSW staff having to scan and email personal information to some client agencies. Urgent action is needed to remove the requirement for staff to email personal information to client agencies, thereby mitigating the risk inherent in sending and storing this information using email.
There are weaknesses in the general IT and security controls implemented by Service NSW over its Salesforce CRM system, which holds the personal information of over four million customers
There are weaknesses in the general IT and security controls implemented by Service NSW over its Salesforce CRM system. These weaknesses include deficiencies in governance of role based access, monitoring and audit of staff access, and partitioning of program specific transaction information. These deficiencies create an increased risk of unauthorised access to the personal information of over four million customers which is stored in this system.
In addition, there is an absence of important controls to safeguard customers' privacy, such as multi factor authentication and reviewable logs of access history to their information. Such controls, when properly implemented, would enhance the control that customers are able to exercise over their personal information.
A privacy impact assessment conducted on Service NSW’s Salesforce CRM system in 2015 recommended that the system include the ability for customers to review access history to their personal information, as well as the option for customers to apply multi factor authentication to their accounts. While both these recommendations appeared positively received by Service NSW, neither have been implemented.
Since its inception, Service NSW’s use of Salesforce has extended to storing transaction data, particularly for transactions for which Service NSW is responsible, such as the Seniors Card. It also holds details of over four million MyServiceNSW account holders, including name, email address and phone number, and optional address details. It was not originally intended for the system to hold this volume and nature of customer information.
Lines of responsibility for meeting privacy obligations are unclear between Service NSW and its client agencies
Service NSW's privacy management plan does not clearly set out the privacy obligations of Service NSW and its client agencies. It sets out that 'compliance with the privacy principles will primarily be the responsibility of that [client] agency'. However, Service NSW has its own obligations under the security principles of the Privacy and Personal Information Protection Act 1998 (PPIP Act) to take reasonable steps to prevent unauthorised access to personal information, which is not made clear in the privacy management plan.
The agreements between Service NSW and client agencies reviewed for this audit only include general and high level references to privacy. Most do not include details of each parties' privacy responsibilities such as: which agency will provide the customer with a privacy notice explaining how their personal information will be handled, how personal information will be kept secure, how long Service NSW will retain information, what processes will be followed for internal reviews, and what specific planning is in place to respond to data breaches.
Service NSW's privacy management plan has not been updated to include new programs and governance changes
Service NSW's privacy management plan includes most of the matters required by law or good practice, with some exceptions. It does not explain any exemptions that the agency commonly relies on under the PPIP Act and does not address any health information that Service NSW may handle. It had also not been updated to reflect governance changes and the fact that, at the time this audit commenced, Service NSW was disclosing the content of internal review applications (the formal expression for 'complaints') to the Department of Customer Service (DCS). These governance changes were part of the centralisation of Service NSW's corporate support functions into DCS in late 2019, though internal review staff were seconded back into Service NSW during the course of this audit.
The current July 2019 privacy management plan has also not been updated since the rollout of a number of major new initiatives in 2020. These include 2019–20 bushfire emergency recovery initiatives (such as small business grants) and COVID 19 pandemic response initiatives (such as small business grants, border permits and the COVID safe check in app).
Service NSW routinely conducts privacy impact assessments for new initiatives, though privacy risks remain in legacy systems and processes
Service NSW routinely conducts privacy impact assessments for major new initiatives and the assessments reviewed for this audit largely accorded with good practice guidance.
Service NSW does not routinely review existing processes and systems to ensure that they are effective in ensuring the privacy of customer personal information. Business processes that create the highest risk to privacy, such as emailing of personal information, are more common in these longstanding legacy systems.
Service NSW's significant and rapid growth has outpaced the establishment of a robust control environment which has exacerbated privacy risks
Since it was established in 2013, Service NSW has experienced significant growth in the number and diversity of the types of transactions it provides, as well as the number of client agencies with which it works. The pace and extent of this growth has contributed to important controls not being properly implemented on a timely basis, which has heightened privacy risks, particularly in regard to existing, legacy systems and processes.
The pace of change and increasing demand for new program implementation has limited the opportunity for Service NSW, in collaboration with its client agencies, to revisit and redesign legacy business practices which pose a greater privacy risk. This includes the scanning and emailing of personal information.
While 2019–20 has seen additional demands placed on Service NSW in responding to the 2019–20 bushfire emergency and COVID 19 pandemic, it is the nature of the agency’s work that it operates in a fast paced and complex environment, where it is required to respond to multiple client agencies and stakeholders. Ensuring customer privacy should be integral to Service NSW’s business as usual operations.
2. Recommendations
Service NSW commissioned a number of external reviews and investigations stemming from the data breaches. The Auditor General's recommendations below have taken these other reviews into account. In order to offer assurance that it is appropriately protecting the privacy of its customers, Service NSW should address the full breadth of findings and recommendations made across all relevant reviews.
As a matter of urgency, Service NSW should:
1. in consultation with relevant client agencies and the Department of Customer Service, implement a solution for a secure method of transferring personal information between Service NSW and client agencies
2. review the need to store scanned copies of personal information and, if still required, implement a more secure method of storing this information and regular deletion of material.
By March 2021, Service NSW should:
3. ensure that all new agreements entered into with client agencies from 1 April 2021 address the deficiencies identified in this audit, including that they provide clarity on:
- the content and provision of privacy collection notices
- the terms by which personal information will be retained, stored, archived, and disposed of when no longer required
- steps that will be taken by each agency to ensure that personal information is kept secure
- the circumstances in which, and processes by which, applications for internal review will be referred by one agency to the other
- how identified breaches of privacy will be handled between agencies
4. in collaboration with the Department of Customer Service, review its privacy management plan to address the deficiencies raised in this audit, including:
- to clarify Service NSW's understanding of how responsibility for meeting privacy obligations are delineated between Service NSW and client agencies
- to better reflect the full scope and complexity of personal information handled by Service NSW
- to better explain how applications for internal review are handled between Service NSW and the Department of Customer Service
- to ensure regular ongoing review, either according to a schedule or when Service NSW experiences substantial change to its programs and handling of personal information
5. in consultation with the Department of Customer Service, review its policies and processes for the management of privacy risks, including to:
- ensure that there are appropriate mechanisms to escalate identified privacy risks from business units to the Executive Leadership Team
- ensure that there are action plans to address strategic privacy risks that are assessed as having ineffective controls.
By June 2021, Service NSW should:
6. address deficiencies in the controls over, and security for, its Salesforce customer relationship management and related systems that hold customer personal information, including:
- establish policies and processes for regular access reviews and monitoring of user activity in these systems, including for privileged users
- enable partitioning and role based access restrictions to personal information collected for different programs
- provide customers the choice to use multi factor authentication to further secure their MyServiceNSW accounts
- enable customers to view the transaction history of their personal information to detect possible mishandling.
By December 2021, Service NSW should:
7. ensure that all existing agreements with client agencies address the deficiencies identified in this audit, including that they provide clarity on:
- the content and provision of privacy collection notices
- the terms by which personal information will be retained, stored, archived, and disposed of when no longer required
- steps that will be taken by each agency to ensure that personal information is kept secure
- the circumstances in which, and processes by which, applications for internal review will be referred by one agency to the other
- how identified breaches of privacy will be handled between agencies
8. carry out a risk assessment of all processes, systems and transactions that involve the handling of personal information and undertake a privacy impact assessment for those that:
- are identified as high risk and have not previously had a privacy impact assessment
- have had major changes or updates since the privacy impact assessment was completed.
Appendix one – Responses from agencies
Appendix two – About the audit
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Published
Procurement and reporting of consultancy services
Finance
Education
Community Services
Industry
Justice
Planning
Premier and Cabinet
Health
Treasury
Transport
Environment
Information technology
NSW Government agencies engage consultants to provide professional advice to inform their decision‑making. The spend on consultants is measured and reported in different ways for different purposes and the absence of a consistently applied definition makes quantification difficult.
The NSW Government’s procurement principles aim to help agencies obtain value for money and be fair, ethical and transparent in their procurement activities. All NSW Government agencies, with the exception of State Owned Corporations, must comply with the NSW Procurement Board’s Direction when engaging suppliers of business advisory services. Business advisory services include consultancy services. NSW Government agencies must disclose certain information about their use of consultants in their annual reports. The table below illustrates the detailed procurement and reporting requirements.
| Relevant guidance | Requirements | |
|---|---|---|
| Procurement of consultancy services | PBD 2015 04 Engagement of major suppliers of consultancy and other services (the Direction) including the Standard Commercial Framework (revised on 31 January 2018, shortly before it was superseded by 'PBD 2018 01') |
Required agencies to seek the Agency Head or Chief Financial Officer's approval for engagements over $50,000 and report the engagements in the Major Suppliers' Portal (the Portal). |
| PBD 2018 01 Engagement of professional services suppliers (replaced 'PBD 2015 04' in May 2018) |
Requires agencies to seek the Agency Head or Chief Financial Officer's approval for engagements that depart from the Standard Commercial Framework and report the engagements in the Portal. Exhibit 3 in the report includes the key requirements of these three Directions. |
|
| Reporting of consultancy expenditure | Annual Reports (Departments) Regulation 2015 and Annual Reports (Statutory Bodies) Regulation 2015 | Requires agencies to disclose, in their annual reports, details of consultants engaged in a reporting year. |
| Premier's Memorandum 'M2002 07 Engagement and Use of Consultants' |
Outlines additional reporting requirements for agencies to describe the nature and purpose of consultancies in their annual reports. |
We examined how 12 agencies complied with their procurement and reporting obligations for consultancy services between 1 July 2016 and 31 March 2018. Participating agencies are listed in Appendix two. We also examined how NSW Procurement supports the functions of the NSW Procurement Board within the Department of Finance, Services and Innovation.
This audit assessed:
- agency compliance with relevant procurement requirements for their use of consultants
- agency compliance with disclosure requirements about consultancy expenditure in their annual reports
- the effectiveness of the NSW Procurement Board (the Board) in fulfilling its functions to oversee and support agency procurement of consultancy services.
Conclusion
No participating agency materially complied with procurement requirements when engaging consultancy services. Eight participating agencies under reported consultant fees in their annual reports. The NSW Procurement Board is not fully effective in overseeing and supporting agencies' procurement of consultancy services.
All 12 agencies that we examined did not materially comply with the NSW Procurement Board Direction for the use of consultants between 1 July 2016 and 31 March 2018.
Eight agencies did not comply with annual reporting requirements in the 2016–17 financial reporting year. Three agencies did not report expenditure on consultants that had been capitalised as part of asset costs, and one agency did not disclose consultancy fees incurred by its subsidiaries. Agencies also defined ‘consultants’ inconsistently.
The NSW Procurement Board's Direction was revised in January 2018, and mandates the use of the Standard Commercial Framework. The Direction aims to drive value for money, reduce administrative costs and simplify the procurement process. In practice, agencies found the Framework challenging to use. To better achieve the Direction’s intent, the Board needs to simplify procurement and compliance processes.
The Board is yet to publish any statistics or analysis of agencies’ procurement of business advisory services due to issues with the quality of data and systems limitations. Also, the Board’s oversight of agency and supplier compliance with the Framework is limited as it relies on self reporting, and the information provided is insufficient to properly monitor compliance. NSW Procurement is yet to develop an effective procurement and business intelligence system for use by government agencies. Better procurement support, benefit realisation monitoring and reporting by NSW Procurement will help promote value for money in the engagement of consultants.
Published
Performance audit insights: key findings from 2014-2018
Whole of Government
Compliance
Fraud
Information technology
Internal controls and governance
Procurement
Project management
A report released today by the Auditor-General for New South Wales, Margaret Crawford, presents key findings from four years of performance audits. The report findings are presented around six areas of government activity including planning for the future, meeting community expectations for key services, investment in infrastructure, managing natural resources, ensuring good governance and digital disruption.
In this report, we present common findings and lessons from the past four years of performance audits, and offer insights to the public sector on elements of effective performance. We have analysed the key findings and recommendations from 61 performance audits tabled in the NSW Parliament between July 2014 and June 2018, spanning varied areas of government activity. We will also use this report to help determine areas of unaddressed risk across all parts of government, and to shape our future audit priorities.
Governments play an important stewardship role. Their decisions need to consider intergenerational equity by ensuring that investment strategies are sustainable. Governments also need to consider the impact of their decisions on different parts of the community. We recognise that governments face challenges in delivering programs and services, targeting complex social issues with finite resources.
Governments are changing how they deliver services to respond to citizen needs and deliver greater value for money. In this section, we reflect on audits that looked at how government entities are planning their activities to meet the needs of the community into the future.
State and local government exist to provide services to citizens, and citizens are playing a greater role in defining what services they want or need. Expectations about consultation, ease of access, timeliness, and customisation of services are rising. Governments face challenges to continually improve the way they plan and deliver services to meet these expectations. Governments also need to provide quality services for a growing and ageing population whilst working within a constrained financial environment.
Over the past four years, our performance audits have assessed aspects of State and local government services, including education, health services, disability support, corrective services, and many others. In this section, we draw together common findings that government entities should reflect on when providing services to the community.
The NSW Government’s 2018–19 Budget forecasts an $87.2 billion infrastructure investment program over the next four years. Infrastructure investment of this size carries significant opportunities and risks. Competition for resources is high and maintaining the capability to manage and deliver projects effectively is challenging. Governments also need to plan effectively to ensure infrastructure built today will meet future needs.
Over the past four years, we have looked at some of the ways NSW Government agencies justify and prioritise projects for funding, work with contractors to deliver projects, and track and report on progress. In this section, we draw together common findings from our audits that government entities should consider when planning future infrastructure projects.
Governments face challenges in balancing the use of natural resources to meet diverse interests, while supporting a sustainable natural environment for the future. They need to supply communities with water, produce energy, protect natural habitats, and support farming, industry, and economic development.
Some of our recent audits have considered how government agencies are managing natural resources and protecting the environment for future generations. In this section, we have drawn together common findings across our audits that government entities should consider in managing the environment and natural resources.
A range of checks and balances is needed to support public confidence in government decision making. To maintain trust, government agencies should act transparently, and in accordance with relevant legislation and policy. This is particularly important as the public sector increasingly engages with external partners to deliver services and provide a more contestable environment.
Good governance arrangements should result in improved service delivery and more effective and efficient use of resources. Our audits have looked at many different elements of governance, including making sure the necessary processes and workplace cultures are in place to help government entities achieve their aims. In this section, we have drawn together various aspects of governance that government entities should consider.
The global increase in digital technology provides governments with opportunities to interact with citizens in more immediate and responsive ways than was previously possible. Data can be used in powerful ways such as predicting future demand for services, targeting interventions, responding to crises, and evaluating outcomes. Governments face challenges in doing this while maintaining secure digital environments that protect citizen interests, privacy, and autonomy.
Our audits have assessed some of the ways that government entities are incorporating digital change into their work. In this section, we draw together common themes that governments could consider in protecting their digital assets, or expanding their digital capabilities.
Published
Assessment of the use of a training program
Finance
Internal controls and governance
Management and administration
The Department of Finance, Services and Innovation (DFSI) and Service NSW's use of Franklin Covey's '7 Habits' program (the Program) met identified business needs according to a report released today by the Auditor-General for New South Wales Margaret Crawford.
This audit assesses the effectiveness and economy of the Department of Finance, Services and Innovation's, including Service NSW's, use of the Franklin Covey ‘7 Habits’ program (the Program). On 15 March 2018, the Hon. Victor Dominello MP, Minister for Finance, Services and Property, requested the Auditor General conduct this audit under section 27(B)(3)(c) of the Public Finance and Audit Act 1983 (the Act).
About the agencies
The Department of Finance, Services and Innovation (the Department) is the lead agency of the Finance, Services and Innovation cluster. The Department has a number of divisions and business units, including: ICT and Digital Government, Property and Advisory Group, Better Regulation, NSW Fair Trading, Government and Corporate Services, and Revenue NSW. At 30 June 2017, the Department (excluding Service NSW) had 5,239 full-time equivalent staff.
Service NSW is a central point of contact for customers accessing NSW Government Services. It is a Division of the Finance, Services and Innovation cluster and operates as an executive agency. As an executive agency, Service NSW is led by a Chief Executive Officer, who is responsible to the Minister for Finance, Services and Property but appointed by the Secretary of the Department of Finance, Services and Innovation. Service NSW was established in 2013 and has operated under the Finance, Services and Innovation cluster since July 2015. At 30 June 2017, Service NSW had 1,989 full-time equivalent staff.
About the Program
The Program that the Department and Service NSW are implementing, and which is the subject of this audit, is a professional development training course which focusses on organisational culture emphasising personal effectiveness, leadership development and change management. All staff in the Department and Service NSW will receive the training, which involves:
- a 360-degree assessment where every staff member receives feedback from their manager, direct reports, and peers
- a two-day training workshop, which will be delivered face to face by accredited facilitators
- 2 years of online access to all training materials created by the provider of the Program.
As part of the licensing arrangement purchased by the agencies, the Program also provides access (at no extra cost) to the full range of the provider's training and development courses that might be useful for other learning and development activities. This includes courses to improve staff capability in communication skills, leadership, productivity and customer engagement. The Department is considering using one of these courses to develop leadership capabilities. Service NSW has integrated three of these courses into its people development curriculum.
Service NSW commenced the first sessions of the Program in May 2017. At 24 April 2018, around 1,000 staff had undertaken the training. Service NSW expects all staff to complete the Program by June 2019.
The Department of Finance, Services and Innovation commenced the first sessions of the Program in August 2017. At 18 April 2018, around 175 staff had undertaken the training. The Department expects all staff to complete the Program by December 2019.
Audit objective and criteria
The audit sought to assess the effectiveness and economy of the Finance, Services and Innovation cluster’s use of the Program. In making this assessment, we considered whether:
- the Program is being used effectively, including whether
- there is an identified need for the Program
- the use of the Program meets the identified need
- Finance, Services and Innovation cluster agencies evaluate the effectiveness of the Program
- the Program is economical, including whether:
- the procurement complies with all relevant policies and processes
- funding and resources allocated to the Program are reasonable.
Conclusion
The Department of Finance, Services and Innovation, and Service NSW developed workforce strategies which identified a business need to improve organisational culture and staff engagement. The Program met the identified business needs and both agencies negotiated value for money contracts for the delivery of the Program when compared to other available options for training all staff.
However, the agencies did not document evidence to show that training all staff members was necessary to meet their business needs, as compared with training fewer staff members at a lower overall cost. As a result, we are unable to form a view on whether the approach to train all staff members was economical. The agency heads have subsequently provided information supporting their decisions to train all staff members. This information indicates their decisions were based on evidence that this would meet the goals of their workforce strategies, including improving employee engagement scores and organisational culture change.
The Department is paying $1,320,700, over three years, for up to 5,600 staff to participate in the Program ($235.84 per person). Service NSW is paying $595,000, over two years, for up to 2,400 staff to participate in the Program ($247.92 per person).
The agencies are collecting the data they need to evaluate the Program and there is some evidence that the Program is achieving its objectives in Service NSW. Due to the timing of this audit, there is not yet enough information available to comment on whether the Program is achieving its objectives in the Department.
|
Sector-wide learnings Implementing robust learning and development frameworks
|
Published
Agency compliance with NSW Government travel policies
Education
Community Services
Finance
Health
Industry
Justice
Local Government
Planning
Premier and Cabinet
Transport
Treasury
Universities
Whole of Government
Compliance
Internal controls and governance
Procurement
Overall, agencies materially complied with NSW Government travel policies.
However, the Auditor-General found some agencies:
- did not always book official travel through the approved supplier
- had weaknesses in their travel approval processes
- had travel policies that were inconsistent with the NSW Government policy
- did not adequately manage their travel records.
We asked the 15 participating agencies to complete a self assessment of the processes they have implemented to comply with the new policy. The key observations are summarised below.
