Refine search Expand filter

Audit progress

- Any -

Sector

- Any -

Year

- Any -

Report type

- Any -

Topic

- Any -

Reports

2023-24
Planned

Water management and regulation

Planning
Environment
Compliance
Fraud
Internal controls and governance
Management and administration
Regulation
Service delivery

Water regulation aims to achieve sustainable environmental, economic and social outcomes from the management of water resources, consistent with the Water Management Act 2000. Following recommendations from reviews into water theft, reforms were made to strengthen water regulation, compliance and enforcement – including the establishment of the Natural Resources Access Regulator (NRAR) in 2018. The Department of Planning and Environment shares responsibility for issuing water access licences and approvals with the state-owned corporation, WaterNSW.

This audit could assess how effectively the Department, WaterNSW and NRAR are undertaking relevant planning, licensing and regulatory functions to ensure secure, sustainable and transparent water sharing in New South Wales. This topic could also consider how effectively the Department has implemented reforms to enhance water metering technology and rules, and the efficacy of NRAR’s activities to support this program.

Published

Universities 2020 audits

Universities
Cyber security
Financial reporting
Internal controls and governance

What the report is about

Results of the financial statement audits of the public universities in NSW for the year ended 31 December 2020.

What we found

Unqualified audit opinions were issued for all ten universities.

Two universities reported retrospective corrections of prior period errors.

Universities were impacted by the COVID-19 pandemic with student enrolments decreasing in 2020 compared to 2019 by 10,032 (3.3 per cent). Of this decrease 8,310 students were from overseas.

In response to the pandemic, each university provided welfare support, created student hardship funds, provided accommodation and flexibility on payment of course fees. State and Commonwealth governments provided additional support to the sector.

Six universities recorded negative net operating results in 2020 (two in 2019). The combined revenues of the ten universities from fees and charges decreased by $361 million (5.8 per cent).

Despite the impact of the COVID-19 pandemic, which will continue to impact the financial results of universities in 2021, enrolments of overseas students in semester one of 2021 increased at two universities. This growth meant that total overseas student enrolments increased by 7,944 or 5.8 per cent across the sector as a whole. However, eight universities experienced decreases in overseas student enrolments compared to semester one of 2020. All universities have experienced growth in domestic student enrolments.

What the key issues were

There were 110 findings reported to universities in audit management letters.

Three high risk findings were identified. One related to the continued work by the University of New South Wales to assess its liability for underpayment of casual staff entitlements. The other two deficiencies were at Charles Sturt University, relating to financial reporting implications of major contracts, and resolving issues identified by an internal review of its employment contracts to reliably quantify the university’s liability to its employees.

What we recommended

Universities should prioritise actions to address repeat findings. Forty-five findings were repeated from 2019, of which 23 related to information technology.

Fast facts

There are ten public universities in NSW with 51 local controlled entities and 23 overseas controlled entities.

  • $10.9bn Total combined revenue in 2020, a decrease of $538.5 million (4.7 per cent) from 2019.
  • 106,984 Overseas student enrolments in 2020, a decrease of 8,310 students (7.2 per cent) from 2019.
  • 3 High risk management letter findings were identified.
  • $11.0bn Total combined expenditure in 2020, a decrease of $147.8 million (0.9 per cent) from 2019.
  • 182,683 Domestic student enrolments in 2020, a decrease of 1,722 students (0.9 per cent) from 2019.
  • 41% Of reported issues were repeat issues.

Further information

Please contact Ian Goodwin, Deputy Auditor-General on 9275 7347 or by email.

This report analyses the results of our audits of the financial statements of the ten universities in NSW for the year ended 31 December 2020. The table below summarises our key observations.

1. Financial reporting

Financial reporting The 2020 financial statements of all ten universities received unmodified audit opinions.

Two universities reported retrospective corrections of prior period errors. The University of Sydney reported errors relating to the underpayment of staff entitlements and the fair value of buildings. Charles Sturt University reported an error relating to how it had calculated right‑of‑use assets and lease liabilities on initial application of the new leasing standard in the previous year.
Impacts of COVID‑19

Student enrolments decreased in 2020 compared to 2019 by 10,032 (3.3 per cent). Of this decrease, 8,310 students were from overseas.

The ongoing impact of COVID‑19 in the short‑term, on semester one enrolments for 2021 compared to semester one of 2020, has been mixed:

  • all universities in NSW experienced a growth in their domestic student enrolments
  • eight universities experienced decreases in overseas student enrolments.

During 2020, universities provided welfare support to students, created student hardship funds, provided accommodation, and flexibility on payment of course fees.

State and Commonwealth governments provided additional support to the sector:

  • those university controlled entities eligible to receive JobKeeper payments received a combined amount under the Commonwealth scheme totalling $47.6 million in 2020
  • the NSW Government launched a University Loan Guarantee scheme.
Financial results

Six universities recorded negative net operating results in 2020 (two in 2019). While most universities experienced decreased revenue in 2020, only four had reduced their expenses to a level that was less than revenue.
Revenue from operations

Universities' revenue streams were impacted in 2020 by the COVID‑19 pandemic, with fees and charges decreasing by $361 million (5.8 per cent).

Government grants as a proportion of total revenue increased for the first time in five years to 34 per cent in 2020.

Nearly 40 per cent of universities' total revenue from course fees in 2020 (40.9 per cent in 2019) came from overseas students from three countries: China, India and Nepal (same in 2019). Students from these countries of origin contributed $2.2 billion ($2.4 billion in 2019) in fees. Some universities continue to be dependent on revenues from students from these destinations and their results are more sensitive to fluctuations in demand as a result.
Other revenues

Overall philanthropic contributions to universities increased by 32.2 per cent in 2020 to $222 million ($167.9 million in 2019). The University of Sydney and the University of New South Wales attracted 75.2 per cent of the total philanthropic contributions in 2020 (69.5 per cent in 2019).

Total research income for universities was $1.4 billion in 20191, with the University of Sydney and the University of New South Wales attracting 66.5 per cent of the total research income of all universities in NSW (65.2 per cent in 2018).
Expenditure Universities initiated cost saving measures in response to the COVID‑19 pandemic. The cost of redundancy programs increased employee related expenses in 2020 by 4.4 per cent to $6.5 billion ($6.2 billion in 2019). The cost of redundancies offered in 2020 across the universities totalled $293.9 million. Combined other expenses decreased to $2.8 billion in 2020, a reduction of $436 million (13.4 per cent).

2. Internal controls and governance

Internal control findings One hundred and ten internal control deficiencies were identified in 2020 (108 in 2019). Forty‑five findings were repeated from 2019, of which 23 related to information technology.

Recommendation: Universities should prioritise actions to address repeat findings on internal control deficiencies in a timely manner. Risks associated with unmitigated control deficiencies may increase over time.

Three high risk internal control deficiencies were identified, namely:

  • The University of New South Wales should continue work to assess its liability for the underpayment of casual staff entitlements. This issue was also reported last year.
  • Two high risk deficiencies were identified at Charles Sturt University. One related to misunderstanding the requirements of the new accounting standard in relation to recognising grant funding revenue for construction work. The second related to resolving issues identified by an ongoing internal review of its employment contracts to enable a reliable quantification as to the university's liability to its employees.

Gaps in information technology (IT) controls comprised the majority of the remaining deficiencies. Deficiencies included a lack of sufficient privileged user access reviews and monitoring, payment files being held in editable formats and accessible by unauthorised persons, and password settings not aligning with the requirements of information security policies.
Business continuity and disaster recovery planning All universities have a business continuity policy supported with a business impact analysis.

Except for Macquarie University, all other universities had disaster recovery plans prepared for all of the IT systems that support critical business functions. Macquarie University’s disaster recovery plans were still in progress at 31 December 2020.

Only half of the universities' policies require regular testing of their business continuity plans and six universities' plans do not specify staff must capture, asses and report disruptive incidents.

3. Teaching and research

Graduate employment outcomes Eight out of ten universities were reported as having full‑time employment rates of their undergraduates in 2020 that were greater than the national average.

Six universities were reported as having full‑time employment rates of their postgraduates in 2020 that were greater than the national average.
Student enrolments by field of education Enrolments at universities in NSW decreased the most in Management and Commerce courses and Engineering and Related Technologies courses. The largest increase in enrolments was in Society and Culture courses.
Achieving diversity outcomes Five universities in 2019 were reported as meeting the target enrolment rate for students from low socio‑economic status (SES) backgrounds.

Seven universities were reported to have increased their enrolments of students from Aboriginal and Torres Strait Islander backgrounds in 2019. The target growth rate for increases in enrolments of Aboriginal and Torres Strait Islander students (to exceed the growth rate of enrolments of non‑indigenous students by at least 50 per cent) was achieved in 2019.
 1 2020 data, which is compiled by the Australian Department of Education and Training, is not yet available.

This report provides Parliament with the results of our financial audits of universities in NSW and their controlled entities in 2020, including our analysis, observations and recommendations in the following areas:

  • financial reporting
  • internal controls and governance
  • teaching and research.

Financial reporting is an important element of governance. Confidence and transparency in university sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations on the financial reporting of universities in NSW for 2020.

Financial results

The graph below shows the net results of individual universities for 2020.

Appropriate and robust internal controls help reduce risks associated with managing finances, compliance and administration of universities.

This chapter outlines the internal controls related observations and insights across universities in NSW for 2020, including overall trends in findings, level of risk and implications.

Our audits do not review all aspects of internal controls and governance every year. The more significant issues and risks are included in this chapter. These along with the less significant matters are reported to universities for management to address.

Universities' primary objectives are teaching and research. They invest most of their resources to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and their standing in international and Australian rankings.

This chapter outlines teaching and research outcomes for universities in NSW for 2020.

Appendix one – Status of 2019 recommendations

Appendix two – Universities' controlled entities

Published

Planning, Industry and Environment 2020

Planning
Environment
Industry
Asset valuation
Compliance
Financial reporting
Internal controls and governance
Management and administration

This report analyses the results of our audits of financial statements of the Planning, Industry and Environment cluster agencies for the year ended 30 June 2020. The table below summarises our key observations.

1. Financial reporting

Audit opinions

There are 45 separate entities in the cluster. Unqualified audit opinions were issued for 38 cluster agencies' 30 June 2020 financial statements audits. Four financial statements audits are still ongoing, and three agencies were not subject to audit due to NSW Treasury reporting exemptions.

Timeliness of financial reporting

The majority of cluster agencies subject to statutory reporting deadlines met the revised timeline for submitting financial statements. Twenty‑four of the 26 cluster agencies required to submit early close financial statements met the revised timeframe.

Due to issues identified during the audit, 13 financial statements audits were not completed and audit opinions not issued by the statutory deadline.

Implementation of AASB 16 'Leases'

Significant deficiencies were identified in Property NSW's lease data maintenance and lease calculations.

Recommendation (partially repeat):

Property NSW should:

  • review and document the accounting implications for each lease
  • ensure the accuracy and validity of lease data used for the lease calculations
  • review user access to the leasing system, including privileged users.

Our audits of the cluster agencies identified there was a lack of thorough quality assurance over the accuracy of lease information provided by Property NSW.

Recommendation:

The Department and cluster agencies should:

  • quality assure and validate the information provided by Property NSW
  • ensure changes made by Property NSW on lease data are supported and that assumptions and judgements applied are appropriate
  • document their review of the data supplied.

Unprocessed Aboriginal land claims continued to increase

In 2019–20, the Department resolved an additional 468 Aboriginal land claims compared to the prior year. However, the total number of unprocessed Aboriginal land claims increased by 914 to 36,769 at 30 June 2020. The number of claims remaining unprocessed for more than ten years after lodgement increased by 10.9 per cent from last year. Until claims are resolved, there is an uncertainty over who is entitled to the land and the uses and activities that can be carried out on the land.

Auditor-General's Reports to Parliament since 2007 have recommended action to address the increasing number of unprocessed claims. To date, the Department has not been able to resolve this issue.

During 2020–21, a performance audit will assess the effectiveness and efficiency of the administration of Aboriginal land claims.

Financial reporting of Crown land managers

The Department will need to provide additional support and guidance to help Crown land managers (CLMs) meet their financial reporting obligations.

Recommendation:

The Department should:

  • in consultation with NSW Treasury, develop an appropriate statutory reporting framework for CLMs
  • ensure sufficient resources are available to help CLMs meet their reporting obligations.

During 2019–20, NSW Treasury established the reporting exemption criteria for the CLMs. Based on available information, the Department determined 31 CLMs would not meet the exemption criteria and therefore are required to prepare annual financial statements.

2. Audit observations

Internal controls

Six high‑risk issues were identified across the cluster in 2019–20:

  • 5 of those were related to financial reporting issues identified in Property NSW, Wentworth Park Sporting Complex Land Manager, Lord Howe Island Board, Planning Ministerial Corporation and Hunter and Central Coast Development Corporation
  • 1 issue was related to Lord Howe Island Board's outdated business continuity plan.

One in three internal control issues identified and reported to management in 2019–20 were repeat issues.

Recommendation:

Management letter recommendations to address internal control weaknesses should be actioned promptly, with a focus on addressing high‑risk and repeat issues.

Agencies response to recent emergencies

The unprecedented bushfires and COVID‑19 pandemic presented challenges for the cluster. Agencies established taskforces or response teams to respond to these emergencies.

With more staff working from home, agencies implemented protocols and procedures to manage risks associated with the remote working arrangements, and also needed to address certain technology issues.

The Department is responsible for the new Planning System Acceleration Program, which aims to fast‑track planning assessments, boost the State's economy and keep people in jobs during COVID‑19 pandemic. Between April and October 2020, the Department announced and determined 101 major projects and planning proposals.

Recognition of Crown land

Crown land is an important asset of the State. Management and recognition of Crown land assets is weakened when there is confusion over who is responsible for a particular Crown land parcel.

Auditor-General's Reports to Parliament since 2017 have recommended that the Department should ensure the database of Crown land is complete and accurate. Whilst the Department has commenced actions to improve the database, this remained an issue in 2019–20.

Recommendation (repeat issue):

The Department should prioritise action to ensure the Crown land database is complete and accurate. This allows state agencies and local councils to be better informed about the Crown land they control.

Implementation of Machinery of Government (MoG) changes

Since its creation on 1 July 2019, the Department has largely established its governance arrangements, including setting up the Audit and Risk Committee and internal audit function for the Department and relevant cluster agencies.

The Department still operated three main financial reporting systems in 2019–20, and has commenced the process to consolidate some of the systems.

The recent Regional NSW MoG change led to the transfer of $446 million net assets and $284 million 2019–20 budget from the Department to the newly created Department of Regional NSW on 2 April 2020.

 

This report provides parliament and other users of the Planning, Industry and Environment cluster agencies’ financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations
  • the impact of emergencies and the pandemic.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

The COVID‑19 Legislation Amendment (Emergency Measures–Treasurer) Act 2020 amended legislation administered by the Treasurer to implement further emergency measures as a result of the COVID‑19 pandemic. These amendments:

  • allowed the Treasurer to authorise payments from the Consolidated fund until the enactment of the 2020–21 budget – impacting the going concern assessments of cluster agencies
  • revised budgetary, financial and annual reporting time frames – impacting the timeliness of financial reporting
  • exempted certain statutory bodies and departments from preparing financial statements.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning, Industry and Environment cluster for 2020, including any financial implications from the recent emergency events.

Section highlights

  • Unqualified audit opinions were issued for all completed 30 June 2020 financial statements audits. Timeliness of financial reporting remains an issue for 13 agencies.
  • Significant deficiencies were identified in Property NSW's lease data maintenance and lease calculations. Cluster agencies can also improve their management of lease information provided by Property NSW.
  • The number of unprocessed Aboriginal land claims continued to increase. During 2020–21, a performance audit will assess the effectiveness and efficiency of the administration of Aboriginal land claims.

The Department has not yet developed a statutory reporting framework for Crown land managers and will need to provide additional resources to help Crown land managers meet their financial reporting obligations.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our:

  • observations and insights from our financial statements audits of agencies in the Planning, Industry and Environment cluster
  • assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies
  • review of how the cluster agencies managed the increased risks associated with new programs aimed at stemming the spread of COVID-19 and stimulating the economy.

Cluster agencies experienced a range of control and governance related issues in recent years. An increased number of high risk issues and greater proportion of repeat issues were identified as part of our audits. It is important for cluster agencies to promptly address these issues.

Section highlights

  • Six high risk issues were identified during 2019–20 audits. One in three issues identified and reported to management in 2019–20 were repeat issues.
  • The Department has fast tracked the assessment and determination of 101 projects as a part of the Planning System Acceleration Program.
  • There continues to be significant deficiencies in Crown land records. The Department should ensure the Crown land database is complete and accurate.

Appendix one – List of 2020 recommendations

Appendix two – Status of 2019 recommendations

Appendix three – Financial data

Appendix four – Management letter findings

Appendix five – Timeliness of financial reporting

Appendix six – Selected agencies for review of response to emergency events

Published

Internal controls and governance 2020

Education
Environment
Community Services
Finance
Health
Industry
Justice
Premier and Cabinet
Transport
Treasury
Compliance
Cyber security
Information technology
Internal controls and governance
Management and administration
Procurement

The Auditor-General for New South Wales, Margaret Crawford today released her report on the findings and recommendations from the 2019–20 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector.

The bushfire and flood emergencies and the COVID‑19 pandemic continue to have a significant impact on the people and public sector of New South Wales. The scale of the government response to these events has been significant. The report focuses on the effectiveness of internal controls and governance processes, including relevant agencies’ response to the emergencies. In particular, the report focuses on:

  • financial and information technology controls
  • business continuity and disaster recovery planning arrangements
  • procurement, including emergency procurement
  • delegations that support timely and effective decision-making.

Due to the ongoing impact of COVID‑19 agencies have not yet returned to a business‑as‑usual environment. ‘Agencies will need to assess their response to the recent emergencies and update their business continuity, disaster recovery and other business resilience frameworks to reflect the lessons learnt from these events’ the Auditor-General said.

The report noted that special procurement provisions were put in place to allow agencies to better respond to the COVID-19 pandemic. The Auditor-General recommended agencies update their procurement policies to reflect the current requirements of the NSW Procurement Framework and the emergency procurement requirements.

Read the PDF report

This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2020. These 40 agencies constitute an estimated 85 per cent of total expenditure for all NSW public sector agencies.

1. Internal control trends
New, repeat and high risk findings

Internal control deficiencies increased by 13 per cent compared to last year. This is predominately due to a seven per cent increase in new internal control deficiencies and 24 per cent increase in repeat internal control deficiencies. There were ten high risk findings compared to four last year.

The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies.

Agencies should:

  • prioritise addressing high-risk findings
  • address repeat internal control deficiencies by re-setting action plans and timeframes and monitoring the implementation status of recommendations.
Common findings

A number of findings remain common across multiple agencies over the last four years, including:

  • out of date or missing policies to guide appropriate decisions
  • poor record keeping and document retention
  • incomplete or inaccurate centralised registers or gaps in these registers.
2. Information technology controls
IT general controls

We found deficiencies in information security controls over key financial systems including:

  • user access administration deficiencies relating to inadequate oversight of the granting, review and removal of user access at 53 per cent of agencies
  • privileged users were not appropriately monitored at 43 per cent of agencies
  • deficient password controls that did not align to the agency's own password policies at 25 per cent of agencies.

The deficiencies above increase the risk of non-compliance with the NSW Cyber Security Policy, which requires agencies to have processes in place to manage user access, including privileged user access to sensitive information or systems and remove that access once it is not required or employment is terminated.
3. Business continuity and disaster recovery planning
Assessing risks to business continuity and Scenario testing

The response to the recent emergencies and the COVID-19 pandemic has encompassed a wide range of activities, including policy setting, on-going service delivery, safety and availability of staff, availability of IT and other systems and financial management. Agencies were required to activate their business continuity plans in response, and with the continued impact of COVID-19 have not yet returned to a business-as-usual environment.

Our audits focused on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic.

We identified deficiencies in agency business continuity and disaster recovery planning arrangements. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities. Agencies can also improve the content of their BIA. For example, ten per cent of agencies' BIAs did not include recovery time objectives and six per cent of agencies did not identify key IT systems that support critical business functions. Scenario testing improves the effectiveness with which a live crisis is handled, but 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. There were also opportunities to improve the effectiveness of scenario testing exercises by:

  • involving key dependent or inter-dependent third parties who support or deliver critical business functions
  • testing one or more high impact scenarios identified in their business continuity plan
  • preparing a formalpost-exercise report documenting the outcome of their scenario testing.

Agencies have responded to the recent emergencies but addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required.

During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'.
Responding to disruptions

We found agencies' governance functions could have been better informed about responses to disruptive incidents that had activated a business continuity or disaster recovery response between 1 January 2019 to 31 December 2019. For instance:

in 89 per cent of instances where a business continuity response was activated, a post-incident review had been performed. In 82 per cent of these instances, the outcomes were reported to a relevant governance or executive management committee

in 95 per cent of instances where a disaster recovery response was activated, a post incident review had been performed. In 86 per cent of these instances, the outcomes were reported to a relevant governance committee or executive management committee.

Examples of recorded incidents included extensive air quality issues and power outages due to bushfires, system and network outages, and infected and hijacked servers.

Agencies should assess their response to the recent emergencies and the COVID-19 pandemic and update business continuity, disaster recovery and other business resilience frameworks to incorporate lessons learned. Agencies should report to those charged with governance on the results and planned actions.
Management review and oversight Eighty-two per cent and 86 per cent of agencies report to their audit and risk committees (ARC) on their business continuity and disaster recovery planning arrangements, respectively. Only 18 per cent and five per cent of ARCs are briefed on the results of respective scenario testing. Briefing ARCs on the results of scenario testing exercises helps inform their decisions about whether sound and effective business continuity and disaster recovery arrangements have been established.
4. Procurement, including emergency procurement
Policy framework

Agency procurement policies did not capture the requirements of several key NSW Procurement Board Directions (the Directions), increasing the risk of non-compliance with the Directions. We noted: 

  • 67 per cent of agencies did specify that procurement above $650,000 must be open to market unless exempt or procured through an existing Whole of Government Scheme or contract
  • 36 per cent of agencies did specify that procurements above $500,000 payable in foreign currencies must be hedged
  • 69 per cent of agencies' policies did specify that the agency head or cluster CFO must authorise the engagement of consultants where the engagement of the supplier does not comply with the standard commercial framework.

Recommendation: Agencies should review their procurement policies and guidelines to ensure they capture the key requirements of the NSW Government Procurement Policy Framework, including NSW Procurement Board Directions.
Managing contracts

Eighty-eight per cent of agencies maintain a central contract register to record all details of contracts above $150,000, which is a requirement of GIPA legislation. Of the agencies that maintained registers, 13 per cent did not capture all contracts and eight per cent did not include all relevant contract details.

Sixteen per cent of agencies did not periodically review their contract register. Timely review increases compliance with GIPA legislation, and enhances the effectiveness with which procurement business units monitor contract end dates, contract extensions and commence new procurement.
Training and support

Ninety-three per cent of agencies provide training to staff involved in procurement processes, and a further 77 per cent of agencies provide this training on an on-going basis. Of the seven per cent of agencies that had not provided training to staff, we noted gaps in aspects of their procurement activity, including:

  • not conducting value for money assessments prior to renewing or extending the contract with their existing supplier
  • not obtaining approval from a delegated authority to commence the procurement process
  • procurement documentation not specifying certain key details such as the conditions for participation including any financial guarantees and dates for the delivery of goods or supply of services.

Training on procurement activities ensures there is effective management of procurement processes to support operational requirements, and compliance with procurement directions.
Procurement activities While agencies had implemented controls for tender activities above $650,000, 43 per cent of unaccredited agencies did not comply with the NSW Procurement Policy Framework because they had not had their procurement endorsed by an accredited agency within the cluster or by NSW Procurement. This endorsement aims to ensure the procurement is properly planned to deliver a value for money outcome before it commences.
Emergency procurement

As at 30 June 2020, agencies within the scope of this report reported conducting 32,239 emergency procurements with a total contract value of $316,908,485. Emergency procurement activities included the purchase of COVID-19 cleaning and hygiene supplies.

The government, through NSW Procurement released the 'COVID-19 Emergency procurement procedure', which relaxed procurement requirements to allow agencies to make COVID-19 emergency procurements. Our review against the emergency procurement measures found most agencies complied with requirements. For example:

  • 95 per cent of agencies documented an assessment of the need for the emergency procurement for the good and/or service
  • 86 per cent of agencies obtained authorisation of the emergency procurement by the agency head or the nominated employee under Public Works and Procurement Regulation 2019
  • 76 per cent of agencies reported the emergency procurement to the NSW Procurement Board.

Complying with the procedure helps to ensure government resources are being efficiently, effectively, economically and in accordance with the law.

Recommendation: Agency procurement frameworks should be reviewed and updated so they can respond effectively to emergency situations that may arise in the future. This includes:

  • updating procurement policies and guidelines to define an emergency situation, specify who can approve emergency procurement and capture other key requirements
  • using standard templates and documentation to prompt users to capture key requirements, such as needs analysis, supplier selection criteria, price assessment criteria, licence and insurance checks
  • having processes for reporting on emergency procurements to those charged with governance and NSW Procurement.
5. Delegations
Instruments of delegation

We found that agencies have established financial and human resources delegations, but some had not revisited their delegation manuals following the legislative and machinery of government changes. For those agencies impacted by machinery of government changes we noted:

  • 16 per cent of agencies had not updated their financial delegations to reflect the changes
  • 16 per cent of agencies did not update their human resources delegations to reflect the changes.

Delegations manuals are not always complete; 16 per cent of agencies had no delegation for writing off bad debts and 26 per cent of agencies had no delegation for writing off capital assets.

Recommendation: Agencies should ensure their financial and human resources delegation manuals contain regular set review dates and are updated to reflect the Government Sector Finance Act 2018, machinery of government changes and their current organisational structure and roles and responsibilities.
Compliance with delegations

Agencies did not understand or correctly apply the requirements of the Government Sector Finance Act 2018 (GSF Act), resulting in non-compliance with the Act. We found that 18 per cent of agencies spent deemed appropriations without obtaining an authorised delegation from the relevant Minister(s), as required by sections 4.6(1) and 5.5(3) of the GSF Act.

Further detail on this issue will be included in our Auditor-General's Reports to Parliament on Central Agencies, Education, Health and Stronger Communities, which will be tabled throughout December 2020.

Recommendation: Agencies should review financial and human resources delegations to ensure they capture all key functions of laws and regulations, and clearly specify the relevant power or function being conferred on the officer.
6. Status of 2019 recommendations
Progress implementing last year's recommendations

Recommendations were made last year to improve transparency over reporting on gifts and benefits and improve the visibility management and those charged with governance had over actions taken to address conflicts of interest that may arise. This year, we continue to note:

  • 38 per cent of agencies have not updated their gifts and benefits register to include all the key fields required under the minimum standards set by the Public Service Commission
  • 56 per cent of agencies have not provided training to staff and 63 per cent of agencies have not implemented an annual attestation process for senior management
  • 97 per cent of agencies have not published their gifts and benefits register on their website and 41 per cent of agencies are not reporting on trends in the gifts and benefits register to those charged with governance.

While we acknowledge the significance of the recent emergencies, which have consumed agency time and resources, we note limited progress has been made implementing these recommendations. Further detail on the status of implementing all recommendations is in Appendix 2.

Recommendation: Agencies should re-visit the recommendations made in last year's report on internal controls and governance and action these recommendations.

Internal controls are processes, policies and procedures that help agencies to:

  • operate effectively and efficiently
  • produce reliable financial reports
  • comply with laws and regulations
  • support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.

Section highlights

We identified ten high risk findings, compared to four last year with two findings repeated from the previous year. There was an overall increase of 13 per cent in the number of internal control deficiencies compared to last year due to a seven per cent increase in new internal control deficiencies, and a 24 per cent increase in repeat internal control deficiencies. The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies.

We identified a number of findings that remain common across multiple agencies over the last four years. Some of these findings related to areas that are fundamental to good internal control environments and effective organisational governance. Examples include:

  • out of date or missing policies to guide appropriate decisions
  • poor record keeping and document retention
  • incomplete or inaccurate centralised registers, or gaps in these registers.

Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.

Section highlights

Government agencies’ financial reporting is heavily reliant on information technology (IT). We continue to see a high number of deficiencies related to IT general controls, particularly those related to user access administration. These controls are key in adequately protecting IT systems from inappropriate access and misuse.

IT is also important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our financial audits do not review all agency IT systems. For example, IT systems used to support agency service delivery are generally outside the scope of our financial audit. However, agencies should also consider the relevance of our findings to these systems.

Agencies need to continue to focus on assessing the risks of inappropriate access and misuse and the implementation of controls to adequately protect their systems, focussing on the processes in place to grant, remove and monitor user access, particularly privileged user access.
 

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency business continuity and disaster recovery planning arrangements.

Section highlights

We identified deficiencies in agency business continuity and disaster recovery planning arrangements and opportunities for agencies to enhance their business continuity management and disaster recovery planning arrangements. This will better prepare them to respond to a disruption to their critical functions, resulting from an emergency or other serious event. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities and 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. Scenario testing improves the effectiveness with which a live crisis is handled.

This section focusses on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic. While agencies have responded to the recent emergencies, proactively addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required.

During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'.

 

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of procurement agency procurement policies and procurement activity.

Section highlights

We found agencies have procurement policies in place to manage procurement activity, but the content of these policies was not sufficiently detailed to ensure compliance with NSW Procurement Board Directions (the Directions). The Directions aim to ensure procurement activity achieves value for money and meets the principles of probity and fairness.

Agencies have generally implemented controls over their procurement process. In relation to emergency procurement activity, agencies reported conducting 32,239 emergency procurements with a total contract value of $316,908,485 up to 30 June 2020. Our review of emergency procurement activity conducted during 2019–20 identified areas where some agencies did not fully comply with the 'COVID-19 Emergency procurement procedure'.

We also found not all agencies are maintaining complete and accurate contract registers. This not only increases the risk of non-compliance with GIPA legislation, but also limits the effectiveness of procurement business units to monitor contract end dates, contract extensions and commence new procurement in a timely manner. We noted instances where agencies renewed or extended contracts without going through a competitive tender process during the year.

 

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency compliance with financial and human resources delegations.

Section highlights
We found that agencies are not always regularly reviewing and updating their financial and human resources delegations when there are changes to legislation or other organisational changes within the agency or from machinery of government changes. For example, agencies did not understand or correctly apply the requirements of the GSF Act, resulting in non-compliance with the Act. We found that 18 per cent of agencies spent deemed appropriations without obtaining an authorised delegation from the relevant Minister(s), as required by sections 4.6(1) and 5.5(3) of the GSF Act.
In order for agencies to operate efficiently, make necessary expenditure and human resource decisions quickly and lawfully, particularly in emergency situations, it is important that delegations are kept up to date, provide clear authority to decision makers and are widely communicated.

Appendix one – List of 2020 recommendations 

Appendix two – Status of 2019 recommendations

Appendix three – Cluster agencies

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Governance and internal controls over local infrastructure contributions

Local Government
Planning
Environment
Compliance
Financial reporting
Infrastructure
Internal controls and governance
Management and administration
Service delivery

The Auditor-General for New South Wales, Margaret Crawford, released a report today on how well four councils managed their local infrastructure contributions during the 2017-18 and 2018-19 financial years. 

Local infrastructure contributions, also known as developer contributions, are collected from developers to pay for local infrastructure such as drainage, local roads, open space and community facilities. Controls over local infrastructure contributions help to ensure that all contributions owed are collected, funds are spent as intended, and any contributions paid in the form of works-in-kind or dedicated land are correctly valued.

The audit found that Blacktown City Council and City of Sydney Council provided effective governance over their local infrastructure contributions whereas Central Coast and Liverpool City Councils’ governance arrangements require improvement.

The audit found that three councils had spent local infrastructure contributions in accordance with approved contributions plans. Central Coast Council and the former Gosford City Council had spent $13.2 million on administration costs in breach of the Environmental Planning and Assessment Act 1979. These funds were repaid into the council’s local infrastructure fund during the course of the audit.

The Auditor-General made a number of recommendations for each council relating to improving controls over contributions and increasing transparency. 

Read full report (PDF)
 

This audit examined the effectiveness of governance and internal controls over local infrastructure contributions, also known as developer contributions, held by four councils during the 2017–18 and 2018–19 financial years.

This performance audit was conducted with reference to the legislative and regulatory planning framework that was in place during that period.

Our work for this performance audit was completed at the end of March 2020 when we issued the final report to the four audited councils and the Department of Planning, Industry and Environment. We received their respective formal responses to the report’s recommendations during April and May 2020.

Concurrently to this audit, we sought Crown Solicitor’s advice (the ‘Advice’) regarding the use of local infrastructure contributions collected by local councils under the Environmental Planning and Assessment Act 1979 (‘the EPA Act’) for our financial audit work. The Advice clarified the applicable legislative requirements with reference to the application, investment and pooling of local infrastructure contributions. The Advice is included in Appendix 2 of this report. The Advice has not impacted on the findings and recommendations of this report.

Councils collect Local Infrastructure Contributions (LICs) from developers under the Environmental Planning and Assessment Act (1979), the Local Government Act (1993) and the City of Sydney Act (2000) (EP&A Act, LG Act and City of Sydney Act) to fund infrastructure required to service and support new development. At 30 June 2018, councils across NSW collectively held more than $3.0 billion in LICs collected from developers. Just over $1.37 billion in total was held by ten councils. Councils collecting LICs must prepare a contributions plan, which outlines how LICs will be calculated and apportioned across different types of infrastructure. Councils that deliver water and sewer services prepare a development servicing plan (DSP) which allows them to collect contributions for water and sewer infrastructure.

Development timeframes are such that there is often several years between when LICs are collected and the infrastructure is required. Good governance and internal controls are needed over these funds to ensure they are available when needed and spent appropriately.

This audit assessed the effectiveness of governance and internal controls over LICs collected by four councils during the 2017–18 and 2018–19 financial years: Blacktown City Council, Central Coast Council, City of Sydney Council and Liverpool City Council. As at June 2018 these councils held the four highest LIC balances, each in excess of $140 million.

Audit Conclusion

Three of the four councils audited were currently compliant with legislation, regulations and Ministerial Directions regarding LICs. All had gaps in governance and controls over LICs which limited effective oversight.

Three of the councils included in the audit complied with legislation, regulations and Ministerial Directions relating to LICs. Central Coast Council breached the EP&A Act between 2001 and 2019 when it used LICs for administration costs. These funds were repaid in late 2019.

While controls over the receipt and expenditure of contributions funds were largely in place at all councils, there were some exceptions relating to valuing work and land delivered in lieu of cash. Three councils do not provide probity guidance in policies relating to LICs delivered through works-in-kind. Three of the councils had contributions plans that were more than five years old.

Staff at all four councils are knowledgeable about LICs but not all councils keep procedures up to date. Three councils' governance frameworks operate effectively with senior officers from across the council involved in decisions about spending LICs, entering into voluntary planning agreements (VPAs) and reviewing contributions plans.

Transparency over key information relating to LICs is important for senior management so they can make informed decisions, and for the community who pay LICs and expect infrastructure to be provided. During the period of the audit, none of the councils included in the audit provided sufficient information to senior management or their councillors about the projected financial status of contributions plans. This information would be valuable when making broader strategic and financial decisions. Information about LIC levies and intended infrastructure is available to the community but not always easy to find.

A strong governance framework is important at each council to ensure that the funds are managed well, available when needed and spent as intended. The audit examined the following features of each council's governance framework as they apply to LICs:

  • decision-making by councillors and council officers relating to LICs
  • monitoring delivery of contributions plans and DSPs including:
    • reviewing assumptions underlying the plans
    • monitoring projected status of plans.

Internal controls over LICs are important to promote accountability, prevent fraud and deliver infrastructure to the required standard at the best possible price. If financial controls are weak or are not implemented well, there is a risk that LICs are misspent or that councils pay too much for infrastructure.

Not all councils' internal controls adequately addressed risks associated with the administration of LICs

The audit examined a number of internal controls that manage risks related to LICs. These included:

  • financial controls over receipt and expenditure of LIC funds
  • management of conflicts-of-interest when dealing with developers
  • independent valuations of works-in-kind and dedicated land
  • ensuring delivery and quality of works-in-kind, and obtaining security from developers in the event of non-delivery or poor quality work
  • management of variations to VPAs and works-in-kind agreements.

We reviewed controls included in policies and procedures and then checked samples of work to ensure that controls were implemented. We found variation in the controls that councils implemented, and some weaknesses in controls. It is a matter for each council to assess their financial risk and develop internal controls that support the collection, management, and expenditure of LICs. However, councils must be able to assure their communities and developers that they are doing everything possible to collect all LICs owing and that work conducted by developers in lieu of cash payments is properly valued and carried out to the required standard.

Further information about audit findings in relation to internal controls for each council are included in chapters five to eight. The exhibit below demonstrates variation in several controls implemented in the audited councils.

In a 2018 report, the Independent Commission Against Corruption noted that 'the appetite for transparency is expanding in both the public and private sectors'.

The Practice Note and S64 Guidance refer to transparency, including the importance of transparency over:

  • calculation and apportionment of LICs
  • funding of infrastructure, including where and when infrastructure is delivered
  • arrangements made with developers through VPAs.

The LIC system is largely transparent for community members who know where to look

Contributions plans and DSPs are public documents, exhibited to the public before being adopted by council. Councils included in the audit publish their contributions plans and DSPs on their websites and meet statutory requirements with regard to reporting and accessibility of information.

However, other public information relating to the LIC system is fragmented across different websites and reports and varies in detail across councils.

Exhibit 10: Published information about LICs at the four audited councils
  Blacktown City Council Central Coast Council City of Sydney Council Liverpool City Council
Financial details about contributions collected and spent Financial statements Financial statements Financial statements Financial statements
Implementation plans for spending LICs Contribution plans S64 implementation plans in DSPs. S7.11 & S7.12 implementation plans developed annually within capital works plan Contribution plans Developed annually within capital works plan
Capital works underway or completed, funded by LICs Capital works plan and annual report Not published Not published Capital works plan
Source: Audit Office analysis.

The Practice Note states that councils are accountable for providing the infrastructure for which contributions are collected. Demonstrating that infrastructure has been provided is difficult with fragmented information. As an example of transparent reporting, Blacktown City Council's 2018–19 annual report includes information about infrastructure that has been delivered for every contributions plan, providing transparency over how LICs have been spent.

Use of LICs collected under VPAs is not always transparent

Contributions collected under VPAs are not required to demonstrate the same relationship to a development as LICs collected under section 7.11 of the EP&A Act. VPAs are often negotiated because a developer requests a change to a planning instrument, and it is important that these arrangements, and their outcomes, are transparent to the community.

The EP&A Regulation includes mechanisms to ensure that VPAs are partially transparent. VPAs are exhibited to the public and approved by the elected council. Councils must maintain a VPA Register and make the VPA Deeds of Agreement available on request. However, there is no obligation on council to report on the outcomes or delivery of developers' obligations under VPAs. The four audited councils vary in transparency and accessibility of information available about VPAs.

Exhibit 11: Published information about VPAs at the four audited councils
  Blacktown City Council Central Coast Council City of Sydney Council Liverpool City Council
VPA Register Council website and annual report Annual report Annual report Council website and annual report
VPA Deeds of Agreement Council website Available on request Available on request Council website
Intended use of LICs collected under VPAs In Deeds of Agreement In Deeds of Agreement In VPA Register and most Deeds of Agreement In VPA Register and most Deeds of Agreement
Completion of work funded by cash collected under VPAs Not published Not published Not published Not published
Delivery of works-in-kind or land negotiated under VPAs Not published Not published In VPA Register Not published
Source: Audit Office analysis.

The Practice Note suggests that councils incorporate the intended use of LICs collected under VPAs in the Deed of Agreement, but there is no guidance relating to transparency over where and when funds have actually been spent. There is merit in councils providing greater transparency over public benefits delivered through VPAs to give communities confidence in VPAs as a planning tool.

Credit arrangements with developers are not always well documented or monitored

When levying LICs, section 7.11(6) of the EP&A Act requires councils to take into account land, money, or works-in-kind that the developer has contributed on other development sites over and above their LIC obligations. This section of the EP&A Act allows a developer to offset a LIC owed on one site against land or works contributed on another. This leads to some developers carrying 'credits' for work delivered to councils, to be paid back by reduced LICs on a future development. Blacktown City Council and Central Coast Council allow developers to carry credits. Liverpool City Council and City of Sydney Council do not permit credits and instead pay the developers for any additional work undertaken.

Councils should formally document credit arrangements and have a robust process to validate and keep track of credit balances and report on them. Central Coast Council does not keep good track of credit arrangements and neither Blacktown City Council or Central Coast Council aggregate or report on outstanding credit balances.

Blacktown City Council manages the largest LIC fund in NSW and negotiates more VPAs than any other council. Overall, Blacktown City Council demonstrates effective governance over the LIC funds but there is scope for improved oversight of the projected financial status of contributions plans and credit arrangements with developers. Blacktown City Council also needs to update its operating procedures relating to LICs and improve security over key information.

Blacktown City Council is managing areas with high growth. There is a risk that Blacktown City Council will be unable to collect sufficient LICs to fund the infrastructure required to support that growth. However, Blacktown City Council does not assess and report to senior management or its Audit, Risk and Improvement Committee about the projected financial status of contributions plans.

Blacktown City Council has policies in place to guide the management of LICs although management of credit arrangements with developers requires greater oversight. Policies relating to works-in-kind agreements provide no guidance about probity in negotiations with developers and valuations of works-in-kind are not independent as they are paid for by the developer. Blacktown City Council's S7.11 committee structure could act as a model for other councils. Blacktown City Council is spending LICs according to its contributions plans. Staff managing LICs demonstrate good knowledge of the regulatory environment. However, a number of administrative processes need attention such as outdated procedures, lack of security over key spreadsheets, and inappropriate retention of sensitive personal data.

Recommendations

By December 2020, Blacktown City Council should:

  1. regularly report to senior management on the projected financial status of contributions plans
  2. update council's works-in-kind policy to address probity risks during negotiations with developers
  3. mitigate risks associated with lack of independence in valuations of works-in-kind
  4. improve public reporting about expenditure of cash collected under VPAs
  5. improve management oversight of credit arrangements with developers
  6. update procedures for managing LICs
  7. implement security measures over critical or personal information and spreadsheets. 

Central Coast Council's governance and internal controls over LICs were not fully effective. Between 2001 and 2019, more than $13.0 million in LICs was misspent on administration costs in breach of the EP&A Act. There is scope for improved oversight of the projected financial status of contributions plans and credit arrangements with developers. Policies and procedures from the two former councils are not aligned.

In May 2016, the newly amalgamated Central Coast Council inherited 53 contributions plans from the former Gosford City and Wyong Shire Councils. Managing this number of contributions plans fragments the available funds and increases complexity. Central Coast Council is currently working on consolidating these plans. Between June 2016 and June 2019, its LIC balance doubled from $90.0 million to $196 million. Central Coast Council does not assess and report to senior management or its Audit, Risk and Improvement Committee about the projected financial status of contributions plans. Central Coast Council has a LIC committee but it has no formal charter and senior officers do not regularly attend meetings. This limits the committee's effectiveness as a decision-making body. A draft policy relating to works-in-kind agreements provide no guidance about probity in negotiations with developers. Valuations of works-in-kind and land dedications are not independent as they are paid for by the developer.

Central Coast Council has adjusted its accounts in 2018–19 by $13.2 million to repay the LIC fund for administration expenses that were not provided for in 40 contributions plans.

Recommendations

By June 2020, Central Coast Council should:

1. obtain independent validation of the adjustment made to the restricted asset accounts and general fund to repay LICs spent on administration, and adjustments made to each infrastructure category within the contributions plans

2. publish current contributions plans from the former Gosford City Council on the Central Coast Council website.

By December 2020, Central Coast Council should:

3. regularly report to senior management on the projected financial status of contributions plans

4. increase transparency of information available to the public about LIC works planned and underway, including intended use of contributions collected under VPAs

5. consolidate existing plans, ensuring the new contributions plans includes a regular review cycle

6. develop a formal charter for the developer contributions committee and increase the seniority of membership

7. complete and adopt council's works-in-kind policy currently under development, ensuring it addresses probity risks during negotiations with developers

8. mitigate risks associated with lack of independence in valuations of works-in-kind and dedicated land

9. improve public reporting about expenditure of cash collected under VPAs

10. improve management oversight of credit arrangements with developers

11. implement security measures to ensure the integrity of key spreadsheets used to manage LICs

12. align policies and procedures relating to LICs across the amalgamated council including developing policies and procedures for the management of S64 LICs

13. update council's VPA policy to address increased or indexed bank guarantees to accommodate cost increases.

City of Sydney Council manages a complex development environment across the Sydney CBD and inner suburbs. Overall, governance and internal controls over LICs are effective although there is scope for improved oversight of the projected financial status of contributions plans.

City of Sydney Council maintains a large balance of LICs, although not excessive relative to the annual level of LIC expenditure. Unspent contributions are largely associated with open space infrastructure that cannot be delivered until suitable land is available. Thirty per cent of cash contributions are collected under VPAs and there is limited transparency over how these funds are spent. City of Sydney Council does not assess and report to management or its Audit, Risk and Compliance Committee about the projected financial status of contributions plans.

In 2017–18 and 2018–19, LICs were spent in accordance with the corresponding contributions plans. City of Sydney Council staff are knowledgeable about the regulatory environment and are supported by up-to-date policies and procedures.

Recommendations

By December 2020, City of Sydney Council should:

  1. regularly report to senior management on the projected financial status of contributions plans
  2. improve public reporting about expenditure of cash collected under VPAs
  3. periodically review the risk of unpaid LICs associated with complying development certificates and assess whether additional controls are required
  4. implement security measures to ensure the integrity of key spreadsheets used to manage LICs. 

During the audit period 2017–18 and 2018–19, Liverpool City Council did not have effective governance and internal controls over LICs. Liverpool City Council is addressing deficiencies and risks identified through an internal audit published in December 2018 although further work is required. There is scope for improved oversight of the projected financial status of contributions plans.

In the two years to 30 June 2019, the balance of unspent LICs increased by more than 60 per cent against a relatively low pattern of expenditure. Prior to an internal audit completed in late 2018, there was no regular reporting on the status of LICs and a lack of transparency when prioritising the expenditure of LIC funds. During 2019, and following the internal audit, Liverpool City Council engaged additional skilled resources to improve focus and accountability for LICs. A LIC committee has been established to manage contributions plans and support business units to initiate relevant infrastructure projects, although it is too early to assess whether this committee is operating effectively. From February 2019, Liverpool City Council commenced monthly reporting to its Chief Executive Officer (CEO) about the point-in-time status of LIC funds, and to its Audit, Risk and Improvement Committee about risks associated with LICs and the implementation of internal audit recommendations. There is limited reporting to senior management about the projected financial status of some contributions plans. Our audit found no evidence of misuse of funds during the audited period. Methods for valuing work and land are not aligned with policies and procedures and are implemented inconsistently. In addition, valuations of works-in-kind and land dedications are not independent as they are paid for by the developer. The policy relating to works-in-kind provides no guidance about managing probity risks when negotiating with developers.

Recommendations

By December 2020, Liverpool City Council should:

  1. regularly report to senior management on the projected financial status of contributions plans
  2. update council's policies and procedures to provide consistent guidance about how works and land offered by developers should be valued
  3. update council's Works-in-Kind and Land Acquisition Policy to address probity risks during negotiations with developers
  4. improve public reporting about expenditure of cash collected under VPAs
  5. mitigate risks associated with lack of independence in valuations of works-in-kind and dedicated land
  6. implement security measures over critical or private information. 

Appendix one – Responses from councils and the Department of Planning, Industry and Environment

Appendix two – Advice from the Crown Solicitor

Appendix three – About the audit

Appendix four – Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #339 - released 17 August 2020

Published

Their Futures Matter

Justice
Community Services
Education
Health
Whole of Government
Cross-agency collaboration
Internal controls and governance
Management and administration
Project management

The Auditor-General for New South Wales, Margaret Crawford, released a report today examining whether the Department of Communities and Justice had effective governance and partnership arrangements in place to deliver ‘Their Futures Matter’.

Their Futures Matter was intended to place vulnerable children and families at the heart of services, and direct investment to where funding and programs deliver the greatest social and economic benefits. It was a four-year whole-of-government reform in response to the 2015 Tune Review of out-of-home care.

The Auditor-General found that while important foundations were put in place, and new programs trialled, the key objective to establish an evidence-based whole-of-government early intervention approach for vulnerable children and families in NSW was not achieved.

Governance and cross-agency partnership arrangements to deliver Their Futures Matter were found to be ineffective. 'Their Futures Matter lacked mechanisms to secure cross portfolio buy‑in and did not have authority to drive reprioritisation of government investment', the Auditor-General said.

At the reform’s close, the majority of around $380 million in investment funding remains tied to existing agency programs, with limited evidence of their comparative effectiveness or alignment with Their Futures Matter policy objectives. The reform concluded on 30 June 2020 without a strategy or plan in place to achieve its intent.

The Auditor-General made four recommendations to the Department of Communities and Justice, aimed at improving implementation of outstanding objectives, revising governance arrangements, and utilising the new human services data set to address the intent of the reform. However, these recommendations respond only in part to the findings of the audit.

According to the Auditor-General, ‘Cross-portfolio leadership and action is required to ensure a whole-of-government response to delivering the objectives of Their Futures Matter to improve outcomes for vulnerable children, young people and their families in New South Wales.’

Read full report (PDF)

In 2016, the NSW Government launched 'Their Futures Matter' (TFM) - a whole-of-government reform aimed at delivering improved outcomes for vulnerable children, young people and their families. TFM was the government's key response to the 2015 Independent Review of Out of Home Care in New South Wales (known as 'the Tune Review').

The Tune Review found that, despite previous child protection reforms, the out of home care system was ineffective and unsustainable. It highlighted that the system was not client-centred and was failing to improve the long-term outcomes for vulnerable children and families. The review found that the greatest proportion of relevant expenditure was made in out of home care service delivery rather than in evidence-based early intervention strategies to support children and families when vulnerabilities first become evident to government services (such as missed school days or presentations to health services).

The then Department of Family and Community Services (FACS) designed the TFM reform initiatives, in consultation with central and human services agencies. A cross-agency board, senior officers group, and a new unit in the FACS cluster were established to drive the implementation of TFM. In the 2016–17 Budget, the government allocated $190 million over four years (2016–17 to 2019–20) to the reform. This resourced the design and commissioning of evidence-based pilots, data analytics work, staffing for the implementation unit and secretariat support for the board and cross-agency collaboration.

As part of the TFM reform, the Department of Premier and Cabinet, NSW Treasury and partnering agencies (NSW Health, Department of Education and Department of Justice) identified various existing programs that targeted vulnerable children and families (such as the preceding whole-of-government ‘Keep Them Safe’ reform coming to an end in June 2020). Funding for these programs, totalling $381 million in 2019–20, was combined to form a nominal ‘investment pool’. The government intended that the TFM Implementation Board would use this pool to direct and prioritise resource allocation to evidence-based interventions for vulnerable children and families in NSW.

This audit assessed whether TFM had effective governance and partnership arrangements in place to enable an evidence-based early intervention investment approach for vulnerable children and families in NSW. We addressed the audit objective with the following audit questions:

  • Was the TFM reform driven by effective governance arrangements?
  • Was the TFM reform supported by effective cross-agency collaboration?
  • Has the TFM reform generated an evidence base to inform a cross-agency investment approach in the future?

The audit did not seek to assess the outcomes for children, young people and families achieved by TFM programs and projects.

Conclusion

The governance and cross-agency partnership arrangements used to deliver the Their Futures Matter reform were ineffective. Important foundations were put in place, and new programs trialled over the reform's four years. However, an evidence-based whole-of-government early intervention approach for vulnerable children and families in NSW − the key objective of the reform − was not established. The reform concluded in June 2020 without a strategy or plan in place to achieve its intent.

The governance arrangements established for the Their Futures Matter (TFM) reform did not provide sufficient independence, authority and cross-agency clout to deliver on the reform’s intent. This hindered delivery of the reform's key elements, particularly the redirection of funding to evidence-based earlier intervention supports, and limited the impact that TFM could have on driving system change.

TFM increased focus on the contribution that other agencies outside of the former Family and Community Services portfolio could make in responding to the needs of vulnerable children and families, and in reducing the demand costs of related government service delivery. Despite being a whole-of-government reform, TFM lacked mechanisms to secure cross-portfolio buy-in and lacked the powers to drive reprioritisation of government investment in evidence-based and earlier intervention supports across agencies. At the reform’s close, the majority of the reform's investment pool funding remained tied to existing agency programs, with limited evidence of their comparative effectiveness or alignment with Their Futures Matter policy objectives.

TFM began building an evidence base about ‘what works’, including piloting programs and creating a new dataset to identify risk factors for vulnerability and future costs to government. However, this evidence base does not yet comprehensively map how existing services meet needs, identify system duplications or gaps, nor demonstrate which government funded supports and interventions are most effective to make a difference to life outcomes for vulnerable children and families in NSW.
Despite these issues, the need, intent and vision for Their Futures Matter remains relevant and urgent, as issues identified in the Tune Review remain pertinent.

Their Futures Matter (TFM) is a whole-of-government reform to deliver improved outcomes for vulnerable children, young people and their families.

Supported by a cross-agency TFM Board, and the TFM Unit in the then Department of Family and Community Services (FACS), the reform aimed to develop whole-of-government evidence-based early intervention investment approaches for vulnerable children and families in NSW.

Governance refers to the structures, systems and practices that an organisation has in place to:

  • assign decision-making authorities and establish the organisation's strategic direction
  • oversee the delivery of its services, the implementation of its policies, and the monitoring and mitigation of its key risks
  • report on its performance in achieving intended results, and drive ongoing improvements.

We examined whether the TFM reform was driven by effective governance arrangements and cross-agency collaboration.

The reform agenda and timeframe set down for Their Futures Matter (TFM) were ambitious. This chapter assesses whether the TFM Board and TFM Unit had the capability, capacity and clout within government to deliver the reform agenda.

Creating a robust evidence base was important for Their Futures Matter, in order to:

  • identify effective intervention strategies to improve supports and outcomes for vulnerable children and families
  • make efficient use of taxpayer money to assist the maximum number of vulnerable children and families
  • inform the investment-based approach for future funding allocation.

This chapter assesses whether the TFM reform has developed an evidence base to inform cross-agency investment decisions.

Appendix one – Response from agency

Appendix two – TFM governance entities

Appendix three – TFM Human Services Data Set

Appendix four – TFM pilot programs

Appendix five – About the audit

Appendix six – Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #337 - released 24 July 2020

Published

Water conservation in Greater Sydney

Environment
Industry
Infrastructure
Internal controls and governance
Management and administration
Regulation
Risk

This report examines whether the Department of Planning, Industry and Environment, and Sydney Water have effectively progressed water conservation initiatives in Greater Sydney.

The report found that the department and Sydney Water have not effectively investigated, implemented or supported water conservation initiatives in Greater Sydney. The agencies have not met key requirements of the current Metropolitan Water Plan and Sydney Water has not met all its operating licence requirements for water conservation. There has been little policy or regulatory reform, little focus on identifying new options and investments, and limited planning and implementation of water conservation initiatives.

As a result, Greater Sydney's water supply may be less resilient to population growth and climate variability, including drought.

The Metropolitan Water Plan states that water conservation, including recycling water, makes the drinking water supply go further. The plan also states that increasing water conservation efforts may be cheaper than building new large-scale supply options and can delay the timing of investment in new supply infrastructure.

The Auditor-General recommends the department develop a clear policy and regulatory position on water conservation options, improve governance and funding for water conservation, and work with Sydney Water to assess the viability of water conservation initiatives. The report also recommends improvements to Sydney Water’s planning for and reporting on water conservation, including the transparency of this information.

This report is part of a multi-volume series on the theme of water. Refer to ‘Support for regional town water infrastructure’ and ‘Water management and regulation – undertaking in 2020-21’.

Read full report (PDF)

The current, 2017 Metropolitan Water Plan states that water conservation, including recycling water, makes the drinking water supply go further. The plan also states that increasing water conservation efforts may be cheaper than building new large-scale supply options and can delay the timing of investment in new supply infrastructure.

Water conservation refers to water recycling, leakage management and programs to enhance water efficiency. Water recycling refers to both harvesting stormwater for beneficial use and reusing wastewater.

This audit examined whether water conservation initiatives for the Greater Sydney Metropolitan area are effectively investigated, implemented and supported. We audited the Department of Planning, Industry and Environment (the Department) and the Sydney Water Corporation (Sydney Water), with a focus on activities since 2016.

The Department is responsible for the integrated and sustainable management of the state’s water resources under the Water Management Act 2000, which includes encouraging ‘best practice in the management and use of water’ as an objective. The Department is also responsible for strategic water policy and planning for Greater Sydney, including implementing the Metropolitan Water Plan.

Sydney Water is a state-owned corporation and the supplier of water, wastewater, recycled water and some stormwater services to more than five million people in Greater Sydney. It is regulated by an operating licence that is issued by the Governor on the recommendation of the Independent Pricing and Regulatory Tribunal (IPART). The Tribunal determines Sydney Water’s maximum prices, reviews its operating licence and monitors compliance. Sydney Water's operating licence and reporting manual set out requirements for its planning, implementing and reporting of water conservation.

From 2007 to 2012, the Climate Change Fund was a source of funds for water conservation activities to be undertaken by the Department and Sydney Water. The Climate Change Fund was established under the Energy and Utilities Administration Act 1987. Four of its six objectives relate to water savings. Water distributors such as Sydney Water can be issued with orders to contribute funds for water-related programs. The Fund is administered by the Department.

In 2016, Sydney Water developed a method for determining whether and how much to invest in water conservation. Known as the ‘Economic Level of Water Conservation’ (ELWC), the method identifies whether it costs less to implement a water conservation initiative than the value of the water saved, in which case the initiative should be implemented.

Conclusion

The Department and Sydney Water have not effectively investigated, implemented or supported water conservation initiatives in Greater Sydney.

The agencies have not met key requirements of the Metropolitan Water Plan and Sydney Water has not met all its operating licence requirements for water conservation. There has been little policy or regulatory reform, little focus on identifying new options and investments, and limited planning and implementation of water conservation initiatives.

As a result, Greater Sydney's water supply may be less resilient to population growth and climate variability, including drought.

The Department has not undertaken an annual assessment of Sydney Water’s level of investment in water conservation against water security risks and the capacity to respond when drought conditions return, as required by the Metropolitan Water Plan. It did not complete identified research and planning activities to support the plan, such as developing and using a framework for assessing the potential for water conservation initiatives for Greater Sydney, and developing a long-term strategy for water conservation and water recycling. It also did not finalise a monitoring, evaluation, reporting and improvement strategy to support the plan.

Sydney Water has been ineffective in driving water conservation initiatives, delivering detailed planning and resourcing for ongoing initiatives, and in increasing its investment in water conservation during drought. These were requirements of the Metropolitan Water Plan. Sydney Water's reporting on water conservation has not met all its operating licence requirements and lacked transparency with limited information on key aspects such as planning for leakage management, how the viability of potential initiatives were assessed, and how adopted initiatives are tracking.

The Department and Sydney Water did not put in place sufficient governance arrangements, including clarifying and agreeing responsibilities for key water conservation planning, delivery and reporting activities. There has also been limited collaboration, capacity building and community engagement to support water conservation, particularly outside times of drought.

Appendix one – Responses from agencies

Appendix two – About the audit

Appendix three – Glossary

Appendix four – Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #336 - released 23 June 2020

Published

Universities 2019 audits

Universities
Cyber security
Financial reporting
Internal controls and governance
Procurement

This report contains findings on the results of financial audits of NSW universities for the year ended 31 December 2019.

All ten NSW universities received unqualified audit opinions. The 2019 financial results for universities are reported as at 31 December and reflect results from operations before the impact of the COVID‑19 pandemic.

The combined revenues for all NSW universities increased by $381 million to $11.4 billion in 2019, driven by increases in student revenues. Revenue from overseas students continued to grow faster than that from domestic students and contributed $3.6 billion in course fees to NSW universities in 2019.

Overseas students from the top three countries of origin, being China, India and Nepal, represented 72.4 per cent of all enrolments of overseas students and 65.4 per cent of all overseas student revenues for 2019. Revenue from students from these three countries comprised 40.9 per cent of total student revenues for all NSW universities, creating a considerable concentration risk for NSW universities.

The COVID‑19 pandemic may significantly impact the financial results of NSW universities in 2020. NSW universities provided data on COVID‑19 impacted student enrolments for semester one 2020. Overall numbers of student enrolments in semester one 2020 were 5.8 per cent beneath projections. Overseas student enrolments were 13.8 per cent beneath expectations and domestic student enrolments were 2.4 per cent below expectations.

The report makes recommendations to the NSW universities, aimed at strengthening controls over information technology, cyber security, validating published performance information, procurement practices and the oversight of their overseas controlled entities' legal and policy compliance functions.

Read full report (PDF)

This report analyses the results of our audits of the financial statements of the ten NSW universities for the year ended 31 December 2019. The table below summarises our key observations.

1. Financial reporting

Financial reporting

The 2019 financial statements of all ten NSW universities received unmodified audit opinions.

One controlled entity of the Western Sydney University received a qualified audit opinion.

Five NSW universities finalised their audited financial statements this year on or before the date they did last year.

New accounting standards, which changed how universities report income and treat operating leases, became effective from 1 January 2019.
Sources of revenue from operations

Government grants as a proportion of the total income of NSW universities continued to decrease.

Fee revenue from overseas students continued to grow faster than fees from domestic students. Forty-one per cent of NSW universities' total student revenue came from overseas students from three countries.

Five NSW universities increased the proportion of revenue they receive from overseas students from a single country. Two universities sourced over 73 per cent of their total overseas student revenue from students from a single country of origin in 2019.
Other revenues Two universities attracted over 69.5 per cent of the total philanthropic revenue of $174 million received by all NSW universities in 2019.
Operating expenditures Combined total operating expenditure for NSW universities increased to $9.9 billion in 2019, a rise of 5.2 per cent from 2018.
Current ratio At 31 December 2019, five NSW universities had a current ratio of less than one, meaning those universities need to actively manage their cash to meet current obligations.
Controlled entities

All six NSW universities with overseas controlled entities have devolved responsibility for governance and legislative compliance to their overseas controlled entities.

Recommendation (repeat issue): NSW universities should strengthen their governance arrangements to oversight their overseas controlled entities' legal and policy compliance functions.
COVID-19 impacts and responses

The 2019 financial results for universities are reported as at 31 December. Consequently, the results for the 2019 year were unaffected by the impact of the COVID-19 pandemic.

NSW universities provided data on the COVID-19 impacted student enrolments for semester one 2020. Overall numbers of student enrolments were 5.8 per cent beneath projections. Overseas student enrolments were 13.8 per cent beneath expectations and domestic student enrolments were 2.4 per cent beneath expectations.

NSW universities are responding to the challenges presented by COVID-19 by moving course delivery online, expanding student support and introducing cost saving measures.

2. Internal controls and governance

Internal control findings

Our audits identified 108 internal control deficiencies in 2019 (99 in 2018).

Gaps in information technology (IT) controls comprised the majority of these deficiencies. Deficiencies included a lack of sufficient user access reviews, inadequate review and approval of change management processes, and issues with password settings.

We identified one high risk financial control deficiency at the University of New South Wales, which resulted in the University providing for a potential underpayment of casual staff salaries.

NSW universities continue to implement recommendations arising from 35 findings raised in previous years.
Performance reporting

Five NSW universities still do not have formal processes to internally review and validate performance information published in their annual reports.

Recommendation (repeat issue): NSW universities should strengthen processes to review and validate published performance information.
Cyber security

Two universities have not yet implemented a cyber risk policy and three universities have not formally trained staff in cyber awareness.

Recommendation (repeat issue): NSW universities should strengthen cyber security frameworks and controls to protect sensitive data and prevent financial and reputational losses.
Management of IT service providers NSW universities have contracts with vendors to support their computer systems. Five universities have not formally established frameworks to manage these contracts. Poor contract management can compound risks associated with IT control deficiencies.
Data breach management Universities are required to maintain the privacy of sensitive data which, if disclosed or used inappropriately, could result in harm to individuals, financial loss, or loss of intellectual property. Two NSW universities have not established formal policies to manage data breaches.
Procurement

All universities have a procurement policy. Most universities have a documented procurement manual and contact management policy.

Recommendation: NSW universities should review their procurement and contract management policies and procedures to ensure that they are relevant and effective in reducing risk and improving purchasing outcomes.

3. Teaching and research

Graduate employment outcomes Eight out of ten NSW universities exceeded the national average for full-time employment rates of their undergraduates in 2019. Six universities performed better than the national average for full-time employment outcomes of their postgraduates in 2019.
Student enrolments by field of education Enrolments at NSW universities increased the most in Management and Commerce courses in 2019.
Achieving diversity outcomes

Five universities in 2018 (five in 2017) met the target enrolment rate for students from low socio-economic status (SES) backgrounds.

Eight universities increased enrolments of students from Aboriginal and Torres Strait Islander backgrounds in 2018.

 

This report provides Parliament with the results of our financial audits of New South Wales universities and their controlled entities in 2019, including our analysis, observations and recommendations in the following areas:

  • financial reporting
  • internal controls and governance
  • teaching and research.

Financial reporting is an important element of governance. Confidence and transparency in university sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations on the financial reporting of NSW universities for 2019.

Appropriate and robust internal controls help reduce risks associated with managing finances, compliance and administration of NSW universities.

This chapter outlines the internal controls related observations and insights across NSW universities for 2019, including overall trends in findings, level of risk and implications.

Our audits do not review all aspects of internal controls and governance every year. The more significant issues and risks are included in this chapter. These along with the less significant ones are reported to universities for them to address.

Universities' primary objectives are teaching and research. They invest most of their resources to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and international and Australian rankings.

This chapter outlines teaching and research outcomes for NSW universities for 2019.

Appendix one – List of 2019 recommendations

Appendix two – Status of 2018 recommendations

Appendix three – NSW universities’ controlled entities and associated entities

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Integrity of data in the Births, Deaths and Marriages Register

Justice
Premier and Cabinet
Whole of Government
Cyber security
Fraud
Information technology
Internal controls and governance
Management and administration

This report outlines whether the Department of Customer Service (the department) has effective controls in place to ensure the integrity of data in the Births, Deaths and Marriages Register (the register), and to prevent unauthorised access and misuse.

The audit found that the department has processes in place to ensure that the information entered in the register is accurate and that any changes to it are validated. Although there are controls in place to prevent and detect unauthorised access to, and activity in the register, there were significant gaps in these controls. Addressing these gaps is necessary to ensure the integrity of information in the register.

The Auditor-General made nine recommendations to the department, aimed at strengthening controls to prevent and detect unauthorised access to, and activity in the register. These included increased monitoring of individuals who have access to the register and strengthening security controls around the databases that contain the information in the register.

The NSW Registry of Births Deaths and Marriages is responsible for maintaining registers of births, deaths and marriages in New South Wales as well as registering adoptions, changes of names, changes of sex and relationships. Maintaining the integrity of this information is important as it is used to confirm people’s identity and unauthorised access to it can lead to fraud or identity theft.

Read full report (PDF)

The NSW Registry of Births Deaths and Marriages (BD&M) is responsible for maintaining registers of births, deaths and marriages in New South Wales. BD&M is also responsible for registering adoptions, changes of name, changes of sex and relationships. These records are collectively referred to as 'the Register'. The Births, Deaths and Marriages Registration Act 1995 (the BD&M Act) makes the Registrar (the head of BD&M) responsible for maintaining the integrity of the Register and preventing fraud associated with the Register. Maintaining the integrity of the information held in the Register is important as it is used to confirm people's identity. Unauthorised access to, or misuse of the information in the Register can lead to fraud or identity theft. For these reasons it is important that there are sufficient controls in place to protect the information.

BD&M staff access, add to and amend the Register through the LifeLink application. While BD&M is part of the Department of Customer Service, the Department of Communities and Justice (DCJ) manages the databases that contain the Register and sit behind LifeLink and is responsible for the security of these databases.

This audit assessed whether BD&M has effective controls in place to ensure the integrity of data in the Births, Deaths and Marriages Register, and to prevent unauthorised access and misuse. It addressed the following:

  • Are relevant process and IT controls in place and effective to ensure the integrity of data in the Register and the authenticity of records and documents?
  • Are security controls in place and effective to prevent unauthorised access to, and modification of, data in the Register?

Conclusion

BD&M has processes and controls in place to ensure that the information entered in the Register is accurate and that amendments to the Register are validated. BD&M also has controls in place to prevent and detect unauthorised access to, and activity in the Register. However, there are significant gaps in these controls. Addressing these gaps is necessary to ensure the integrity of the information in the Register.

BD&M has detailed procedures for all registrations and amendments to the Register, which include processes for entering, assessing and checking the validity and adequacy of source documents. Where BD&M staff have directly input all the data and for amendments to the Register, a second person is required to check all information that has been input before an event can be registered or an amendment can be made. BD&M carries out regular internal audits of all registration processes to check whether procedures are being followed and to address non-compliance where required.

BD&M authorises access to the Register and carries out regular access reviews to ensure that users are current and have the appropriate level of access. There are audit trails of all user activity, but BD&M does not routinely monitor these. At the time of the audit, BD&M also did not monitor activity by privileged users who could make unauthorised changes to the Register. Not monitoring this activity created a risk that unauthorised activity in the Register would not be detected.

BD&M has no direct oversight of the database environment which houses the Register and relies on DCJ's management of a third-party vendor to provide the assurance it needs over database security. The vendor operates an Information Security Management System that complies with international standards, but neither BD&M nor DCJ has undertaken independent assurance of the effectiveness of the vendor's IT controls.

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #330 - released 7 April 2020.

Published

Planning, Industry and Environment 2019

Planning
Industry
Environment
Asset valuation
Cyber security
Financial reporting
Information technology
Infrastructure
Internal controls and governance
Management and administration
Service delivery
Workforce and capability

This report outlines the results of audits of the financial statements of agencies now grouped in the NSW Planning, Industry and Environment cluster.

Unqualified audit opinions were issued for 56 of the 66 cluster agencies’ 30 June 2019 financial statements. Ten audits remain incomplete. The cluster agencies need to improve the timeliness of financial reporting. 

The Audit Office continued to identify issues regarding unprocessed Aboriginal land claims and the recognition of Crown land. ‘Auditor-General’s reports to parliament have recommended action to reduce the level of unprocessed land claims since 2007. However, the number of unprocessed claims continued to increase’, Margaret Crawford said.

One in five internal control findings were repeat issues. Key themes included information technology, asset management and improvements required to expense and payroll controls.

The report makes several recommendations including:

  • Property NSW should urgently address the deficiencies in the lease data used to calculate the impact of the new leasing standard effective from 1 July 2019
  • the Department of Planning, Industry and Environment should prioritise action to reduce unprocessed Aboriginal land claims
  • the Department of Planning, Industry and Environment should ensure the Crown land database is complete and accurate so state agencies and local government councils are better informed about the Crown land they control.

This report analyses the results of our audits of financial statements of the Planning, Industry and Environment cluster agencies for the year ended 30 June 2019. The table below summarises our key observations.

1. Machinery of Government changes

Creation of the Planning, Industry and Environment cluster

The Machinery of Government (MoG) changes abolished the former Planning and Environment cluster and former Industry cluster, and created the Planning, Industry and Environment cluster on 1 July 2019.

The Department of Planning and Environment (DPE), the Department of Industry (DOI), the Office of Environment and Heritage, and the Office of Local Government were abolished and the majority of their functions were transferred to the new Department of Planning, Industry and Environment (DPIE).
The Department of Planning, Industry and Environment is still in the process of implementing changes

The MoG changes bring risks and challenges to the cluster. A MoG Steering Committee, with the support of various project control groups and working groups, identified and developed responses to key risks arising from the changes.

However, the DPIE will take some time to fully integrate the policies, systems and processes of the abolished Departments and agencies.

2. Financial reporting

Audit opinions Unqualified audit opinions were issued for 56 of the 66 cluster agencies' 30 June 2019 financial statements audits. Ten financial statements audits are still ongoing.
Timeliness of financial reporting

Fifty-five of the 57 agencies subject to statutory deadlines submitted their financial statements on time.

Due to issues identified during the audit, 13 financial statements audits were not completed and audit opinions issued by the statutory deadline.

Agencies prepared and submitted their early close procedures in accordance with the mandatory timeframe set by NSW Treasury. However, 17 of the 49 agencies where we reviewed early close procedures were assessed as either partially addressing or not addressing one or more of the mandatory requirements. The cluster agencies could benefit from an increased focus on early close procedures.
Introduction of AASB 16 'Leases'

We noted errors in the lease data used in Property NSW's AASB 16 impact calculations, which affect both Property NSW and other government agencies. These errors were significant enough to present a risk of material misstatements to the financial statements of Property NSW and other government agencies in future reporting periods.

We had similar findings in our recent performance audit on 'Property Asset Utilisation', which highlighted issues with the quality of Property NSW's records.

Recommendation: Property NSW should urgently address the deficiencies in the lease data used to calculate the impact of the new leasing standard effective from 1 July 2019.
Unprocessed Aboriginal land claims have continued to increase

Despite an increase in the number of claims resolved, the number of unprocessed Aboriginal land claims increased by 7.2 per cent from the prior year to 35,855 at 30 June 2019. Claims can be made over Crown land assets of the DPIE or other government agencies. Until claims are resolved, there is an uncertainty over who is entitled to the land and the uses and activities that can be carried out on the land. We first recommended action to address unprocessed claims in 2007.

Recommendation (repeat issue): The DPIE should prioritise action to reduce unprocessed Aboriginal land claims.

3. Audit observations

Internal controls

One in five internal control issues identified and reported to management in 2018–19 were repeat issues.

The lack of user access review was the most common IT general control issue in the cluster.
Drought relief

The NSW Government announced an emergency drought relief package of $500 million in 2018, in addition to other financial assistance measures already in place.

Limited documentation and written agreements between relevant delivery agencies resulted in a $31.0 million misstatement relating to grant revenue.
Recognition of Crown land

Crown land is an important asset of the state. Management and recognition of Crown land assets is weakened when there is confusion over who is responsible for a particular Crown land parcel. Last year we recommended the DOI should ensure the database of Crown land is complete and accurate. While the DOI has commenced actions to improve the database, this continued to be an issue in 2018–19.

Recommendation (repeat issue): The DPIE should ensure the Crown land database is complete and accurate so state agencies and local government councils are better informed about the Crown land they control.
Developer contributions The former DPE continued to accumulate more developer contributions revenues than it spent on infrastructure projects. Total unspent funds increased to $274 million at 30 June 2019.

 

This report provides parliament and other users of the Planning, Industry and Environment cluster agencies financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

This cluster was created by the Machinery of Government changes on 1 July 2019. This report is focused on agencies in the Planning, Industry and Environment cluster from 1 July 2019. However, these agencies were all in other clusters during 2018–19. Please refer to the section on Machinery of Government changes for more details.

Machinery of Government (MoG) refers to how the government organises the structures and functions of the public service. MoG changes are where the government reorganises these structures and functions that are given effect by Administrative orders.

The MoG changes, announced following the NSW State election on 23 March 2019, created the Planning, Industry and Environment (PIE) cluster. The Administrative Changes Orders issued on 2 April 2019, 1 May 2019 and 28 June 2019 gave effect to these changes. These orders became effective on 1 July 2019.

Section highlights

The 2019 MoG changes significantly impacted the former Planning and Environment, and Industry clusters and agencies.

  • The PIE cluster combines most of the functions and agencies of the former Planning and Environment and Industry clusters from 1 July 2019.
  • The Department of Planning, Industry and Environment is the principal agency in the PIE cluster.
  • The MoG changes bring risks and challenges to the PIE cluster.
  • A MoG Steering Committee was established to oversee the transitional processes.
  • The full integration of the systems and processes will not be completed in the near future.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning, Industry and Environment (PIE) cluster for 2019. In this chapter, the Department of Planning, Industry and Environment is referred to as DPIE, the former Department of Planning and Environment as DPE, and the former Department of Industry as DOI.

Section highlights

  • Unqualified audit opinions were issued for all completed 30 June 2019 financial statements audits. However, some cluster agencies can further enhance the quality of financial reporting.
  • Timeliness of financial reporting remains an issue for 13 agencies.
  • Deficiencies were identified in the data used to calculate the impact of AASB 16 ‘Leases’ effective from 1 July 2019. Property NSW should urgently address these deficiencies.
  • Unprocessed Aboriginal land claims continue to increase. DPIE should prioritise action to reduce unprocessed Aboriginal land claims.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our audit observations and insights from our financial statement audits of agencies in the Planning, Industry and Environment (PIE) cluster for 2019. In this chapter, the Department of Planning, Industry and Environment is referred to as DPIE, the former Department of Planning and Environment as DPE, and the former Department of Industry as DOI.

Section highlights

  • One in five issues identified and reported to management in 2018–19 were repeat issues.
  • The lack of user access review was the most common IT general control issue in the PIE cluster.
  • The PIE cluster provided significant financial assistance for drought relief.
  • There continues to be significant deficiencies in Crown land records. The DPIE should ensure the Crown land database is complete and accurate.
  • Unspent developer contributions funds continued to build up in 2018–19. 

Appendix one – List of 2019 recommendations

Appendix two – Status of 2018 recommendations

Appendix three – Cluster agencies

Appendix four – Financial data

Appendix five – Management letter findings

Appendix six – Timeliness of financial reporting

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

View our audit program
View audit program
EXPLORE
upcoming audits
Have your say
CONTRIBUTE