This report analyses the internal controls and governance of the 25 largest agencies in the NSW public sector, excluding state owned corporations and public financial corporations, for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the ‘Report on State Finances’ focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the ‘Report on State Finances’ has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no matters in this report impacting the Total State Sector Accounts we have decided to break with normal practice and table this report ahead of the ‘Report on State Finances’.

What the report is about

This report analyses the internal controls and governance of the 25 largest agencies in the NSW public sector, excluding state owned corporations and public financial corporations, for the year ended 30 June 2021.

What we found

Internal control trends

The proportion of control deficiencies identified as high risk this year increased to 2.8 per cent (2.5 per cent in 2019–20). Six high risk findings related to financial controls while three related to IT controls. Two were repeat findings from the previous year.

Repeat findings of control deficiencies now represent 49 per cent of all findings (42 per cent in 2019–20).

Information technology

We continue to see a high number of deficiencies relating to IT general controls, particularly around user access administration and privileged user access which affected 82 per cent of agencies.

Cyber security

Agencies' self-assessed maturity levels against the NSW Cyber Security Policy (CSP) mandatory requirements are low. Although agencies are required to demonstrate continuous improvement against the CSP, 20 per cent have not set target levels and of those that have set target levels, 40 per cent have not met their target levels.

Policies, processes and definition around security incidents and data breaches lack consistency. Improvement is required to ensure breaches are recorded in registers and action taken to address the root cause of incidents.

Conflicts of interest

Agencies' policies generally meet the minimum requirements of the Ethical Framework set out in the Government Sector Employment Act 2013. However, few meet the Independent Commission Against Corruption's best practice guidelines. Policies could be strengthened in relation to requirements around annual declarations of interests from employees and contractors.

Masterfile management

Policies governing the management of supplier masterfiles and employee masterfiles existed in 79 per cent and 54 per cent of agencies respectively.

Weaknesses were identified in those policies. Access restriction, segregation of duties and record keeping were the most common opportunities for improvement.

Tracking recommendations

Most agencies do not maintain a register to monitor recommendations from performance audits and public inquiries. Registers of recommendations could be improved to include risk ratings and record revisions to due dates. While recommendations can take several years to fully address, the oldest open items were originally due for completion by June 2016.

What we recommended

Agencies should:

• prioritise actions to address repeat control deficiencies, particularly those that have been repeated findings for a number of years
• prioritise improvements to their cyber security and resilience as a matter of urgency
• formalise and implement policies on tracking and monitoring the progress of implementing recommendations from performance audits and public inquiries.

Internal controls are processes, policies and procedures that help agencies to:

• operate effectively and efficiently
• produce reliable financial reports
• comply with laws and regulations
• support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.

The scope of this year's report covers 25 general government sector agencies. Last year's report covered 40 agencies within the total state sector. For consistency and comparability, we have adjusted the 2020 results to include only the agencies remaining within scope of this year's report. Therefore, the 2020 figures will not necessarily align with those reported in our 2020 report.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agency controls to manage key financial systems.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' cyber security planning and governance arrangements.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' conflicts of interest management processes.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agency's management of supplier and employee masterfiles.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' processes to track and monitor the implementation of recommendations from performance audits and public inquiries.

This report analyses the results of our audits of the Planning, Industry and Environment cluster agencies for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no outstanding matters relating to audits in the Planning, Industry and Environment cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.

What the report is about

The results of the Planning, Industry and Environment cluster agencies' financial statements audits for the year ended 30 June 2021.

What we found

Unmodified audit opinions were issued for all completed 30 June 2021 financial statements audits of cluster agencies. Three audits are ongoing.

An 'Other Matter' paragraph was included in the Independent Planning Commission's (the IPC) audit opinion because the prior year comparative figures were not audited. Prior to 2020–21, the IPC was not required to prepare separate financial statements under the Public Finance and Audit Act 1983 (PF&A Act). The financial reporting provisions of the Government Sector Finance Act 2018 now require the IPC to prepare financial statements.

The number of identified misstatements increased from 51 in 2019–20 to 54 in 2020–21.

The 2010–11 to 2019–20 audits of the Water Administration Ministerial Corporation’s (the Corporation) financial statements are incomplete due to insufficient records and evidence to support the transactions of the Corporation, particularly for the earlier years. Management has commenced actions to improve the governance and financial management of the Corporation. These audits are currently in progress and the 2020–21 audit will commence shortly.

There are 609 State controlled Crown land managers (CLMs) across New South Wales that predominantly manage small parcels of Crown land.

Eight CLMs prepared and submitted 2019–20 financial statements by the revised deadline of 30 June 2021. A further 24 CLMs did not prepare financial statements in accordance with the PF&A Act. The remaining CLMs were not required to prepare 2019–20 financial statements as they met NSW Treasury's financial reporting exemption criteria.

The Department of Planning, Industry and Environment's (the department) preliminary assessment indicates that 60 CLMs are required to prepare financial statements in 2020–21. To date, no CLMs have prepared and submitted financial statements for audit in 2020–21.

There are also 120 common trusts that have never submitted financial statements for audit. Common trusts are responsible for the care, control and management of land that has been set aside for specific use in a certain locality, such as grazing, camping or bushwalking.

What the key issues were

The number of matters we reported to management increased from 135 in 2019–20 to 180 in 2020–21, of which 40 per cent were repeat findings.

Seven high-risk issues were identified in 2020–21:

• system control deficiencies at the department relating to user access to HR and payroll management systems, vendor master data management and journal processing, which require manual reviews to mitigate risks
• deficiencies related to the Centennial Park and Moore Park Trust's tree assets valuation methodology
• the Lord Howe Island Board did not regularly review and monitor privileged user access rights to key information systems
• the Natural Resources Access Regulator identified and adjusted three prior period errors retrospectively, which indicate deficiencies within the financial reporting processes
• deficiencies relating to the Parramatta Park Trust's tree assets valuation methodology
• lease arrangements have not been confirmed between the Planning Ministerial Corporation and Office of Sport regarding the Sydney International Regatta Centre
• the Wentworth Park Sporting Complex land manager (the land manager) has a $6.5 million loan with Greyhound Racing NSW (GRNSW). GRNSW requested the land manager to repay the loan. However, the land manager subsequently requested GRNSW to convert the loan to a grant. Should this request be denied, the land manager would not be able to continue as a going concern without financial support. This matter remains unresolved for many years.

There continues to be significant deficiencies in Crown land records. The department uses the Crown Land Information Database (CLID) to record key information relating to Crown land in New South Wales that are managed and controlled by the department and land managers (including councils and land managers controlled by the state). The CLID system was not designed to facilitate financial reporting and the department is required to conduct extensive adjustments and reconciliations to produce accurate information for the financial statements.

The department is implementing a new system to record Crown land (the CrownTracker project). The department advised that the project completion date will be confirmed by June 2022.

What we recommended

The department should ensure CLMs and common trusts meet their statutory reporting obligations.

Cluster agencies should prioritise and action recommendations to address internal control deficiencies, with a focus on addressing high-risk and repeat issues.

The department should prioritise action to ensure the Crown land database is complete and accurate. This will allow the department and CLMs to be better informed about the Crown land they control.

This report provides parliament and other users of the Planning, Industry and Environment cluster (the cluster) agencies’ financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning, Industry and Environment cluster (the cluster) for 2021.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statements audits of agencies in the Planning, Industry and Environment cluster.

Appendix one - Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What the report is about

Results of the local government sector council financial statement audits for the year ended 30 June 2020.

What we found

Unqualified audit opinions were issued for 127 councils, 9 county councils and 13 joint organisation audits in 2019–20. A qualified audit opinion was issued for Central Coast Council.

Councils were impacted by recent emergency events, including bushfires and the COVID-19 pandemic. The financial implications from these events varied across councils. Councils adapted systems, processes and controls to enable staff to work flexibly.

What the key issues were

There were 1,435 findings reported to councils in audit management letters.

One extreme risk finding was identified related to Central Coast Council’s use of restricted funds for general purposes.

Fifty-three high risk matters were identified across the sector:

• 21 high risk matters relating to asset management
• 14 high risk matters relating to information technology
• 7 high risk matters relating to financial reporting
• 4 high risk matters to council governance procedures
• 3 high risk matters relating to financial accounting
• 3 high risk matters relating to purchasing and payables
• 1 high risk matter relating to cash and banking.

More can be done to reduce the number of errors identified in financial reports. 61 councils required material adjustments to correct errors in previous audited financial statements.

Rural fire fighting equipment

Sixty-eight councils did not record rural fire fighting equipment worth $119 million in their financial statements.

The NSW Government has confirmed these assets are not controlled by the NSW Rural Fire Service and are not recognised in the financial records of the NSW Government.

What we recommended

The Office of Local Government should communicate the State's view that rural firefighting equipment is controlled by councils in the local government sector, and therefore this equipment should be properly recorded in their financial statements.

Central Coast Council

A qualified opinion was issued for Central Coast Council (the Council) relating to two matters.

Council did not conduct the required revaluation to support the valuation of roads.

Council also disclosed a prior period error relating to restrictions of monies collected for their water, sewer, and drainage operations, which, based on the NSW Crown Solicitor’s advice, should be considered a change in accounting policy.

What we recommended

The Office of Local Government should clarify the legal framework relating to restrictions of water, sewerage and drainage funds (restricted reserves) by either seeking an amendment to the relevant legislation or by issuing a policy instrument to remove ambiguity from the current framework.

Further information

Please contact Ian Goodwin, Deputy Auditor-General on 9275 7347 or by email.

Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines audit observations related to the financial reporting of councils and joint organisations.

Recent emergency events, including drought, bushfires, floods and the COVID-19 pandemic have impacted councils.

This chapter will provide insights into how these events have impacted councils, including:

• financial implications of the emergency events
• changes to councils' operating models, processes and controls
• accessibility to technology and the maturity of councils' systems and controls to prevent unauthorised and fraudulent access to data
• receipt and delivery of stimulus packages or programs at short notice.

Recent emergency events significantly impacted councils

Recent emergencies, including drought, bushfires, floods and the COVID-19 pandemic have brought particular challenges for councils and their communities.

A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations and support ethical government.

This chapter outlines the overall trends in governance and internal control findings across councils, county councils and joint organisations in 2019–20. It also includes the findings reported in the 2018–19 audits of Hilltops, MidCoast and Murrumbidgee councils as these audits were finalised after the Report on Local Government 2019 was published.

Financial audits focus on key governance matters and internal controls supporting the preparation of councils' financial statements. Audit findings are reported to management and those charged with governance through audit management letters.

Total number of findings reported in audit management letters decreased

In 2019–20, 1,435 findings were reported in audit management letters (2018–19: 1,985 findings). An extreme risk finding was also identified this year related to Central Coast Council's use of restricted funds. The total number of high-risk findings decreased to 53 (2018–19: 82 high-risk findings).

Findings are classified as new, repeat or ongoing findings, based on:

• new findings were first reported in 2019–20 audits
• repeat findings were first reported in prior year audits, but remain unresolved in 2019–20
• ongoing findings were first reported in prior year audits, but the action due dates to address the findings are after 2019–20.

Findings are categorised as governance, financial reporting, financial accounting, asset management, purchases and payables, payroll, cash and banking, revenue and receivables, or information technology. The high-risk and common findings across these areas are explored further in this chapter.

Audit Office’s work plan for 2020–21 onwards

Focus on local council's response and recovery from recent emergencies

Local councils and their communities will continue to experience the effects of recent emergency events, including the bushfires, floods and the COVID 19 pandemic for some time. The full extent of some of these events remain unclear and will continue to have an impact into the future. The recovery is likely to take many years.

The Office of Local Government (OLG) within the Department of Planning, Industry and Environment is working with other state agencies to assist local councils and their communities to recover from these unprecedented events.

These events have created additional risks and challenges, and changed the way that councils deliver their services.

We will take a phased approach to ensure our financial and performance audits address the following elements of the emergencies and the Local Government's responses:

• local councils' preparedness for emergencies
• its initial responses to support people and communities impacted by the 2019–20 bushfires and floods, and COVID-19
• the governance and oversight risks that arise from the need for quick decision making and responsiveness to emergencies
• the effectiveness and robustness of processes to direct resources toward recovery efforts and ensure good governance and transparency in doing so
• the mid to long-term impact of government responses to the natural disasters and COVID-19
• whether government investment has achieved desired outcomes.

Planned financial audit focus areas in Local Government

During 2020–21, the financial audits will focus on the following key areas:

• cybersecurity, including:
  • cybersecurity framework, policies and procedures
  • assessing the controls management has to address the risk of cybersecurity incidents
  • whether cybersecurity risks represent a risk of material misstatement to council's financial statements
• budget management
• financial sustainability
• quality and timeliness of financial reporting
• infrastructure, property, plant and equipment
• information technology general controls.

Audit, risk and improvement committees

All councils are required to have an audit, risk and improvement committee by March 2022

The requirement for all councils to establish an audit, risk and improvement committee was deferred by 12 months to March 2022 due to the COVID 19 pandemic.

Audit, risk and improvement committees are an important contributor to good governance. They help councils to understand strategic risks and how they can mitigate them. An effective committee helps councils to build community confidence, meet legislative and other requirements and meet standards of probity, accountability and transparency.

Local Government elections

Local Government elections were postponed for one year due to the COVID 19 pandemic

The Local Government elections were deferred for one year due to the COVID 19 pandemic and will now be held on 4 September 2021. As the statutory deadline for the 2020–21 financial statements is 30 October 2021, some of the newly elected councillors will be required to endorse them.

Implementation of AASB 1059

Accounting standards implementation continue next year

AASB 1059 is effective for councils for the 2020–21 financial year.

A service concession arrangement typically involves a private sector operator that is involved with designing, constructing or upgrading assets used to provide public services. They then operate and maintain those assets for a specified period of time and is compensated by the public sector entity in return. Examples of potential service concession arrangements impacting councils include roads, community housing, childcare services and nursing homes.

AASB 1059 may result in councils recognising more service concession assets and liabilities in their financial statements.

Appendix one – Response from the Department of Planning, Industry and Environment

Appendix two – NSW Crown Solicitor’s advice

Appendix three – Status of 2019 recommendations

Appendix four – Status of audits

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.