Refine search Expand filter

Audit progress

- Any -

Sector

- Any -

Year

- Any -

Report type

- Any -

Topic

- Any -

Reports

Published

Enterprise, Investment and Trade 2022

Finance
Asset valuation
Compliance
Cyber security
Financial reporting
Information technology
Internal controls and governance
Management and administration
Procurement
Regulation
Risk

What the report is about

Result of the Enterprise, Investment and Trade cluster agencies' financial statement audits for the year ended 30 June 2022.

What we found

The Machinery of Government changes within the Enterprise, Investment and Trade cluster resulted in the creation of the Department of Enterprise, Investment and Trade and the transfer of $1.0 billion of net assets into the new department.

Unmodified audit opinions were issued for all completed cluster agencies' 2021–22 financial statements audits. Two audits are ongoing.

An 'Other Matter' paragraph was included in the audit opinion for the Jobs for NSW Fund's 30 June 2021 financial report to reflect the non-compliance with the Jobs for NSW Act 2015 (the Act) and Government Sector Finance Act 2018. The Act requires the board to consist of seven members that include the Secretary of the Treasury, the Secretary of the Department of Premier and Cabinet, and five ministerial appointments. The board has consisted of two secretaries since 24 May 2019 when the independent members resigned. The remaining five members have not been appointed by the ministers as required by section 5(2) of the Act.

Three cluster agencies accepted changes to their office leasing arrangements managed by Property NSW. This has resulted in the collective derecognition of $24.8 million of right-of-use assets and $26.7 million in lease liabilities, and recognition of $1.9 million of other gains.

What the key issues were

The number of issues we reported to management decreased from 108 in 2020–21 to 103 in 2021–22. Thirty per cent of issues were repeated from the prior year.

Six high-risk issues were identified across the cluster related to the quality and timeliness of financial reporting, governance processes and internal controls.

Recommendations were made to address these deficiencies.

This report provides Parliament and other users of the Enterprise, Investment and Trade cluster's financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Enterprise, Investment and Trade cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued for all completed cluster agencies 2021–22 financial statements audits. The Jobs for NSW Fund and Responsible Gambling Fund audits are ongoing.
  • An 'Emphasis of Matter' paragraph was included in the Australian Institute of Asian Culture and Visual Arts Limited's 30 June 2022 financial statements to draw attention to management’s disclosures that the entity's financial statements for the year ended 30 June 2022 were prepared on a non-going concern basis following cessation of its operations and resolution by the directors in October 2021 to deregister the entity.
  • An 'Other Matter' paragraph was included in the Jobs for NSW Fund's 30 June 2021 financial report to reflect the non-compliance with the Jobs for NSW Act 2015 and Government Sector Finance Act 2018.
    The Act requires the board to consist of seven members that include the Secretary of the Treasury, the Secretary of the Department of Premier and Cabinet (or their nominees) and five ministerial appointments, one of whom is to be appointed as Chair of the board. The board has consisted of the two secretaries since 24 May 2019 when the independent members resigned. The remaining five members have not been appointed by the ministers as required by section 5(2) of the Act.
  • An 'Emphasis of Matter' paragraph was included in the Jobs for NSW Fund's 30 June 2021 financial report to draw attention to the financial report being prepared for the purpose of fulfilling the Jobs for NSW Fund's financial reporting responsibilities as requested by the Treasurer's delegate.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Enterprise, Investment and Trade cluster.

Section highlights

  • In 2021–22, there were 103 findings raised across the cluster, a decrease from 2020–21.
  • In total, six high-risk findings were identified during 2021–22. Two related to 2021–22 whilst four were related to the audit of Jobs for NSW Fund's 30 June 2021 financial report.
  • Thirty per cent of all findings during 2021–22 were repeat issues. The most common repeat issues related to information technology controls and accounting for property plant and equipment notably fair value assessment and valuation.

Appendix one – Misstatements in financial statements submitted for audit 

Appendix two – Early close procedures 

Appendix three – Timeliness of financial reporting 

Appendix four – Financial data 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Planning and Environment 2022

Environment
Industry
Local Government
Planning
Asset valuation
Compliance
Financial reporting
Information technology
Infrastructure
Internal controls and governance
Management and administration
Risk

What the report is about

Result of the Planning and Environment cluster agencies' financial statements audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for all completed 30 June 2022 financial statements audits of cluster agencies. Seven audits are ongoing.

Disclaimed audit opinions were issued for the 2010–11 to 2015–16 financial statements of the Water Administration Ministerial Corporation (WAMC), as management was unable to certify that the financial statements exhibit a true and fair view of WAMC's financial position and financial performance.

Qualified audit opinions were issued for WAMC's 2016–17 and 2017–18 financial statements due to insufficient evidence to support the completeness and valuation of water meters infrastructure assets, the impairment of water meters, and the completeness of buildings at Nimmie Caira.

Unqualified audit opinions were issued for WAMC's 2018–19 and 2019–20 financial statements.

The Department of Planning and Environment (the department) assessed 45 Category 2 Statutory Land Managers (SLM) did not meet the reporting exemption criteria and therefore were required to prepare 2021–22 financial statements. None of these 45 Category 2 SLMs prepared and submitted their 30 June 2022 financial statements by the statutory reporting deadline.

All 119 Commons Trusts have never submitted their financial statements for audit as required by the Government Sector Finance Act 2018 (GSF Act).

NSW Treasury has confirmed that the Catholic Metropolitan Cemeteries Trust (CMCT) is a controlled entity of the State. To date, CMCT has not met its obligations to prepare financial statements under the GSF Act and it has not submitted financial statements to the Auditor-General for audit.

What the key issues were

Since 2017, the Audit Office has recommended the department address the different practices across the local government sector in accounting for rural firefighting equipment. Despite repeated recommendations, the department did little to resolve this issue. At the time of writing, 32 of 118 completed council audits received qualified audit opinions on their 30 June 2022 financial statements.

There continues to be significant deficiencies in Crown land records. The department uses the Crown Land Information Database (CLID) to record key information relating to Crown land in New South Wales that is managed and controlled by the department and land managers. The CLID system was not designed to facilitate financial reporting, and the department is required to conduct extensive adjustments and reconciliations to produce accurate information for the financial statements.

The department implemented the CrownTracker system as a replacement for CLID. The project was finalised in June 2022, but it has not achieved the intended outcomes.

Nine high-risk issues were identified across the cluster related to the findings outlined above and weaknesses in IT general controls, financial reporting, governance processes and internal controls.

Recommendations were made to address these deficiencies.

This report provides Parliament and other users of the Planning and Environment cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued for all completed 30 June 2022 financial statements audits of cluster agencies. Seven audits are ongoing. The audit of the Catholic Metropolitan Cemeteries Trust(CMCT) has not been able to commence, despite repeated requests to do so.
     
  • The audits of the Water Administration Ministerial Corporation's (WAMC) financial statements for the years ended 30 June 2011 to 30 June 2020 were completed in November 2022. These audits had been long outstanding due to insufficient records and evidence to support the transactions and balances of WAMC, particularly for the earlier years. In recent years, management commenced actions to improve WAMC's governance and financial management, and finalise the outstanding audits.

    Disclaimed audit opinions were issued on the 2010–11 to 2015–16 financial statements as management was unable to certify that the financial statements exhibit a true and fair view of WAMC's financial position and financial performance.

    Qualified audit opinions were issued for the 2016–17 and 2017–18 financial statements due to insufficient evidence to support the completeness and valuation of water meters infrastructure assets, the impairment of water meters, and the completeness of buildings at Nimmie Caira.

    Unqualified audit opinions were issued for the 2018–19 and 2019–20 financial statements.

    The 2020–21 and 2021–22 WAMC audits are in progress.
     
  • The Department of Planning and Environment (the department) assessed 45 Category 2 Statutory Land Managers (SLM) did not meet the reporting exemption criteria and therefore were required to prepare 2021–22 financial statements. None of these 45 Category 2 SLMs prepared and submitted their 30 June 2022 financial statements by the statutory reporting deadline.

    All 119 Commons Trusts have never submitted their financial statements for audit as required by the Government Sector Finance Act 2018 (GSF Act).

    The department needs to do more to ensure Category 2 SLMs and Commons Trusts meet their statutory reporting obligations.

    The department and Category 2 SLMs should finalise their reporting exemption assessments earlier to allow sufficient time for the non-exempted SLMs to prepare and submit annual financial statements by the statutory reporting deadline.
     
  • NSW Treasury has met with the Catholic Metropolitan Cemeteries Trust (CMCT) to consider their perspective as part of confirming CMCT is a controlled entity of the State for the purposes of financial reporting. NSW Treasury has confirmed that the CMCT is a controlled entity of the State. This means that the CMCT is statutorily obliged under section 7.6 of the GSF Act to prepare financial statements in accordance with the GSF Act and Treasurer's Directions, and give them to the Auditor-General for audit pursuant to the Government Sector Audit Act 1983 (GSA Act). Section 34 of the GSA Act requires the Auditor-General to furnish an audit report on these financial statements.

    The department wrote to CMCT to request it work with, and offer full assistance to, the Auditor-General in the exercise of her duties. To date, the CMCT has not met its obligations to prepare financial statements under the GSF Act as it has not submitted its financial statements to the Auditor-General for audit despite repeated requests, and has not provided access to its books and records for the purposes of a financial audit. The CMCT contends that they are not a GSF agency as defined by the GSF Act and therefore not a controlled entity of the State.
     
  • Six agencies required to perform early close procedures did not complete a total of 11 mandatory procedures. Incomplete procedures included the delayed resolution of matters raised in prior years and two agencies did not record movements in the fair value of physical assets in the financial statements.

 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Planning and Environment cluster.

Section highlights

  • Since 2017, the Audit Office of New South Wales has recommended that the Department of Planning and Environment (the department) address the different practices across the local government sector in accounting for rural firefighting equipment. Despite repeated recommendations, the department did little to resolve this issue, and in 2022, 32 of 118 completed audits of councils received qualified audit opinions on their 2022 financial statements.
    Consistent with the department’s role to assess councils' compliance with legislative responsibilities, standards or guidelines, the department should intervene where councils do not recognise rural firefighting equipment.
  • There continues to be significant deficiencies in Crown land records. The department should implement an action plan to ensure the Crown land database is complete and accurate.
  • The number of findings reported to management decreased from 161 in 2020–21 to 132 in 2021–22. Eight high-risk findings were identified during 2021–22, of which six were repeat issues. One new high-risk finding related to deficiencies in governance processes and internal controls identified as a part of the Water Administration Ministerial Corporation's 2011–2020 financial statements audits.
  • The department and NSW Treasury did not comply with section 35 of the Energy and Utilities Administration Act 1987 (EUA Act). However, complying with the EUA Act could create non-compliance with other pieces of legislation. Amendments to the EUA Act have been made to resolve this inconsistency. The amendment took effect from April 1999.

 

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

Appendix five – Councils received qualified audit opinions 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Stronger Communities 2022

Justice
Community Services
Asset valuation
Compliance
Cyber security
Financial reporting
Information technology
Internal controls and governance
Management and administration
Procurement
Project management
Risk

What the report is about

Results of the Stronger Communities cluster agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unqualified audit opinions were issued on all completed 30 June 2022 financial statement audits. One audit is ongoing.

All 13 cluster agencies that have accommodation arrangements with Property NSW derecognised right-of-use assets and lease liabilities of $917 million and $1 billion respectively. The agencies also collectively recorded a gain on derecognition of $136 million.

The Department of Communities and Justice (the department) assumed the responsibility for delivery of the Process and Technology Harmonisation program from the Department of Customer Service. In 2021–22, the department incurred costs of $42.8 million in relation to the project, which remains ongoing.

The number of monetary misstatements identified during the audits decreased from 50 in 2020–21 to 48 in 2021–22.

What the key issues were

Six of the 15 cluster agencies required to submit 2021–22 mandatory early close procedures did not meet the statutory deadlines. One agency did not complete all mandatory procedures.

Five high-risk findings were identified in 2021–22. They related to deficiencies in:

  • user access administration at the department, NSW Rural Fire Service and New South Wales Aboriginal Land Council (NSWALC)
  • segregation of duties at the NSW Trustee and Guardian and NSWALC.

Recommendations were made to those agencies to address these control deficiencies.

This report provides Parliament and other users of the Stronger Communities cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued on all completed 30 June 2022 financial statement audits of cluster agencies, including the acquittal and compliance audits for the Legal Aid Commission of New South Wales and Crown Solicitor's Office. One audit is ongoing.

  • Reported corrected misstatements decreased from 30 in 2020–21 to 23 with a gross value of $187 million in 2021–22 ($101 million in 2020–21). Reported uncorrected misstatements increased from 20 in 2020–21 to 25 with a gross value of $92.3 million in 2021–22 ($107 million in 2020–21).

  • Six of the 15 cluster agencies required to submit 2021–22 early close financial statements and all other mandatory procedures did not meet the statutory deadlines. One agency did not complete all mandatory procedures.

  • All 13 cluster agencies that have accommodation arrangements with Property NSW accepted the changes in the Client Acceptance Letters, resulting in the derecognition of right-of-use assets and lease liabilities of $917 million and $1 billion respectively. The agencies also collectively recorded a gain on derecognition of $136 million.

  • The Department of Communities and Justice (the department) assumed the responsibility to deliver the Process and Technology Harmonisation program from the Department of Customer Service. In 2021–22, the department incurred costs of $42.8 million in relation to the project.

  • In 2021–22, the department continued to implement the International Financial Reporting Standards Interpretations Committee's agenda decision on 'Configuration or customisation costs in a cloud computing arrangement'. The department's review of the remaining arrangements, with a net book value of $233 million at 30 June 2021, resulted in the recognition as an expense (through accumulated funds at 1 July 2020) of previously capitalised intangible assets totalling $106 million.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.

Section highlights

  • The number of issues reported to management has decreased from 130 in 2020–21, to 110 in 2021–22, and 43% were repeat issues (51% in 2020–21). Many repeat issues related to information technology, governance and oversight controls, and non-compliance with key legislation and/or agency policies.

  • Five high-risk issues were identified in 2021–22, all of which are repeat issues and related to user access administration and segregation of duties.

  • Of the 24 newly identified moderate risk issues, 11 related to information technology. The rest related to governance and oversight controls and internal control deficiencies or improvements in payroll, asset management and other processes.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Health 2022

Health
Whole of Government
Asset valuation
Compliance
Cyber security
Financial reporting
Information technology
Infrastructure
Internal controls and governance
Management and administration
Procurement
Risk
Service delivery
Shared services and collaboration
Workforce and capability

What the report is about

Result of Health cluster (the cluster) agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for the financial statements for all Health cluster agencies.

The COVID-19 pandemic continued to increase the complexity and number of accounting matters faced by the cluster. The total gross value of corrected misstatements in 2021–22 was $353.3 million, of which $186.7 million related to an increase in the impairment provision for Rapid Antigen Tests (RATs).

A qualified audit opinion was issued on the Annual Prudential Compliance Statement related to five residential aged care facilities. There were 20 instances (19 in 2020–21) of non-compliance with the prudential responsibilities within the Aged Care Act 1997.

What the key issues were

The total number of matters we reported to management across the cluster decreased from 116 in 2020–21 to 67 in 2021–22. Of the 67 issues raised, four were high risk (three in 2020-21) and 37 were moderate risk (57 in 2020–21). Nearly half of all control deficiencies reported in 2021–22 were repeat issues.

Three unresolved high-risk issues were:

  • COVID-19 inventories impairment – we continued to identify issues relating to management’s impairment model which relies on anticipated future consumption patterns. RATs had not been assessed for impairment.

  • Asset capitalisation threshold – management has not reviewed the appropriateness of the asset capitalisation threshold since 2006.

  • Forced-finalisation of HealthRoster time records – we continued to observe unapproved rosters being finalised by system administrators so payroll can be processed on time. 2.6 million time records were processed in this way in 2021–22.

What we recommended

  • COVID-19 inventories impairment – ensure consumption patterns are supported by relevant data and plans.

  • Assets capitalisation threshold – undertake further review of the appropriateness of applying a $10,000 threshold before capitalising expenditure on property, plant and equipment.

  • Forced-finalisation of HealthRoster time records – develop a methodology to quantify the potential monetary value of unapproved rosters being finalised.

This report provides Parliament and other users of Health cluster (the cluster) agencies' financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting

  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Health cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued for all cluster agencies required to prepare general purpose financial statements.

  • The total gross value of corrected monetary misstatements for 2021–22 was $353.3 million, of which, $186.7 million related to an increase in the impairment provision for Rapid Antigen Tests.

  • A qualified audit opinion was issued on the ministry's Annual Prudential Compliance Statements.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the cluster.

Section highlights

  • The total number of internal control deficiencies has decreased from 116 in 2020–21 to 67 in 2021–22. Of the 67 issues raised in 2021–22, four were high (2020–21: 3) and 37 were moderate (2020–21: 57); with nearly half of all control deficiencies reported in 2021–22 being repeat issues.

  • The following four issues were reported in 2021–22 as high risk:

    • impairment of COVID-19 inventories

    • inadequate review over the appropriateness of asset capitalisation threshold

    • forced-finalisation of HealthRoster time records

    • COVID-19 vaccination inventories – data quality issue at 31 March 2022.

  • Management of excessive leave balances and poor quality or lack of documentation supporting key agreements continued to be the key repeat issues observed in the 2021–22 financial reporting period.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Education 2022

Education
Asset valuation
Compliance
Cyber security
Financial reporting
Information technology
Internal controls and governance
Procurement
Risk

What the report is about

Result of the Education cluster financial statement audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for Education cluster agencies.

An 'other matter' paragraph was included in the TAFE Commission's independent auditor's report as it did not have a delegation or sub-delegation from the Minister for Education and Early Learning to incur expenditure from cluster grants.

What the key issues were

Annual fair value assessments of land and buildings showed material differences in their carrying values. As a result, the Department of Education and the TAFE Commission completed desktop revaluations of land and buildings, collectively increasing the value of these assets by $1.2 billion and $4.7 billion respectively.

The Department of Education and the NSW Education Standards Authority accepted changes to their office leasing arrangements managed by Property NSW. These changes resulted in the collective derecognition of $270.6 million of right-of-use assets and $382.9 million in lease liabilities.

What we recommended

A high-risk matter was reported in the management letter for the TAFE Commission highlighting non-compliance with policies and procedures guiding appropriate use of purchasing cards.

We recommended cluster agencies prioritise and address internal control deficiencies.

This report provides Parliament and other users of the Education cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued on the financial statements of cluster agencies.
  • An 'other matter' paragraph was included in the independent auditor's report for the Technical and Further Education Commission (TAFE Commission) as they did not have a delegation or sub-delegation from the Minister for Education and Early Learning to incur expenditure from cluster grants.
  • The Department of Education and the TAFE Commission's land and buildings were revalued upwards by a collective $5.9 billion. These uplifts were the result of managerial fair value assessments showing that the carrying values of land and buildings had materially departed from fair value.
  • Changes to accommodation arrangements managed by Property NSW on behalf of the department and the NSW Education Standards Authority resulted in the collective derecognition of approximately $270.6 million in right-of-use assets and corresponding lease liabilities totalling $382.9 million from the balance sheets of these agencies. 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Education cluster.

Section highlights

  • The 2021–22 audits identified 18 moderate issues across the cluster. Seven moderate risk issues were repeat issues related to general and application information technology controls and control deficiencies in key transactional systems used in preparing financial statements.
  • Of the 11 newly identified moderate risk issues, five related to information technology controls deficiencies; and five related to internal control deficiencies in key transactional systems used in preparing financial statements.
  • A high-risk matter was raised at the TAFE Commission relating to identified instances of non-compliance with policies and procedures guiding purchasing card use. 

The number of findings reported to management has increased, and 31% were repeat issues

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.

In 2021–22, there were 29 findings raised across the cluster (28 in 2020–21). Thirty-one per cent of all issues were repeat issues (50% in 2020–21).

The most common new and repeat issues related to internal control deficiencies in agencies’ information technology general controls, application controls, and procurement and payroll practices.

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies. 

A high-risk matter was reported at the TAFE Commission highlighting instances of non-compliance with policies and procedures guiding appropriate purchasing card use

As part of our audit of the TAFE Commission, we integrated the use of data analytics into the audit approach. We performed data analytics over aspects of payroll, procurement and accounts payable activities. This helped us to highlight anomalies or risks in those data sets that are relevant to the audit of the TAFE Commission and plan testing procedures to address those risks. Data analytics also assisted us in providing an insight into the internal control environment of the TAFE Commission, highlighting areas where key controls are not in place or are not operating as management intended.

Our analysis over purchasing card data supplied by the TAFE Commission for the period July 2021 to March 2022 found deficiencies in the provisioning, use and cancellation of purchasing cards. This included identified instances of:

  • controls effectively bypassed when a purchasing card surrendered by a former employee had been used by another employee
  • split payments, circumventing delegation / cardholder limits
  • delays in the submission and approval of purchasing card transactions.

The table below describes the common issues identified across the cluster by category and risk rating:

Risk rating Issue
Information technology

High: 0 new, 0 repeat 1

Moderate: 5 new, 3 repeat 2

Low: 2 new, 1 repeat 3

The financial audits identified areas for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of note were deficiencies identified in:

  • agencies' user access administration and change management procedures, notably in the timing and frequency of managerial reviews over the granting and revocation of access to key systems relevant to financial reporting
  • the level of cyber security maturity
  • the monitoring of privileged user activities.
Internal control deficiencies or improvements

High: 1 new, 0 repeat 1

Moderate: 5 new, 3 repeat 2

Low: 4 new, 1 repeat 3

The financial audits identified internal control weaknesses across key business processes relevant to financial reporting. Of note were deficiencies identified in:

  • the adequacy of monitoring and oversight activities over the use of multiple financial delegation configurations in finance systems for specific users
  • the timely recording and approval of overtime claims and higher duties allowances
  • the timely finalisation of policies and procedures
  • the management of excessive annual leave balances
  • formalisation of service-provider arrangements between government agencies
  • non-compliance with policies and procedures to guide secondary employment and pecuniary interest declarations
  • non-compliance with policies and procedures to guide the appropriate use of purchasing cards.
Financial reporting

High: 0 new, 0 repeat 1

Moderate: 1 new, 1 repeat 2

Low: 2 new, 0 repeat 3

The financial audits identified:

  • opportunities for agencies to strengthen their financial preparation processes to facilitate a timelier and more efficient year-end audit
  • matters in respect of the timely capitalisation of work-in-progress
  • the need for agencies with non-financial assets subject to fair value to reconsider policy settings governing the frequency of revaluations
  • refinements in considering the outcomes of interim fair value assessments to ensure asset carrying values reflect fair value at each balance date.
1 High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
3 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.

 

Recommendation

We recommend cluster agencies prioritise and action recommendations to address the internal control deficiencies outlined above. 

Appendix one – Early close procedures

Published

Customer Service 2022

Finance
Asset valuation
Compliance
Cyber security
Financial reporting
Information technology
Internal controls and governance
Management and administration
Procurement
Regulation
Risk
Service delivery
Shared services and collaboration

What the report is about

Result of the Customer Service cluster agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for Customer Service cluster agencies.

What the key issues were

The number and size of Service NSW's administered grant programs have increased significantly in response to emergency events. Improvements are required to address gaps in Service NSW's policies, systems and processes in administering and financial reporting of grant programs.

The Department of Customer Service (the department) reported a retrospective correction of a prior period error of $33.3 million understatement of the land titling database, which is a service concession asset managed by a private operator.

The 2021–22 audits identified five high-risk issues across the cluster:

  • the department:
    • control weaknesses in user access to GovConnect systems
    • significant control deficiencies in information technology change management controls
  • Rental Bond Board:
    • legislation amendment required to better support the accounting treatment of rental bonds
    • no delegation instrument to government officers authorising them to approve expenditures
  • Service NSW:
    • improvements required in the timeliness and quality of grant administration revenue assessment and controls over the recovery of grant administration costs.

Recommendations were made to address these deficiencies.

This report provides Parliament and other users of the Customer Service cluster's financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Customer Service cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued on the financial statements of cluster agencies.
  • Reported corrected misstatements decreased from 33 in 2020–21 to 30 with a gross value of $406 million in 2021–22 ($418.9 million in 2020–21). Reported uncorrected misstatements decreased from 13 in 2020–21 to nine with a gross value of $31.8 million in 2021–22 ($78 million).
  • Seven of nine cluster agencies did not submit or complete certain mandatory early close procedures on time.
  • Service NSW's late resolution of the accounting of $256 million revenue from administering COVID-19 and flood grant programs resulted in misstatements and delays in financial reporting and audit.
  • The Department of Customer Service corrected prior period errors retrospectively related to the valuation of a service concession asset (land titling database) which reduced the prior year comparative for service concession asset by $33.3 million in the financial statements.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Customer Service cluster.

Section highlights

  • The 2021–22 audits identified five high risks (three in 2020–21) and 36 moderate risk issues (59 in 2020–21) across the cluster. Fifty-three per cent of the issues (42% in 2020–21) were repeat issues. Many repeat issues related to information technology controls around user access management.
  • While improvement was noted in the number of control deficiencies in GovConnect ASAE 3402 controls assurance reports, internal control qualification and control deviation issues continued to occur in 2021–22. Ineffective controls at service providers increase the risk of fraud, error and security to data.
  • Cyber security governance and management requires improvement. The department is yet to fully implement Essential 8 Mitigation Strategies and the maturity level for several Essential 8 strategies is at Level Zero in the current maturity model. The department is in the process of completing the roll out of some long outstanding system patches.
  • Significant gaps were identified in Service NSW's policies, systems and processes in administering and financial reporting of grant programs.

Appendix one – Misstatements in financial statements submitted for audit 

Appendix two – Early close procedures 

Appendix three – Timeliness of financial reporting 

Appendix four – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Local Government 2021

Local Government
Asset valuation
Cyber security
Financial reporting
Information technology

What the report is about

Results of the local government sector council financial statement audits for the year ended 30 June 2021.

What we found

Unqualified audit opinions were issued for 126 councils, 13 joint organisation audits and nine county councils in 2020–21. 

A qualified audit opinion was issued for Central Coast Council who was unable to provide evidence to support the carrying value of $5.5 billion of roads, bridges, footpaths, bulk earthworks, stormwater drainage, water supply and sewerage network assets.

The audit of Kiama Municipal Council is still in progress as at the date of this report due to significant accounting issues not resolved resulting in corrections to the financial statements and prior period errors.

Forty-one councils and joint organisations (2020: 16) received extensions to submit audited financial statements to the Office of Local Government (OLG). 

Councils were impacted by recent emergency events, including bushfires, floods and the COVID-19 pandemic. The financial implications from these events varied across councils. Councils adapted systems, processes and controls to enable staff to work flexibly.

What the key issues were

There were 1,277 audit findings reported to councils in audit management letters.

Ninety-two high-risk matters were identified across the sector:

  • 69 high-risk matters relating to asset management (see page 30)
  • six high-risk matters relating to information technology (see page 39)
  • six high-risk matters relating to financial reporting (see page 26)
  • six high-risk matters to council governance procedures (see page 22)
  • five high-risk matters relating to financial accounting (see page 28).

More needs to be done to reduce the number of errors identified in financial reports. Twenty-nine councils required material adjustments to correct errors in previous audited financial statements.

Rural firefighting equipment

Sixty-eight councils did not record rural firefighting equipment estimated to be $145 million in their financial statements.

The financial statements of the NSW Total State Sector and the NSW Rural Fire Service do not include these assets, as the State is of the view that rural firefighting equipment that has been vested to councils under the Rural Fires Act 1997 is not controlled by the State. In reaching this conclusion, the State argued that on balance it would appear the councils control rural firefighting equipment that has been vested to them.

The continued non-recording of rural firefighting equipment in financial management systems of some councils increases the risk that these assets are not properly maintained and managed.

What we recommended

Councils should perform a full asset stocktake of rural firefighting equipment, including a condition assessment for 30 June 2022 financial reporting purposes and recognise this equipment as assets in their financial statements. 

Consistent with OLG’s role to assess council’s compliance with legislative responsibilities, standards or guidelines, OLG should intervene where councils do not recognise rural firefighting equipment.

Fast facts

  • 150 councils and joint organisations in the sector
  • 99% unqualified audit opinions issued for the 30 June 2021 financial statements
  • 489 monetary misstatements reported in 2020–21
  • 54 prior period errors reported
  • 92 high-risk management letter findings identified
  • 53% of reported issues were repeat issues.

Early financial reporting procedures

Fifty-nine per cent of councils performed some early financial reporting procedures, less than the prior year.

What we recommended

OLG should require early financial reporting procedures across the local government sector by April 2023. Policy requirements should be discussed with key stakeholders to ensure benefits of the procedures are realised.

Asset valuations

Audit management letters reported 288 findings relating to asset management. Fifty-eight councils had deficiencies in their processes to revalue infrastructure assets.

Thirty-five councils corrected errors relating to revaluations amounting to $1 billion and 13 councils had prior period errors relating to asset revaluations that amounted to $253 million.

What we recommended

Councils should have all asset revaluations completed by April of the financial year subject to audit.

Integrity/completeness of asset records

Sixty-seven councils had weak processes over maintenance, completeness and security of fixed asset registers.

Thirty-five councils corrected errors to the financial statements relating to poor record keeping of asset data that amounted to $102.1 million. Nineteen councils had 27 prior period financial statement errors that amounted to $417.1 million relating to the quality of asset records such as found and duplicate assets.

What we recommended

Councils need to improve controls and processes to ensure integrity and completeness of asset source records.

Cybersecurity

Our audits found that cybersecurity frameworks and related controls were not in place at 65 councils.

These councils have yet to implement basic governance and internal controls to manage cybersecurity such as having a cybersecurity framework, policy and procedure, register of cyber incidents, system penetrations testing and training.

What we recommended

OLG needs to develop a cybersecurity policy to be applied by councils as a matter of high priority in order to ensure cybersecurity risks over key data and IT assets are appropriately managed across councils and key data is safeguarded.

Councils should monitor the implementation of recommendations

Fifty-three per cent of total findings reported in 2020–21 audit management letters were repeat or partial repeat findings from prior years.

What we recommended

Councils and those charged with governance should track the progress of implementing recommendations from financial audits, performance audits and public inquiries.

Key financial information

In 2020–21, councils:

  • collected $7.6b in rates and annual charges
  • received $5.1b in grants and contributions
  • incurred $4.8b of employee benefits and on costs
  • held $15.3b of cash and investments
  • managed $161.7b of infrastructure, property, plant and equipment
  • entered into $3.4b of borrowings.

Pursuant to the Local Government Act 1993 I present my report Local Government 2021. My report provides the results of the 2020–21 financial audits of 127 councils, 13 joint organisations and nine county councils.

Unqualified audit opinions were issued for 126 councils, 13 joint organisation and nine county councils in 2020–21. My independent auditor’s opinion was qualified for Central Coast Council who was unable to provide evidence to support the carrying value of $5.5 billion of roads, bridges, footpaths, bulk earthworks, stormwater drainage, water supply and sewerage network assets.

The 2020–21 year was challenging from many perspectives, not least being the continuing impact of and response to the recent emergency events, including bushfires, floods and the COVID-19 pandemic. We appreciate the efforts of council staff and management right across local government and they must be congratulated for their responsiveness and resilience in meeting their financial reporting obligations in such challenging circumstances.

This report makes a number of recommendations to councils and to the regulator, the Office of Local Government within the Department of Planning and Environment. These are intended to support councils to further improve the timeliness, accuracy and strength of financial reporting and their governance arrangements. Arguably, when faced with challenges, it is even more important to prioritise and invest in systems and processes to protect the integrity of councils' operations and promote accurate and transparent reporting.

I look forward to continuing engagement and constructive dialogue with councils in 2022–23 and beyond.

Margaret Crawford
Auditor-General for New South Wales

Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines audit observations related to the financial reporting of councils and joint organisations.

Highlights

  • One hundred and nine councils and joint organisations (2020: 133) lodged audited financial statements with OLG by the statutory deadline of 31 October (2020: 30 November).
  • Forty-one councils and joint organisations (2020: 16) received extensions to submit audited financial statements to OLG.
  • Unqualified audit opinions were issued for 126 councils, 13 joint organisations and nine county councils in 2020–21. A qualified audit opinion was issued for Central Coast Council in both 2019–20 and 2020–21.
  • The audit of Kiama Municipal Council is still in progress as at the date of this report due to significant accounting issues.
  • Fifty-nine per cent of councils performed some early financial reporting procedures, less than the prior year. We recommended that OLG should require early close procedures across the local government sector by 30 April 2023.
  • The total number and dollar value of corrected financial statement errors increased compared with the prior year, however uncorrected financial statement errors and prior period financial statement errors decreased compared to the prior year.
  • Sixty-eight councils (2020: 68 councils) did not record rural firefighting equipment in their financial statements worth an estimated $145 million (2020: $119 million). The NSW Government has confirmed these assets are not controlled by the NSW Rural Fire Service and are not recognised in the financial records of the NSW Government. We recommended that consistent with the OLG's role to assess council’s compliance with legislative responsibilities, standards or guidelines, OLG should intervene where councils do not recognise rural firefighting equipment. Councils should perform a full asset stocktake of rural firefighting equipment, including a condition assessment for 30 June 2022 financial reporting purposes.

A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations, and support ethical government.

This chapter outlines the overall trends in governance and internal control findings across councils, county councils and joint organisations in 2020–21.

Financial audits focus on key governance matters and internal controls supporting the preparation of councils' financial statements. Audit findings are reported to management and those charged with governance through audit management letters.

Highlights

  • Total number of audit findings reported in audit management letters decreased from 1,435 in 2019–20 to 1,277 in 2020–21.
  • No extreme risk audit findings were identified in 2020–21 (2019–20: 1).
  • Total number of high-risk audit findings increased from 53 in 2019–20 to 92 in 2020–21. Sixty of the high-risk findings in 2020–21 related to the non-recording of rural firefighting equipment in councils' financial statements. Twenty-six per cent of the high-risk findings identified in 2019–20 were reported as high-risk findings in 2020–21.
  • Fifty-three per cent of findings reported in audit management letters were repeat or partial repeat findings. We recommend councils and those charged with governance should track progress of implementing recommendation from our audits.
  • Governance, asset management and information technology comprise over 62% of findings and continue to be key areas requiring improvement.
  • A number of recommendations were made relating to asset valuations and integrity of asset data records, in response to the findings that:
    • 67 councils had weak processes over maintenance and security of fixed asset registers
    • 58 councils had deficiencies in their processes to revalue infrastructure assets.
  • Sixty-five councils have yet to implement basic governance and internal controls to manage cybersecurity. We recommended that OLG needs to develop a cybersecurity policy to be applied by councils as a matter of high priority.

Total number of findings reported in audit management letters decreased

In 2020–21, 1,277 audit findings were reported in audit management letters (2019–20: 1,435 findings). No extreme audit risk findings were identified this year. The extreme risk relating to Central Coast Council's use of externally restricted funds in 2019–20 was partially addressed by management and has been rated as a high-risk for 2020–21. The total number of high-risk findings increased to 92 (2019–20: 53 high-risk findings).

Findings are classified as new, repeat or ongoing, based on:

  • new findings were first reported in 2020–21 audits
  • repeat findings were first reported in prior year audits, but remain unresolved in 2020–21
  • ongoing findings were first reported in prior year audits, but the action due dates to address the findings are after 2020–21.

Findings are categorised as governance, financial reporting, financial accounting, asset management, purchases and payables, payroll, cash and banking, revenue and receivables, or information technology. The high-risk and common audit findings across these areas are explored further in this chapter.

Audit Office’s annual work program for 2021–22 onwards

Focus on integrity of systems, good governance and good advice

We have a fundamental role in helping the Parliament hold government accountable for the use of public resources. In doing so, we examine whether councils' systems and processes are effective in supporting integrity, accountability and transparency. Key aspects of integrity that we expect to through conduct of our financial and performance audits over the next three years include the integrity of systems, good governance and good advice. These focus areas have arisen from the collation of key findings and recommendations from our past reports.

Focus on local councils' continued response to recent emergencies

The COVID-19 pandemic continues to have a significant impact on the people and the public sector of New South Wales. Local councils are continuing to assist communities in their recovery from the 2019–20 bushfires and subsequent and recent flooding. The full extent of some of these events remain unclear and will likely continue to have an impact into the future.

Image of a bus stop that's been completely burned because of a bushfire

The Office of Local Government within the Department of Planning and Environment continues to work with other state agencies to assist local councils and their communities to recover from these unprecedented events.

The increasing and changing risk environment presented by these events has meant that we have recalibrated and focused our efforts on providing assurance on how effectively aspects of responses to these emergencies have been delivered.

This includes financial and governance risks arising from the scale and complexity of government responses to these events.

We will take a phased approach to ensure our financial and performance audits address the following elements of the emergencies and the Local Government's responses:

  • local councils' planning and preparedness for emergencies
  • local councils' initial responses to support people and communities impacted by COVID-19 and the 2019–20 bushfires and recent floods
  • governance and oversight risks that arise from the need for quick decision-making and responsiveness to emergencies
  • effectiveness and robustness of processes to direct resources toward recovery efforts and ensure good governance and transparency in doing so
  • the mid to long-term impact of government responses to the natural disasters and COVID-19
  • whether government investment has achieved desired outcomes.

Focus on the effectiveness of cybersecurity in local government

The increasing global interconnectivity between computer networks has dramatically increased the risk of cybersecurity incidents. Such incidents can harm local government service delivery and may include theft of information, denial of access to critical technology, or even hijacking of systems for profit or malicious intent.

Outdated IT systems and capability present risks to government cybersecurity. Local councils need to be alert to the need to update and replace legacy systems, and regularly train and upskill staff in their use. To add to this, cybersecurity risks have been exacerbated by recent emergencies, which have resulted in greater and more diverse use of digital technology.

Our approach to auditing cybersecurity across in the sector involves:

  • considering how local councils are responding to the risks associated with cybersecurity across our financial audits
  • examining the effectiveness of cybersecurity planning and governance arrangements within local councils
  • conducting deep-dive performance audits of the effectiveness of cybersecurity measures in selected councils.

Local government elections

Local government elections took place in 2021–22

The local government elections were deferred for one year due to the COVID-19 pandemic and were held on 4 December 2021.

As part of our audits, we will consider the impact of any significant change on key decisions and activities for councils, county councils and joint organisations following the local government elections.

New rate peg methodology to support growing councils

The Independent Pricing and Regulatory Tribunal (IPART) has completed its review of the local government rate peg methodology to include population growth.

On 10 September 2021, IPART provided the final report on this review to the Minister for Local Government.

The minister has endorsed the new rate peg methodology and has asked IPART to give effect to it in setting the rate peg from the 2022–23 financial year.

As part of our audits, we will consider the impact of these changes on the financial statements and on key decisions and activities for councils, county councils and joint organisations.

Appendix one – Response from the Office of Local Government within the Department of Planning and Environment

Appendix two – Status of previous recommendations

Appendix three – Status of audits

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Education 2018

Education
Asset valuation
Financial reporting
Information technology
Infrastructure
Service delivery
Shared services and collaboration
Workforce and capability

The Auditor-General for New South Wales, Margaret Crawford, released her report today on the results of the financial audits of agencies in the Education cluster. The report focuses on key observations and findings from the most recent financial audits of these agencies. 'I am pleased to report that unqualified audit opinions were issued on the financial statements of both agencies in the Education cluster', the Auditor-General said. Statements were submitted and audited within statutory deadlines.

This report analyses the results of our audits of financial statements of the Education cluster for the year ended 30 June 2018. The table below summarises our key observations.

This report provides parliament and other users of the Education cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations
  • service delivery.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster for 2017–18.

Observation Conclusions and recommendations
2.1 Quality of financial reporting
Unqualified audit opinions were issued on the financial statements of both cluster agencies. Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement.
2.2 Timeliness of financial reporting
Both cluster agencies met the statutory deadlines for completing early close procedures and submitting financial statements. Early close procedures continue to facilitate the timely preparation of cluster agencies’ financial statements and completion of audits, but scope exists to improve outcomes by resolving issues and supplying supporting documentation earlier.
2.3 Key issues from financial audits
Inconsistencies in the Department’s annual leave and long service leave data, identified over the past three audits, remain unresolved. This issue impacts the Department’s liability estimates for annual leave and long service leave, including associated on-costs. It also on-flows to the Crown Entity, which assumes the Department's liability for long service leave. Recommendation: The Department should confirm leave data and review assumptions following deployment of the new HR/Payroll system to better estimate the liability for employee benefits and the amount to be assumed by the Crown Entity.
2.4 Key financial information
Cluster agencies recorded net deficits in 2017–18.

The Department recorded a net deficit of $30.7 million in 2017–18 against a budgeted surplus of $122 million.

The NSW Education Standards Authority recorded a net deficit of $4.1 million against a budgeted deficit of $4.7 million.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from:

  • our financial statement audits of agencies in the Education cluster for 2018
  • the areas of focus identified in the Audit Office work program.

The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.

Observation Conclusions and recommendations
3.1  Internal controls
Twenty internal control deficiencies were identified during our audits of cluster agencies. We assessed one as a high risk finding.  
Eight internal control weaknesses were repeat issues from previous financial audits that had not been fully addressed by management. Recommendation: Management should prioritise and action recommendations to address internal control weaknesses.
3.2 Information technology
Delivery of the Learning Management and Business Reform (LMBR) program is complete.

The LMBR program has been a major project for the Department since it was established in 2006.

A staged approach was adopted for implementing the Department’s new HR/Payroll system to manage the risks associated with this large-scale roll-out.
3.3 Valuation of the Department’s land and buildings
The Department completed a revaluation of land and building assets during 2017–18.

A market approach was used to revalue the Department’s land, resulting in a revaluation increment of $2.3 billion.

A current replacement cost approach was used to revalue the Department’s school buildings, resulting in an increment of $6.2 billion.
3.4 Maintenance of school facilities
The Department regularly assesses the condition of school buildings and uses Life Cycle Costing to predict maintenance and capital renewal, and to prioritise maintenance activities. The Life Cycle Costing assessment conducted by the Department in 2017–18 rated 70 per cent of school buildings as being in either as new or good condition. No school buildings were rated as being in end-of-life condition.
3.4 School asset delivery
The Department’s School Assets Strategic Plan is designed to ensure that there are sufficient fit-for-purpose places for students up to 2031. The Department created a new division, School Infrastructure NSW, to oversee the planning, supply and maintenance of schools and implement major school infrastructure projects.

This chapter provides service delivery outcomes for the Education cluster for 2017–18. It provides important contextual information about the cluster's operation, but the data on achievement of these outcomes is not audited. The Audit Office does not have a specific mandate to audit performance information.

Appendix one - List of 2018 recommendations

Appendix two - Status of 2017 recommendations

Appendix three - Cluster agencies

Appendix four - Financial data

Published

Internal Controls and Governance 2018

Education
Community Services
Finance
Health
Industry
Justice
Planning
Premier and Cabinet
Transport
Treasury
Whole of Government
Environment
Compliance
Cyber security
Financial reporting
Fraud
Information technology
Internal controls and governance
Management and administration
Procurement
Project management

The Auditor-General for New South Wales Margaret Crawford found that as NSW state government agencies’ digital footprint increases they need to do more to address new and emerging information technology (IT) risks. This is one of the key findings to emerge from the second stand-alone report on internal controls and governance of the 40 largest NSW state government agencies.

This report analyses the internal controls and governance of the 40 largest agencies in the NSW public sector for the year ended 30 June 2018.

This report covers the findings and recommendations from our 2017–18 financial audits that relate to internal controls and governance at the 40 largest agencies (refer to Appendix three) in the NSW public sector.

This report offers insights into internal controls and governance in the NSW public sector

This is our second report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:

  • highlighting the potential risks posed by weaknesses in controls and governance processes
  • helping agencies benchmark the adequacy of their processes against their peers
  • focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.

Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. The way agencies deliver services increasingly relies on contracts and partnerships with the private sector. Many of these arrangements deliver front line services, but others provide less visible back office support. For example, an agency may rely on an IT service provider to manage a key system used to provide services to the community. The contract and service level agreements are only truly effective where they are actively managed to reduce risks to continuous quality service delivery, such as interruptions caused by system outages, cyber security attacks and data security breaches.

Our audits do not review all aspects of internal controls and governance every year. We select a range of measures, and report on those that present heightened risks for agencies to mitigate. This report divides these into the following five areas:

  1. Internal control trends
  2. Information technology (IT), including IT vendor management
  3. Transparency and performance reporting
  4. Management of purchasing cards and taxis
  5. Fraud and corruption control.

The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2018 cluster financial audit reports, which will be tabled in Parliament from November to December 2018.

The focus of the report has changed since last year

Last year's report topics included asset management, ethics and conduct, and risk management. We are reporting on new topics this year. We plan to introduce new topics and re-visit our previous topics in subsequent reports on a cyclical basis. This will provide a baseline against which to measure the NSW public sectors’ progress in implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.

Agencies selected for the volume account for 95 per cent of the state's expenditure

While we have covered only 40 agencies in this report, those selected are a large enough group to identify common issues and insights. They represent about 95 per cent of total expenditure for all NSW public sector agencies.

Internal controls are processes, policies and procedures that help agencies to:

  • operate effectively and efficiently
  • produce reliable financial reports
  • comply with laws and regulations
  • support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume presents this year’s controls and governance findings in more detail.

Observation Conclusions and recommendations
2.1 High risk findings
We found six high risk findings (seven in 2016–17), one of which was repeated from both last year and 2015–16. Recommendation: Agencies should reduce risk by addressing high risk internal control deficiencies as a priority.
2.2 Common findings
We found several internal controls and governance findings common to multiple agencies. Conclusion: Central agencies or the lead agency in a cluster can play a lead role in helping ensure agency responses to common findings are consistent, timely, efficient and effective.
2.3 New and repeat findings
Although internal control deficiencies decreased over the last four years, this year has seen a 42 per cent increase in internal control deficiencies. The increase in new IT control deficiencies and repeat IT control deficiencies signifies an emerging risk for agencies.
IT control deficiencies feature in this increase, having risen by 63 per cent since last year. The number of repeat IT control deficiencies has doubled and is driven by the increasing digital footprint left by agencies as government prioritises on-line interfaces with citizens, and the number of transactions conducted through digital channels increases

Recommendation: Agencies should reduce IT risks by:

  • assigning ownership of recommendations to address IT control deficiencies, with timeframes and actions plans for implementation
  • ensuring audit and risk committees and agency management regularly monitor the implementation status of recommendations.

 

Government agencies’ financial reporting is now heavily reliant on information technology (IT). IT is also increasingly important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our audits reviewed whether agencies have effective controls in place to manage both key financial systems and IT service contracts.

Observation Conclusions and recommendations
3.1 Management of IT vendors
Contract management framework 
Although 87 per cent of agencies have a contract management policy to manage IT vendors, one fifth require review.
 

Conclusion: Agencies can more effectively manage IT vendor contracts by developing policies and procedures to ensure vendor management frameworks are kept up to date, plans are in place to manage vendor performance and risk, and compliance with the framework is monitored by:

  • internal audit focusing on key contracting activities
  • experienced officers who are independent of contract administration performing spot checks or peer reviews
  • targeted analysis of data in contract registers.
Contract risk management
Forty-one per cent of agencies are not using contract management plans and do not assess contract risks. Half of the agencies that did assess contract risks, had not updated the risk assessments since the commencement of the contract.
 		 Conclusion: Instead of applying a 'set and forget' approach in relation to management of contract risks, agencies should assess risk regularly and develop a plan to actively manage identified risks throughout the contract lifecycle - from negotiation and commencement, to termination.

Performance management
Eighty-six per cent of agencies meet with vendors to discuss performance. 

Only 24 per cent of agencies sought assurance about the accuracy of vendor reporting against KPIs, yet sixty-seven per cent of the IT contracts allow agencies to determine performance based payments and/or penalise underperformance.

Conclusion: Agencies are monitoring IT vendor performance, but could improve outcomes and more effectively manage under-performance by:

  • a more active, rigorous approach to both risk and performance management
  • checking the accuracy of vendor reporting against those KPIs and where appropriate seeking assurance over their accuracy
  • invoking performance based payments clauses in contracts when performance falls below agreed standards.

Transitioning services
Forty-three per cent of the IT vendor contracts did not contain transitioning-out provisions.

Where IT vendor contracts do make provision for transitioning-out, only 28 per cent of agencies have developed a transitioning-out plan with their IT vendor.

 Conclusion: Contract transition/phase out clauses and plans can mitigate risks to service disruption, ensure internal controls remain in place, avoid unnecessary costs and reduce the risk of 'vendor lock-in'.
Contract Registers
Eleven out of forty agencies did not have a contract register, or have registers that are not accurate and/or complete.

Conclusion: A contract register helps to manage an agency’s compliance obligations under the Government Information (Public Access) Act 2009 (the GIPA Act). However, it also helps agencies more effectively manage IT vendors by:

  • monitoring contract end dates and contract extensions, and commence new procurements through their central procurement teams in a timely manner
  • managing their contractual commitments, budgeting and cash flow requirements.

Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations.
3.2 IT general controls
Governance
Ninety-five per cent of agencies have established policies to manage key IT processes and functions within the agency, with ten per cent of those due for review.
 		 Conclusion: Regular review of IT policies ensures risks are considered and appropriate strategies and procedures are implemented to manage these risks on a consistent basis. An absence of policies can lead to ad-hoc responses to risks, and failure to consider emerging IT risks and changes to agency IT environments. 

User access administration
Seventy-two deficiencies were identified related to user access administration, including:

  • thirty issues related to granting user access across 43 per cent of agencies
  • sixteen issues related to removing user access across 30 per cent of agencies
  • twenty-six issues related to periodic reviews of user access across 50 per cent of agencies.
 Recommendation: Agencies should strengthen the administration of user access to prevent inappropriate access to key systems.
Privileged access
Forty per cent of agencies do not periodically review logs of the activities of privileged users to identify suspicious or unauthorised activities.

Recommendation: Agencies should:

  • review the number of, and access granted to privileged users, and assess and document the risks associated with their activities
  • monitor user access to address risks from unauthorised activity.
Password controls
Twenty-three per cent of agencies did not comply with their own policy on password parameters.		 Recommendation: Agencies should ensure IT password settings comply with their password policies.
Program changes
Fifteen per cent of agencies had deficient IT program change controls mainly related to segregation of duties and authorisation and testing of IT program changes prior to deployment.		 Recommendation: Agencies should maintain appropriate segregation of duties in their IT functions and test system changes before they are deployed.

 

This chapter outlines our audit observations, conclusions and recommendations from our review of how agencies reported their performance in their 2016–17 annual reports. The Annual Reports (Statutory Bodies) Regulation 2015 and Annual Reports (Departments) Regulation 2015 (annual reports regulation) currently prescribes the minimum requirements for agency annual reports.

Observation Conclusion or recommendation
4.1 Reporting on performance

Only 57 per cent of agencies linked reporting on performance to their strategic objectives.

The use of targets and reporting performance over time was limited and applied inconsistently.

Conclusion: There is significant disparity in the quality and consistency of how agencies report on their performance in their annual reports. This limits the reliability and transparency of reported performance information.

Agencies could improve performance reporting by clearly linking strategic objectives to reported outcomes, and reporting on performance against targets over time. NSW Treasury may need to provide more guidance to agencies to support consistent and high-quality performance reporting in annual reports.

There is no independent assurance that the performance metrics agencies report in their annual reports are accurate.

Prior performance audits have noted issues related to the collection of performance information. For example, our 2016 Report on Red Tape Reduction highlighted inaccuracies in how the dollar-value of red tape reduction had been reported.

Conclusion: The ability of Parliament and the public to rely on reported information as a relevant and accurate reflection of an agency's performance is limited.

The relevance and accuracy of performance information is enhanced when:

  • policies and guidance support the consistent and accurate collection of data
  • internal review processes and management oversight are effective
  • independent review processes are established to provide effective challenge to the assumptions, judgements and methodology used to collect the reported performance information.
4.2 Reporting on reports

Agency reporting on major projects does not meet the requirements of the annual reports regulation.

Forty-seven per cent of agencies did not report on costs to date and estimated completion dates for major works in progress. Of the 47 per cent of agencies that reported on major works, only one agency reported detail about significant cost overruns, delays, amendments, deferments or cancellations.

NSW Treasury produce an annual report checklist to help agencies comply with their annual report obligations.

Recommendation: Agencies should comply with the annual reports regulation and report on all mandatory fields, including significant cost overruns and delays, for their major works in progress.

The information the annual reports regulation requires agencies to report deals only with major works in progress. There is no requirement to report on completed works.

Sixteen of 30 agencies reported some information on completed major works.

Conclusion: Agencies could improve their transparency if they reported, or were required to report:

  • on both works in progress and projects completed during the year
  • actual costs and completion dates, and forecast completion dates for major works, against original and revised budgets and original expected completion dates
  • explanations for significant cost overruns, delays and key project performance metrics.

 

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency preventative and detective controls over purchasing card and taxi use for 2017–18.

Observation Conclusion or recommendation
5.1 Management of purchasing cards
Volume of credit card spend
Purchasing card expenditure has increased by 76 per cent over the last four years in response to a government review into the cost savings possible from using purchasing cards for low value, high volume procurement.
 		 Conclusion: The increasing use of purchasing cards highlights the importance of an effective framework for the use and management of purchasing cards.
Policy framework
We found all agencies that held purchasing cards had a policy in place, but 26 per cent of agencies have not reviewed their purchasing card policy by the scheduled date, or do not have a scheduled revision date stated within their policy.		 Recommendation: Agencies should mitigate the risks associated with increased purchasing card use by ensuring policies and purchasing card frameworks remain current and compliant with the core requirements of TPP 17–09 'Use and Management of NSW Government Purchasing Cards'.
Preventative controls
We found that:
  • all agencies maintained purchasing card registers
  • seventy-six per cent provided training to cardholders prior to being issued with a card
  • eighty-nine per cent appointed a program administrator, but only half of these had clearly defined roles and responsibilities
  • thirty-two per cent of agencies place merchant blocks on purchasing cards
  • forty-seven per cent of agencies place geographic restrictions on purchasing cards.

Agencies have designed and implemented preventative controls aimed at deterring the potential misuse of purchasing cards.

Conclusion: Further opportunities exist for agencies to better control the use of purchasing cards, such as:

  • updating purchasing card registers to contain all mandatory fields required by TPP17–09
  • appointing a program administrator for the agency's purchasing card framework and defining their role and responsibility for the function
  • strengthening preventive controls to prevent misuse.

Detective controls
Ninety-two per cent of agencies have designed and implemented at least one control to monitor purchasing card activity.

Major reviews, such as data analytics (29 per cent of agencies) and independent spot checks (49 per cent of agencies) are not widely used.

Agencies have designed and implemented detective controls aimed at identifying potential misuse of purchasing cards.

Conclusion: More effective monitoring using purchasing card data can provide better visibility over spending activity and can be used to:

  • detect misuse and investigate exceptions
  • analyse trends to highlight cost saving opportunities.
5.2 Management of taxis
Policy framework
Thirteen per cent of agencies have not developed and implemented a policy to manage taxi use. In addition:
  • a further 41 per cent of agencies have not reviewed their policies by the scheduled revision date, or do not have a scheduled revision date
  • more than half of all agencies’ policies do not offer alternative travel options. For example, only 36 per cent of policies promoted the use of general Opal cards.
 Conclusion: Agencies can promote savings and provide more options to staff where their taxi use policies:
  • limit the circumstances where taxi use is appropriate
  • offer alternate, lower cost options to using taxis, such as general Opal cards and rideshare.
Detective controls
All agencies approve taxi expenditure by expense reimbursement, purchasing card and Cabcharge, and have implemented controls around this approval process. However, beyond this there is minimal monitoring and review activity, such as data monitoring, independent spot checks or internal audit reviews.		 Conclusion: Taxi spend at agencies is not significant in terms of its dollar value, but it is significant from a probity perspective. Agencies can better address the probity risk by incorporating taxi use into a broader purchasing card or fraud monitoring program.

 

Fraud and corruption control is one of the 17 key elements of our governance lighthouse. Recent reports from ICAC into state agencies and local government councils highlight the need for effective fraud control and ethical frameworks. Effective frameworks can help protect an agency from events that risk serious reputational damage and financial loss.

Our 2016 Fraud Survey found the NSW Government agencies we surveyed reported 1,077 frauds over the three year period to 30 June 2015. For those frauds where an estimate of losses was made, the reported value exceeded $10.0 million. The report also highlighted that the full extent of fraud in the NSW public sector could be higher than reported because:

  • unreported frauds in organisations can be almost three times the number of reported frauds
  • our 2015 survey did not include all NSW public sector agencies, nor did it include any NSW universities or local councils
  • fraud committed by citizens such as fare evasion and fraudulent state tax self-assessments was not within the scope of our 2015 survey
  • agencies did not estimate a value for 599 of the 1,077 (56 per cent) reported frauds.

Commissioning and outsourcing of services to the private sector and the advancement of digital technology are changing the fraud and corruption risks agencies face. Fraud risk assessments should be updated regularly and in particular where there are changes in agency business models. NSW Treasury Circular TC18-02 NSW Fraud and Corruption Control Policy now requires agencies develop, implement and maintain a fraud and corruption control framework, effective from 1 July 2018. 

Our Fraud Control Improvement Kit provides guidance and practical advice to help organisations implement an effective fraud control framework. The kit is divided into ten attributes. Three key attributes have been assessed below; prevention, detection and notification systems.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency fraud and corruption controls for 2017–18.

Observation Conclusion or recommendation
6.1 Prevention systems

Prevention systems
Ninety-two per cent of agencies have a fraud control plan in place, 81 per cent maintain a fraud database and 79 per cent report fraud and corruption matters as a standing item on audit and risk committee agendas.

Only 54 per cent of agencies have an employment screening policy and all agencies have IT security policies, but gaps in IT security controls could undermine their policies.

Conclusion: Most agencies have implemented fraud prevention systems to reduce the risk of fraud. However poor IT security along with other gaps in agency prevention systems, such as employment screening practices heightens the risk of fraud and inappropriate use of data.

Agencies can improve their fraud prevention systems by:

  • completing regular fraud risk assessments, embedding fraud risk assessment into their enterprise risk management process and reporting the results of the assessment to the audit and risk committee
  • maintaining a fraud database and reviewing it regularly for systemic issues and reporting a redacted version of the database on the agency's website to inform corruption prevention networks
  • developing policies and procedures for employee screening and benchmarking their current processes against ICAC's publication ‘Strengthening Employment Screening Practices in the NSW Public Sector’
  • developing and maintaining up to date IT security policies and monitoring compliance with the policy.
Twenty-three per cent of agencies were not performing fraud risk assessments and some agency fraud risk assessments may not be as robust as they could be.  Conclusion: Agencies' systems of internal controls may be less effective where new and emerging fraud risks have been overlooked, or known weaknesses have not been rectified.
6.2 Detection systems
Detection systems
Several agencies reported they were developing a data monitoring program, but only 38 per cent of agencies had already implemented a program.
 

Studies have shown data monitoring, whereby entire populations of transactional data are analysed for indicators of fraudulent activity, is one of the most effective methods of early detection. Early detection decreases the duration a fraud remains undetected thereby limiting the extent of losses.

Conclusion: Data monitoring is an effective tool for early detection of fraud and is more effective when informed by a comprehensive fraud risk assessment.
6.3 Notification systems
Notification system
All agencies have notification systems for reporting actual or suspected fraud and corruption. Most agencies provide multiple reporting lines, provide training and publicise options for staff to report actual or suspected fraud and corruption.		 Conclusion: Training staff about their obligations and the use of fraud notification systems promotes a fraud-aware culture

 

Appendix one - List of 2018 recommendations

Appendix two - Status of 2017 recommendations

Appendix three - Cluster agencies

Published

Report on Local Government 2017

Local Government
Asset valuation
Information technology
Internal controls and governance

Under section 421C of the Local Government Act 1993, I am pleased to present our first report on the statutory financial audits of councils, to NSW Parliament.

My appointment as the auditor of local government in New South Wales is the most significant change to the Auditor-General's mandate in nearly three decades.

Moving to the new audit arrangements over the past 18 months has been challenging but rewarding. It has confirmed my appreciation of local government – a sector passionate about the community and focused on delivering local services. 

The unique relationship each council has with its community differentiates it from other tiers of government.

Our audits
I am pleased to report that we completed 139 out of 140 financial statement audits for the 2016–17 audit cycle. The remaining council received an extension to lodge its financial statements.

We have also released a performance audit report on council reporting on service delivery. We will soon release another report on fraud controls in local councils and a report on council shared services later this year. 

  • While the new audit mandate brings immense responsibility, my office has embraced the challenges involved and the objectives that NSW Parliament gave us: 
  • strengthening governance and financial oversight in local government
  • providing greater consistency in external audit
  • ensuring reliable financial information is available to assess council performance
  • improving financial management, fiscal responsibility and public accountability in how councils use citizens’ funds.

This report
This report is rich in data extracted from the results of the 2016–17 financial audits. For the first time, it presents a consistent view of financial performance across the New South Wales local government landscape. The report also provides guidance and includes recommendations to councils and the Office of Local Government aimed at strengthening financial reporting, asset management, governance and internal controls.

The report will help NSW Parliament understand the common challenges that councils face. It provides points of comparison for councils and signposts matters that will be the focus of future audits. Importantly, this report and the data visualisation that accompanies it, provides comprehensive and accessible information to citizens regarding the management and performance of their councils.

I would like to acknowledge the cooperation of councils throughout the audit process and our partnerships with the contract audit firms that helped us to deliver the audits. Together we can learn from each other and work towards improving outcomes for the community.  

1.    Introduction
Local government sector NSW has 140 councils: 128 local councils serving a geographic area and 12 county councils formed for a specific purpose. 
We completed audits of 139 councils' 2016–17 financial statements and eight councils' 2015–16 financial statements. Bayside Council received a lodgement extension from the Office of Local Government (OLG) and has not yet presented their 2016–17 financial statements for audit.
Service delivery Each council provides a range of services, influenced by population density, demographics, the local economy, geographic and climatic characteristics. These differences influence the financial profile of councils.
2.    Financial reporting
Quality of financial reporting

The overall quality of financial reporting needs to improve:

  • we issued modified (qualified) audit opinions on the financial statements of three councils in 2016–17 and one council and one water authority in 2015–16
  • we reported 39 significant matters to 29 councils. They related to material accounting issues and significant deficiencies in internal controls
  • twenty-two councils required material adjustments to correct errors in previous audited financial statements
  • moderate risk issues were identified in financial statement preparation processes for 43 councils.

    OLG guidance for council year-end financial reporting needs to align with Australian Accounting Standards and be issued earlier.
Timeliness of financial reporting Timeliness of financial reporting needs to improve. Forty councils required lodgement extensions past the 31 October 2017 statutory reporting deadline.
3.    Financial performance and sustainability
Operating revenue Eighteen councils operating expenses exceed current operating revenue.
Fifty-nine councils do not meet OLG’s target of 60 per cent for own source operating revenue.
Liquidity and working capital Most councils have sufficient liquidity and working capital. However, there are indicators that:
  • three councils may not have the ability to meet short-term obligations as measured by the unrestricted current ratio
  • two councils may not have sufficient operating cash available to service debt as measured by the debt service cover ratio
  • eighteen councils do not meet the OLG benchmark for the collection of rates and annual charges 
  • five councils may not have sufficient cash to continue paying expenses without additional cash inflows as measured by the cash expense cover ratio.
Asset management measures Reporting against OLG’s asset management performance measures highlights that councils need to consider whether spending on existing infrastructure assets is sufficient to ensure they continue to meet service delivery standards:
  • seventy councils are not renewing assets in line with the rate of their depreciation
  • eighty-four councils did not meet OLG’s benchmark for managing the infrastructure maintenance backlog
  • seventy-one councils are not maintaining their assets in accordance with their asset management plans. 
4.    Asset management
High risk issues We reported ten high risk issues relating to councils’ asset management and accounting practices.
Asset reporting The accuracy of asset registers requires improvement and all assets need to be reported in the financial statements.
At 30 June 2017, 62 councils did not record all rural fire-fighting equipment in their financial statements. A large proportion of rural fire-fighting equipment is not reported in either State government or local government financial statements.
Asset valuation We reported seven high risk matters related to asset valuations, including two that resulted in qualified audit opinions.
Asset useful life estimates We identified that accounting for the useful lives of similar assets varied across councils, resulting in variable depreciation expense for these assets.
In addition, the useful lives of assets need to be reviewed annually. This review should be supported by current condition assessments.
Asset policy and planning Thirteen councils do not have an asset management strategy, policy and plan, as required by the Office of Local Government’s Integrated Planning and Reporting Framework.
5.    Governance and internal controls
High risk issues We reported 17 high risk issues relating to governance, financial accounting, purchasing and payables and payroll matters.
Governance There is currently no requirement for councils to have an audit, risk and improvement committee and internal audit function. Consequently, 53 councils do not have an audit committee and 52 councils do not have an internal audit function.
The Office of Local Government has incomplete information on the number of entities established by councils. There is no financial reporting framework for the variety of entities established by councils.
Councils can strengthen policies and procedures to support critical business processes, practices for risk management and compliance with key laws and regulations.
Internal controls Councils can improve internal controls over manual journals, reconciliations, purchasing and payables and payroll.
6.    Information technology
High risk issues We reported nine high risk issues relating to information technology.
Access to IT systems Controls over user access to IT systems need to be strengthened.
Information Technology governance IT governance benefits from appropriate policies, standards and guidelines across all critical IT processes. We identified that:
  • around one in four councils do not have an IT strategy or operational plan 
  • half of NSW councils have an IT security policy
  • seventeen councils do not have a documented plan to recover from a disaster.

 

Accurate and timely financial statements are an important element of sound financial management. They bring accountability and transparency to the way councils use public resources. Our financial audits assessed the following aspects of councils’ financial reporting:

  • quality of financial reporting
  • timeliness of financial reporting.
Observation Conclusion or recommendation
2.1 Quality of financial reporting

Qualified audit opinions
We issued unmodified audit opinions on the: 

  • 2016–17 financial statements of 136 councils and two water authorities 
  • 2015–163 financial statements for seven councils and two water authorities.
 The councils that received unmodified audit opinions prepared financial statements that fairly present their financial position and results. 

We issued modified (qualified) opinions on the:

  • 2016–17 financial statements of three councils 
  • 2015–16 financial statement of one council and one water authority.

Councils with modified opinions should address the issues that give rise to the audit qualification.
Significant audit matters
We reported 39 significant matters in 29 councils. They included material accounting issues and significant deficiencies in internal controls. Seventy-seven per cent of the matters related to assets.
 		 Significant issues with the quality of financial reporting delayed the completion of a number of audits. 
Improving the reporting on assets should be a priority. 
 
Prior period errors
We found 33 material errors worth $9.1 billion in the previous audited financial statements of 
22 councils. These all required prior-year audited balances to be corrected. Eighty eight per cent of these were asset related.
 		 The high number of asset-related prior-period errors reinforces the need for councils to improve the way they value and account for assets.
Financial statements
We reported 43 moderate risk findings where councils can improve the way they complete their financial statements.		 Recommendation
Councils can improve the quality of financial reporting by reviewing their financial statements close processes to identify areas for improvements.
 
Of the councils that had an audit, risk and improvement committee, 55 per cent of these did not review the financial statements before audit. Recommendation
Councils can improve the quality of financial reporting by involving an audit, risk and improvement committee in the review of financial statements.
 
OLG guidance
To support councils in preparing 30 June 2017 financial statements, OLG issued guidance documents in June 2017 and September 2017. This limited the time councils had to prepare financial statements in the prescribed form and resolve financial reporting and audit issues. 		 Recommendation
The Office of Local Government should release the Local Government Code of Accounting Practice and Financial Reporting and the End of Year Financial Reporting Circular earlier in the audit cycle, ideally by 30 April each year.
 
The Code applicable for the 2016–17 financial reporting period provided options and guidance that in some instances did not fully align with Australian Accounting Standards. Recommendation
The Local Government Code of Accounting Practice and Financial Reporting should align with Australian Accounting Standards.
2.2 Timeliness of financial reporting
Statutory deadlines
One hundred councils submitted audited financial statements to OLG by the statutory deadline of 31 October 2017.
Thirty-nine councils received reporting extensions up to 28 February, including 16 of the 20 newly amalgamated councils.
Bayside Council received a reporting extension to 31 May 2018 and has not yet presented their financial statements for audit.
 		 Councils need to improve their financial reporting processes in order to lodge their financial statements by the statutory reporting deadline.
Early close procedures
Councils currently do not use early close procedures to resolve accounting issues before the end of the financial year.		 Recommendation
The Office of Local Government should introduce early close procedures with an emphasis on asset valuations.

3 The Auditor‑General was appointed statutory auditor of eight councils for the 2015–16 reporting period at the specific request of councils, due to the failure by councils to appoint an auditor, or the inability of the previous auditor to complete the audit due to external investigation or auditor retirement.

Strong and sustainable financial performance provides the platform for councils to deliver services and respond to the needs of their community. This chapter outlines our audit observations on the performance of councils against the Office of Local Government's (OLG) performance indicators, grouped in three areas:

  • operating revenue performance measures
  • liquidity and working capital performance measures
  • asset management performance measures.

Our analysis indicates that some councils face challenges in meeting these performance and sustainability measures.

Observations Conclusions
3.1 Operating revenue performance measures

Operating performance
Operating expenses for 18 councils exceeded their operating revenue.

Another 20 councils would not have met OLG’s operating performance benchmark without the receipt of 2017–18 financial assistance grants which was recorded as revenue during 2016–17.

Eleven councils have not met OLG’s operating performance benchmark for the last three years.

 It is important that councils have financial management strategies that support their financial sustainability and ability to meet OLG’s operating performance benchmark over the long term.
Operating performance measures how well councils contain operating expenses within operating revenue. OLG has prescribed a benchmark of greater than zero.  

Own source operating revenue
Fifty-nine councils did not meet OLG’s benchmark, and 42 of those were rural councils.

 Rural councils have high-value infrastructure assets that cover large areas with smaller populations and less capacity to raise revenue from alternative sources compared with metropolitan councils.
Own source operating revenue measures a council’s fiscal flexibility and the degree to which it can generate revenue from own sources compared with total revenue from all sources. OLG has prescribed a benchmark of more than 60 per cent of total revenue.  
3.2 Liquidity and working capital performance measures

Unrestricted current ratio
All but three councils met OLG’s benchmark.

 Most councils can meet short-term obligations as they fall due.
The unrestricted current ratio represents a council’s ability to meet its short-term obligations as they fall due. OLG has prescribed a benchmark of greater than 1.5 times.  

Debt service cover ratio
All but two councils met OLG’s benchmark. These two councils did not meet OLG’s benchmark due to the early repayment of borrowings.

Regional councils have 56 per cent of the value of all borrowings in the sector.

Most councils have sufficient operating cash available to service their borrowings.

Regional councils borrow more heavily than metropolitan councils to deliver water and sewerage infrastructure. Metropolitan councils do not have the responsibility to provide water and sewerage infrastructure.
The debt service cover ratio measures the operating cash available to service debt including interest, principal and lease payments. OLG has prescribed a benchmark of greater than two times.  

Rates and annual charges outstanding
Eight rural, five regional, three metropolitan and two county councils did not meet OLG’s benchmark.

These councils also did not meet the infrastructure backlog ratio.

 Most councils are collecting rates and annual charges levied. Councils with higher levels of uncollected rates and charges can experience increased pressure on the working capital available to fund operations.
The rates and annual charges outstanding measure assesses the impact of uncollected rates and annual charges on a council’s liquidity and the adequacy of debt recovery efforts. OLG has prescribed a benchmark of less than five per cent for metropolitan and less than ten per cent for other councils.  

Cash expense cover ratio
Three rural and two county councils did not meet OLG’s benchmark.

 Most councils have the capacity to cover more than three months of operating expenses.
The cash expense cover ratio indicates the number of months a council can continue paying its expenses without additional cash inflows. OLG has prescribed a benchmark of greater than three months.  

This measure does not exclude externally and internally restricted funds. If externally restricted funds are excluded, all councils would still meet OLG’s benchmark. If both externally and internally restricted funds are excluded:

  • an additional 32 councils would have a cash expense cover ratio of less than three months
  • a further nine councils are left without any unrestricted funds for general operations.
 Councils with a higher proportion of restricted funds may have less flexibility to pay operational expenses than the cash expense cover ratio suggests. However, councils can resolve to lift internal restriction if required.

3.3. Asset management performance measures (not audited)

Building and infrastructure renewals ratio
Seventy councils reported to OLG they do not meet the benchmark for this ratio.

Most councils included expenditure related to work-in-progress in calculating this ratio. OLG are of the view that work-in-progress should be excluded and as a result identified that a further 23 councils do not meet the benchmark.

These councils appear to not be renewing assets in line with the rate they are depreciating them. This raises questions as to whether council asset management plans are adequate to determine whether assets are being kept up to agreed standards.

Uncertainty on the inclusion of work-in-progress assets does need to be is clarified in order to ensure consistency in determining whether councils are adequately renewing their assets.
The building and infrastructure renewals ratio represents the rate at which assets are being renewed relative to the rate at which they are depreciating. OLG has prescribed a benchmark of greater than 100 per cent.  

Infrastructure backlog ratio
Eighty-four councils reported to OLG that they do not meet the benchmark for this ratio.

 These councils may not be maintaining their infrastructure backlog at a manageable level.
The infrastructure backlog ratio represents the proportion of infrastructure backlog relative to the total net book value of a council's infrastructure assets. OLG has prescribed a benchmark of less than two per cent.  

Asset maintenance ratio
Seventy-one councils reported to OLG they do not meet the benchmark for this ratio

 These councils’ maintenance expenditure may be insufficient to sustain their assets in a functional state so they reach their predicted useful life.
The asset maintenance ratio represents the rate at which assets are being maintained relative to the rate at which they are required to be maintained. OLG has prescribed a benchmark of greater than 100 per cent.  

Costs to bring assets to agreed service level
One-hundred and two councils reported results against this indicator to OLG. The reported results ranged from 0.1 per cent to 19.8 per cent.

 There is variability between councils in the amount of outstanding renewal works to be completed.
This ratio represents the estimated cost to renew or rehabilitate existing infrastructure assets that have reached the condition-based interval level adopted by a council, relative to the gross replacement cost of all infrastructure assets. OLG has not prescribed a benchmark for this performance measure.  

OLG’s benchmarks for financial performance and sustainability

Each local council has unique characteristics such as its size, location and services provided to their communities. These differences affect the nature of each council's assets and liabilities, revenue and expenses, and in turn the financial performance measures against which it reports.

The Office of Local Government prescribes performance indicators for council reporting

The analysis in this chapter is based on performance measures prescribed in OLG’s Code of Accounting Practice and Financial Reporting (the Code). Councils report against these measures in their annual report, which includes the audited financial statements and other unaudited information. In the audited financial statements, councils report performance against six financial sustainability measures:

  • operating performance
  • own source operating revenue
  • unrestricted current ratio
  • debt service cover ratio
  • rates and annual charges outstanding percentage
  • cash expense cover ratio.

Councils also include the unaudited Special Schedule 7 'Report on Infrastructure Assets' in their annual reports. In this schedule, councils report to OLG on performance against four further measures:

  • building and infrastructure renewals ratio
  • infrastructure backlog ratio
  • asset maintenance ratio
  • cost to bring assets to agreed service level.

Each audited measure and three of the four unaudited measures has a prescribed benchmark. OLG’s benchmarks are the same for metropolitan, regional, rural and county councils, with the exception of the rates and annual charges outstanding percentage. Regional, rural and county councils have a different benchmark to metropolitan councils for this measure.

Three rural councils did not meet three of the audited OLG benchmarks

Most councils met OLG’s benchmarks for at least five or all of the six audited performance measures. Eight rural, four regional, four metropolitan and two county councils did not meet OLG’s benchmarks for two out of the six audited performance measures. Three rural councils did not meet OLG’s benchmarks for three out of the six audited performance measures.

The following table summarises how the councils performed across the six audited performance measures.

Number of OLG benchmarks met by councils   Number of councils  
Metropolitan Regional Rural County
6 12 12 29 5
5 17 21 17 5
4 4 4 8 2
3 -- -- 3 --
Not available* 1 -- -- --
Total 34 37 57 12
* The financial statements for Bayside Council are not yet presented for audit.
Source: Audited Financial Statements for 2016–17.

Appendix ten lists the performance of each council against all performance measures.

NSW councils own and manage a significant range of assets, including infrastructure, property, plant and equipment with a total value of $136 billion.

Many of the issues that our local government audits identified related to asset management. This chapter discusses some of the asset accounting issues we found, focusing on five areas:

  • overall asset management issues
  • asset registers
  • asset valuation
  • recognition and asset useful life estimates
  • asset policy and planning.
Observations Conclusion or recommendation
4.1 High risk issues

Significant matters reported to those charged with council governance
Our 2016–17 audits identified ten high risk issues related to the accuracy of asset registers, restricted assets and asset revaluations.

 High risk issues affect council’s ability to maintain their assets in the condition required to deliver essential services.
4.2 Asset reporting

Accuracy of asset registers
Our audits identified instances where councils had multiple asset registers, inaccurate or incomplete registers, unreconciled registers, or uncontrolled manual spreadsheets.

 Maintaining accurate asset records is important as it enables councils to manage their assets effectively and report on finances appropriately.

Unrecorded land and infrastructure assets
Twenty-four councils had not recorded $145 million worth of assets, mainly land and infrastructure assets.

 Assets not captured in council records is at risk of not being subject to their care and control, nor recorded in the financial statements.

Rural fire-fighting equipment
At 30 June 2017, forty-six councils did report vested rural fire-fighting equipment in their financial statements. However, 62 councils did not record vested fire-fighting equipment in their financial statements. These rural fire‑fighting equipment assets are not reported in either State government or local government financial statements.

Recommendation
The Office of Local Government should address the different practices across the local government sector in accounting for rural fire‑fighting equipment before 30 June 2018.

In doing so, the Office of Local Government should work with NSW Treasury to ensure there is a whole‑of‑government approach.

4.3 Asset valuation

Restricted assets
Our audits found that ten councils did not appropriately consider restrictions on the use of community land and land under roads when determining asset fair values in accordance with Australian Accounting Standards.

Nine councils corrected the land values in their 2016–17 financial statements, reducing the reported value of community land and land under roads by $12.1 billion.

The valuation of community land and land under roads should reflect the physical and legislative restrictions on these assets as required by Australian Accounting Standards. The impact of restrictions can be significant.

Councils should consider engaging experts to assist with the determination of asset fair values, as necessary.
Asset revaluations
Our audits found many cases where councils did not review valuation results, comply with applicable codes, or work effectively with valuers to obtain accurate asset valuations.		 Valuing large infrastructure assets is a complex process. Councils would benefit if the process is started earlier and there is a clear plan to ensure valuations are appropriately managed and documented.

4.4 Asset useful life estimates

Asset useful life estimates
We found considerable variability in councils' useful lives for similar assets.

In some cases, the useful lives of assets are not reviewed annually or supported by regular condition assessment.

Depreciation is a significant expense for councils and therefore impacts on reported financial results and key performance indicators.

To comply with Australian Accounting Standards, councils need to reassess the useful lives of all assets annually.

Regular condition assessments are essential to identify maintenance requirements and maintain service delivery.

4.5 Asset policy and planning
Asset management strategy
Thirteen councils do not have an asset management policy, strategy and plan, as required by OLG's Integrated Planning and Reporting Framework. Newly amalgamated councils have until 30 June 2018 to implement this.		 An effective asset management strategy, policy and plan helps councils to manage their assets appropriately over their life cycle and to make informed decisions on the allocation of resources.

Asset overview

NSW councils own and manage a significant range of assets, including infrastructure, property, plant and equipment.

At 30 June 2017, the combined carrying value of NSW council assets was as follows.

Good governance systems help councils to operate effectively and comply with relevant laws and standards. Internal controls assist councils to operate reliably and produce effective financial statements.

This chapter highlights the high risk issues we found and reports on a range of governance and control areas. Governance and control issues relating to asset management and information technology are covered in separate chapters.

Observation Conclusion or recommendation
5.1 High risk issues
Significant matters reported to those charged with council governance
Our 2016–17 audits identified 36 high risk governance and internal control deficiencies across 17 councils.  Asset practices accounted for the highest number of high risk issues and information technology accounted for the largest overall number of control deficiencies. These matters are covered in chapters four and six respectively.
We reported:
  • seventeen high risk issues relating to governance, purchase-to-pay, financial accounting and payroll processes
  • ten high risk issues relating to asset practices
  • nine high risk issues related to information technology management.
 High risk issues affect council’s ability to achieve their objectives and increase the risk of fraud and error. 
5.2 Governance
Audit committees
Councils are currently not required to have an audit, risk and improvement committee. Consequently, 53 councils do not have an audit committee.

Proposed legislative changes will require councils to establish an audit, risk and improvement committee by March 2021.

Recommendation
Councils should early adopt the proposed requirement to establish an audit, risk and improvement committee.

Internal audit
Councils are currently not required to have an internal audit function. Consequently, 52 councils do not have this function.

Recommendation
The Office of Local Government should introduce the requirement for councils to establish internal audit functions and update its 2010 Internal Audit Guidelines.

Council entities
The Office of Local Government's register of entities approved under section 358 of the Local Government Act 1993 is incomplete.

Recommendation
The Office of Local Government should maintain an accurate register of council entities approved under section 358 of the Local Government Act 1993.
The Local Government Act 1993 does not stipulate a financial reporting framework for council entities.    

Recommendation
The Office of Local Government should establish a financial reporting framework for council entities.

Policies and procedures
We identified 50 high and moderate risk issues across 33 councils where policies and procedures over critical business processes did not exist or had not been updated.

 It is important there are current policies, standards and guidelines available to staff and contractors across all critical business processes.

Legislative compliance frameworks
Our audits found that 45 councils do not have sufficient processes to show they are complying with legislative requirements.

 Councils can improve practices in monitoring compliance with key laws and regulations. This includes implementing a legislative compliance framework, register and policy.

Risk management
We identified 15 high and moderate risk issues across 15 councils where risk management practices could be strengthened.

 Council risk management practices are enhanced when there is a fit-for-purpose risk management framework, register and policy to outline how risks are identified, managed and monitored.
5.3 Internal controls

Financial accounting
We identified 45 high and moderate risk control deficiencies across 41 councils concerning the use of manual journals to adjust council financial records. This can increase the risk of fraud and error.

We identified 51 high and moderate risk issues across 39 councils where reconciliation processes need to improve to support the preparation of accurate financial statements

Sound financial accounting processes include controls to ensure:

  • a person other than the preparer authorises manual journals
  • key account reconciliations are prepared and reviewed.
Purchasing and payables
We found 102 high and moderate risk deficiencies in purchasing and payable controls across 64 councils. Sound purchasing controls are important to minimise error, unauthorised purchases, fraud and waste.

As councils spend a substantial amount each year to procure goods and services, strong controls over purchasing and payment practices are critical. These include:

  • a review of changes to vendor master file data by an appropriate independent officer
  • an independent review and approval of purchases, including credit card transactions
  • compliance with Tendering Guidelines for NSW Local Government.

Payroll
We identified 71 high and moderate risk deficiencies in payroll controls across 48 councils. Weaknesses in payroll controls could result in incorrect payments being made to employees, due to error or fraud.

Managing excess annual leave balances was a challenge for 32 councils.

Effective payroll controls are important because employee expenses represent a large portion of council expenditure. These controls include segregation of duties in the review of payroll master file data, timesheets, leave forms, payroll exception reports and termination payments.

Excessive annual leave balances can have implications on employee costs, disrupts service delivery and affect work, health and safety. Excess annual leave balances should be continuously monitored and managed.

Like most public sector agencies, councils increasingly rely on information technology (IT) to deliver services and manage sensitive information. While IT delivers considerable benefits, it also presents risks that councils need to address.

Our review of council IT systems focused on understanding the processes and controls that support the integrity, availability and security of the data used to prepare financial statements. This chapter outlines issues in three broad areas:

  • high risk issues
  • access to IT systems
  • IT governance.
Issues Conclusion
6.1 High risk issues
Significant matters reported to those charged with council governance
Our 2016–17 audits identified nine high risk IT control deficiencies across seven councils. The issues related to user access controls, privileged access controls and user developed applications. High risk issues affect council’s ability to achieve their objectives and increase the risk of fraud and error.
6.2 Access to IT systems
User access controls
We identified 107 issues across 56 councils where user access controls could be strengthened.

Inadequate IT policies and controls around user access, including privileged access, increases the risk of individuals having excessive or unauthorised access to critical financial systems and data.

Privileged access
We identified 86 examples across 64 councils of inappropriate privileged access, inadequate review of access and insufficient retention and review of access logs.

 

User developed applications
User developed applications (UDAs) are computing applications, tools and processes developed or managed outside IT administration. UDAs may allow users to bypass formal user access controls.

Our audits found 22 councils using spreadsheets for business operations, decision making and financial reporting that were not adequately secured, with changes that were not tracked, tested or reviewed.

We also identified five councils where finance staff and senior management use database query tools to directly modify financial data, circumventing system-based business process controls.

It is important councils are aware of all circumstances they are relying on UDAs to limit the risk of errors and potential misuse. This allows councils to:

  • transition UDA functions to internal systems where possible
  • ensure UDAs are adequately controlled where they continue to use them
  • regularly review access rights to UDAs and back-up business-critical information.
6.3 IT Governance

Strategy, policies and procedures
Around one in four councils do not have an IT strategy or operational plan. Some councils also need to develop or improve IT policies and procedures.

Sixty-six councils do not have an adequate information security policy.

IT governance is enhanced where there is:

  • a fit-for-purpose IT strategy and operational plan
  • appropriate policies, standards and guidelines across all critical IT processes
  • a formally defined process to support security and access to all systems.

Disaster recovery and business continuity
Our audits identified that 17 councils do not have a documented plan to recover critical business functions in the event of a disaster.

The ability to restore data from backups is critical to ensure business continuity in the face of a system disaster.

We also found that 15 councils do not periodically test their ability to restore backups of data relevant to financial reporting.

Sound management of disaster recovery and business continuity includes:

  • a documented plan for how critical business functions will be recovered in the event of a disaster, which is periodically reviewed and tested
  • the ability to restore backed-up data, which is periodically tested.

We expect to focus on these areas in our future audits.

Appendix one - Response from the Office of Local Government

Appendix two - List of recommendations

Appendix three - Sources of information and council classifications

Appendix four - Councils amalgamated in 2016

Appendix five - Status of audits

Appendix six - Council spending by function - Definitions from the local government code of accounting practice and financial reporting

Appendix seven - OLG’s performance indicators from the audited financial statement - Descriptions

Appendix eight - OLG’s performance indicators from the unaudited special schedule 7 - Descriptions

Appendix nine - Financial information

Appendix ten - OLG’s performance indicators

Appendix 11 - NSW Crown Solicitor’s advice

Click here to access the Report on Local Government 2017 Data Visualisation

View our audit program
View audit program
EXPLORE
upcoming audits
Have your say
CONTRIBUTE