Main navigation

Appendix one – Misstatements in financial statements submitted for audit

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

15 December 2022

Published

Planning and Environment 2022

Environment

Industry

Local Government

Planning

Asset valuation

Compliance

Financial reporting

Information technology

Infrastructure

Internal controls and governance

Management and administration

Risk

What the report is about

Result of the Planning and Environment cluster agencies' financial statements audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for all completed 30 June 2022 financial statements audits of cluster agencies. Seven audits are ongoing.

Disclaimed audit opinions were issued for the 2010–11 to 2015–16 financial statements of the Water Administration Ministerial Corporation (WAMC), as management was unable to certify that the financial statements exhibit a true and fair view of WAMC's financial position and financial performance.

Qualified audit opinions were issued for WAMC's 2016–17 and 2017–18 financial statements due to insufficient evidence to support the completeness and valuation of water meters infrastructure assets, the impairment of water meters, and the completeness of buildings at Nimmie Caira.

Unqualified audit opinions were issued for WAMC's 2018–19 and 2019–20 financial statements.

The Department of Planning and Environment (the department) assessed 45 Category 2 Statutory Land Managers (SLM) did not meet the reporting exemption criteria and therefore were required to prepare 2021–22 financial statements. None of these 45 Category 2 SLMs prepared and submitted their 30 June 2022 financial statements by the statutory reporting deadline.

All 119 Commons Trusts have never submitted their financial statements for audit as required by the Government Sector Finance Act 2018 (GSF Act).

NSW Treasury has confirmed that the Catholic Metropolitan Cemeteries Trust (CMCT) is a controlled entity of the State. To date, CMCT has not met its obligations to prepare financial statements under the GSF Act and it has not submitted financial statements to the Auditor-General for audit.

What the key issues were

Since 2017, the Audit Office has recommended the department address the different practices across the local government sector in accounting for rural firefighting equipment. Despite repeated recommendations, the department did little to resolve this issue. At the time of writing, 32 of 118 completed council audits received qualified audit opinions on their 30 June 2022 financial statements.

There continues to be significant deficiencies in Crown land records. The department uses the Crown Land Information Database (CLID) to record key information relating to Crown land in New South Wales that is managed and controlled by the department and land managers. The CLID system was not designed to facilitate financial reporting, and the department is required to conduct extensive adjustments and reconciliations to produce accurate information for the financial statements.

The department implemented the CrownTracker system as a replacement for CLID. The project was finalised in June 2022, but it has not achieved the intended outcomes.

Nine high-risk issues were identified across the cluster related to the findings outlined above and weaknesses in IT general controls, financial reporting, governance processes and internal controls.

Recommendations were made to address these deficiencies.

This report provides Parliament and other users of the Planning and Environment cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment cluster (the cluster) for 2022.

Section highlights

Unqualified audit opinions were issued for all completed 30 June 2022 financial statements audits of cluster agencies. Seven audits are ongoing. The audit of the Catholic Metropolitan Cemeteries Trust(CMCT) has not been able to commence, despite repeated requests to do so.
The audits of the Water Administration Ministerial Corporation's (WAMC) financial statements for the years ended 30 June 2011 to 30 June 2020 were completed in November 2022. These audits had been long outstanding due to insufficient records and evidence to support the transactions and balances of WAMC, particularly for the earlier years. In recent years, management commenced actions to improve WAMC's governance and financial management, and finalise the outstanding audits.

Disclaimed audit opinions were issued on the 2010–11 to 2015–16 financial statements as management was unable to certify that the financial statements exhibit a true and fair view of WAMC's financial position and financial performance.

Qualified audit opinions were issued for the 2016–17 and 2017–18 financial statements due to insufficient evidence to support the completeness and valuation of water meters infrastructure assets, the impairment of water meters, and the completeness of buildings at Nimmie Caira.

Unqualified audit opinions were issued for the 2018–19 and 2019–20 financial statements.

The 2020–21 and 2021–22 WAMC audits are in progress.
The Department of Planning and Environment (the department) assessed 45 Category 2 Statutory Land Managers (SLM) did not meet the reporting exemption criteria and therefore were required to prepare 2021–22 financial statements. None of these 45 Category 2 SLMs prepared and submitted their 30 June 2022 financial statements by the statutory reporting deadline.

All 119 Commons Trusts have never submitted their financial statements for audit as required by the Government Sector Finance Act 2018 (GSF Act).

The department needs to do more to ensure Category 2 SLMs and Commons Trusts meet their statutory reporting obligations.

The department and Category 2 SLMs should finalise their reporting exemption assessments earlier to allow sufficient time for the non-exempted SLMs to prepare and submit annual financial statements by the statutory reporting deadline.
NSW Treasury has met with the Catholic Metropolitan Cemeteries Trust (CMCT) to consider their perspective as part of confirming CMCT is a controlled entity of the State for the purposes of financial reporting. NSW Treasury has confirmed that the CMCT is a controlled entity of the State. This means that the CMCT is statutorily obliged under section 7.6 of the GSF Act to prepare financial statements in accordance with the GSF Act and Treasurer's Directions, and give them to the Auditor-General for audit pursuant to the Government Sector Audit Act 1983 (GSA Act). Section 34 of the GSA Act requires the Auditor-General to furnish an audit report on these financial statements.

The department wrote to CMCT to request it work with, and offer full assistance to, the Auditor-General in the exercise of her duties. To date, the CMCT has not met its obligations to prepare financial statements under the GSF Act as it has not submitted its financial statements to the Auditor-General for audit despite repeated requests, and has not provided access to its books and records for the purposes of a financial audit. The CMCT contends that they are not a GSF agency as defined by the GSF Act and therefore not a controlled entity of the State.
Six agencies required to perform early close procedures did not complete a total of 11 mandatory procedures. Incomplete procedures included the delayed resolution of matters raised in prior years and two agencies did not record movements in the fair value of physical assets in the financial statements.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Planning and Environment cluster.

Section highlights

Since 2017, the Audit Office of New South Wales has recommended that the Department of Planning and Environment (the department) address the different practices across the local government sector in accounting for rural firefighting equipment. Despite repeated recommendations, the department did little to resolve this issue, and in 2022, 32 of 118 completed audits of councils received qualified audit opinions on their 2022 financial statements.
Consistent with the department’s role to assess councils' compliance with legislative responsibilities, standards or guidelines, the department should intervene where councils do not recognise rural firefighting equipment.
There continues to be significant deficiencies in Crown land records. The department should implement an action plan to ensure the Crown land database is complete and accurate.
The number of findings reported to management decreased from 161 in 2020–21 to 132 in 2021–22. Eight high-risk findings were identified during 2021–22, of which six were repeat issues. One new high-risk finding related to deficiencies in governance processes and internal controls identified as a part of the Water Administration Ministerial Corporation's 2011–2020 financial statements audits.
The department and NSW Treasury did not comply with section 35 of the Energy and Utilities Administration Act 1987 (EUA Act). However, complying with the EUA Act could create non-compliance with other pieces of legislation. Amendments to the EUA Act have been made to resolve this inconsistency. The amendment took effect from April 1999.

Appendix five – Councils received qualified audit opinions

Copyright notice

8 December 2022

Published

Regional NSW 2022

Environment

Industry

Planning

Asset valuation

Compliance

Financial reporting

Fraud

Information technology

Infrastructure

Internal controls and governance

Management and administration

Regulation

Risk

Shared services and collaboration

What the report is about

Result of the Regional NSW cluster agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for Regional NSW cluster agencies. Two audits are ongoing.

What the key issues were

The Department of Regional NSW (the department) and Local Land Services (LLS) accepted changes to their office leasing arrangements managed by Property NSW.

These changes resulted in the collective derecognition of $100.6 million of rights-of-use-assets and $110.4 million of lease liabilities.

In 2021–22, the cluster agencies continued to assist communities in their recovery from recent weather emergencies, including significant flooding in New South Wales.

The Northern Rivers Reconstruction Corporation was established in May 2022 to rebuild communities in the Lismore and Northern Rivers region impacted by floods.

The number of matters reported to management decreased from 36 in 2020–21 to 14 in 2021–22.

Five moderate risk issues were identified and 14% of reported issues were repeat issues.

One moderate risk issue was a repeat issue related to Local Land Services' annual fair value assessment of the asset improvements on land reserves used for moving stock.

This report provides Parliament and other users of the Regional NSW cluster financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Regional NSW cluster (the cluster) for 2022.

Section highlights

Unqualified audit opinions were issued on the financial statements of cluster agencies. Two audits are ongoing.
Cluster agencies completed all required early close procedures.
Changes to accommodation arrangements managed by Property NSW on behalf of the department and cluster agencies resulted in the collective derecognition of approximately $100.6 million in right-of-use assets and corresponding lease liabilities totalling $110.4 million from the balance sheets of these agencies.
Cluster agencies continue to provide financial assistance to communities affected by natural disasters.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Regional NSW cluster.

Section highlights

The 2021–22 audits identified five moderate issues across the cluster. One moderate risk issue was a repeat issue related to Local Land Services' annual fair value assessment of the asset improvements on land reserves used for moving stock.
Of the four newly identified moderate rated issues, one related to internal control deficiencies and improvements and three related to financial reporting.
The number of findings reported to management has decreased from 36 in 2020–21 to 14 in 2021–22.

Appendix one – Misstatements in financial statements submitted for audit

Appendix one – Misstatements in financial statements submitted for audit

7 December 2022

Published

Health 2022

Health

Whole of Government

Asset valuation

Compliance

Cyber security

Financial reporting

Information technology

Infrastructure

Internal controls and governance

Management and administration

Procurement

Risk

Service delivery

Shared services and collaboration

Workforce and capability

What the report is about

Result of Health cluster (the cluster) agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for the financial statements for all Health cluster agencies.

The COVID-19 pandemic continued to increase the complexity and number of accounting matters faced by the cluster. The total gross value of corrected misstatements in 2021–22 was $353.3 million, of which $186.7 million related to an increase in the impairment provision for Rapid Antigen Tests (RATs).

A qualified audit opinion was issued on the Annual Prudential Compliance Statement related to five residential aged care facilities. There were 20 instances (19 in 2020–21) of non-compliance with the prudential responsibilities within the Aged Care Act 1997.

What the key issues were

The total number of matters we reported to management across the cluster decreased from 116 in 2020–21 to 67 in 2021–22. Of the 67 issues raised, four were high risk (three in 2020-21) and 37 were moderate risk (57 in 2020–21). Nearly half of all control deficiencies reported in 2021–22 were repeat issues.

Three unresolved high-risk issues were:

COVID-19 inventories impairment – we continued to identify issues relating to management’s impairment model which relies on anticipated future consumption patterns. RATs had not been assessed for impairment.
Asset capitalisation threshold – management has not reviewed the appropriateness of the asset capitalisation threshold since 2006.
Forced-finalisation of HealthRoster time records – we continued to observe unapproved rosters being finalised by system administrators so payroll can be processed on time. 2.6 million time records were processed in this way in 2021–22.

What we recommended

COVID-19 inventories impairment – ensure consumption patterns are supported by relevant data and plans.
Assets capitalisation threshold – undertake further review of the appropriateness of applying a $10,000 threshold before capitalising expenditure on property, plant and equipment.
Forced-finalisation of HealthRoster time records – develop a methodology to quantify the potential monetary value of unapproved rosters being finalised.

This report provides Parliament and other users of Health cluster (the cluster) agencies' financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Health cluster (the cluster) for 2022.

Section highlights

Unqualified audit opinions were issued for all cluster agencies required to prepare general purpose financial statements.
The total gross value of corrected monetary misstatements for 2021–22 was $353.3 million, of which, $186.7 million related to an increase in the impairment provision for Rapid Antigen Tests.
A qualified audit opinion was issued on the ministry's Annual Prudential Compliance Statements.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the cluster.

Section highlights

The total number of internal control deficiencies has decreased from 116 in 2020–21 to 67 in 2021–22. Of the 67 issues raised in 2021–22, four were high (2020–21: 3) and 37 were moderate (2020–21: 57); with nearly half of all control deficiencies reported in 2021–22 being repeat issues.
The following four issues were reported in 2021–22 as high risk:
- impairment of COVID-19 inventories
- inadequate review over the appropriateness of asset capitalisation threshold
- forced-finalisation of HealthRoster time records
- COVID-19 vaccination inventories – data quality issue at 31 March 2022.
Management of excessive leave balances and poor quality or lack of documentation supporting key agreements continued to be the key repeat issues observed in the 2021–22 financial reporting period.

Appendix one – Response from agencies

Copyright notice

30 August 2022

Published

Effectiveness of the Biodiversity Offsets Scheme

Planning

Environment

Infrastructure

Internal controls and governance

Management and administration

Regulation

What the report is about

This audit examined whether the Department of Planning and Environment (DPE) and the Biodiversity Conservation Trust (BCT) have effectively designed and implemented the Biodiversity Offsets Scheme (‘the Scheme’) to compensate for the loss of biodiversity due to development.

Under the Biodiversity Conservation Act 2016, the Scheme enables landholders to establish in-perpetuity Biodiversity Stewardship Agreements on sites to generate credits for the unique biodiversity on that land. These credits can be sold to offset the negative impact of development on biodiversity.

What we found

DPE has not effectively designed core elements of the Scheme. DPE did not establish a clear strategic plan to guide the implementation of the Scheme.

The BCT has various roles in the Scheme but lacked safeguards against potential conflicts, creating risks to credit supply.

The effectiveness of its implementation has also been limited. Key concerns around the Scheme’s transparency, sustainability and integrity are yet to be fully resolved.

A market-based approach to biodiversity offsetting is central to the Scheme's operation but credit supply is lacking and poorly matched to growing demand. DPE has not established a clear, resourced plan to manage the shortage in credit supply. Data about the market, published by the DPE and the BCT, does not provide an adequate picture of credit supply, demand and price to readily support market participation.

These factors create a risk that biodiversity gains made through the Scheme will not be sufficient to offset losses resulting from development, and that the DPE will not be able to assess the Scheme’s overall effectiveness.

DPE is leading work with the BCT to improve the Scheme, but this is not yet guided by a long-term strategy with clear goals.

What we recommended

The audit made 11 recommendations to DPE and the BCT, focusing on:

a long-term strategic plan for the Scheme
improvements to the operation and transparency of the market and credit supply
frameworks to ensure the financial and ecological sustainability of biodiversity stewardship sites
enhanced public reporting and data management
resolving issues in conflicting governance and oversight.

Fast facts

96% – proportion of developer demand for species credits not met by current supply
97% – proportion of species credits that have never been traded on the biodiversity market
60% – proportion of the 226 Biodiversity Stewardship sites under active land management
$90m – value of developers’ obligations paid directly into the Biodiversity Conservation Fund
20% – proportion of developer obligations transferred to the BCT that have been acquitted.

The NSW Government's Biodiversity Outlook Report 2020 estimates that, without effective management, only 50% of species and 59% of ecological communities that are listed as threatened in New South Wales will still exist in 100 years. The NSW State of the Environment 2021 report identifies habitat destruction and native vegetation clearing as presenting the single greatest threat to biodiversity in the State.

According to the Organisation for Economic Co-operation and Development (OECD), biodiversity offsets are 'measurable conservation outcomes that result from actions designed to compensate for significant, residual biodiversity loss from development projects'. The OECD states that a feature of such schemes is that biodiversity offsets are intended to be implemented as the 'final step of a mitigation hierarchy' whereby reasonable first steps are taken to avoid and minimise the negative impacts.

The NSW Biodiversity Offsets Scheme was established in 2017 under the Biodiversity Conservation Act 2016 (the Act). The purpose of the Act is to 'maintain a healthy, productive and resilient environment for the greatest well-being of the community, now and into the future, consistent with the principles of ecologically sustainable development'.

The Department of Planning and Environment (DPE) designed and manages this Scheme. Under the Act, a feature of the Scheme is a 'market-based conservation mechanism through which the impacts to biodiversity can be offset.' The Scheme enables landholders to establish in-perpetuity Biodiversity Stewardship Agreements (BSAs) on sites to generate biodiversity credits, which can be sold to offset the negative impact of development on biodiversity. BSA sites are intended to be managed over the long term to generate the biodiversity gains required to offset the impact.

The Biodiversity Conservation Trust (BCT) monitors and supports landholders to manage BSA sites under the Scheme. This includes making payments to landholders from funds held in the Biodiversity Stewardship Payments Fund for undertaking the required biodiversity management actions.

This Scheme was preceded by several other offsetting schemes in New South Wales, including the BioBanking scheme that started in 2008. DPE has arrangements to transition sites, credits, and offset obligations from this and other previous schemes.

The current biodiversity credit market in New South Wales consists of 1394 different types of ecosystem credits, which are approved to be traded in 364 different offset trading groups, and 867 different species credits. Trading rules, set out in the Biodiversity Conservation Regulation 2017 (the Regulation), prioritise offsetting the obligations of a development with like-for-like ecosystem or species credits.

The Scheme is implemented through the planning system in New South Wales. Proposed development that involves the clearing of native vegetation, and meets certain thresholds, is required to undertake a Biodiversity Development Assessment Report. These reports determine an offset obligation, in biodiversity credits, to compensate for the biodiversity loss proposed. These reports are considered by consent authorities (such as a council, for local development, or by the Minister for Planning for major projects). An offset obligation is then included in the conditions of development approval.

In addition to establishing a market for trading between developers, with offset obligations, and landholders, who sell credits from their BSA sites, the Scheme allows developers to pay into the Biodiversity Conservation Fund and transfer their obligations to the BCT. This allows the developer to proceed with their project. The BCT must then meet these acquired obligations by buying the required credits, or by undertaking other approved activities set out in the Regulation. The BCT has more options than developers on how and when it acquits its obligations.

This audit examined whether DPE and the BCT have effectively designed and implemented the Biodiversity Offsets Scheme to compensate for the loss of biodiversity due to development.

Conclusion

The Department of Planning and Environment (DPE) has not effectively designed core elements of the NSW Biodiversity Offsets Scheme. DPE did not establish a clear strategy to develop the biodiversity credit market or determine whether the Scheme’s operation and outcomes are consistent with the purposes of the Biodiversity Conservation Act 2016.

The effectiveness of the Scheme's implementation by DPE and the BCT has been limited. A market-based approach to biodiversity offsetting is central to the Scheme's operation but credit supply is lacking and poorly matched to growing demand: this includes a potential undersupply of in-demand credits for numerous endangered species. Key concerns around the Scheme’s integrity, transparency, and sustainability are also yet to be fully resolved. As such, there is a risk that biodiversity gains made through the Scheme will not be sufficient to offset losses resulting from the impacts of development, and that DPE will not be able to assess the Scheme’s overall effectiveness.

DPE developed the Scheme following a 2014 review of the State's biodiversity legislation and building on previous offsetting arrangements in New South Wales. At the time the Scheme commenced in 2017, DPE lacked a strategic plan to guide its implementation, set clear outcomes and performance measures, and respond effectively to risks. DPE did establish a detailed scientific method for assessing biodiversity impacts under the Scheme and a system for accrediting assessors to undertake this technical work. These are important foundations for the robustness of the Scheme.

The Scheme has been in place for five years, but the biodiversity credit market is not well developed. Most credit types have never been traded. Also, according to DPE data, around 90% of demand cannot be matched to credit supply – and there is likely to be a substantial credit undersupply for at least seven endangered flora species, three endangered fauna species, and eight threatened ecological communities. Credit demand is projected to grow – especially in relation to the NSW Government’s $112.7 billion four-year infrastructure pipeline.

As with any market, potential participants need information about demand and price in order to understand risks and opportunities. But information about the biodiversity credit market, published by DPE and the BCT, does not provide an adequate picture of credit supply, demand and price to support market participation. This can create uncertainty for landholders who may be weighing the costs and benefits of establishing Biodiversity Stewardship Agreement (BSA) sites, and for development proponents who need to know whether they can purchase sufficient credits and at what price. Development proponents who lack market information are being incentivised to meet their offset obligations by paying into the Biodiversity Conservation Fund, which is managed by the BCT. This option provides developers with more certainty that enables them to progress their projects, but does not result in the development being offset until the BCT later acquits the obligation.

The BCT has multiple roles in the Scheme. These include setting-up and administering BSAs which generate credits, acquiring offset obligations from developers who pay into the Biodiversity Conservation Fund, and purchasing credits to meet its acquired obligations. There have been inadequate safeguards to mitigate the potential for conflicts between these roles. As the BCT directs its efforts towards facilitating BSA sites and purchasing credits to meet its obligations, there is a risk that government is insufficiently focused on supporting overall credit supply.

DPE has begun developing a credit supply strategy. Its absence, and a lack of clarity around responsibility for credit supply under the Scheme, has contributed to the significant risk of insufficient and poorly matched credits to meet the growing demand. The BCT's acquired obligations from developers have been increasing year-on-year, and are likely to continue to grow.

There is a risk that the BCT will not have sufficient funds to acquit its growing obligations with like-for-like credits, which could result in sub-optimal biodiversity outcomes. The Scheme rules allow the BCT to acquit its obligations with measures other than like-for-like credits. DPE has not provided clear guidance to the BCT on when or how to do so, or how this would fulfil the 'no net loss' of biodiversity standard.

There are transparency and integrity risks to the Scheme. DPE does not maintain a public register of biodiversity credits with complete information, including credits' transaction histories, consistent with the legislative intent for a single register. DPE also does not have ready access to information to check that developments have been acquitted with the required credits.

Risks to the sustainability of the Scheme and its outcomes remain. DPE and the BCT have not yet implemented a decision-making and intervention framework to ensure adequate initial and ongoing funding for the long-term management of new and existing BSA sites. DPE also did not collect ecological data from sites under previous schemes before they were transitioned, and BCT only introduced ecological monitoring requirements for new BSA sites in March 2021. The lack of monitoring requirements creates a risk that the biodiversity gains, which BSA sites are required to generate to offset biodiversity losses, will not be measured and achieved under the Scheme.

This section presents an overview of the status of the biodiversity credit market in New South Wales. It describes development of the market under the Scheme in the context of transitional arrangements from previous schemes, and the extent of market participation and transactions to date. It also presents information about emerging trends in credit demand and supply.

Background

A purpose of the Biodiversity Conservation Act 2016 (the Act) is to establish a market-based conservation mechanism through which impacts on biodiversity can be offset. Sufficient credits of appropriate types, which are well matched to demand, are necessary for enough transactions to inform prices and enable efficient like-for-like offsetting. For transactions to occur efficiently in the market, participants require reliable and easy-to-access information about supply, demand and price.

The Scheme was established in 2017 with an existing credit supply and offset obligations (credit demand) as regulations had been introduced to preserve and transition credits and obligations from previous schemes including the BioBanking Scheme, which started in 2008.

Credits under the BioBanking scheme are referred to as 'BBAM credits', and credits under the current Scheme are referred to as 'BAM credits'. BBAM credits are still available, and the transitional arrangements enable DPE to determine the 'reasonable equivalence' of these to the current Scheme's credit numbers and classes. DPE has stated that reasonable equivalence of credits is based on ecological not financial equivalence.

This section assesses the clarity and alignment of the goals of the Scheme to key features of its design and operations. It also examines structural elements of the Scheme that aim to maintain integrity within administering agencies, and the status of actions to address risks or issues.

Background

The Biodiversity Conservation Act 2016 (the Act) sets out the legal framework for the Scheme. Given the complexities, financial interests, and range of stakeholders associated with the Scheme, it requires strong safeguards. Transparency and assurances around the Scheme's integrity are also relevant to participants' confidence in it, which in turn is important for market development.

Core components of the Scheme, identified in section 1.3 of the Act, are to be consistent with the ‘principles of ecologically sustainable development’.

The Act and other administrative arrangements of government allocate responsibility to DPE and the Minister for Environment and Heritage for the Scheme’s design and elements of its implementation. This includes responsibility for the Scheme’s policy, legislative and regulatory framework.

Responsibility is allocated to the BCT for implementing and operating certain elements of the Scheme. This includes administering Biodiversity Stewardship Agreements (which generate credits) and securing offsets on behalf of development proponents who pay into the Biodiversity Conservation Fund to meet their offset obligations.

This broad legislative framework is not intended to detail responsibilities for the full range of roles and activities that agencies need to take to implement and regulate the Scheme effectively, and ensure its good governance. Agencies should do this as part of sound and transparent public administration.

This section assesses how effectively components of the Scheme have been designed and are being implemented to provide assurance that the impacts of development are being avoided and minimised such that only ‘unavoidable’ impacts remain to be offset. The section also assesses whether the Scheme and its market embeds the necessary controls to ensure that obligations are offset as required.

Background

The Biodiversity Assessment Method, and the quality of its application by DPE-Accredited Assessors, is critical to the robustness the Scheme. The method is designed to be applied to avoid and minimise impacts at proposed development sites before identifying offset obligations. The effectiveness of Scheme outcomes requires that obligations are offset with the retirement of the necessary and appropriate credits.

The Biodiversity Conservation Act 2016 (the Act) requires the relevant Minister (the current Minister for Environment and Heritage) to establish a method for the purpose of assessing the impacts of actions on threatened species and ecological communities.

The Act also specifies that this method must be applied by an accredited person. DPE is responsible for the design and implementation of this accreditation system, arrangements for which are set out in an instrument under the Act.

A Biodiversity Development Assessment Report is a report by a DPE-Accredited Assessor using the Biodiversity Assessment Method. These reports assess the biodiversity impacts of the proposed development and establish offset obligations as part of the development approval process. It is important that local councils and other development consent authorities understand and can assess the quality of these reports.

DPE manages the process of ‘retiring’ credits against the identified offset obligations. Once a credit is retired it cannot be reused to acquit another obligation, which is critical to Scheme outcomes. DPE is also responsible for maintaining records of credit transactions, which results in a legally binding transfer of credit ownership from seller to buyer.

This section assesses how effectively the supply of biodiversity credits has been supported by encouraging and enabling landholders to participate in the Scheme. It also assesses whether sufficient action is underway to address issues and risks to the establishment of BSA sites, especially in the context of known credit supply issues (section 2).

Background

Credit supply is generated when a landholder establishes a Biodiversity Stewardship Agreement (BSA) on their land. Establishing a BSA site requires landholders agree to an in-perpetuity management plan, so it is important that they have sufficient support and access to relevant information about risks and opportunities when deciding to do so. Ensuring adequate credits supply underpins the Scheme's ability to deliver the intended biodiversity outcomes.

A landholder establishes an offset site through a BSA, which is a legal agreement with the Minister of Environment and Heritage (delegated to the Biodiversity Conservation Trust). The BSA is registered on the title of the land.

DPE-Accredited Assessors develop Biodiversity Stewardship Site Assessment Reports, which are submitted by landholders to the BCT as part of the BSA application. These reports apply the Biodiversity Assessment Method to detail the number and types of credits that a BSA site is expected to generate by implementing a 20-year management plan. The BCT issues credits to landholders on registration of the BSA.

Ensuring an adequate and appropriate supply of credits is important so that like-for-like matches between credits and obligations can be efficiently secured in a timely way. This minimises the use of offset variation rules, and can avoid potential delays in developers securing appropriate offsets to meet their offset obligations. It also makes it easier for the BCT to locate the necessary credits to acquit the obligations it acquires from developers.

This section assesses how effectively BSA sites, which need to be managed by landholders to generate the biodiversity gains represented by credits, are regulated and supported by the Biodiversity Conservation Trust. It also assesses whether actions have been taken to address identified risks to the suitability of funds required to ensure long-term BSA site management.

Background

For Biodiversity Stewardship Agreement (BSA) sites to achieve the expected biodiversity gains to offset losses from development impact, they need sufficient funding for the required management actions, and to be effectively regulated and supported over the long-term. Funding for these sites is generated through the returns on landholders' initial investment (Total Fund Deposit). The BCT is required to monitor landholders' compliance with BSAs and should also ensure ecological outcomes on sites are measured.

DPE and the BCT are responsible for developing and implementing a system of oversight to ensure the implementation of management actions at BSA sites is delivering the intended outcomes in a financially and environmentally sustainable way. The agencies' key mechanisms for delivering this are:

calculating the costs of the required land management actions in perpetuity
annual reporting systems for monitoring compliance with land management requirements
reporting systems for monitoring ecological outcomes arising from land management actions.

Landholders are required to pay the required Total Fund Deposit amount for their BSA accounts into the Biodiversity Stewardship Payments Fund, which is held in trust and managed by the BCT. A costing tool is used by landholders to calculate the value of the deposit, based on the required management payments (in perpetuity), administrative fees, and the discount rate applied.

The Total Fund Deposit can be paid upfront but is usually paid from the proceeds of the sale of credits. Once this occurs the BSA site becomes 'active' and management payments commence to enable the landholder to undertake the required management actions. BSA sites that have not yet sold enough credits to make the deposit are 'passive' sites that do not require active land management.

Sites in passive management for an extended duration present risks to biodiversity outcomes, and potentially to Scheme integrity, if the quality of credits is undermined due to an absence of active site management.

Appendix two – Like-for-like, variation and ancillary rules

Appendix three – Detail on progress of the IIAP

Appendix four – About the audit

Appendix five – Performance auditing

Copyright notice

Parliamentary reference - Report number #367 - released 30 August 2022

30 June 2022

Published

Audit Insights 2018-2022

Community Services

Education

Environment

Finance

Health

Industry

Justice

Local Government

Premier and Cabinet

Planning

Transport

Treasury

Universities

Whole of Government

Asset valuation

Cross-agency collaboration

Compliance

Cyber security

Financial reporting

Fraud

Information technology

Infrastructure

Internal controls and governance

Management and administration

Procurement

Project management

Regulation

Risk

Service delivery

Shared services and collaboration

Workforce and capability

What the report is about

In this report, we have analysed the key findings and recommendations from our audit reports over the past four years.

This analysis includes financial audits, performance audits, and compliance audits of state and local government entities that were tabled in NSW Parliament between July 2018 and February 2022.

The report is framed by recognition that the past four years have seen significant challenges and emergency events.

The scale of government responses to these events has been wide-ranging, involving emergency response coordination, service delivery, governance and policy.

The report is a resource to support public sector agencies and local government to improve future programs and activities.

What we found

Our analysis of findings and recommendations is structured around six key themes:

Integrity and transparency
Performance and monitoring
Governance and oversight
Cyber security and data
System planning for disruption
Resource management.

The report draws from this analysis to present recommendations for elements of good practice that government agencies should consider in relation to these themes. It also includes relevant examples from recent audit reports.

In this report we particularly call out threats to the integrity of government systems, processes and governance arrangements.

The report highlights the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit.

A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.

Fast facts

72 audits included in the Audit Insights 2018–2022 analysis
4 years of audits tabled by the Auditor-General for New South Wales
6 key themes for Audit Insights 2018–2022.

picture of Margaret Crawford Auditor-General for New South Wales in black dress with city skyline as background I am pleased to present the Audit Insights 2018–2022 report. This report describes key findings, trends and lessons learned from the last four years of audit. It seeks to inform the New South Wales Parliament of key risks identified and to provide insights and suggestions to the agencies we audit to improve performance across the public sector.

The report is framed by a very clear recognition that governments have been responding to significant events, in number, character and scale, over recent years. Further, it acknowledges that public servants at both state and council levels generally bring their best selves to work and diligently strive to deliver great outcomes for citizens and communities. The role of audit in this context is to provide necessary assurance over government spending, programs and services, and make suggestions for continuous improvement.

However, in this report we particularly call out threats to the integrity of government systems, processes and governance arrangements. We highlight the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit. Arguably, these considerations are never more important than in an increasingly complex environment and in the face of significant emergency events and they will be key areas of focus in our future audit program.

While we have acknowledged the challenges of the last few years have required rapid responses to address the short-term impacts of emergency events, there is much to be learned to improve future programs. I trust that the insights developed in this report provide a helpful resource to public sector agencies and local government across New South Wales. I would be pleased to receive any feedback you may wish to offer.

Margaret Crawford
Auditor-General for New South Wales

Integrity and transparency	Performance and monitoring	Governance and oversight	Cyber security and data	System planning	Resource management
Insufficient documentation of decisions reduces the ability to identify, or rule out, misconduct or corruption.	Failure to apply lessons learned risks mistakes being repeated and undermines future decisions on the use of public funds.	The control environment should be risk-based and keep pace with changes in the quantum and diversity of agency work.	Building effective cyber resilience requires leadership and committed executive management, along with dedicated resourcing to build improvements in cyber security and culture.	Priorities to meet forecast demand should incorporate regular assessment of need and any emerging risks or trends. Absence of an overarching strategy to guide decision-making results in project-by-project decisions lacking coordination.	Governments must weigh up the cost of reliance on consultants at the expense of internal capability, and actively manage contracts and conflicts of interest.
Government entities should report to the public at both system and project level for transparency and accountability.	Government activities benefit from a clear statement of objectives and associated performance measures to support systematic monitoring and reporting on outcomes and impact.	Management of risk should include mechanisms to escalate risks, and action plans to mitigate risks with effective controls.	In implementing strategies to mitigate cyber risk, agencies must set target cyber maturity levels, and document their acceptance of cyber risks consistent with their risk appetite.	Service planning should establish future service offerings and service levels relative to current capacity, address risks to avoid or mitigate disruption of business and service delivery, and coordinate across other relevant plans and stakeholders.	Negotiations on outsourced services and major transactions must maintain focus on integrity and seeking value for public funds.
Entities must provide balanced advice to decision-makers on the benefits and risks of investments.	Benefits realisation should identify responsibility for benefits management, set baselines and targets for benefits, review during delivery, and evaluate costs and benefits post-delivery.	Active review of policies and procedures in line with current business activities supports more effective risk management.	Governments hold repositories of valuable data and data capabilities that should be leveraged and shared across government and non-government entities to improve strategic planning and forecasting.	Formal structures and systems to facilitate coordination between agencies is critical to more efficient allocation of resources and to facilitate a timely response to unexpected events.	Transformation programs can be improved by resourcing a program management office.
Clear guidelines and transparency of decisions are critical in distributing grant funding.	Quality assurance should underpin key inputs that support performance monitoring and accounting judgements.	Governance arrangements can enable input into key decisions from both government and non-government partners, and those with direct experience of complex issues.			Workforce planning should consider service continuity and ensure that specialist and targeted roles can be resourced and allocated to meet community need.
Governments must ensure timely and complete provision of information to support governance, integrity and audit processes.
Read more	Read more	Read more	Read more	Read more	Read more

This report brings together a summary of key findings arising from NSW Audit Office reports tabled in the New South Wales Parliament between July 2018 and February 2022. This includes analysis of financial audits, performance audits, and compliance audits tabled over this period.

Financial audits provide an independent opinion on the financial statements of NSW Government entities, universities and councils and identify whether they comply with accounting standards, relevant laws, regulations, and government directions.
Performance audits determine whether government entities carry out their activities effectively, are doing so economically and efficiently, and in accordance with relevant laws. The activities examined by a performance audit may include a selected program or service, all or part of an entity, or more than one government entity. Performance audits can consider issues which affect the whole state and/or the local government sectors.
Compliance audits and other assurance reviews are audits that assess whether specific legislation, directions, and regulations have been adhered to.

This report follows our earlier edition titled 'Performance Audit Insights: key findings from 2014–2018'. That report sought to highlight issues and themes emerging from performance audit findings, and to share lessons common across government. In this report, we have analysed the key findings and recommendations from our reports over the past four years. The full list of reports is included in Appendix 1. The analysis included findings and recommendations from 58 performance audits, as well as selected financial and compliance reports tabled between July 2018 and February 2022. The number of recommendations and key findings made across different areas of activity and the top issues are summarised at Exhibit 1.

The past four years have seen unprecedented challenges and several emergency events, and the scale of government responses to these events has been wide-ranging involving emergency response coordination, service delivery, governance and policy. While these emergencies are having a significant impact today, they are also likely to continue to have an impact into the future. There is much to learn from the response to those events that will help the government sector to prepare for and respond to future disruption. The following chapters bring together our recommendations for core elements of good practice across a number of areas of government activity, along with relevant examples from recent audit reports.

This 'Audit Insights 2018–2022' report does not make comparative analysis of trends in public sector performance since our 2018 Insights report, but instead highlights areas where government continues to face challenges, as well as new issues that our audits have identified since our 2018 report. We will continue to use the findings of our Insights analysis to shape our future audit priorities, in line with our purpose to help Parliament hold government accountable for its use of public resources in New South Wales.

Appendix one – Included reports, 2018–2022

Appendix two – About this report

Copyright notice

6 May 2022

Published

Transport 2021

Transport

Asset valuation

Compliance

Financial reporting

Information technology

Infrastructure

Internal controls and governance

What the report is about

The results of the Transport cluster agencies’ financial statement audits for the year ended 30 June 2021.

What we found

Unmodified financial statement audit opinions were issued for all Transport cluster agencies. Resolution of issues delayed signing the Transport Asset Holding Entity of NSW (TAHE) until 24 December 2021. Matters relating to TAHE are also reported in the report on State Finances 2021.

Emphasis of Matter - TAHE

An Emphasis of Matter paragraph was included in TAHE's audit opinion to draw attention to uncertainty associated with:

future access and licence fees that are subject to re-signed agreements
an additional $4.1 billion of funding that is outside the forward estimates period
a significant portion of the fair value of TAHE’s non-financial assets is reflected in the terminal value, which is outside the ten-year contract period to 30 June 2031, and the risk that TAHE will not be able to negotiate contract terms to support current projections.

TAHE's transition from RailCorp also changed its valuation of assets to an income approach, resulting in a $20.3 billion decrease to the fair value. The fair value decrease was because the cash flows were not sufficient to support the previous recorded value.

TAHE corrected a misstatement of $1.2 billion relating to the valuation of its assets. This followed significant deliberation on key judgements and assumptions, with TAHE adopting risk assumptions in its valuation that were not in line with comparable benchmarks.

Emphasis of Matter - State Transit Authority of New South Wales

An Emphasis of Matter paragraph was included in the State Transit Authority of NSW's (the Authority) audit opinion to draw attention to the financial statements not prepared on a going concern basis. This was because the NSW Government put the Authority's bus contracts out to competitive tender and accordingly, management assessed the Authority's principal activities are not expected to operate for a full 12 months after 30 June 2021.

The implementation of AASB 1059 ‘Service Concession Arrangements: Grantors’ resulted in a net increase in assets of $23.5 billion across the Transport cluster.

The 2020–21 audits identified six high-risk and 45 moderate risk issues across the cluster. Fourteen of the moderate risk issues were repeat issues, including information technology controls around management of user access for key financial systems and payroll processes.

The high-risk issues, in addition to those related to TAHE and previously reported in the report on State Finances 2021, include:

absence of conflict of declarations related to land acquisition processes at Transport for NSW
no evidence of conflict of interest declarations obtained by TAHE from consultants and contractors regarding involvement in other engagements.

What we recommended

TAHE needs to:

finalise revised commercial agreements to reflect fees detailed in a Heads of Agreement signed on 18 December 2021
prepare robust projections and business plans to support the required rate of return.

NSW Treasury and TAHE should monitor the risk that control of TAHE assets could change in the future.

Transport for NSW needs to significantly improve its processes to ensure all key information is identified and shared with the Audit Office.

Transport agencies should implement a process to ensure conflicts of interest declarations are completed for land acquisitions and applied consistently across the cluster.

Transport agencies should implement a process to capture all contracts and agreements entered to ensure:

agencies are aware of contractual obligations
financial reporting implications are assessed, particularly with respect to leases, revenue and service concession arrangements.

Fast facts

The Transport cluster plans and delivers infrastructure and integrated services across all modes of transport. This includes road, rail, bus, ferry, light rail, cycling and walking. There are 11 agencies in the cluster.

$128b road and maritime system infrastructure assets as at 30 June 2021
100% unqualified audit opinions were issued on agencies 30 June 2021 financial statements
26 monetary misstatements were reported in 2020–21
$24.9b rail systems infrastructure assets as at 30 June 2021
6 high-risk management letter findings were identified
37% of reported issues were repeat issues

This report provides Parliament and other users of the transport cluster (the cluster) agencies’ financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the cluster for 2021.

Section highlights

Unqualified audit opinions were issued on all Transport agencies' financial statements.
An 'Emphasis of Matter' paragraph was included in the Transport Asset Holding Entity of New South Wales' (TAHE) Independent Auditor's Report to draw attention to significant uncertainty associated with the judgements, estimates and assumptions supporting the valuation of TAHE’s property, plant and equipment (PPE) and intangible assets.
In 2020–21, the former RailCorp transitioned to TAHE, a for-profit state-owned corporation. When TAHE became a for-profit entity, it was required to change its valuation approach. The value of a for-profit entity's assets cannot exceed the cash flows they might realise either through their sale or continued use. This change in the basis of valuation resulted in a decrease of $20.3 billion in the fair value of the assets. The decrease in fair value was because the cash flows, which support measurement under the income approach, were insufficient to support the previous valuation based on the current replacement cost of those assets.
TAHE also corrected a misstatement of $1.2 billion relating to the valuation of its assets after significant deliberation on key judgements and assumptions, with TAHE adopting higher risk assumptions in its valuation when compared to the relevant market benchmarks.
On 18 December 2021, a Heads of Agreement (HoA) was signed between TAHE, Transport for NSW, Sydney Trains and NSW Trains. This HoA reflected TAHE's intention to negotiate higher access and licence fees in order to meet the shareholding ministers' revised expectation of a higher rate of return. This matter resolved the treatment of a significant accounting issue in the State’s consolidated (whole-of-government) financial statements. Refer to the Report on State Finances tabled on 9 February 2022. The expectation of an additional $5.2 billion in fees added to the valuation of TAHE's PPE and intangibles, with a final value of $17.15 billion.
The implementation of AASB 1059 ‘Service Concession Arrangements: Grantors’ resulted in a net increase in assets of $23.5 billion across the cluster. AASB 1059 had a significant impact on Transport for NSW, Sydney Metro, Sydney Ferries and TAHE's 2020–21 financial statements.
TAHE corrected a misstatement of $97.2 million relating to the application of AASB 1059 'Service Concession Arrangements: Grantors' for the Airport Link Company Contract.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the cluster.

Section highlights

The number of findings reported to management increased from 56 in 2019–20 to 73 in 2020–21.
Thirty-seven per cent were repeat findings. Many repeat issues related to information technology controls around user access management and payroll processes. These included deficiencies in the monitoring of privileged user access to key financial systems, review of user access to key financial systems and segregation of duties between preparer and reviewer for new employee hires.
Six new high-risk issues were identified in 2020–21, an increase of three compared to last year.
One high-risk issue related to conflicts of interests not being declared by all officers involved in the land acquisition process at Transport for NSW.
Five high-risk issues arose from the audit of TAHE, with respect to:
- control over TAHE assets and operations
- asset valuations
- access price build up
- detailed business modelling to support returns
- conflict of interest management.
Based on the access and licence agreements signed at 30 June 2021 between TAHE, Sydney Trains and NSW Trains, our review of the expected returns calculated by NSW Treasury did not support the assumption that there was a reasonable expectation that a sufficient rate of return could be achieved from the NSW Government's investment in TAHE.
On 14 December 2021 the shareholding ministers' increased their expectations as to TAHE's target average return from 1.5 per cent to the expected long-term inflation rate of 2.5 per cent.
On 18 December 2021 the revised shareholder expectations were confirmed in a signed Heads of Agreement. The Heads of Agreement will increase access fees paid by rail operators to TAHE by $5.2 billion.
TAHE's access and licence agreements specified fees that were well short of the IPART regulated maximum (ceiling price).
The finalisation of the access and licence agreements with Sydney Trains and NSW Trains resulted in a significant write-down of TAHE's asset value by $20.3 billion. The revaluation loss will need to be recovered as part of the shareholders’ rate of return of 2.5 per cent in order to sustain the whole-of-government accounting treatment of cash contributions recorded as an equity contribution and not a grant expense.
There was a significant adjustment to TAHE’s valuation between the financial statements originally submitted for the audit and the final, signed financial statements due to differences in risk assumptions resulting in a correction of a $1.2 billion misstatement.

Findings reported to management

The number of findings reported to management has increased, and 37 per cent of all issues were repeat issues

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.

In 2020–21, there were 73 findings raised across the cluster (56 in 2019–20) and 37 per cent of all issues were repeat issues (43 per cent in 2019–20).

In view of the recent performance audit ‘Managing Cyber Risks’ and compliance audit ‘Compliance with the NSW Cyber Security Policy’ involving the cluster, it is noted with concern that the most common repeat issues related to weaknesses in controls over information technology user access administration and password management. Moderate risk issues included completeness and accuracy of contract registers, accounting for assets and management of supplier and payroll masterfiles.

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports, and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Control deficiencies may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation, and central agency policies.

The table below describes the common issues identified across the cluster by category and risk rating.

Risk rating	Issue
Information technology
Moderate: 7 new, 4 repeat**	The financial audits identified opportunities for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with: monitoring of privileged user access user access management password configuration management.
Low: 4 new, 1 repeat***
Internal control deficiencies or improvements
High: 1 new*	The financial audits identified internal control deficiencies across key business processes, including: declarations of conflicts of interest over land acquisitions (see further details below) management of contracts and agreement register accounting for assets management of payroll and supplier masterfiles payroll processes.
Moderate: 15 new, 8 repeat**
Low: 2 new, 5 repeat***
Financial reporting
High: 3 new*	The financial audits identified opportunities for agencies to strengthen financial reporting, including: asset valuations (see further details below) detailed business modelling to support returns (see further details below) access price build-up (see further details below) timely capitalisation of completed assets.
Moderate: 3 new, 1 repeat**
Low: 2 new***
Governance and oversight
High: 1 new*	The financial audits identified opportunities for agencies to improve governance and oversight processes, including: control over TAHE assets and operations governance over Cyber Security.
Moderate: 2 new**
Non-compliance with key legislation and/or central agency policies
High: 1 new*	The financial audits identified the need for agencies to improve its compliance with key legislation and central agency policies, including: conflict of interest (COI) management outdated policies and procedures incomplete probation procedures.
Moderate: 4 new, 1 repeat**
Low: 1 new, 7 repeat***

* High-risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
** Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
*** Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based either on final management letters issued to agencies.

2020–21 audits identified six high-risk findings

High-risk findings were reported at the following cluster agencies.

Agency	Description
2020–21 findings
Transport for NSW (new finding)	Declaration of conflicts of interest in the land acquisition process In 2021, we conducted a performance audit over the Acquisition of 4–6 Grand Avenue, Camellia which examined: whether Transport for NSW conducted an effective process to purchase 4–6 Grand Avenue, Camellia whether Transport for NSW has effective processes and procedures to identify and acquire property required to deliver the NSW Government’s major infrastructure projects. The report made several recommendations over Transport for NSW’s internal policies and procedures to guide the land acquisition process. As part of the financial audit, we obtained an understanding of key controls and processes relating to the acquisition of land, relevant to the audit of the financial statements. We found that conflicts of interests were not always declared by all officers involved in the land acquisition process. Furthermore, processes for declaring conflicts of interests are not consistently applied across cluster agencies. Out of a sample of 19 land acquisitions tested, we identified: 14 instances where there was no evidence of declarations of conflicts of interests made by the team members involved in the acquisition process 2 instances where conflicts of interest declarations were completed by key members of the acquisition team only at a project level 1 instance where conflicts of interest declarations were only completed by the property negotiator and the valuer, but not the other members of the acquisition team. Management advised that the land acquisition processes, at the time of the land acquisitions, did not require formal conflicts of interests to be declared as they believe that as per Transport for NSW code of conduct, declaration is only required where the staff member considers that a potential or perceived Conflict of Interest exists. However, Transport for NSW's Procurement Policy requires the documentation of formal declarations from all staff involved in procurement activities to formally disclose any conflicts of interest or state that they do not have a conflict of interest. This matter has been included as a high-risk finding in the management letter as absence of rigorous and consistent management of conflicts of interests, and non-compliance with established policies increases the risk that Transport for NSW may be exposed to reputational damage or financial losses in relation to land acquisitions. Furthermore, this may result in lack of probity or value-for money considerations during the land acquisition process. Further details are elaborated below under 'Land acquisitions'.
Transport Asset Holding Entity of New South Wales (new finding)	Control over TAHE assets and operations The State-Owned Corporations Act 1989 maintains that all decisions relating to the operation of a statutory state-owned corporation (SOC) are to be made by or under the authority of the board. However, under the Transport Administration Act 1988 (TAA), the functions of TAHE may only be exercised under one or more operating licences issued by the portfolio minister. The current Operating Licence confers terms and conditions for TAHE to carry out its functions, and imposes constraints on TAHE, including (but not limited to): railway operations not permitted transport services not permitted TAHE must not carry out maintenance of its assets. Such operating licences are short term in nature, and the TAA allows the transport minister (portfolio minister) to grant one or more operating licences to TAHE and may amend, substitute, or impose, amend or revoke conditions of the operating licence. For the current year, the legal form of the arrangements established in its first year of operation imply TAHE has control over the assets based on the Implementation Deed and the agreements signed with the public operators. However, risks remain as TAHE is in its early stages, and the actual substance of operations will need to be observed and considered. Given the restrictions that can be placed on the entity through the Operating Licence, and the ability to make further changes to the Operating Licence and Statement of Expectations set by the portfolio minister, there is a risk there could be limitations placed on the Board of Directors to operate with sufficient independence in its decision-making with respect to the operations of TAHE. Over time, this may further impact the degree of control required by TAHE to satisfy the recognition criteria over its assets. It may also fundamentally change the presentation of TAHE’s financial statements. Future limitations to the degree of control TAHE, and its Board, can exercise over its functions may impact the degree of control TAHE has over its assets going forward. As part of the 2021–22 audit, we will monitor and assess whether, in substance, these assets continue to be controlled by TAHE and whether, in substance, TAHE can operate as an independent SOC. We require management continue to demonstrate that TAHE continues to maintain control over its assets and has the ability to operate as an independent SOC. Further details are described below under 'Transport Asset Holding Entity'.
Transport Asset Holding Entity of New South Wales (new finding)	Asset valuation The final updated valuation was based on cash flows that were in a signed Heads of Agreement, which stated that it set out the proposed indicative future access and licence fees which will form the basis of the negotiations between TAHE, Transport for NSW, Sydney Trains and NSW Trains, who will work together to review access fees and licence fees payable under the agreements and to make all necessary changes to the Operating Agreements by 1 July 2022. This adds uncertainty in the cash flows. It is crucial that TAHE formalises these updated fees in legally binding signed access and licence agreements with the relevant parties as soon as possible. Refer below for further details on the Heads of Agreement.
Transport Asset Holding Entity of New South Wales (new finding)	Conflict of interest (COI) management For procurement transactions through direct negotiation with single quotes, there was no evidence of COI declarations obtained from the consultants and contractors regarding involvement in other engagements. Contractors and consultants are required to declare actual COI. However, there was no requirement to confirm nil conflict of interest. In addition, there is a risk that perceived COI may not be adequately assessed or managed. TAHE is expected to operate as an independent SOC and would need to ensure any perceived or actual conflict of interest is adequately addressed. Management should implement a process to: ensure conflicts of interest declarations are completed when engaging all consultants and contractors (including involvement with other engagements and confirmation of nil conflicts of interests) ensure probity is undertaken to identify any actual or perceived conflicts of interest. The declarations should consider individuals and relationships that may create, or may be perceived to create, conflicts of interest.
Transport Asset Holding Entity of New South Wales (new finding)	Detailed business modelling to support returns On 18 December 2021, Transport for NSW, TAHE and the operators, Sydney Trains and NSW Trains entered into a Heads of Agreement (HoA). This HoA forms the basis of negotiations to revise the pricing within the existing 10-year contracts and deliver upon the shareholders' expectation of a return of 2.5 per cent per annum of contributed equity, including recovering the revaluation loss incurred in 2020–21. TAHE needs to revise its business plan and include detailed business modelling that supports the shareholding ministers' revised expectations of return (2.5 per cent return on the State’s equity injections and recovery of the write-down of assets over the average useful life of those assets) and align the business plan and Statement of Corporate Intent. This requires more detailed projections, estimates and plans that support how TAHE expects to recover the asset write-down and expected returns to government. The current modelling for ten years needs to be enhanced with modelling over the expected recovery period of approximately 33 years.
Transport Asset Holding Entity of New South Wales (new finding)	Access price build-up Management explained that in determining access and licence fees for the agreements with Sydney Trains and NSW Trains, assets prior to the commencement of equity injections in 2015–16 were excluded from the calculations. Management explained the premise being that these assets were previously funded by government through capital grants. The replacement and refurbishment of these assets is expected to be through government funded maintenance performed through the public rail operators and/or the equity injections from NSW Treasury rather than through access and licence fees.

The number of moderate risk findings increased from prior year

Forty-five moderate risk findings were reported in 2020–21, representing a 73.1 per cent increase from 2019–20. Of these, 14 were repeat findings, and 31 were new issues.

Key moderate risk findings related to:

weaknesses in user access management to key financial systems
management of contracts and agreements register
management of supplier and payroll masterfiles
accounting for assets
control deficiencies at service organisations
segregation of duties relating to the hiring of employees
conflict of interest management
annual leave management
review of internal audit charter
disaster recovery planning.

Transport Asset Holding Entity of New South Wales

Background

The establishment of TAHE was originally announced by the NSW Government in the 2015–16 State Budget. On 1 July 2020, the former Rail Corporation New South Wales (RailCorp), a not-for-profit entity, transitioned to the Transport Asset Holding Entity of New South Wales (TAHE), a for-profit statutory state-owned corporation under the Transport Administration Act 1988. There was no change in the structure of TAHE as a new entity was not created. Ownership remains fully with the government. TAHE, and the former RailCorp, were both classified as Public Non-Financial Corporation (PNFC) entities within the Total State Sector Accounts.

Prior to 1 July 2015, the government paid appropriations to Transport for NSW, a General Government Sector (GGS) agency, to construct transport assets. When completed, these assets were granted to the former RailCorp, a not for-profit entity within the PNFC sector. The grants to the former RailCorp were recorded as an expense in the State’s GGS budget result.

From 1 July 2015, the government announced the creation of TAHE (a dedicated asset manager). Funding for new capital projects was to be provided through equity injections and was no longer recorded as an expense to the GGS budget, even though the business model was yet to be determined. The change, as explained in the 2015–16 State Budget, was due to the expectation that the former RailCorp will transition to TAHE, which was intended, over time to provide a commercial return. That Budget also highlighted how the change, which was largely a change in the basis of accounting, was intended to improve the GGS budget result each year. In total, the GGS has contributed approximately $11.1 billion to TAHE since 2015–16. This includes the equity injections from the GGS to TAHE made in the current year of $2.4 billion.

NSW Treasury initially set a timetable for the stand-up of TAHE of 1 July 2019, which included finalising the business model, operating model and contracts for the use of TAHE's assets. The enactment of the Transport Administration Act 1988 resulted in RailCorp transitioning to TAHE on 1 July 2020, 12 months after its originally planned operational date. Contributions paid to the former RailCorp and subsequently to TAHE by the GGS were treated as equity investments from July 2015 forward. This treatment continued, despite delays in settling the business model. In 2020, the Audit Office raised a high-risk finding due to the significance of the financial reporting impacts and business risks for NSW Treasury and TAHE.

The business model adopted and the flow of funds between transport agencies in the GGS and PNFC sectors is shown in the diagram below. For further details refer to the Report on State Finances 2021.

Appendix one – Misstatements in financial statements submitted for audit

Appendix three – Financial data

Copyright notice

13 April 2022

Published

Building regulation: combustible external cladding

Finance

Local Government

Planning

Compliance

Infrastructure

Regulation

Risk

What the report is about

The report focuses on how effectively the Department of Customer Service (DCS) and Department of Planning and Environment (DPE) led reforms addressing the unsafe use of combustible external cladding on existing residential and public buildings.

Nine local councils were included in the audit because they have responsibilities and powers needed to implement the NSW Government’s reforms.

What we found

After the June 2017 Grenfell Tower fire in London, the NSW Government committed to a ten-point action plan, which included establishing the NSW Cladding Taskforce, chaired by DCS, and with DPE as a key member. The Taskforce co-ordinates and oversees the implementation of the plan.

Depending on the original source of development approval, either individual local councils or DPE are responsible for ensuring that buildings are identified, assessed, and remediated. NSW Government-owned buildings are the responsibility of each department.

Identifying buildings potentially at risk was complex and resource intensive. However, on balance, it is likely that most affected buildings have now been identified.

By October 2021, around 40 per cent of assessed high-risk buildings that are the responsibility of local councils had either been remediated or found not to pose an unacceptable fire risk.

By February 2022, almost 50 per cent of affected NSW Government-owned buildings, and 90 per cent of buildings that are the responsibility of DPE, have either been cleared or are in the process of being remediated.

Earlier guidance on some key issues could have been provided by DCS and DPE in the two years after the Grenfell Tower fire. This may have reduced confusion and inconsistency across local councils we audited, and in some NSW Government departments. This especially relates to the application of the Fair Trading Commissioner's product use ban.

Given the inherent risks posed by combustible external cladding, buildings initially assessed as low-risk may also still warrant further action.

While most high-risk buildings have likely been identified, poor information handling makes it difficult to keep track of all buildings from identification, through to risk assessment and remediation.

What we recommended

DCS and DPE should:

address the confusion surrounding the application of the Commissioner for Fair Trading's product use ban for aluminium composite panels with polyethylene content greater than 30 per cent
develop an action plan to address buildings assessed as low-risk
improve information systems to track all buildings from identification through to remediation.

Fast facts

Authority responsible for ensuring that owners make their buildings safe	Approximate number of buildings referred for further investigation*	Approximate percentage of buildings remediated or assessed to be safe
Local councils	1,200	40%
NSW Government owned	66	50%
DPE under delegation from the Minister for Planning	137	90%

*After initial inspection by Fire and Rescue NSW, and/or preliminary inquiries by the consent authority, it was identified that the building may be at high-risk of
fire from combustible external cladding.

NSW Government's response to the risks posed by combustible external cladding

The NSW Government first became aware of the potential heightened risks posed by combustible external cladding on building exteriors after the 2014 Lacrosse Tower fire in Melbourne. However, it was the tragic loss of life from the Grenfell Tower fire in London, in June 2017, that gave added urgency to the need to address these risks.

Within six weeks of the London fire, the NSW Government committed to a ten-point plan of action for NSW to:

identify and remediate any buildings with combustible external cladding
ensure that regulation prevented the unsafe use of such cladding
ensure that experts involved in providing advice and certifying fire safety measures had the necessary skills and experience.

One of the actions in the ten-point plan was the creation of the NSW Government's Fire Safety and External Wall Cladding Taskforce (the Cladding Taskforce) chaired by the Department of Customer Service (DCS) and with the Department of Planning and Environment (DPE) as a key member.

The ten-point plan also specified that NSW Government departments would be responsible, in regard to buildings they owned to '…audit their buildings and determine if they have aluminium cladding'.

Local councils play a key role in implementing the Government's reforms, given their responsibilities and powers under the Environmental Planning and Assessment Act 1979 (EPA Act) and Local Government Act 1993 (Local Government Act) to approve building works (as 'consent authorities'), as well as to ensure fire safety standards are met. DPE plays an equivalent role for a smaller number of 'State Significant Developments' for which it is the consent authority under delegation from the Minister for Planning.

Commissioner for Fair Trading's building product use ban

On 18 December 2017, the Building Products (Safety) Act 2017 (BPS Act) came into effect in NSW, introducing new laws to prevent the use of unsafe building products. Notably, the BPS Act gave the Secretary of DCS and the Commissioner for Fair Trading the power to ban unsafe uses of building products.

After an extensive consultative process, the Commissioner for Fair Trading used these powers to issue a product use ban on 15 August 2018. This banned the use of external wall cladding of aluminium composite panels with a core comprised of more than 30 per cent polyethylene by mass on new buildings, unless the proposed use was subject to independent fire propagation testing of the specific product and method of application to a building in accordance with relevant Australian Standards.

Buildings occupied before the product use ban came into force are not automatically required to have the banned product removed. Under the BPS Act, consent authorities may determine necessary actions to eliminate or minimise the risk posed by the banned material on existing buildings.

Project Remediate

Project Remediate is a three-year NSW Government program announced in November 2020. The program was designed by the NSW Government to assist building owners of multi-storey apartments (two storeys or more) with high-risk combustible cladding to remediate their building to a high standard and for a fair price.

The scheme is voluntary and includes government paying for the interest on ten-year loans, as well as incorporating assurance and project management services to provide technical and practical support to owners’ corporations and strata managing agents. Building remediations under the program are expected to commence in 2022.

About this audit

This audit assessed whether DCS and DPE effectively led reforms to manage the fire safety risk of combustible external cladding on existing residential and public buildings.

In making this assessment, we considered whether the expressed policy intent of the NSW Government's ten-point plan for fire safety reform had been achieved by asking:

are the fire safety risks of combustible external cladding on existing buildings identified and remediated?
is there a comprehensive building product safety scheme that prevents the dangerous use of combustible external cladding products on existing buildings?
is fire safety certification for combustible external cladding on existing buildings carried out impartially, ethically and in the public interest by qualified experts?

Consistent with the focus of the Cladding Taskforce on multi-storey residential buildings and public buildings, the scope of our audit is limited to buildings categorised under the Building Code of Australia (BCA) as class 2, 3 and 9. These classes are defined in detail in section 1.2, but include: multi-unit residential apartments, hotels, motels, hostels, back-packers, and buildings of a public nature, including health care buildings, schools, and aged care buildings. The scope was also limited to existing buildings, which is defined as buildings occupied by 22 October 2018.

Auditees

The Department of Customer Service chairs the NSW Government's Cladding Taskforce, which is responsible for coordinating the combustible external cladding reforms. The Commissioner of Fair Trading sits within DCS and DCS regulates the industry accreditation scheme for fire safety practitioners, as well as administering the BPS Act.

The Department of Planning and Environment administers the EPA Act and the Environmental Planning and Assessment Regulation 2000 (EPA Regulation), which regulate the building development process. As well as being the delegated consent authority for State Significant Developments, DPE is also responsible for maintaining the mandatory cladding register requiring building owners of multi-storey (BCA class 2, 3 or 9) buildings to register buildings with combustible external cladding on an online portal.

Functions and responsibilities between DCS and DPE varied over time. For example, in October 2019, the DPE building policy team responsible for co-ordinating the DPE response to the combustible cladding issue was transferred to DCS, following changes to agency responsibilities resulting from machinery of government changes. DPE advised this resulted in a lessening of DPE's subsequent policy work on combustible cladding and its involvement in the Cladding Taskforce.

While the focus of the audit was on the oversight and coordination provided by DCS and DPE, nine councils were also auditees for this performance audit. Councils play an essential part as consent authorities for building development approvals in NSW, as well as having responsibilities and powers to ensure fire safety standards. To fully understand how well their activities were overseen and coordinated, a sample of councils was included as auditees.

Nine councils were selected to represent both metropolitan and regional areas, noting that there are very few in-scope buildings in rural areas. The audited councils were:

Bayside Council
City of Canterbury Bankstown Council
Cumberland City Council
Liverpool City Council
City of Newcastle Council
City of Parramatta Council
City of Ryde Council
City of Sydney Council
Wollongong City Council.

Terminology

The two NSW Government department auditees have, over time, been subject to machinery of government changes, which have changed some of their functions and what the departments are called.

Relevant to this audit, the effect of these changes has been:

the Department of Finance, Services, and Innovation (DFSI) became the Department of Customer Services (DCS) on 1 July 2019
on 1 July 2019, the Department of Planning and Environment became the Department of Planning, Industry, and Environment (DPIE)
on 21 December 2021, DPIE became the Department of Planning and Environment (DPE).

To avoid confusion, we use the titles by which these departments are known at the date of this report: the Department of Customer Service and the Department of Planning and Environment.

Conclusion

At July 2017, immediately after the Grenfell Tower fire, there was no reliable source to identify buildings that may have had combustible external cladding. However, it is now likely that most high-risk buildings have been identified.

Following the 2014 Lacrosse Tower fire in Melbourne, the NSW Government recognised that there was a need to be able to identify buildings in NSW that could have combustible external cladding.

The process of identifying buildings that could have combustible external cladding has been complex, resource-intensive, and inefficient principally due to the lack of centralised and coordinated building records in NSW. In total, approximately 1,200 BCA class 2, 3 and 9 buildings have been brought to the attention of councils by either Fire and Rescue NSW (FRNSW), the Cladding Taskforce, or through councils' own inspection for possible further action. In addition, approximately 2,000 more buildings were inspected by FRNSW but not referred to local councils because they either had no combustible external cladding or had combustible external cladding not assessed as being high-risk.

A multi-pronged approach to identifying buildings has been used by the DCS and DPE, through the Cladding Taskforce. While it is impossible to know the full scope of potentially affected buildings, the approach appears thorough in having identified most relevant buildings.

The process of clearing buildings with combustible external cladding has been inconsistent.

In the more than four years since the NSW Government's ten-point plan was announced, around 40 per cent of the buildings brought to the attention of councils have been cleared by either rectification or being found not to pose an unacceptable fire risk. Also, around 50 per cent of NSW Government-owned buildings identified with combustible external cladding and almost 90 per cent of identified buildings for which DPE is consent authority have been cleared or remediation is underway.

While DCS and DPE did seek to work cooperatively with councils and provided high-level guidance on the NSW Government’s fire safety reforms, it took until September 2019 before a model process and other detailed advice was provided to councils to encourage consistent processes. DCS and DPE advice to councils and NSW Government-building owners should have been more timely on two key issues:

the use of experts in the process of assessing and remediating existing buildings, and
the implementation of the product use ban on aluminium composite panels with polyethylene content 30 per cent or greater.

Clarifying the application of the product use ban may require consent authorities and building owners to revisit how some buildings have been cleared.

The management of buildings assessed as low-risk by FRNSW, estimated to be over 500, has not been a priority of the Cladding Taskforce to date, despite those buildings potentially posing unacceptable fire risks.

Information management by the Cladding Taskforce is inadequate to provide a high-level of assurance that all known affected buildings have been given proper attention.

While most high-risk buildings have likely been identified, information management is not sufficiently robust to reliably track all buildings through the process from identification, through to risk assessment and, where necessary, remediation.

Reforms to certifier registration schemes are limited to new buildings and do not apply to the existing buildings covered by this audit.

While reforms are limited in application to new buildings, some consent authorities took steps to obtain greater assurance on the quality of the work done by fire safety experts regarding combustible external cladding on existing buildings. For example, by requiring fire safety experts to be appropriately qualified and requiring peer review of cladding risk assessments and proposed remediation plans.

This chapter considers the part played by DCS and DPE as key members of the Cladding Taskforce in ensuring that buildings with combustible external cladding were effectively identified and remediated through processes implemented by:

local councils or DPE, where those bodies were consent authorities under the EPA Act for the relevant buildings
in the case of NSW Government buildings, the departments that owned those buildings.

This chapter considers what has been done to deliver a comprehensive building product safety scheme that prevents the dangerous use of combustible external cladding products.

This chapter considers whether reforms have ensured that only people with the necessary skills and experience are certifying buildings and signing off on fire-safety.

Inspections of existing buildings and development of any subsequent action plans to address combustible external cladding are not activities covered by accreditation or registration schemes for building certifiers

Almost all the risk assessment and remediation work done on buildings in the scope of this audit have been undertaken under fire safety orders issued by consent authorities using their powers under the EPA Act. This has been the recommended approach by DPE and DCS since at least 2016 (that is, before the Grenfell Tower fire in London).

While there have been reforms to certifier registrations scheme, these were not intended to ensure that combustible cladding-remediation on existing buildings is supported by people with the necessary skills and experience in fire safety under the fire safety order process. Instead, they are focused on offering better assurance for work done in respect to new building projects where accredited experts certify that building work is carried out in accordance with BCA under the DCS managed certifier registration schemes.

No steps have been taken to ensure the quality of the work done by experts inspecting, assessing the fire risk and developing action plans to address combustible external cladding on existing buildings, other than where consent authorities have chosen to exercise their discretion. This includes requiring fire safety experts to be appropriately qualified and requiring peer review of some cladding risk assessments and remediation plans.

Consent authorities determine whether individuals with accreditation are required for combustible cladding inspection, risk assessments and remediation on existing buildings

Whether an individual with certifier accreditation participates in a cladding inspection, risk assessment, or remediation for an existing building will be determined by what councils as consent authorities specify in their fire safety orders unless building owners opt to use such experts without being directed to do so by the consent authority.

As discussed earlier, councils acting as consent authorities vary in whether they require building owners to engage individuals with certifier accreditation. In most of the councils we audited, A1 or C10 accredited experts were either required, or recommended, to perform functions such as auditing suspected combustible cladding, or conducting fire safety risk assessments and developing plans to rectify combustible cladding.

However, these types of work are not functions covered by the accreditation or registration schemes that apply to building and development certifiers.

Certifier accreditation schemes do not cover cladding remediation work done under fire safety orders

While councils may require or recommend that independent accredited A1 or C10 certifiers be engaged by building owners for cladding risk assessment and remediation, they are not performing those functions as certifiers — they are, in effect, more akin to expert consultants. Accordingly, how they perform their functions and duties is not covered by the legislation supporting the accreditation scheme for certifiers that was operated until July 2020 by the Building Professional Board.

Instead, their use in this process is a convenient and practical way for consent authorities to ensure that building owners use appropriate experts who have the qualifications, skills and experience needed to investigate and identify combustible cladding, and then to formulate appropriate action to deal with such cladding. However, these individuals are not performing regulated or accredited work, are not subject to regulatory oversight, and are not accountable to any accreditation body for the quality of the work they perform.

While councils could (and sometimes do) choose to decline poor quality or incomplete cladding-related work prepared by A1 or C10 certifiers, the burden of resolving poor quality would fall on the building owner, who would have to seek amended or additional risk assessments or rectification plans.

In the absence of regulatory oversight, disincentives for poor quality cladding-related work, may include litigation being commenced by the property owner, harm to the expert's reputation in a small and competitive market, and the potential impact on whether the individual could retain their professional indemnity insurance at a reasonable cost (especially in an environment when many insurance providers withdrew coverage for cladding related work).

Reforms impact on regulated experts doing work on new buildings

The reforms that commenced on 1 July 2020, replaced categories of accreditation with classes of registration, and varied the classes such that:

accredited building surveyor category A1 became registered building surveyor-unrestricted
accredited certifier—fire safety engineer category C10 became registered certifiers-fire safety.

The legislation that introduced these reforms, the Building and Development Certifiers Act 2018, also repealed the pre-existing Building Professionals Act 2005 and abolished the Building Professionals Board. The new Act was accompanied by the Building and Development Certifiers Regulation 2020.

While the scope of this audit is limited to existing buildings, we note that there are buildings with combustible external cladding that are yet to be remediated. Just as these processes previously drew on the expertise of A1 and C10 category certifiers, it seems inevitable that the remediation of existing buildings will continue to draw on the expertise of the equivalent new classes of registered building surveyor-unrestricted and registered certifier-fire safety.

Appendix one – Response from agencies

Appendix two – About the audit

Appendix three – Performance auditing

Copyright notice

Parliamentary reference - Report number #364 - released 13 April 2022.

15 December 2021

Published

Health 2021

Health

Asset valuation

Compliance

Cyber security

Financial reporting

Infrastructure

Internal controls and governance

Procurement

This report analyses the results of our audits of the Health cluster agencies for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no outstanding matters relating to audits in the Health cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.

What the report is about

The results of Health cluster (the cluster) agencies' financial statements audits for the year ended 30 June 2021.

What we found

Unmodified audit opinions were issued for the financial statements of all Health cluster agencies.

The COVID-19 pandemic increased the complexity and number of accounting matters faced by the cluster. The total gross value of corrected misstatements in 2020–21 was $250.2 million, of which $226.0 million were pandemic related.

A qualified audit opinion was issued on the Annual Prudential Compliance Statement. The basis of the qualification related to 19 instances (18 in 2018–19) of non-compliance relating to three of the 20 prudential requirements across five aged care facilities.

What the key issues were

The total number of matters we reported to management across the cluster increased from 112 in 2019–20 to 116 in 2020–21. Of the 116 issues raised in 2020–21, three were high risk (one in 2019–20) and 57 were moderate risk (47 in 2019–20). Nearly one half of the issues were repeat issues.

The three new high-risk issues identified were:

Hotel Quarantine (HQ) fees

The absence of a tailored debt recovery strategy, data integrity issues and uncertainties around future HQ arrangements increased risks around the recoverability of HQ fees from travellers.

COVID-19 inventories

Data errors and anomalies in the impairment model and difficulties forecasting key factors impacting the management of Personal Protective Equipment (PPE) increased uncertainty associated with the valuation and impairment of COVID-19 inventories.

COVID-19 vaccines

The Commonwealth did not provide information about the cost of vaccines provided to NSW free of charge, which required the performance of internal valuations to reflect the consumption of vaccines in the financial statements.

What we recommended

Hotel Quarantine (HQ) fees

Develop a tailored assessment methodology to estimate recoverability of HQ fees and work with Revenue NSW to develop a tailored debt recovery strategy.

COVID-19 inventories

Review the current stocktaking and impairment methodology to incorporate validation of data key to the management of COVID-19 related PPE.

COVID-19 vaccines

Work with the Commonwealth to obtain primary price information on COVID-19 vaccines.

Fast facts

The Health cluster, comprising 15 local health districts, five pillars agencies, two specialty health networks and six shared state-wise services agencies, deliver health services to the people of New South Wales.

100% unqualified audit opinions were issued on agencies' 30 June 2021 financial statements
24 monetary misstatements were reported in 2020–21
3 high risk management letter findings were identified
47.4% of reported issues were repeat issues
$23.5b property, plant and equipment as at 30 June 2021
$26.8b total expenditure incurred in 2020–21

This report provides Parliament and other users of the Health cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely. This chapter outlines our audit observations related to the financial reporting of agencies in the Health cluster (the cluster) for 2021.

Section highlights

Unqualified audit opinions were issued for all cluster agencies required to prepare general-purpose financial statements.
The total gross value of all corrected monetary misstatements for 2020–21 was $250.2 million, of which $226.0 million were related to complexities arising from the COVID-19 pandemic.
A qualified audit opinion was issued on the Ministry's Annual Prudential Compliance Statement.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making. This chapter outlines our observations and insights from our financial statement audits of agencies in the Health cluster.

Section highlights

The total number of internal control deficiencies has increased from 112 issues in 2019–20 to 116 in 2020–21. Of the 116 issues raised in 2020–21, three were high (one in 2019–20) and 57 were moderate (47 in 2019–20); with nearly one half of all control deficiencies reported in 2020–21 being repeat issues.
The complexities arising from accounting for agreements between governments to respond to the COVID-19 pandemic presented three new high risk audit findings with respect to the:
- expected rate of recoverability of outstanding Hotel Quarantine fees
- procurement, stocktaking and impairment of COVID-19 inventories
- valuation and recognition of COVID-19 vaccines received from the Commonwealth Government.
Management of excessive leave balances and poor quality or lack of documentation supporting key agreements were amongst the repeat issues observed again in the 2020–21 financial reporting period.

Findings reported to management

The number of findings reported to management has increased, with 47.4 per cent of all issues being repeat issues

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of cluster agencies. The Audit Office does this through our management letters, which include observations, implications, recommendations and risk ratings.

In 2020–21, there were 116 findings raised across the cluster (112 in 2019–20). 47.4 per cent of all issues were repeat issues (38.4 per cent in 2019–20).

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.

The table below describes the common issues identified across the cluster by category and risk rating.

Risk rating	Issue
Information technology
Moderate² 7 new, 3 repeat	We identified the need for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with: lack of reviews of user access and privileged user access for HealthRoster Assets and Facilities Management Online vMoney Powerhouse Patient Billing and Revenue Collection system. Repeat issues included: deficient password controls no independent review for data integrity of any changes made to HealthRoster incomplete reviews of StaffLink User Access.
Low¹ 4 new, 5 repeat
Internal control deficiencies or improvements
High³ 1 new, 0 repeat	We identified internal control weaknesses across key business processes, including new issues relating to: procurement, stocktaking and impairment of COVID-19 inventories (personal protective equipment) instances where employees' timesheets were approved in advance monthly reconciliations not reviewed in a timely manner asset revaluation processes at Illawarra Shoalhaven Local Health District. Repeat issues included: forced finalisation of rosters in order to finalise processing of payroll partial repeat issue relating to HealthShare NSW's stocktake process, refer to details in the following section of this report.
Moderate² 6 new, 12 repeat
Low¹ 10 new, 4 repeat
Financial reporting
High³ 2 new, 0 repeat	We identified weaknesses with respect to financial reporting in relation to the: expected rate of recoverability of outstanding Hotel Quarantine fees valuation and recognition of COVID-19 vaccines received from the Commonwealth Government application of AASB 16 'Leases' improvement in health agencies' grant register to better support management's accounting treatment under the applicable revenue accounting standards.
Moderate² 6 new, 1 repeat
Low¹ 8 new, 3 repeat
Governance and oversight
Moderate² 9 new, 5 repeat	We identified opportunities for agencies to improve governance and oversight processes, including: ensure better documentation around governance arrangements for major health capital works delivered by Health Infrastructure absence of documented practices at health agencies level relating to Visiting Medical Officer claims. Repeat issues include: delegations manual for Health Infrastructure remains in draft and has done so since 2017.
Low¹ 2 new, 2 repeat
Non-compliance with key legislation and/or central agency policies
Moderate² 1 new, 7 repeat	We identified the need for agencies to improve compliance with key legislation and central agency policies, with new findings including: bank signatories list not updated to remove terminated employees subsequent changes made to Junior Medical Officers' approved rosters not approved by an authorised delegate. Repeat issues include: management of excessive annual leave non-compliance with the Government Information (Public Access) Act 2009 (GIPA Act) by Ambulance NSW.
Low¹ 5 new, 13 repeat

⁴Extreme risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
³ High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
² Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
¹ Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.

Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.

Complexities arising from the COVID-19 response

The 2020–21 audit identified three new high-risk findings

COVID-19 has presented the cluster with several new accounting challenges. New and evolving matters arose from changes to operating conditions, which characterised the 2020–21 financial reporting period. Issues with a high degree of estimation uncertainty will require ongoing attention as the strategies employed to deal with the COVID-19 pandemic evolve.

Expected rate of recovery of outstanding Hotel Quarantine invoices

The estimation of the amount likely to be recovered is complicated not only by the uncertainties that exist regarding the assumptions those estimations rely upon, but also the debt collection processes and strategies put into place to manage the accumulated debtors' balance. Debt collection is not administered by the cluster, but rather Revenue NSW. We observed an absence of a methodology to assess the likelihood of recovery. Instead, Sydney Local Health District was relying on Revenue NSW to develop and execute on a collection strategy. Sydney Local Health District was using the same approach to hotel quarantine debts as it did to other Health receivables. As the approach to managing international borders evolves over time, so too will the cluster's need to develop robust estimation models to assess the likely collectability of debtors.

Procurement, management and impairment of COVID-19 inventories

$656.2 million of COVID-19 inventories were procured in 2020–21, with $220.2 million consumed; $558.7 million impaired and a further $217.1 million written off. Estimates of the degree to which inventories are expired, not fit for purpose or are faulty is often based on management judgement at all stages in the procurement cycle.

With respect to the stocktaking methodology applied, the following issues were identified:

discrepancies noted in the stock bin listing provided for audit
discrepancies in the recount sheet generated
inconsistent application of the stocktake methodology
inconsistent labelling of quarantined stock
a lack of an approach for validating stock expiry dates, which is a key input to the impairment calculations.

Although management had developed processes and a methodology to count as well as to assess the level of inventory that was not fit for purpose, ongoing attention to the operating environment that emerges post pandemic will be important in assessing the degree to which existing COVID-19 inventories can be integrated into a ‘business as usual’ model going forward. Further refinement of the key elements of the stocktaking methodology will also be required to ensure that key inputs upon which management relies to calculate the year-end inventory impairment provision can be appropriately validated.

Valuation and recognition of COVID-19 vaccines received from the Commonwealth Government

The 2020–21 financial reporting period saw the Commonwealth acquire COVID-19 vaccines and provide these to state jurisdictions to dispense to their communities. The vaccines, although provided free of charge require recognition. However, Health entities were not responsible for acquiring the vaccines and data on the vaccines' cost was not shared by the Commonwealth. Management undertook a valuation using publicly available data to estimate the value to attribute to the vaccine inventory; developed new systems and leveraged existing pharmacy systems to track physical quantities received from the Commonwealth and ultimately distributed to NSW citizens. As the response to the pandemic evolves, larger quantities, and new lines of vaccine stock will be dealt with, and policy settings will need to adapt when patterns of distribution of those vaccines (e.g., timing of third booster shots) emerge. The Ministry of Health will need to ensure that the valuations applied to the prices of inventory distributed and held in stock are as accurate as possible. This can be done through further refinement of the existing valuation methodology, obtaining price information from the Commonwealth and engaging specialist pharmaceutical valuers.

Emerging trends

Recognition of provisions without sufficient support

Several NSW Health entities raised accruals and provisions in 2020–21, which did not have an appropriate basis for recognition. Liabilities can only be recognised where there is a present obligation to make a payment arising from a past event. A number of these errors remain uncorrected in the financial statements of those entities as they are not material, individually or in aggregate to the financial statements as a whole. Increased training and guidance are required to ensure that treatment within the cluster is consistent and reflects events that have occurred and give rise to obligations.

Treatment of Commonwealth funding

In the 2020–21 and 2019–20 financial reporting periods, we observed prior period errors arising from the treatment of Commonwealth funding. These errors related to recognising revenue under funding agreements entered into with the Commonwealth in the incorrect period. The conditions of these funding arrangements, the transactional information requiring validation and the circumstances when revenue should be recognised are not always clear and can be complex. Early and continuous engagement with the Commonwealth is required to ensure that revenue recognition principles are consistently applied across the cluster.

Key repeat issues

Management of excessive annual leave

NSW Treasury guidelines stipulate annual leave balances exceeding 30 days are considered excess annual leave balances. Managing excess annual leave balances has been reported as an issue for the cluster for more than five years, with the average percentage of employees with excessive leave balances over the last five years being 36.1 per cent (35.5 per cent over five years covering 2015–16 to 2019–20).

The operational demands required to manage the COVID-19 pandemic have presented new challenges for the cluster in trying to manage its excessive leave balances. 39.2 per cent of employees now have excess leave balances at 30 June 2021 (35.4 per cent at 30 June 2020).

The state's leave policy C2020-12 Managing Accrued Recreation Leave Balances requires agencies to manage excessive leave balances to 30 days or less to maintain their workforces physical and mental health.

Accurate time recording

Forced-finalisation of time records by system administrators within HealthRoster remains an issue and we continue to observe time records forced-finalised by system administrators so pay runs can be finalised on a timely basis. During 2020–21, a total of two million (2.2 million in 2019–20) time records were force approved, which represents 5.7 per cent of total time records (6.9 per cent in 2019–20).

Existence, completeness and accuracy of key agreements

Delivery of major capital projects

Health Infrastructure (a division of the Health Administration Corporation) is responsible for the delivery of major capital projects with a budgeted spend of more than $10.0 million. Health Infrastructure oversee the planning, design, procurement, and construction phases. Capital works in progress are recognised in the financial statements of the health entity that intends to use those assets upon completion. The health entities recognise both the capital work in progress and the revenue associated with the capital funding from the Ministry for the construction of the assets. Capital funding is currently agreed with health entities as part of the annual Service Agreement. The assumption that the health entities control the assets during their construction is consistent with Health Infrastructure's role as an agent for the health entity and the Ministry's policy directive PD2020-033 'Management and control of Health Administration Corporation owned Real Property'.

We continued to observe a lack of clarity regarding agreements between Health Infrastructure, the Ministry and the cluster agency that will eventually receive the completed asset. This can lead to confusion and uncertainty around the rights and obligations of each party to the transaction.

Cross border patient funding arrangements

When patients require medical care in a jurisdiction where they are not generally domiciled, there are arrangements in place to provide funding to support cross border patient treatments. We have previously observed that agreements between NSW and other jurisdictions have not been finalised, and this continues to be the case. In the case of Victoria, no agreement has been finalised for the past seven years.

We continue to note that the cluster has long outstanding receivables and payables with other states. The absence of formal agreements between the states hampers the settlement of the debts relating to the treatment of cross border patients. The following table shows the status of Cross Border Agreements between NSW and other jurisdictions:

States	2014–15	2015–16	2016–17	2017–18	2018–19	2019–20	2020–21
Queensland	Signed	Signed	Signed	Signed	Signed	Not finalised	Not finalised
Victoria	Not finalised	Not finalised	Not finalised	Not finalised	Not finalised	Not finalised	Not finalised
Australian Capital Territory	Signed	Signed	Signed	Signed	Signed	Signed	Not finalised
South Australia	Signed	Signed	Signed	Signed	Signed	Signed	Not finalised
Tasmania	Signed	Signed	Signed	Signed	Signed	Signed	Not finalised
Northern Territory	Signed	Signed	Signed	Signed	Signed	Signed	Not finalised
Western Australia	Signed	Signed	Signed	Signed	Signed	Signed	Not finalised

Albury Base Hospital

Albury Base hospital is located on the border of NSW and Victoria and services residents of both states. Documentation supporting the extension of the expired Intergovernmental Agreement 2009–2017 between NSW and Victoria in relation to the integration of health services in Wodonga and Albury could not be located.

Appendix one – Misstatements in financial statements submitted for audit