What this report is about

In this report, we present findings and recommendations relevant to regulation from selected reports between 2018 and 2024.

This analysis includes performance audits, compliance audits and the outcomes of financial audits.

Effective regulation is necessary to ensure compliance with the law as well as to promote positive social and economic outcomes and minimise risks with certain activities.

The report is a resource for public sector leaders. It provides insights into the challenges and opportunities for more effective regulation.

Audit findings

The analysis of findings and recommendations is structured around four key themes related to effective regulation:

• governance and accountability
• processes and procedures
• data and information management
• support and guidance.

The report draws from this analysis to present insights for agencies to promote effective regulation. It also includes relevant examples from recent audit reports.

In this report, we also draw out insights for agencies that provide a public sector stewardship role.

The report highlights the need for agencies to communicate a clear regulatory approach. It also emphasises the need to have a consistent regulatory approach, supported by robust information about risks and accompanied with timely and proportionate responses.

The report highlights the need to provide relevant support to regulated parties to facilitate compliance and the importance of transparency through reporting of meaningful regulatory information.

Read the PDF report

What this report is about

Extreme rainfall across eastern Australia in 2021 and 2022 led to a series of major flood events in New South Wales.

This audit assessed how effectively the NSW Government provided emergency accommodation and temporary housing in response to the early 2022 Northern Rivers and late 2022 Central West flood events.

Responsible agencies included in this audit were the Department of Communities and Justice, NSW Reconstruction Authority, the former Department of Planning and Environment, the Department of Regional NSW and the Premier’s Department.

Findings

The Department of Communities and Justice rapidly provided emergency accommodation to displaced persons immediately following these flood events.

There was no plan in place to guide a temporary housing response and agencies did not have agency-level plans for implementing their responsibilities.

The NSW Government rapidly procured and constructed temporary housing villages. However, the amount of temporary housing provided did not meet the demand.

There is an extensive waitlist for temporary housing and the remaining demand in the Northern Rivers is unlikely to be met. The NSW Reconstruction Authority has not reviewed this list to confirm its accuracy.

Demobilisation plans for the temporary housing villages have been developed, but there are no long-term plans in place for the transition of tenants out of the temporary housing.

Agencies are in the process of evaluating the provision of emergency accommodation and temporary housing.

The findings from the 2022 State-wide lessons process largely relate to response activities.

Audit recommendations

The NSW Reconstruction Authority should:

• Develop a plan for the provision of temporary housing.
• Review the temporary housing waitlist.
• Determine a timeline for demobilising the temporary housing villages.
• Develop a strategy to manage the transition of people into long-term accommodation.
• Develop a process for state-wide recovery lessons learned.

All audited agencies should:

• Finalise evaluations of their role in the provision of emergency accommodation and temporary housing.
• Develop internal plans for implementing their roles under state-wide plans.

Read the PDF report

Parliamentary reference - Report number #389 - released 22 February 2024

What this report is about

Results of the audit of the Consolidated State Financial Statements of the New South Wales General Government Sector (GGS) and Total State Sector (TSS) for the year ended 30 June 2023.

Findings

The audit opinion on the 2022–23 Consolidated State Financial Statements was qualified in relation to two issues and included an emphasis of matter.

The first qualification matter is a continuation of the prior year limitation of scope on the audit relating to the Catholic Metropolitan Cemeteries Trust (CMCT), a controlled state entity, who continued to deny access to its management, books and records for the purposes of a financial audit. As a result, the Audit Office was unable to obtain sufficient appropriate audit evidence to support the assets, liabilities, income and expenses relating to CMCT recorded in the TSS and the equity investment recognised in the GGS relating to the net assets of CMCT.

The second qualification matter relates to the limitations on the accuracy and reliability of financial information relating to Statutory Land Managers (SLMs) and Common Trust entities (CTs) controlled by the State and were either exempted from requirements to prepare financial reports, or who were required to submit financial reports and have not done so. The Audit Office was unable to obtain sufficient appropriate audit evidence to determine the impact on the value of non-land assets and liabilities, income and expenses that should be recognised in the 2022–23 Consolidated State Financial Statements and which have not been recorded in the Consolidated State Financial Statements.

The independent audit opinion also includes an emphasis of matter drawing attention to key decisions made by the NSW Government regarding the future of the Transport Asset Holding Entity of New South Wales (TAHE).

Recommendations

The report includes recommendations for NSW Treasury to address several high-risk findings, including:

• ensuring accurate and reliable financial information is available to recognise the non-land balances of SLMs and CTs
• ensuring the CMCT, SLMs and CTs meet their statutory reporting obligations
• conducting a broader review of the financial reporting exemption framework
• continued monitoring of TAHE's control over its assets
• providing timely guidance to the sector relating to legislative or policy changes that impact financial reporting
• developing an accounting policy for the reimbursement of unsuccessful tender bid cost contributions.

Read the PDF report

What this report is about

This report analyses the internal controls and governance of the 25 largest agencies in the NSW public sector, excluding state owned corporations and public financial corporations, for the year ended 30 June 2023.

Findings

Internal control trends

The proportion of control deficiencies identified as high-risk this year decreased to 4.5% (8.2% in 2022).

Repeat findings of control deficiencies represent 38% of all findings (48% in 2022). 

Information technology

Over half of the agencies reviewed have deficiencies in managing user access to their information systems. Over a third of agencies had deficiencies in their controls over privileged user accounts within their information technology environments. 

Cyber security

Over 80% of assessments for maturity levels against the NSW Cyber Security Policy have reported one or more self-assessed Mandatory Requirements are not practiced on a consistent and regular basis.

Essential Eight cyber controls have not improved, and they need to. 

Governance framework

Deficiencies were noted in agencies' governance and risk management frameworks, namely: outdated risk management policies, lack of risk appetite statements, and internal audit functions not being externally evaluated.  

Payroll and work health and safety (WHS)

Overtime expenses increased by 40% between 2020 and 2023, compared to salaries and wages which increased by 16% over the same period.

Five agencies have WHS policies that do not reflect current WHS regulations.

Recommendations

Several important recommendations were made for agencies to prioritise efforts to improve cyber security controls and cyber resilience measures.

It was also recommended that agencies periodically review their risk management maturity and implement action plans, and ensure their WHS policies and procedures reflect current legislation requirements including the need to manage psychosocial risks.

Internal controls are processes, policies and procedures that help agencies to:

• operate effectively and efficiently
• produce reliable financial reports
• comply with laws and regulations
• support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies found across agencies.

For consistency and comparability, we have adjusted the 2022 results to incorporate additional audit findings that were reported after the date of the Internal controls and governance 2022 report. Therefore, the 2022 figures will not necessarily align with those reported in our 2022 report.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agency controls to manage key financial systems.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' cyber security.

Governance in the context of the NSW public service refers to the structures, processes, and mechanisms by which government departments and agencies are held to account when they make decisions and implement policies and programs in the service of the public interest. It also includes the principles and practices that guide how these agencies work together.

This chapter outlines our audit observations, conclusions and recommendations from our review of agencies' governance frameworks and practices, with consideration of NSW Treasury issued policies and best practices. It focuses on two key areas: governance arrangements and risk management.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' payroll controls and management of work health and safety (WHS).

What this report is about

Result of the Transport portfolio of agencies' financial statement audits for the year ended 30 June 2023.

The audit found

Unqualified audit opinions were issued for all Transport portfolio agencies.

An 'emphasis of matter' paragraph was included in the Transport Asset Holding Entity of New South Wales' (TAHE) independent auditor's report, which draws attention to management's disclosure regarding proposed changes to TAHE's operating model.

Government's decision to convert TAHE into a non-commercial Public Non-Financial Corporation may impact the future valuation and the control of TAHE's assets.

Transport for NSW's valuation of roads and bridges resulted in a net increase to its asset value by $15.7 billion.

Transport for NSW and Sydney Metro have capitalised over $300 million of tender bid costs paid to unsuccessful tender bidders relating to significant infrastructure projects. Whilst NSW Treasury policy provides clarity on the reimbursement of unsuccessful bidders' costs, clearer guidance on how to account for these costs in agency's financial statements is required.

The key audit issues were

The number of issues reported to management decreased from 53 in 2021–22 to 49 in 2022–23.

High-risk findings include:

• gaps in how Sydney Metro manages its contractors and how conflicts of interest are recorded and managed
• future financial reporting implications to account for government's proposed changes to TAHE's future operating model, including asset valuations and control assessments of assets and operations
• Parramatta Park Trust's tree assets' valuation methodology needs to be addressed.

Recommendations were made to address the identified deficiencies.

This report provides Parliament and other users of the Transport portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Transport portfolio of agencies (the portfolio) for 2023.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Transport portfolio.

Appendix one – Misstatements in financial statements submitted for audit 

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting 

Appendix four – Financial data 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What this report is about

Results of the Stronger Communities financial statement audits for the year ended 30 June 2023.

What we found

Unqualified audit opinions were issued on all completed Stronger Communities portfolio agencies.

Machinery of government changes during the year returned the sports-related agencies to the Stronger Communities portfolio.

Resilience NSW was abolished on 16 December 2022 with most of its functions transferred to the newly created NSW Reconstruction Authority.

The Trustee for the First Australian Mortgage Acceptance Corporation (FANMAC) is a prescribed entity under the Government Sector Finance Regulation 2018. The Trustee should have presented the FANMAC's financial statements for audit after it became a GSF agency on 1 July 2020.

The number of monetary misstatements identified in our audits decreased from 42 in 2021–22 to 29 in 2022–23.

What the key issues were

In 2022–23, agencies in the portfolio recorded net revaluation uplifts to land and buildings totalling $643 million.

Out of home care and permanency support grant expenditure has increased by 27% since 2019–20. An upcoming performance audit report will focus on the timeliness and quality of the child protection services provided by the department and its non-government service providers.

A high-risk matter was raised for the department over segregation of duties deficiencies in the Justice Link system.

Four high-risk matters reported in 2021–22 have been resolved.

Thirty-three agencies were onboarded into a new government-wide enterprise resource planning system. Additional agencies will be onboarded in three tranches from April 2024 through to October 2024.

What we recommended

Portfolio agencies should:

• ensure any changes to employee entitlements are assessed for their financial statement impact under the relevant Australian Accounting Standards
• prioritise and address internal control deficiencies identified in our management letters.

This report provides Parliament and other users of the Stronger Communities portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities portfolio of agencies (the portfolio) for 2023.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities portfolio.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What the report is about

This audit assessed how effectively NSW government agencies procure and manage consultants. It examined the role of the NSW Procurement Board and NSW Procurement (a unit within NSW Treasury) in supporting and monitoring agency procurement and management of consultants.

The audit used four sources of data that contain information about spending on consultants by NSW government agencies, including annual report disclosures and the State's financial consolidation system (Prime). It also reviewed a sample of consulting engagements from ten NSW government agencies.

What we found

Our review of a selection of consulting engagements indicates that agencies do not procure and manage consultants effectively.

We found most agencies do not use consultants strategically and do not have systems for managing or evaluating consultant performance. We also found examples of non-compliance with procurement rules, including contract variations that exceeded procurement thresholds.

NSW Procurement has made improvements to the information available about spending on consultants, including additional analysis and reporting. However, there is no single data source that accurately captures spending on consultants.

Our analysis of data on whole-of-government spending on consultants, drawn from agency annual reports, indicates that four large professional services firms accounted for about a quarter of consultancy expenditure from 2017–18 to 2021–22. This concentration increases strategic risks, including over-reliance on a limited number of providers and potential reduction in the independence of advice.

It is also highly unlikely that NSW government agencies will meet the government's 2019 policy commitment to reduce consultancy expenses by 20% each year, over four years, from 2019–20. NSW Treasury advised that to implement this commitment, agency budgets were reduced in Prime in line with the savings targets. However, actual spending on consulting in NSW Treasury's Reports on State Finances 2020–21 and 2021–22 was almost $100 million higher than the savings targets over the first three years since 2019–20.

What we recommended

The report made seven recommendations which aim to improve:

• the quality and transparency of data on spending on consultants
• monitoring of strategic risks and agency compliance with procurement and recordkeeping rules
• agencies' strategic use of consultants, including evaluation and knowledge retention.

Between 2017–18 and 2021–22, NSW government agency annual reports disclosed total spending of around $1 billion on consultants across more than 10,000 engagements. More than 1,000 consulting firms provided services to NSW government agencies during this period. Consulting is a classification of professional services that is characterised by giving advice or recommendations on a specific issue. The NSW Procurement Board Direction PBD-2021-03 defines a consultant as a person or organisation that provides 'recommendations or professional advice to assist decision-making by management'. PBD-2021-03 notes that the advisory nature of the work of consultants is the main factor that distinguishes them from other providers of professional services.

The NSW Procurement Board is responsible for setting procurement policy, issuing directions to support policies, and monitoring and reporting on agency compliance with policies and directions. NSW Procurement, a division within NSW Treasury, supports agencies to comply with the NSW Procurement Board’s policies and directions. A 'devolved governance model' is used for procurement in New South Wales. This means the heads of government entities that are covered by the NSW Procurement Board’s directions are responsible for managing the entity's procurement, including managing risks, reporting and ensuring compliance, in line with procurement laws and policies.

This audit assessed how effectively NSW government agencies procure and manage consultants. It assessed the role of the NSW Procurement Board and NSW Procurement in supporting and monitoring agency procurement and management of consultants. It also reviewed a sample of consulting engagements from ten NSW government agencies to examine how agencies procured, managed and reported on their use of consultants. The ten NSW government agencies were:

• NSW Treasury
• Department of Communities and Justice
• Department of Customer Service
• Department of Education
• Department of Planning and Environment
• Department of Premier and Cabinet
• Department of Regional NSW
• Infrastructure NSW
• Sydney Metro
• Transport for NSW

There are four different sources of data that contain information about spending on consultants by NSW government agencies: the State's financial consolidation system (Prime), disclosures of spending on consultants in agency annual reports, and two systems operated by NSW Procurement (the Business Advisory Services (BAS) dashboard and Spend Cube). Each of these data sources serves a different purpose, and collects and categorises information differently. None of these provide a complete source of data on spending on consultants, either in their own right or collectively.

NSW Treasury considers Prime to be the 'source of truth' on consulting expenditure across the NSW public sector. An account within Prime records recurrent spending on consultants, but this account does not include capital expenditure (that is, spending on consultants that has from a financial reporting perspective been 'capitalised' to a project on the balance sheet). As the State's financial consolidation system, Prime captures all financial information. However, capitalised consulting expenditure is recorded within various capital accounts, and is not identifiable within these accounts. While this is appropriate for accounting purposes, it means that the Prime account that records recurrent consulting expenditure does not reflect total spending on consultants by NSW government agencies. We used the data in Prime to assess whether NSW government agencies met the NSW Government's policy commitment—stated before the 2019 election and costed by the Parliamentary Budget Office—to reduce recurrent expenditure on consulting by 20% each year, over four years, from 2019–20. We did this because, while the Prime account for recurrent consulting expenditure does not reflect all spending on consultants, it does capture the recurrent spending that was subject to the policy commitment.

Most NSW government agencies are required by legislation to disclose spending on consultants (as defined in PBD-2021-03) in their annual reports. These disclosures include both recurrent and capital expenditure. For consulting engagements that cost more than $50,000, the disclosures also provide itemised information, including the names of the individual projects and the consultants used. While this data is more complete than Prime because it includes capital expenditure, it also has some gaps. Some entities are excluded from public reporting requirements on consultant use. For example, NSW Local Health Districts (LHD) are not required to produce annual reports, and the Ministry of Health does not include LHD consulting expenditure in its annual report.¹ We used annual report disclosure data to report on total expenditure on consultants, and the concentration of suppliers of consulting services to NSW government agencies.

The BAS dashboard and Spend Cube are systems created by NSW Procurement to collect information about spending on suppliers of professional services. This includes consultants, but also includes other professional services providers. The systems were not designed for reporting on spending on consulting as defined in PBD-2021-03. However, we have used this data to assess specific aspects of NSW Procurement's monitoring of the use of consultants by NSW government agencies.

In 2018, we conducted an audit titled 'Procurement and reporting of consultancy services'. This assessed how 12 NSW government agencies complied with procurement requirements and how NSW Procurement supported the functions of the NSW Procurement Board. The 2018 audit found that none of the 12 agencies fully complied with NSW Procurement Board Directions on the use of consultants and that the NSW Procurement Board was not fully effective in overseeing and supporting agencies’ procurement of consultants. Specific findings from the 2018 audit included: 

• Agencies applied the definition of consultant inconsistently, which affected the accuracy of reporting on consultancy expenditure.
• There was inadequate guidance from NSW Procurement for agencies implementing the procurement framework, with a need for additional tools, automated processes, and other internal controls to improve compliance.
• NSW Procurement had insufficient data for effective oversight of procurement and did not publish any data on the procurement of consultancy services by NSW government agencies.

This chapter outlines our findings on the role of NSW Procurement in overseeing the use of consultants by NSW government agencies.

This chapter outlines our findings on the use of consultants by the ten NSW government agencies that were included in this audit.

Appendix one – Responses from auditees

Appendix two – About the audit

Appendix three – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #378 - released 2 March 2023

What the report is about

The Government Advertising Act 2011 requires the Auditor-General to undertake a performance audit on government advertising activities each financial year.

This audit examined whether TAFE NSW's annual advertising campaign in 2021–22:

1. was carried out effectively, economically, and efficiently
2. complied with regulatory requirements and the Government Advertising Guidelines.

What we found

TAFE NSW complied with Section 6 of the Act, prohibiting political content.

It also complied with most other advertising requirements.
 
An important exception was that the Managing Director certified that the campaign complied with regulatory requirements and was an efficient and cost-effective means of achieving its public purpose, before a cost-benefit analysis (CBA) was completed.

We have found issues with agencies complying with CBA requirements in previous government advertising audits. This includes the failure to complete them before signing compliance certificates.

The policy owner, the Department of Customer Service (DCS), does not consider oversight of CBAs to be within the scope of their peer review process.  

TAFE NSW evaluated this advertising campaign by surveying a population significantly broader than the target audience. As such, survey results may not accurately reflect the views of the intended audience.

What we recommended

By 30 June 2023, TAFE NSW should:

1. implement processes that ensure:
   1. CBAs are completed before the launch of campaigns over $1 million
   2. compliance certificates are completed only after all regulatory requirements are met
2. consider adding to its current evaluation methods by surveying a population which closely reflects the age profile of its intended target audience.

By June 2023, DCS should:

3. improve whole‑of‑government reporting and monitoring processes to provide the NSW Government with a central view of compliance, including the completion of CBAs by agencies.

The Government Advertising Act 2011 (the Act) sets out requirements that must be followed by a government agency when it carries out a government advertising campaign. The requirements include an explicit prohibition on political advertising, as well as a need to complete a peer review and cost-benefit analysis before the campaign commences. The accompanying Government Advertising Regulation 2018 (the Regulation) and Government Advertising Guidelines (the Guidelines) address further matters of detail.

The Act also requires the Auditor-General to conduct a performance audit on the activities of one or more government agencies in relation to government advertising campaigns in each financial year. The performance audit must assess whether a government agency (or agencies) has carried out activities in relation to government advertising campaigns in an effective, economical and efficient manner. It also assesses compliance with the Act, the Regulation, other laws and the Guidelines.

This audit examined TAFE NSW's advertising campaign for the 2021–22 financial year. TAFE NSW is the NSW Government's public provider of vocational education and training. TAFE NSW carries out an advertising campaign every year. In 2021–22, it spent $15.16 million on developing and implementing advertising. TAFE NSW used channels such as television, radio, internet and social media, press, and out of home advertising in public settings such as bus stops. The advertising aimed to increase the percentage of people considering TAFE NSW for training or education, grow the percentage of people who consider TAFE NSW to be the preferred education provider in NSW, and maintain the proportion of people who are aware of TAFE NSW more generally.

There are a range of private service providers helping to deliver vocational education and training in NSW.

This part of the report sets out key aspects of TAFE NSW's compliance with the government advertising regulatory framework. It considers whether TAFE NSW complied with the:

• Government Advertising Act 2011
• Government Advertising Regulation 2018
• NSW Government Advertising Guidelines 2012 and other relevant policy.

This part of the report considers whether TAFE NSW's advertising program for 2021–22 was carried out in an effective, efficient, and economical manner.

Appendix one – Responses from agencies

Appendix two – About the campaign

Appendix three – About the audit

Appendix four – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #377 - released 28 February 2023

What the report is about

Cyber Security NSW is part of the Department of Customer Service, and aims to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats.

This audit assessed the effectiveness of Cyber Security NSW's arrangements in contributing to the NSW Government's commitments under the NSW Cyber Security Strategy, in particular, increasing the NSW Government's cyber resiliency. The audit asked:

• Are internal planning and governance processes in place to support Cyber Security NSW meet its objectives? 
• Are Cyber Security NSW's roles and responsibilities defined and understood across the public sector?

What we found

Cyber Security NSW has a clear purpose that is in line with wider government policy and objectives. However, it does not clearly and consistently communicate its key objectives, with too few reliable and meaningful ways of measuring progress toward those objectives.

Cyber Security NSW does not provide adequate assurance of the cyber security maturity self assessments performed by NSW Government agencies. Department heads are accountable for ensuring their agency's compliance with NSW government policy.

Cyber Security NSW has a remit to assist local government to improve cyber resilience. However, it cannot mandate action and does not have a strategic approach guiding its efforts.

What we recommended

By 30 June 2023 the Department of Customer Service should:

1. implement an approach that provides reasonable assurance that NSW government agencies are assessing and reporting their compliance with the NSW Government Cyber Security Policy in a manner that is consistent and accurate
2. ensure that Cyber Security NSW has a strategic plan that clearly demonstrates how the functions and services provided by Cyber Security NSW contribute to meeting its purpose and achieving NSW government outcomes
3. ensure that Cyber Security NSW has a detailed, complete and accessible catalogue of services available to agencies and councils
4. develop a comprehensive engagement strategy and plan for the local government sector, including councils, government bodies, and other relevant stakeholders. 

The NSW Cyber Security Strategy details a vision for ‘…NSW to become a world leader in cyber security, protecting, growing, and advancing our digital economy’. Cyber Security NSW, located within the Department of Customer Service, has lead responsibility for one of the four commitments in the strategy: to increase the NSW Government’s cyber resilience.

Cyber Security NSW ‘aims to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats’. It does not provide broader consumer-focused services.

In August 2020, the NSW Government approved a business case to enhance the funding and remit of Cyber Security NSW to include a broader range of services and functions. As a result, Cyber Security NSW is receiving $60 million in funding from 2020–21 to 2022–23, an increase from its previous funding of around $5 million per year (which had been sourced from contributions from each NSW Government department).

The objective of this performance audit was to assess the effectiveness of Cyber Security NSW’s arrangements in contributing to the NSW Government’s commitments under the NSW Cyber Security Strategy, in particular, to increase the NSW Government’s cyber resilience.

We assessed this objective through two lines of inquiry:

1. Are internal planning and governance processes in place to support Cyber Security NSW meet its objectives?
2. Are Cyber Security NSW roles and responsibilities defined and understood across the public sector?

The Audit Office of New South Wales has reported on the topic of cyber security previously. Most recently, the Internal Controls and Governance 2022 report included findings and recommendations relating to cyber security internal controls and governance at 25 of the largest agencies in the NSW public sector. While that report is multi-agency and sought to assess the level of cyber security attained in selected agencies, this current performance audit report focuses specifically on Cyber Security NSW and how well-equipped it is to meet its whole-of-government cyber security leadership and coordination roles.

Cyber security is an evolving landscape where the nature and scale of threats are increasing. The Australian Cyber Security Centre (ACSC), the Australian Government lead agency for cyber security, reported in its in 2020–21 annual report that it received over 67,500 cybercrime reports, equating to one report of a cyber attack every eight minutes, with no sector of the economy or type of government agency immune.

Citizens of NSW are increasingly accessing online government services in this context, providing different types of sensitive personal information. This reliance and transition to digital services has increased in recent times, particularly during the COVID-19 pandemic. The NSW Legislative Council’s Portfolio Committee (the Committee) noted in the March 2021 inquiry report into cyber security in NSW that ‘a failure to get cyber security right in New South Wales represents a significant risk to the State’s economy, business and community, and will affect public trust in government’.

The Committee noted that sound cyber security practices across NSW Government agencies, which Cyber Security NSW was established to drive, will enable the State and community to leverage opportunities from the digital world. Indeed, NSW aims to become a world leader in cyber security by protecting, growing and advancing the digital economy.

Establishment of Cyber Security NSW

Prior to the establishment of Cyber Security NSW, the Office of the Government Chief Information Security Officer was responsible for cyber security across the NSW government sector. This role was announced in March 2017 and was tasked with ‘identifying areas of high risk of attack, and working across NSW agencies to share intelligence, facilitate minimum security standards, and ultimately ensure that citizens can trust in the NSW Government’s delivery of digital transformation’. At the time of this appointment, the Minister for Customer Service and Digital Government stated that ‘cyber security and risk has emerged as one of the most high-profile, borderless and rapidly evolving risks facing government’.

The Office of the Government Chief Information Security Officer was renamed on 20 May 2019 to Cyber Security NSW. Governance updates at the time note that this was undertaken to ‘better reflect the leadership and coordination role required to uplift cyber security and decision-making across NSW Government’. The establishment of Cyber Security NSW was also partly in response to the Audit Office of New South Wales 2018 performance audit report on ‘Detecting and Responding to Cyber Security Incidents’. That audit found that there was no whole-of-government capability to detect and respond effectively to cyber security incidents. Cyber Security NSW is relatively new and is established as a branch within the Department of Customer Service (DCS).

The Office of the Government Chief Information Security Officer, and subsequently Cyber Security NSW, was initially funded through a levy imposed on clusters. Funding arrangements for Cyber Security NSW changed with the announcement in August 2020 of $240 million over three years for the stated purpose of bolstering the NSW Government’s cyber security capability and creating a world leading cyber industry. This funding included direct investment of $60 million from 2020–21 to 2022–23 for Cyber Security NSW to increase its capability and capacity, with the size of the team at the time expected to grow from 25 to 100 staff. In announcing this funding, the Minister for Customer Service and Digital Government stated that ‘…this is the biggest single cyber security investment in national history and will strengthen the government's capacity to detect and respond to the fast-moving cyber threat landscape’.

Cyber Security NSW is divided into two directorates, with one directorate having a focus on operations, and the other on policy and awareness. In turn, there are seven teams within the two directorates. As at March 2022, Cyber Security NSW had 76 ongoing positions filled, five contractors and 22 vacancies.

Cyber Security NSW states that its aim ‘…is to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats. By building a stronger cyber resilience across whole-of-government, Cyber Security NSW is able to support the economic growth prosperity and efficiency of NSW’.

NSW Government Cyber Security Strategy

The NSW Government Cyber Security Strategy was released in September 2018 to ‘…guide and inform the safe management of government’s growing cyber footprint’. The 2018 Cyber Security Strategy also set out an action plan with success criteria against each of the six themes of the NSW cyber security framework. Based on a framework from the US National Institute of Standards and Technology (NIST), these themes are:

• lead
• prepare
• prevent
• detect 
• respond 
• recover.

The Strategy was revised in 2021 and combined with the Cyber Security Industry Development Strategy. The aim of this current strategy is to ‘…outline the key strategic objectives, guiding principles, and high-level focus areas that the NSW Government will use to align existing and future programs of work’. The strategy includes four NSW Government commitments to:

• increase NSW Government cyber resiliency
• help NSW cyber security businesses grow
• enhance cyber security skills and workforce 
• support cyber security research and innovation.

Cyber Security NSW has responsibility as ‘lead agency’ on the first commitment. This role requires it to set commitment objectives and focus areas for the strategy and provide central leadership and coordination of programs and initiatives.

NSW Government Cyber Security Policy

The NSW Government’s Cyber Security Policy was released in February 2019, replacing the former Digital Information Security Policy. All NSW Government agencies must comply with the Cyber Security Policy, and it was recommended for adoption by State Owned Corporations (SOC), local councils, and universities.

The current version of the Cyber Security Policy sets out a range of mandatory requirements for agencies, including: 

• annual reporting of their self-assessed levels of maturity against all the mandatory requirements of the Policy and the Australian Cyber Security Centre’s ‘Essential Eight’ requirements 
• that agencies must provide a list of their ‘crown jewels’ and high and extreme risks to their cluster Chief Information Security Officer (CISO).

The Policy sets out that Cyber Security NSW:

• may assist agencies with their implementation of the Policy with an FAQ document and guidelines on several cyber security topics
• will summarise the maturity reports provided by agencies and provide the results to the relevant governance bodies including the Cyber Security Steering Group, Secretaries’ Board, relevant committees of Cabinet, Cyber Security Senior Officers’ Group, and the ICT and Digital Leadership Group, as well as use these reports to identify common themes and areas for improvement across NSW Government.

As discussed further in Chapter 3, a mandatory guideline issued by the Secretary of the Department of Customer Service in 2020 established that departments and agencies will be subject to audits by Cyber Security NSW. This is to test compliance with the Cyber Security Policy and report these outcomes to the Secretaries’ Board.

This chapter considers whether the Department of Customer Service has a strategic plan for Cyber Security NSW that includes a consistent hierarchy of priorities, which are then reflected in workplans, and inform decisions about specific functions and activities. It also considers whether:

• there was a sound, evidence-based rationale for why Cyber Security NSW was established
• the specific services and functions Cyber Security NSW provides are adequately targeted to agency and council needs
•  there is adequate performance assessment of how the services and functions performed by Cyber Security NSW contribute to uplifting cyber maturity and increasing cyber resilience.

This chapter considers the distribution of responsibility for cyber security in the NSW public sector, as well as whether the responsibilities and roles of Cyber Security NSW are clear and understood by agencies and councils. It also considers whether Cyber Security NSW has sufficient authority and mandate to fulfill its responsibilities for both NSW Government agencies and the local government sector.

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #374 - released 8 February 2023

What the report is about

Results of the 2021–22 consolidated General Government Sector (GGS) and Total State Sector (TSS) financial statements audits.

What we found

The Independent Auditor’s Report on the 2021–22 GGS and TSS financial statements was modified with a limitation of scope and also contained an emphasis of matter.

The opinion in the TSS Independent Auditor’s Report was modified with a limitation of scope on certain balances consolidated in the TSS financial statements because the Catholic Metropolitan Cemeteries Trust (CMCT) denied access to its management, books and records for the purpose of conducting a financial audit.

The Independent Auditor’s Report also includes an emphasis of matter drawing attention to the significant uncertainties associated with the GGS’s equity investment in Transport Asset Holding Entity (TAHE). The significant uncertainty relates to key assumptions and estimates used to forecast a 2.5% return from GGS investments into TAHE that supports the accounting treatment as an equity injection, including:

• funding to support the Rail Operators to pay TAHE’s contracted and forecast access and licence fees up until 2045–46. The Rail Operators are dependent on funding from the GGS to pay access and licence fees. Forecast modelling notes a requirement of a further $10.2 billion in budget funding to pay TAHE to the end of the ten-year contract period in 2030–31, in addition to the $5.5 billion allocated in the forward estimates and up to $50.8 billion for the period 2032 to 2046
• a significant portion of the projected returns are earnt outside of the ten-year contract period and there is a risk that TAHE may not be able to recontract fees at levels consistent with current projections.

What we recommended

The report includes a number of recommendations including:

• continued monitoring that TAHE controls the reported assets ensuring the CMCT, Category 2 Statutory Land Managers (SLM) and Commons Trusts meet their statutory reporting obligations
• ensuring accounting and audit position papers are sufficiently consulted with key stakeholders and are concluded on a timely basis
• ensuring agencies support the timely conclusion of audits by bringing to the auditors' attention key Cabinet records and identifying references relating to accounting issues impacting the financial statements
• for Special Deposit Accounts (SDA) responsible managers should ensure amounts appropriated under any Act or law for payment into the account are appropriately recorded, ensuring payments from SDAs are allowable and made in accordance with Treasurer's delegations and standing authorisation.

Image

Pursuant to section 52A of the Government Sector Audit Act 1983 I am pleased to present my Auditor-General’s Report on State Finances 2022.

Once again this year has presented considerable challenges for the state sector and my Office as we collectively grapple with uncertainties related to COVID-19 and the disruption of emergency events impacting New South Wales. In addition, there were many recommendations arising from last year’s audit to be addressed.

While there is more to do to ensure good financial stewardship of the State, resolution of matters was helped by constructive engagement with the NSW Treasury at the most senior levels. Personally I wish to thank the Treasurer and Secretary for their commitment to instilling integrity in financial management systems and processes. The support Treasury provided for recent amendments to the Government Sector Audit Act 1983 to provide ‘follow the dollar’ powers and other changes recommended by the Public Accounts Committee quadrennial review of my Office is also acknowledged.

Finally I want to thank the teams that contributed to this year’s audit of the Total State Accounts for their diligence, professionalism and commitment. I am very proud of your work.

Margaret Crawford

Auditor-General for New South Wales

The Independent Auditor's Report was qualified and also included an emphasis of matter

The audit opinion on the State's 2021–22 financial statements was modified. The delayed signing of the NSW Total State Sector Accounts (TSSA) by NSW Treasury was in order to resolve significant accounting issues that were material to the TSSA. The key areas requiring significant audit effort included reviewing the State's accounting for TCorp Investment Management (IM) Funds and responding to the risks related to the Catholic Metropolitan Cemeteries Trust (CMCT) denying access to its management and books and records, which is detailed in this Report.

NSW Treasury aimed to sign the TSSA by 19 October 2022. This was delayed by nearly six weeks and the TSSA audit opinion was subsequently signed on the statutory deadline imposed on the Treasurer for tabling of the TSSA in the Legislative Assembly of 30 November 2022.

The Independent Auditor’s Report was modified due to a limitation of scope on the balances consolidated in the TSSA relating to the CMCT

The opinion in the Independent Auditor’s Report was modified with a limitation of scope due to the inability to access management, books and records of a controlled entity, the CMCT.

This year, NSW Treasury, after reconsidering all facts and the perspectives of the CMCT, reconfirmed that the CMCT is a controlled entity of the State for financial reporting purposes. This means CMCT is a GSF agency under the provisions of the Government Sector Finance Act 2018 (GSF Act). As such NSW Treasury is required by Australian Accounting Standards to consolidate the CMCT into the Total State Sector Accounts (TSSA). The value of assets and liabilities of CMCT consolidated into the TSSA is $310.3 million and $15.1 million, respectively, and the loss of CMCT consolidated into the TSSA for the year is $2.4 million.

To date, CMCT has not met its statutory obligations to prepare financial statements under the GSF Act and give them to the Auditor-General. CMCT has not submitted its financial statements to the Auditor-General for audit as required despite repeated requests and has not provided access to its books and records for the purposes of a financial audit. The Secretary of the Department of Planning and Environment wrote to CMCT to request it work with, and offer full assistance to, the Auditor-General in the exercise of her duties.

NSW Treasury has met with and considered CMCT's perspectives. NSW Treasury’s position remains that CMCT is a controlled entity of the State for financial reporting purposes. Consequently, CMCT has not met its statutory obligations as a controlled entity to submit its financial statements for audit and provide access to its books and records. Therefore, the Audit Office was unable to obtain sufficient appropriate audit evidence about the carrying amount of assets and liabilities consolidated into the Total State Sector Accounts as at 30 June 2022 and of the amount of income and expenses for the year then ended. Accordingly a modified audit opinion was issued on the NSW Government's 2021–22 consolidated financial statements.

Section 3 of this report titled 'Limitation of Scope relating to CMCT' discusses this matter in further detail.

An emphasis of matter drawing attention to uncertainty relating to the General Government Sector's investment in the Transport Asset Holding Entity (TAHE) remains

The Independent Auditor’s Report also includes an emphasis of matter, drawing attention to the significant uncertainties associated with the General Government Sector's (GGS) equity investment in TAHE. The significant uncertainty relates to key assumptions used to forecast returns from investments into TAHE in order to support the recognition of the government's funding of TAHE as an equity injection.

At the time of signing the Independent Auditor's Report, there was significant uncertainty with regards to assumptions and estimates used to forecast a return from the GGS investment into TAHE, which supports the recognition of an equity injection. There is significant uncertainty relating to:

• the 2022–23 Budget committed $5.5 billion to fund TAHE's key customers, Sydney Trains and NSW Trains (the operators), to support their payment of access and licence fees agreed on 23 June 2022. However, this funding only extends out to the end of the forward estimates period in 2025–26, which falls short of the ten-year contractual periods to 2030–31 and the projected period to 2045–46 to achieve a 2.5% return from the government's equity investment. The government will need to fund the operators an additional $10.2 billion in Budget funding so that they can meet their contractual obligations to TAHE from 2026–27 to 2030–31, and a further projected funding of $50.8 billion from 2031 to 2046. This additional funding is not within the government's published Budget figures, leading to uncertainty on whether the government-funded operators can pay access and licence fees beyond the forward estimates period of 2025–26
• a significant portion of the projected returns are earnt outside the ten-year contract period (terminating 30 June 2031) and there is a risk that TAHE will not be able to recontract for access and licence fees at a level that is consistent with current projections. There is also a risk that funding for TAHE's key customers will not be sufficient to fund payment of access and licence fees at a level that is consistent with current projections.

The 'State Finances 2021' report made recommendations regarding the significant accounting issues relating to TAHE. The State's response to these recommendations are detailed in Section 4 of this report titled ‘Investment in the Transport Asset Holding Entity’. Other significant matters related to the TSSA audit are covered in Section 8 titled ‘Key audit findings’.

Other financial reporting matters

All government agencies were granted an extra week to submit financial statements for audit

A one-week extension provided agencies across the sector with additional time to resolve key accounting issues and submit financial statements for audit by 1 August 2022.

Further extensions were approved for the following seven agencies (ten in 2020–21):

• State Insurance Regulatory Authority (3 August 2022)
• Dams Safety NSW (8 August 2022)
• Jenolan Caves Reserve Trust (8 August 2022)
• Transport for NSW (8 August 2022)
• Department of Enterprise, Investment and Trade (22 August 2022)
• Transport Asset Holding Entity (22 August 2022)
• Department of Transport (26 August 2022).

Additional extensions provided agencies with more time to complete:

• asset valuations
• valuations of actuarially assessed liabilities.

An initial draft of the TSSA was provided to audit on 15 September 2022. This version was incomplete and excluded the impact of consolidating the State's TCorp IM funds under the correct Australian Accounting Standards. An additional three versions of the draft TSSA were provided to audit progressively to update the TCorp IM fund consolidated balances. The final complete version of the TSSA was submitted on 27 October 2022 which included all adjustments relating to the TCorp IM fund consolidation. Refer to section 8.1 for more details on the material restatements relating to the consolidation of the TCorp IM funds.

In 2021–22, agency financial statements presented for audit contained 20 errors exceeding $20 million (24 in 2020–21). The total value of these errors was $973 million, a decrease from the previous year ($6.6 billion in 2020–21).

The graph below shows the number of reported errors exceeding $20 million over the past five years in agencies’ financial statements presented for audit.

The errors resulted from:

• incorrect application of Australian Accounting Standards and NSW Treasury policies
• incorrect judgements and assumptions when valuing non-current physical assets and liabilities.

NSW Treasury concluded CMCT is a controlled entity of the State

In response to our recommendation in the ‘State Finances 2021’ report, NSW Treasury reconfirmed that the Catholic Metropolitan Cemeteries Trust (CMCT) is a controlled entity of the State. The Audit Office accepted the position of NSW Treasury.

The reaffirmation of this position means CMCT is a GSF agency under the provisions of the Government Sector Finance Act 2018 (GSF Act). Section 7.6 of the GSF Act places an obligation on CMCT to prepare financial statements and give them to the Auditor-General. Further, section 34 of the Government Sector Audit Act 1983 (the GSA Act) requires the Auditor-General to furnish an audit report on these financial statements.

To date, CMCT has not met its statutory obligations to prepare financial statements under the GSF Act and give them to the Auditor-General. CMCT has not submitted their financial statements to the Auditor-General for audit despite repeated requests and has not provided access to its books and records for the purposes of a financial audit. There was extensive correspondence between the Audit Office of NSW, CMCT, NSW Treasury and the Department of Planning and Environment in 2022 regarding this matter.

In addition, on 10 December 2021, the then Minister for Water, Property and Housing wrote to the Auditor-General requesting a financial and performance audit be performed pursuant to section 27B(3)(c) of the GSA Act. The audit would cover the financial affairs of CMCT, including whether funds have been used for the proper purpose. The Audit Office of New South Wales has written to CMCT on a number of occasions to request the provision of documentation and access to management in order to conduct the performance audit. CMCT has not provided the Audit Office of New South Wales access to its management, books and records for the purpose of the required performance audit.

NSW Treasury has met with and considered CMCT's perspectives. NSW Treasury’s position remains that CMCT is a controlled entity of the State for financial reporting purposes. Consequently, CMCT did not meet its statutory obligations as a controlled entity to submit its financial statements for audit and provide access to its books and records.

The TSSA audit opinion included a limitation of scope

The opinion in the TSSA Independent Auditor’s Report was modified with a limitation of scope due to an inability to access management and the books and records of CMCT. This limitation was appropriately disclosed in Note 1 'Statement of Significant Accounting Policies' of the TSSA. The Statement of Compliance signed by the Secretary of Treasury and the Treasurer on 29 November 2022 was also updated to acknowledge the disclosure in Note 1 regarding CMCT.

The Audit Office was unable to obtain sufficient appropriate audit evidence about the carrying amount of assets and liabilities consolidated into the Total State Sector Accounts as at 30 June 2022 and of the amount of income and expenses for the year then ended. Accordingly a modified audit opinion was issued on the NSW Government's 2021–22 consolidated financial statements.

The process of information sharing by NSW Treasury continues to require improvement

In last year’s ‘State Finances 2021’ report an extreme risk management letter finding was reported for NSW Treasury to ensure it significantly improve its processes so that all relevant information is identified and shared with the Audit Office to support material transactions and balances of the State.

A number of events reconfirmed that NSW Treasury needs to continue improving its process with respect to information sharing with the Audit Office. Notably, NSW Treasury’s finance team had not demonstrated that all available information (on their systems) was considered by them when assessing the State’s control over CMCT.

Critical information relating to CMCT was in the possession of NSW Treasury since late October 2021 but not considered when reconfirming their accounting position on the State's control of CMCT this year. A further reconfirmation of the State's control over CMCT was needed by NSW Treasury to ensure this information was considered in their accounting assessment.

The above demonstrates that more effective consultation is required by NSW Treasury with key stakeholders to ensure all information relevant to forming an accounting position relating to the TSSA is captured. This will ensure new information is not identified late in the audit process and NSW Treasury considers all information when concluding on the accounting position of the State.

Last year's report highlighted that NSW Government actions avoided a qualified opinion in 2020–21 relating to the General Government Sector's $2.4 billion cash contribution to Transport Asset Holding Entity (TAHE). These actions included the NSW Government agreeing to provide additional future funding to TAHE's key government customers Sydney Trains and NSW Trains (the operators) to support increases in access and licence fees to be paid to TAHE.

The additional funding by the government was necessary to demonstrate that a reasonable expectation of a sufficient rate of return would be earned on its equity invested in TAHE. Last year, there was no government policy on what the minimum return should be on investments in other public sector entities, so the long-term inflation rate was used as a benchmark. A recommendation was made in last year's State Finances report that NSW Treasury establish a policy on the minimum expected return from its investments.

On 6 September 2022, NSW Treasury finalised its policy relating to the government’s returns on equity investments. The application of this policy is limited to State Owned Corporations and similar to the Commonwealth framework for commercial businesses, which requires the expected return be at least equal to the long-term inflation rate.

The government's commitment to additional funding was conveyed last year through revised shareholder expectations being published in the 2021–22 'NSW Budget-Half yearly Review' on 16 December 2021, increasing the expected returns on equity from 1.5% to the expected long-term inflation rate of 2.5%. On 18 December 2021, Transport for NSW (TfNSW) and the operators entered into a Heads of Agreement (HoA). This formed the basis of negotiations to revise the pricing within the existing ten-year contracts and deliver upon the shareholders’ expected return of 2.5% on contributed equity to be earned over the estimated weighted average remaining useful lives of TAHE's assets.

Further information on last year's audit of the government’s investment in TAHE can be found in our 'State Finances 2021' report.

Ten-year commercial agreements were signed between TAHE, operators and TfNSW

Last year's State Finances report recommended that NSW Treasury facilitate revised commercial agreements to reflect the access and licence fees detailed in the HoA. As these agreements were not executed by 30 June 2021, last year's audit opinion of the Total State Sector Accounts (TSSA) included an Emphasis of Matter drawing attention to the uncertainty that existed at balance date as these agreements were not finalised.

On 23 June 2022, commercial agreements were signed between TAHE, the operators and Transport for NSW through a deed of variation. The revised access and licence fees for the ten-year period 2021–22 to 2030–31 was $16.6 billion, which is $520 million less than the HoA fees of $17.1 billion.

TAHE's main customers principally rely on government funding to pay access and licence fees

Whilst TAHE has agreed ten-year access and licence fees of $16.6 billion with its two main customers Sydney Trains and NSW Trains, these two operators significantly rely on government funding when making these payments to TAHE. At 30 June 2022, TAHE's expected return of 2.5% is contingent upon the GGS funding the operators to support their payment of access and licence fees that have been agreed with TAHE for the ten-year contracted period and for non-contracted periods from 2031–32 to 2045–46.

The 2022–23 NSW Budget has allocated $5.5 billion to fund the operators, to support their payment of access and licence fees. However, this funding extends to the end of the forward estimates period in 2025–26, which falls short of the ten-year contractual period to 2030–2031 and the projected period to 2045–46 to achieve the 2.5% return.

The government will need to fund the operators an additional $10.2 billion in budget funding to meet their contractual obligations to TAHE from 2026–27 to 2030–2031, and a further projected funding of $50.8 billion from 2032 to 2046. This is needed to ensure the government continues to demonstrate its expected return on investment of 2.5%. This additional funding is not within the government's published 2022–23 NSW Budget figures, leading to uncertainty on whether the government funded operators can pay access and licence fees beyond the forward estimate period of 2025–26.

Significant funding uncertainties remain

While the ten-year access and licence fee agreements were communicated to the NSW Government's Expenditure Review Committee, it is yet to be fully provided for in the government's budget figures. As TAHE's projections are highly dependent on the operators as its key customers, it remains critical that the government continue to provide sufficient funding to the operators so they can pay for access and use of TAHE assets. This means the significant funding uncertainties reported in last year's TSSA audit opinion remain for 2021–22.

The government has estimated $37.9 billion in returns (equivalent to 2.5% on contributed equity) is to be earned from its investment in TAHE over the period from 1 July 2022 to 30 June 2046. As previously reported, TAHE derives most of its revenue from access and licence fee agreements from the operators, who in turn are both funded by grants through TfNSW from the GGS. More than 95% of these returns are estimated to be earned outside of the ten-year contract period (terminating 30 June 2031).

There remains risk that:

• TAHE will not be able to recontract for access and licence fees at a level that is consistent with current projections
• future governments' funding to TAHE's key customers will not be sufficient to fund payment of access and licence fees at a level that is consistent with current projections
• TAHE will be unable to grow its non-government revenues.

This significant funding uncertainty was also reported in last year's TSSA audit opinion and will remain for 2021–22.

In 2021–22, TAHE and NSW Treasury prepared further modelling to support the Government's intent to earn a 2.5% return inclusive of recovering the holding (revaluation) loss of $20.3 billion on its investment in TAHE

Last year's State Finances report highlighted that NSW Treasury, with TAHE, should prepare robust projections and business plans to support the expected returns forecast beyond FY2031.

This year TAHE engaged an expert to help develop a model demonstrating the government's expected returns from its investment in TAHE. The model mathematically forecasts that returns of 2.5% will be achieved by 2046 and this will include recovery of the revaluation losses of $20.3 billion relating to 2020–21.

The current model includes some key assumptions:

• The main source of revenue is the access and licence fees expected from the two public rail operators (Sydney Trains and NSW Trains) contributing to more than 80% of TAHE's projected revenue. The rail operators are largely funded by the government when paying access and licence fees to TAHE.
• For the first ten years, the access and licence fees are based on the signed agreements between TAHE and the public rail operators.
• Beyond the ten-year contracted period, the model assumes existing contractual terms for access and licence fees will continue unchanged allowing for an annual rise for inflation (2.5% per annum), and increased fees to enable a 7.62% return for renewed assets.
• The capital expenditure included in the model is only the amounts approved by the Expenditure Review Committee (ERC) as part of the ten-year forecast. The model beyond ten years includes expected investment in renewed and replacement assets but excludes any forecasts relating to growth capex that is not approved by the ERC, and any related depreciation expenses for growth capex.

While management has developed a 35-year long term financial model to support the returns, we note this will need to be refined over the next few years. Furthermore, these are forecasted figures and we have not seen sufficient evidence of whether this reflects reality (that is, the achievement of dividends representing a return on equity) as it is still very early. Therefore, this will remain a high-risk matter until we have seen sufficient evidence of reality to the forecasted figures.

There is negative net impact on the budget after 2024–25 and this will grow in the future

There are some key points to highlight with this modelling and these are best conveyed with the graph below. This graph shows total cash injections made by the GGS since the government first announced the creation of TAHE as a for-profit entity in the 2015–16 NSW Budget. It also conveys the forecast returns from TAHE to the GGS and the level of funding operators will need from the GGS to pay TAHE's access and licence fees over the 30-year period. These cash flows are key inputs used in the modelling which calculates a 2.5% return from TAHE inclusive of recovering the holding (revaluation) loss of $20.3 billion.

The government continues to respond to the impact of the COVID-19 pandemic on New South Wales through its economic stimulus measures

The COVID-19 pandemic continued to significantly impact the State’s finances, reducing revenue and increasing expenses especially in sectors directly responsible for responding to the COVID-19 pandemic, such as Health. In October 2021, the government announced through the 'COVID-19 Economic Recovery Strategy' an additional $2.8 billion in economic stimulus and response measures following the conclusion of the three-month lockdown due to the Delta COVID-19 outbreak. Measures included:

• $739 million in household and social support, including housing support for Aboriginal communities and survivors of domestic violence, and vouchers to thank parents for their efforts to support learning from home
• $500 million to consumers and businesses including expansion of the 'Dine & Discover' and 'Stay & Rediscover' voucher programs
• $495 million in education support addressing learning gaps for children and helping schools prepare for future learning disruptions
• $487 million in combined funding for tourism, events, sports, and recreation throughout New South Wales
• $130 million to fund mental health services for individuals whose mental health was impacted by the pandemic.

The 2021–22 financial year included $21.9 billion for pandemic response and economic stimulus measures. Of this, $17.9 billion was spent in 2021–22 while a further $1 billion of the budgeted amount from 2021–22 was carried forward into 2022–23. The graph below shows the total allocation and spend by cluster for 2022 compared to target spend.

There were 14 natural disaster declarations including four severe weather events in 2021–22

Natural disasters such as bushfires, storms, floods, and other adverse weather events can have a significant impact on the State's finances. Costs associated with natural disasters include direct response costs such as clean-up and recovery, temporary accommodation, and as well as financial assistance provided to impacted communities such as recovery and business support grants.

The NSW Government can make a natural disaster declaration allowing eligible individuals and communities from impacted Local Government Areas access to a range of special financial assistance measures.

In 2021–22, there were 14 natural disaster declarations announced comparable to 14 in the previous year. These natural disaster declarations largely related to storms and floods throughout the State. In 2021–22, there was a larger number of 'severe weather' events declared, with four in 2021–22 (nil in 2020–21).

Natural disaster expenses increased 143% to $1.4 billion in 2021–22, up from $569 million last year

Over 2021–22, the budgeted cost for declared natural disasters was $1.9 billion ($725 million in 2020–21). Actual expenditure by the State on disaster response increased by $815 million to $1.4 billion. The graph below shows the total allocation and spend by cluster for 2022 compared to their budget spend.

Deficit of $15.3 billion compared with a budgeted deficit of $8.6 billion

The outcomes of the government’s overall activity and policies are reflected in its net operating balance (budget result). This is the difference between the cost of general government service delivery and the revenue earned to fund these sectors.

The General Government Sector, which comprises 196 entities, generally provides goods and services funded centrally by the State.

In addition to the 196 entities within the General Government Sector, a further 85 government controlled businesses are included within the consolidated Total State Sector financial statements. These businesses generally provide goods and services, such as water, electricity and financial services for which consumers pay for directly, and form part of the PNFC (31) and PFC (54) sectors.

The budget result for the 2021–22 financial year was a deficit of $15.3 billion compared to an original forecast of a budget deficit of $8.6 billion.

Revenues increased $16.1 billion to $106.7 billion

The State’s total revenues increased $16.1 billion to $106.7 billion, an increase of 17.8% compared to the previous year. Total revenue growth in 2020–21 was 5.1%. The State's increase in revenue was mostly from $9.2 billion in grants and subsidies and $4.6 billion in taxation.

Taxation revenue increased by 13.3%

Taxation revenue increased by $4.6 billion, mainly due to the net of:

• $4.9 billion higher stamp duties collected from property sales driven by growth in property transaction volumes and prices during 2021–22. This was growth was experienced across residential and commercial property markets
• $296 million lower gambling and betting taxes compared to 2020–21. Decrease was primarily attributed to the ongoing effects of COVID-19 restrictions and venue closures within the first half of 2021–22.

Stamp duties of $16.6 billion remains the largest source of taxation revenue, $7.7 billion higher than payroll tax of $8.9 billion, the second-largest source of taxation revenue.

Assets grew by $53 billion to $571 billion

The State’s assets include physical assets such as land, buildings and infrastructure, and financial assets such as cash, and other financial instruments and equity investments. The value of total assets increased by $53.2 billion or 10.3% to $571 billion. The increase was largely due to increases in the carrying value of land, buildings and infrastructure systems.

Valuing the State’s physical assets

State’s physical assets valued at $437 billion

The value of the State’s physical assets increased by $46.8 billion to $437 billion in 2021–22 ($724 million increase in 2020–21). The State’s physical assets include land and buildings ($198 billion), infrastructure systems ($221 billion), and plant and equipment ($18 billion).

The movement in physical asset values between years includes additions, disposals, depreciation and valuation adjustments. Other movements include assets reclassified to held for sale and other opening balance adjustments.

Appendix one – Prescribed entities

Appendix two – Legal opinions

Appendix three – TSS sectors and entities

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.