Reports
Actions for Planning and Environment 2018
Planning and Environment 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the NSW Planning and Environment cluster. The report focuses on key observations and findings from the most recent financial audits of these agencies. Unqualified audit opinions were issued for all agencies' financial statements. However, some cultural institutions had challenges valuing collection assets in 2017–18. These issues were resolved before the financial statements were finalised.
This report analyses the results of our audits of financial statements of the Planning and Environment cluster for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the Planning and Environment cluster agencies' financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- service delivery.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making is enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment cluster for 2018.
Observation | Conclusions and recommendations |
2.1 Quality of financial reporting | |
Unqualified audit opinions were issued for all agencies' financial statements. | The quality of financial reporting remains high across the cluster. |
2.2 Key accounting issues | |
There were errors in some cultural institutions' collection asset valuations. | Recommendation: Collection asset valuations could be improved by:
|
2.3 Timeliness of financial reporting | |
Except for two agencies, the audits of cluster agencies’ financial statements were completed within the statutory timeframe. | Issues with asset revaluations delayed the finalisation of two environment and heritage agencies' financial statement audits. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Planning and Environment cluster for 2018
- the areas of focus identified in the Audit Office work program.
The Audit Office annual work program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
Observation | Conclusions and recommendations |
3.1 Internal controls | |
One in five internal control weaknesses reported in 2017–18 were repeat issues. | Delays in implementing audit recommendations can prolong the risk of fraud and error. Recommendation (repeat issue): Management letter recommendations to address internal control weaknesses should be actioned promptly, with a focus on addressing repeat issues. |
One extreme risk was identified relating to the National Art School. The School does not have an occupancy agreement for the Darlinghurst campus. | Lack of formal agreement creates uncertainty over the School's continued occupancy of the Darlinghurst site. The School should continue to liaise with stakeholders to formalise the occupancy arrangement. |
3.2 Information technology controls | |
The controls and governance arrangements when migrating payroll data from the Aurion system to SAP HR system were effective. | Data migration from the Aurion system to SAP HR system had no significant issues. |
The Department can improve controls over user access to SAP system. | The Department needs to ensure the SAP user access controls are appropriate, including investigation of excess access rights and resolving segregation of duties issues. |
3.3 Annual work program | |
Agencies used different benchmarks to monitor their maintenance expenditure. | The cluster agencies under review operate in different industries. As a result, they do not use the same benchmarks to assess the adequacy of their maintenance spend. |
This chapter outlines certain service delivery outcomes for 2017–18. The data on activity levels and performance is provided by cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited.
We report this information on service delivery to provide additional context to understand the operations of the Planning and Environment cluster, and to collate and present service information for different segments of the cluster in one report.
In our recent performance audit, ‘Progress and measurement of Premier's Priorities’, we identified 12 limitations of performance measurement and performance data. We recommended the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all relevant agency data sources.
Actions for Industry 2018
Industry 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the Industry cluster. The report focuses on key observations and findings from the most recent financial audits of agencies in the cluster. Cluster agencies received unqualified audit opinions for 41 out of the 47 financial statements presented for audit for 30 June 2018. Six audits remain incomplete. 'While it is pleasing to note that unqualified audit opinions have been issued, the timeliness of financial reporting needs to be improved through better oversight, prompt resolution of issues, and an increased focus on early close procedures', the Auditor-General said.
This report analyses the results of our audits of financial statements of the Industry cluster for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the Industry cluster agencies' financial statements with the results of our audits, including our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- service delivery.
The Department of Industry (the Department) is the lead agency in a cluster of 50 agencies. Other significant agencies in the cluster include Local Land Services, New South Wales Rural Assistance Authority, Technical and Further Education Commission (TAFE NSW), various sporting agencies, Forestry Corporation NSW and Water NSW.
The cluster:
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Industry cluster for 2018.
Observation | Conclusions and recommendations |
2.1 Quality of financial reporting | |
Unqualified audit opinions were issued for 41 out of 47 financial statement audits. Six audits are continuing. The number of misstatements identified in financial statements submitted for audit increased from 73 in 2016–17 to 92 in 2017–18. |
Conclusion: Agencies continue to address financial reporting issues and ensure significant matters that may impact the audit opinion are appropriately dealt with. The increase in the number of misstatements indicates a renewed focus on quality is required. |
2.2 Timeliness of financial reporting | |
Nineteen out of 37 audit opinions were issued within the statutory deadline. Delays occurred due to the time required to resolve issues identified during the audit, or to obtain appropriate evidence to support balances or disclosures in the financial statements. There were also delays in receiving the signed certification from the agency, required before we can issue an audit opinion. We reviewed the conduct of early close procedures at 17 agencies. Fifteen of these agencies were assessed as not fully addressing mandatory early close procedures. |
Recommendation: Timeliness of financial reporting should be improved through better oversight of the preparation of financial statements, prompt resolution of issues, and an increased focus on early close procedures. |
2.3 Key financial reporting issues | |
Information system limitations continue at TAFE NSW. TAFE NSW implemented additional processes to verify the accuracy and completeness of revenue from student fees. | Conclusion: Procedures to address system limitations are costly, causing delays in financial reporting and increased resource commitments for staff, contractors and audit. |
Misstatements and internal control issues continue to be identified in accounting for Crown land. | The information system used to record Crown land was not designed to facilitate efficient financial reporting. These limitations and other control weaknesses impacted the completeness and accuracy of the Department's financial statements. Recommendation: The Department should address system limitations and control weaknesses to ensure complete and accurate reporting for Crown land. |
Unprocessed Aboriginal land claims continue to increase. | Recommendation (repeat issue): The Department should reduce unprocessed Aboriginal land claims. |
2.4 Financial information and sustainability | |
Cluster agencies recorded a combined surplus of $58.0 million compared to a combined deficit of $86.0 million in the previous year. |
|
We identified five agencies with potential sustainability issues such as low liquidity or negative net assets. | Conclusion: Adequate arrangements are in place to mitigate potential sustainability issues. These arrangements include a commitment from the Department to provide financial support if required. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Industry cluster for 2018
- the areas of focus identified in the Audit Office work program.
The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
Observation | Conclusions and recommendations |
3.1 Internal control | |
Almost one in three internal control issues identified in 2017–18 were repeat issues. | Recommendation (repeat issue): Recommendations to management to address internal control issues from prior years should be addressed promptly to reduce risks and improve processes. |
3.2 Information technology controls | |
User access administration over financial systems remains an area of weakness. Two high risk and 18 moderate risk issues related to user access administration across nine agencies were identified. | Recommendation (repeat issue): Agencies' controls over administration of user access to critical systems should:
|
3.3 Annual work program | |
Errors continue to be identified in the Crown land database. Instances were identified where Crown land was not recognised by the appropriate entity, or was recognised by more than one entity. |
Recommendation: The Department should ensure the Crown land database is complete and accurate so state agencies and local government councils are better informed about the Crown land they control. |
Approximately 700 managers of Crown land do not submit financial statements required by the Public Finance and Audit Act 1983. | NSW Treasury and the Department are continuing work to clarify reporting arrangements for these entities. |
3.4 Managing maintenance | |
Some cluster agencies do not monitor their backlog maintenance. Consequently, the total backlog maintenance in the Industry cluster is unknown. This impacts the reliability and consistency of information about assets and their condition. | When backlog maintenance is unknown, it is difficult for agencies to develop an accurate and effective maintenance plan that focuses on areas of highest need. It also means agencies' maintenance plans are reactive rather than preventative. Effective maintenance planning helps agencies to:
|
Maintenance budgets in some cluster agencies are not set based on actual maintenance needs. | Recommendation: Cluster agencies should set their maintenance budgets based on identified maintenance needs to more accurately budget and prioritise expenditure. |
Agencies in the Industry cluster provide services across a wide variety of areas. This chapter outlines certain service delivery outcomes for 2017–18 for the Industry cluster. It provides important contextual information about the cluster's operation, but the data on activity levels and performance is provided by Cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited.
In our recent performance audit, Progress and measurement of Premier's Priorities, we identified 12 limitations of performance measurement and performance data. We recommended that the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all agency data sources.
Actions for Family and Community Services 2018
Family and Community Services 2018
The Auditor-General for New South Wales, Margaret Crawford released her report today on the Family and Community Services cluster. The report focuses on key observations and findings from the most recent financial audits of agencies in the cluster. Cluster entities received unqualified audit opinions for their 30 June 2018 financial statements. Opportunities to improve the quality of financial reporting were identified and reported to management.
This report analyses the results of our audits of financial statements of the Family and Community Services cluster for the year ended 30 June 2018. The table below summarises our key observations.
This report provides NSW Parliament and other users of the financial statements of Family and Community Services' agencies with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- service delivery.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Family and Community Services cluster for 2018.
Observation | Conclusions and recommendations |
2.1 Quality of financial reporting | |
Unqualified audit opinions were issued for all cluster agencies' financial statements. | Conclusion: Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement. |
Agencies complied with NSW Treasury’s mandatory early close requirements. Completing other early close procedures was inconsistent and not always supported by adequate evidence. |
Conclusion: There are opportunities for agencies to improve the quality of financial reporting by:
|
2.2 Timeliness of financial reporting | |
Agencies completed revaluations of property, plant and equipment and submitted 31 March 2018 financial statements by the due date as required by NSW Treasury. Agencies submitted year-end financial statements by the statutory deadline. |
Conclusion: Early revaluations of property, plant and equipment contributes to agencies meeting the year-end statutory reporting deadline. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Family and Community Services cluster for 2018
- the areas of focus identified in the Audit Office annual work program.
The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each NSW Government cluster.
Observation | Conclusions and recommendations |
3.1 Internal controls | |
The 2017–18 audits reported 47 internal control weaknesses. While none were high risk, there were 15 repeat issues. |
Conclusion: Management accepted audit findings and advised they are actioning recommendations. Timely action is important to ensure internal controls operate effectively. |
Twenty-two of these internal control weaknesses related to information technology processes and control environment. | Conclusion: Control weaknesses in information systems may compromise the integrity and security of financial data used for decision making and financial reporting. Recommendation: Agencies should strengthen user access administration to prevent inappropriate access to key IT systems by:
|
The Department, NSW Land and Housing Corporation (LAHC) and three other cluster agencies’ contract registers are incomplete and/or inaccurate. | Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations. |
3.2 Audit Office annual work program | |
Financial impact of the commissioning approach. The transfer of disability services to the National Disability Insurance Scheme and other commissioning of service delivery has contributed to a 36 per cent decrease in frontline employee numbers since 2015–16. Similarly, corporate services’ employee numbers reduced by 34 per cent. The Department’s salary costs have reduced by $232 million or 18 per cent from 2016–17. |
Conclusion: The ratio of corporate services employee numbers to support frontline and support services has remained at 1:10 since 2015–16, which indicates restructures have been planned to align with the transfer of disability services. |
Impact of the new social housing maintenance contract Maintenance expenses have increased by about 40 per cent since the new maintenance contract commenced in April 2016. LAHC measures the benefits of the new maintenance contract such as improved tenant satisfaction. |
Conclusion: The new maintenance contract has contributed to some positive social outcomes such as tenants being employed by the contractors to conduct maintenance, as call centre operators and in administration. However, more can be done to ensure value for money is being achieved. |
ChildStory IT Project Whilst phase one of the ChildStory IT project went 'live' in 2017–18, the planned timetable has not been met and the revised date for full implementation is end of 2018. According to the 2014–15 NSW Budget, the budget for ChildStory was $100 million over a four-year period. During the design and implementation stage, this amount was revised to $128 million, with approval of the Expenditure Review Committee. The actual cost incurred over the four years until 30 June 2018, is approximately $131 million. We identified issues with the data migration from the legacy systems to ChildStory. |
Conclusion: To inform future IT projects, we understand the Department is capturing our findings, along with the findings from the Department of Finance, Services and Innovation’s ‘Healthchecks’. |
This chapter outlines certain service delivery outcomes for 2017–18. The data on activity levels and performance is provided by Cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited.
In our recent performance audit, Progress and measurement of Premier's Priorities, we identified 12 limitations of performance measurement and performance data. We recommended that the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all agency data sources.
Actions for Internal Controls and Governance 2018
Internal Controls and Governance 2018
The Auditor-General for New South Wales Margaret Crawford found that as NSW state government agencies’ digital footprint increases they need to do more to address new and emerging information technology (IT) risks. This is one of the key findings to emerge from the second stand-alone report on internal controls and governance of the 40 largest NSW state government agencies.
This report analyses the internal controls and governance of the 40 largest agencies in the NSW public sector for the year ended 30 June 2018.
This report covers the findings and recommendations from our 2017–18 financial audits that relate to internal controls and governance at the 40 largest agencies (refer to Appendix three) in the NSW public sector.
This report offers insights into internal controls and governance in the NSW public sector
This is our second report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. The way agencies deliver services increasingly relies on contracts and partnerships with the private sector. Many of these arrangements deliver front line services, but others provide less visible back office support. For example, an agency may rely on an IT service provider to manage a key system used to provide services to the community. The contract and service level agreements are only truly effective where they are actively managed to reduce risks to continuous quality service delivery, such as interruptions caused by system outages, cyber security attacks and data security breaches.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures, and report on those that present heightened risks for agencies to mitigate. This report divides these into the following five areas:
- Internal control trends
- Information technology (IT), including IT vendor management
- Transparency and performance reporting
- Management of purchasing cards and taxis
- Fraud and corruption control.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2018 cluster financial audit reports, which will be tabled in Parliament from November to December 2018.
The focus of the report has changed since last year
Last year's report topics included asset management, ethics and conduct, and risk management. We are reporting on new topics this year. We plan to introduce new topics and re-visit our previous topics in subsequent reports on a cyclical basis. This will provide a baseline against which to measure the NSW public sectors’ progress in implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Agencies selected for the volume account for 95 per cent of the state's expenditure
While we have covered only 40 agencies in this report, those selected are a large enough group to identify common issues and insights. They represent about 95 per cent of total expenditure for all NSW public sector agencies.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume presents this year’s controls and governance findings in more detail.
Observation | Conclusions and recommendations |
---|---|
2.1 High risk findings | |
We found six high risk findings (seven in 2016–17), one of which was repeated from both last year and 2015–16. | Recommendation: Agencies should reduce risk by addressing high risk internal control deficiencies as a priority. |
2.2 Common findings | |
We found several internal controls and governance findings common to multiple agencies. | Conclusion: Central agencies or the lead agency in a cluster can play a lead role in helping ensure agency responses to common findings are consistent, timely, efficient and effective. |
2.3 New and repeat findings | |
Although internal control deficiencies decreased over the last four years, this year has seen a 42 per cent increase in internal control deficiencies. | The increase in new IT control deficiencies and repeat IT control deficiencies signifies an emerging risk for agencies. |
IT control deficiencies feature in this increase, having risen by 63 per cent since last year. The number of repeat IT control deficiencies has doubled and is driven by the increasing digital footprint left by agencies as government prioritises on-line interfaces with citizens, and the number of transactions conducted through digital channels increases |
Recommendation: Agencies should reduce IT risks by:
|
Government agencies’ financial reporting is now heavily reliant on information technology (IT). IT is also increasingly important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our audits reviewed whether agencies have effective controls in place to manage both key financial systems and IT service contracts.
Observation | Conclusions and recommendations |
---|---|
3.1 Management of IT vendors | |
Contract management framework Although 87 per cent of agencies have a contract management policy to manage IT vendors, one fifth require review. |
Conclusion: Agencies can more effectively manage IT vendor contracts by developing policies and procedures to ensure vendor management frameworks are kept up to date, plans are in place to manage vendor performance and risk, and compliance with the framework is monitored by:
|
Contract risk management Forty-one per cent of agencies are not using contract management plans and do not assess contract risks. Half of the agencies that did assess contract risks, had not updated the risk assessments since the commencement of the contract. |
Conclusion: Instead of applying a 'set and forget' approach in relation to management of contract risks, agencies should assess risk regularly and develop a plan to actively manage identified risks throughout the contract lifecycle - from negotiation and commencement, to termination. |
Performance management Only 24 per cent of agencies sought assurance about the accuracy of vendor reporting against KPIs, yet sixty-seven per cent of the IT contracts allow agencies to determine performance based payments and/or penalise underperformance. |
Conclusion: Agencies are monitoring IT vendor performance, but could improve outcomes and more effectively manage under-performance by:
|
Transitioning services Where IT vendor contracts do make provision for transitioning-out, only 28 per cent of agencies have developed a transitioning-out plan with their IT vendor. |
Conclusion: Contract transition/phase out clauses and plans can mitigate risks to service disruption, ensure internal controls remain in place, avoid unnecessary costs and reduce the risk of 'vendor lock-in'. |
Contract Registers Eleven out of forty agencies did not have a contract register, or have registers that are not accurate and/or complete. |
Conclusion: A contract register helps to manage an agency’s compliance obligations under the Government Information (Public Access) Act 2009 (the GIPA Act). However, it also helps agencies more effectively manage IT vendors by:
Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations. |
3.2 IT general controls | |
Governance Ninety-five per cent of agencies have established policies to manage key IT processes and functions within the agency, with ten per cent of those due for review. |
Conclusion: Regular review of IT policies ensures risks are considered and appropriate strategies and procedures are implemented to manage these risks on a consistent basis. An absence of policies can lead to ad-hoc responses to risks, and failure to consider emerging IT risks and changes to agency IT environments. |
User access administration
|
Recommendation: Agencies should strengthen the administration of user access to prevent inappropriate access to key systems. |
Privileged access Forty per cent of agencies do not periodically review logs of the activities of privileged users to identify suspicious or unauthorised activities. |
Recommendation: Agencies should:
|
Password controls Twenty-three per cent of agencies did not comply with their own policy on password parameters. |
Recommendation: Agencies should ensure IT password settings comply with their password policies. |
Program changes Fifteen per cent of agencies had deficient IT program change controls mainly related to segregation of duties and authorisation and testing of IT program changes prior to deployment. |
Recommendation: Agencies should maintain appropriate segregation of duties in their IT functions and test system changes before they are deployed. |
This chapter outlines our audit observations, conclusions and recommendations from our review of how agencies reported their performance in their 2016–17 annual reports. The Annual Reports (Statutory Bodies) Regulation 2015 and Annual Reports (Departments) Regulation 2015 (annual reports regulation) currently prescribes the minimum requirements for agency annual reports.
Observation | Conclusion or recommendation |
4.1 Reporting on performance | |
Only 57 per cent of agencies linked reporting on performance to their strategic objectives. The use of targets and reporting performance over time was limited and applied inconsistently. |
Conclusion: There is significant disparity in the quality and consistency of how agencies report on their performance in their annual reports. This limits the reliability and transparency of reported performance information. Agencies could improve performance reporting by clearly linking strategic objectives to reported outcomes, and reporting on performance against targets over time. NSW Treasury may need to provide more guidance to agencies to support consistent and high-quality performance reporting in annual reports. |
There is no independent assurance that the performance metrics agencies report in their annual reports are accurate. Prior performance audits have noted issues related to the collection of performance information. For example, our 2016 Report on Red Tape Reduction highlighted inaccuracies in how the dollar-value of red tape reduction had been reported. |
Conclusion: The ability of Parliament and the public to rely on reported information as a relevant and accurate reflection of an agency's performance is limited. The relevance and accuracy of performance information is enhanced when:
|
4.2 Reporting on reports | |
Agency reporting on major projects does not meet the requirements of the annual reports regulation. Forty-seven per cent of agencies did not report on costs to date and estimated completion dates for major works in progress. Of the 47 per cent of agencies that reported on major works, only one agency reported detail about significant cost overruns, delays, amendments, deferments or cancellations. |
NSW Treasury produce an annual report checklist to help agencies comply with their annual report obligations. Recommendation: Agencies should comply with the annual reports regulation and report on all mandatory fields, including significant cost overruns and delays, for their major works in progress. |
The information the annual reports regulation requires agencies to report deals only with major works in progress. There is no requirement to report on completed works. Sixteen of 30 agencies reported some information on completed major works. |
Conclusion: Agencies could improve their transparency if they reported, or were required to report:
|
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency preventative and detective controls over purchasing card and taxi use for 2017–18.
Observation | Conclusion or recommendation |
5.1 Management of purchasing cards | |
Volume of credit card spend Purchasing card expenditure has increased by 76 per cent over the last four years in response to a government review into the cost savings possible from using purchasing cards for low value, high volume procurement. |
Conclusion: The increasing use of purchasing cards highlights the importance of an effective framework for the use and management of purchasing cards. |
Policy framework We found all agencies that held purchasing cards had a policy in place, but 26 per cent of agencies have not reviewed their purchasing card policy by the scheduled date, or do not have a scheduled revision date stated within their policy. |
Recommendation: Agencies should mitigate the risks associated with increased purchasing card use by ensuring policies and purchasing card frameworks remain current and compliant with the core requirements of TPP 17–09 'Use and Management of NSW Government Purchasing Cards'. |
Preventative controls We found that:
|
Agencies have designed and implemented preventative controls aimed at deterring the potential misuse of purchasing cards. Conclusion: Further opportunities exist for agencies to better control the use of purchasing cards, such as:
|
Detective controls Major reviews, such as data analytics (29 per cent of agencies) and independent spot checks (49 per cent of agencies) are not widely used. |
Agencies have designed and implemented detective controls aimed at identifying potential misuse of purchasing cards. Conclusion: More effective monitoring using purchasing card data can provide better visibility over spending activity and can be used to:
|
5.2 Management of taxis | |
Policy framework Thirteen per cent of agencies have not developed and implemented a policy to manage taxi use. In addition:
|
Conclusion: Agencies can promote savings and provide more options to staff where their taxi use policies:
|
Detective controls All agencies approve taxi expenditure by expense reimbursement, purchasing card and Cabcharge, and have implemented controls around this approval process. However, beyond this there is minimal monitoring and review activity, such as data monitoring, independent spot checks or internal audit reviews. |
Conclusion: Taxi spend at agencies is not significant in terms of its dollar value, but it is significant from a probity perspective. Agencies can better address the probity risk by incorporating taxi use into a broader purchasing card or fraud monitoring program. |
Fraud and corruption control is one of the 17 key elements of our governance lighthouse. Recent reports from ICAC into state agencies and local government councils highlight the need for effective fraud control and ethical frameworks. Effective frameworks can help protect an agency from events that risk serious reputational damage and financial loss.
Our 2016 Fraud Survey found the NSW Government agencies we surveyed reported 1,077 frauds over the three year period to 30 June 2015. For those frauds where an estimate of losses was made, the reported value exceeded $10.0 million. The report also highlighted that the full extent of fraud in the NSW public sector could be higher than reported because:
- unreported frauds in organisations can be almost three times the number of reported frauds
- our 2015 survey did not include all NSW public sector agencies, nor did it include any NSW universities or local councils
- fraud committed by citizens such as fare evasion and fraudulent state tax self-assessments was not within the scope of our 2015 survey
- agencies did not estimate a value for 599 of the 1,077 (56 per cent) reported frauds.
Commissioning and outsourcing of services to the private sector and the advancement of digital technology are changing the fraud and corruption risks agencies face. Fraud risk assessments should be updated regularly and in particular where there are changes in agency business models. NSW Treasury Circular TC18-02 NSW Fraud and Corruption Control Policy now requires agencies develop, implement and maintain a fraud and corruption control framework, effective from 1 July 2018.
Our Fraud Control Improvement Kit provides guidance and practical advice to help organisations implement an effective fraud control framework. The kit is divided into ten attributes. Three key attributes have been assessed below; prevention, detection and notification systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency fraud and corruption controls for 2017–18.
Observation | Conclusion or recommendation |
6.1 Prevention systems | |
Prevention systems Only 54 per cent of agencies have an employment screening policy and all agencies have IT security policies, but gaps in IT security controls could undermine their policies. |
Conclusion: Most agencies have implemented fraud prevention systems to reduce the risk of fraud. However poor IT security along with other gaps in agency prevention systems, such as employment screening practices heightens the risk of fraud and inappropriate use of data. Agencies can improve their fraud prevention systems by:
|
Twenty-three per cent of agencies were not performing fraud risk assessments and some agency fraud risk assessments may not be as robust as they could be. | Conclusion: Agencies' systems of internal controls may be less effective where new and emerging fraud risks have been overlooked, or known weaknesses have not been rectified. |
6.2 Detection systems | |
Detection systems Several agencies reported they were developing a data monitoring program, but only 38 per cent of agencies had already implemented a program. |
Studies have shown data monitoring, whereby entire populations of transactional data are analysed for indicators of fraudulent activity, is one of the most effective methods of early detection. Early detection decreases the duration a fraud remains undetected thereby limiting the extent of losses. Conclusion: Data monitoring is an effective tool for early detection of fraud and is more effective when informed by a comprehensive fraud risk assessment. |
6.3 Notification systems | |
Notification system All agencies have notification systems for reporting actual or suspected fraud and corruption. Most agencies provide multiple reporting lines, provide training and publicise options for staff to report actual or suspected fraud and corruption. |
Conclusion: Training staff about their obligations and the use of fraud notification systems promotes a fraud-aware culture |
Actions for Procurement and reporting of consultancy services
Procurement and reporting of consultancy services
NSW Government agencies engage consultants to provide professional advice to inform their decision‑making. The spend on consultants is measured and reported in different ways for different purposes and the absence of a consistently applied definition makes quantification difficult.
The NSW Government’s procurement principles aim to help agencies obtain value for money and be fair, ethical and transparent in their procurement activities. All NSW Government agencies, with the exception of State Owned Corporations, must comply with the NSW Procurement Board’s Direction when engaging suppliers of business advisory services. Business advisory services include consultancy services. NSW Government agencies must disclose certain information about their use of consultants in their annual reports. The table below illustrates the detailed procurement and reporting requirements.
Relevant guidance | Requirements | |
---|---|---|
Procurement of consultancy services | PBD 2015 04 Engagement of major suppliers of consultancy and other services (the Direction) including the Standard Commercial Framework (revised on 31 January 2018, shortly before it was superseded by 'PBD 2018 01') |
Required agencies to seek the Agency Head or Chief Financial Officer's approval for engagements over $50,000 and report the engagements in the Major Suppliers' Portal (the Portal). |
PBD 2018 01 Engagement of professional services suppliers (replaced 'PBD 2015 04' in May 2018) |
Requires agencies to seek the Agency Head or Chief Financial Officer's approval for engagements that depart from the Standard Commercial Framework and report the engagements in the Portal. Exhibit 3 in the report includes the key requirements of these three Directions. |
|
Reporting of consultancy expenditure | Annual Reports (Departments) Regulation 2015 and Annual Reports (Statutory Bodies) Regulation 2015 | Requires agencies to disclose, in their annual reports, details of consultants engaged in a reporting year. |
Premier's Memorandum 'M2002 07 Engagement and Use of Consultants' |
Outlines additional reporting requirements for agencies to describe the nature and purpose of consultancies in their annual reports. |
We examined how 12 agencies complied with their procurement and reporting obligations for consultancy services between 1 July 2016 and 31 March 2018. Participating agencies are listed in Appendix two. We also examined how NSW Procurement supports the functions of the NSW Procurement Board within the Department of Finance, Services and Innovation.
This audit assessed:
- agency compliance with relevant procurement requirements for their use of consultants
- agency compliance with disclosure requirements about consultancy expenditure in their annual reports
- the effectiveness of the NSW Procurement Board (the Board) in fulfilling its functions to oversee and support agency procurement of consultancy services.
Actions for HealthRoster benefits realisation
HealthRoster benefits realisation
The HealthRoster system is delivering some business benefits but Local Health Districts are yet to use all of its features, according to a report released today by the Auditor-General for New South Wales, Margaret Crawford. HealthRoster is an IT system designed to more effectively roster staff to meet the needs of Local Health Districts and other NSW health agencies.
The NSW public health system employs over 100,000 people in clinical and non-clinical roles across the state. With increasing demand for services, it is vital that NSW Health effectively rosters staff to ensure high quality and efficient patient care, while maintaining good workplace practices to support staff in demanding roles.
NSW Health is implementing HealthRoster as its single state-wide rostering system to more effectively roster staff according to the demands of each location. Between 2013–14 and 2016–17, our financial audits of individual LHDs had reported issues with rostering and payroll processes and systems.
NSW Health grouped all Local Health Districts (LHDs), and other NSW Health organisations, into four clusters to manage the implementation of HealthRoster over four years. Refer to Exhibit 4 for a list of the NSW Health entities in each cluster.
- Cluster 1 implementation commenced in 2014–15 and was completed in 2015–16.
- Cluster 2 implementation commenced in 2015–16 and was completed in 2016–17.
- Cluster 3 began implementation in 2016–17 and was underway during the conduct of the audit.
- Cluster 4 began planning for implementation in 2017–18.
Full implementation, including capability for centralised data and reporting, is planned for completion in 2019.
This audit assessed the effectiveness of the HealthRoster system in delivering business benefits. In making this assessment, we examined whether:
- expected business benefits of HealthRoster were well-defined
- HealthRoster is achieving business benefits where implemented.
The HealthRoster project has a timespan from 2009 to 2019. We examined the HealthRoster implementation in LHDs, and other NSW Health organisations, focusing on the period from 2014, when eHealth assumed responsibility for project implementation, to early 2018.
Business benefits identified for HealthRoster accurately reflect business needs.
NSW Health has a good understanding of the issues in previous rostering systems and has designed HealthRoster to adequately address these issues. Interviews with frontline staff indicate that HealthRoster facilitates rostering which complies with industrial awards. This is a key business benefit that supports the provision of quality patient care. We saw no evidence that any major business needs or issues with the previous rostering systems are not being addressed by HealthRoster.
In the period examined in this audit since 2015, NSW Health has applied appropriate project management and governance structures to ensure that risks and issues are well managed during HealthRoster implementation.
HealthRoster has had two changes to its budget and timeline. Overall, the capital cost for the project has increased from $88.6 million to $125.6 million (42 per cent) and has delayed expected project completion by four years from 2015 to 2019. NSW Health attributes the increased cost and extended time frame to the large scale and complexity of the full implementation of HealthRoster.
NSW Health has established appropriate governance arrangements to ensure that HealthRoster is successfully implemented and that it will achieve business benefits in the long term. During implementation, local steering committees monitor risks and resolve implementation issues. Risks or issues that cannot be resolved locally are escalated to the state-wide steering committee.
NSW Health has grouped local health districts, and other NSW Health organisations, into four clusters for implementation. This has enabled NSW Health to apply lessons learnt from each implementation to improve future implementations.
NSW Health has a benefits realisation framework, but it is not fully applied to HealthRoster.
NSW Health can demonstrate that HealthRoster has delivered some functional business benefits, including rosters that comply with a wide variety of employment awards.
NSW Health is not yet measuring and tracking the value of business benefits achieved. NSW Health did not have benefits realisation plans with baseline measures defined for LHDs in cluster 1 and 2 before implementation. Without baseline measures NSW Health is unable to quantify business benefits achieved. However, analysis of post-implementation reviews and interviews with frontline staff indicate that benefits are being achieved. As a result, NSW Health now includes defining baseline measures and setting targets as part of LHD implementation planning. It has created a benefits realisation toolkit to assist this process from cluster 3 implementations onwards.
NSW Health conducted post-implementation reviews for clusters 1 and 2 and found that LHDs in these clusters were not using HealthRoster to realise all the benefits that HealthRoster could deliver.
By September 2018, NSW Health should:
- Ensure that Local Health Districts undertake benefits realisation planning according to the NSW Health benefits realisation framework
- Regularly measure benefits realised, at state and local health district levels, from the statewide implementation of HealthRoster
- Review the use of HealthRoster in Local Health Districts in clusters 1 and 2 and assist them to improve their HealthRoster related processes and practices.
By June 2019, NSW Health should:
- Ensure that all Local Health Districts are effectively using demand based rostering.
Appendix one - Response from agency
Appendix two - About the audit
Appendix three - Performance auditing
Parliamentary reference - Report number #301 - released 7 June 2018
Actions for Volume Eleven 2012 focusing on Health
Volume Eleven 2012 focusing on Health
One in three ambulance crews were delayed for longer than 30 minutes at hospital. Over the year these delays totalled 84,680 hours of lost time, up from 78,224 last year and 58,399 the year before. The longer ambulance crews are at hospitals the less time they are available to respond to the next emergency.
Actions for Volume Eight 2012 focusing on Transport and Ports
Volume Eight 2012 focusing on Transport and Ports
We issued unqualified audit opinions on the transport entities’ 30 June 2012 financial statements.
Some of the findings of the report include:
-
government funding to the public transport operators totalled $4.4 billion in 2011-12 ($3.7 billion in 2010-11)
-
passenger services revenue only covered 20 per cent of RailCorp's operating costs
-
Transport for NSW has formalised a protocol to mitigate the risk of potential conflicts of interests
-
At present, no sustainability framework exists for the transport agencies around environment and sustainability. Transport for NSW should complete its Environment and Sustainability Policy Framework by June 2013 and should publicly report its results annually
-
Transport patronage continued to grow with 510 million journeys on train, bus and ferry services
-
CityRail had two peak hour periods where only 36 per cent and 39 per cent of services were on time
-
On-time running performance for Sydney Ferries was above the NSW 2021 plan target of 98.5 per cent for most routes in 2011-12
-
Customer surveys by transport agencies no longer specifically address crowding on public transport. Transport for NSW should observe and report on crowding on all transport modes
-
Over 2,500 transport staff, or 8.3 per cent of the workforce, have excessive leave balances. All transport entities should do more to reduce excessive annual leave balances to ensure they will comply with new targets set by the Premier.
Actions for Volume Five 2012 focusing on superannuation, compensation and housing
Volume Five 2012 focusing on superannuation, compensation and housing
The NSW Government’s defined benefit superannuation funds have had positive returns for the last three years. However, the returns fell significantly in 2011-12. Global economic conditions led to substantial volatility and uncertainty in markets creating challenges for superannuation funds’ trustees.
Actions for Volume One 2012 focusing on themes from 2011
Volume One 2012 focusing on themes from 2011
The following overview of audits from 2011 found agency restructures significantly impacted agency financial reporting processes, agencies are having difficulty establishing and enforcing compliance with their own policies and procedures, agencies experienced problems complying with regulations and providing adequate documentation to support their financial statements, the poor quality of some financial statements with 1,256 misstatements identified, 540 so significant they had to be corrected, deficiencies in information security exist across many agencies, computer system disaster recovery plans for financial systems not existing or outdated, do not align with agencies’ business recovery requirements, do not properly identify and assess critical systems and processes and testing is incomplete.