Reports
Supporting the District Criminal Court
The Auditor-General for New South Wales, Margaret Crawford, released a report today on whether the Department of Communities and Justice (the department) effectively supports the efficient operation of the District Criminal Court system.
The audit found that in the provision of data and technology services, the department is not effectively supporting the efficient operation of the District Criminal Court system. The department has insufficient controls in place to ensure that data in the system is always accurate.
The department is also using outdated technology and could improve its delivery of technical support to courts.
The audit also assessed the implementation of the Early Appropriate Guilty Pleas reform. This reform aims to improve court efficiency by having more cases resolved earlier with a guilty plea in the Local Court. The audit found that the department effectively governed the implementation of the reform but is not measuring achievement of expected benefits, placing the objectives of the reform at risk.
The Auditor-General made seven recommendations to the department, aimed at improving the controls around courts data, reporting on key performance indicators, improving regional technical support and measuring the success of the Early Appropriate Guilty Pleas reform.
The District Court is the intermediate court in the New South Wales court system. It hears most serious criminal matters, except murder, treason and piracy. The Department of Communities and Justice (the Department) provides support to the District Court in a variety of ways. For example, it provides security services, library services and front-desk services. This audit examined three forms of support that the Department provides to the District Court:
- data collection, reporting and analysis - the Department collects data from cases in its case management system, JusticeLink, based on the orders Judges make in court and court papers
- technology - the Department provides technology to courts across New South Wales, as well as technical support for this technology
- policy - the Department is responsible for proposing and implementing policy reforms.
Recent years have seen a worsening of District Court efficiency, as measured in the Productivity Commission's Report on Government Services (RoGS). Efficiency in the court system is typically measured through timeliness of case completion. There is evidence that timeliness has worsened. For example, the median time from arrest to finalisation of a case in the District Court increased from 420 days in 2012–13 to 541 days in 2017–18.
As a result, the government has announced a range of measures to improve court performance, particularly in the District Court. These measures included the Early Appropriate Guilty Pleas (EAGP) reform. One of the objectives of EAGP is to improve court efficiency, which would be achieved by having more cases resolve with a guilty plea in the Local Court.
This audit assessed whether the Department of Communities and Justice effectively supports the efficient operation of the District Criminal Court system. We assessed this with the following lines of inquiry:
- Does the Department effectively collect, analyse and report performance information relevant to court efficiency?
- Does the Department effectively provide technology to support the efficient working of the courts?
- Does the Department have effective plans, governance and monitoring for the Early Appropriate Guilty Pleas reform?
The audit did not consider other support functions provided by the Department. Further information on the audit, including detailed audit criteria, may be found in Appendix two.
The Department is responsible for providing technology to the courts, which can improve the efficiency of court operations by making them faster and cheaper. The Department is also responsible for providing technical support to courtrooms and registries. It is important that technical support is provided in a timely manner because some technical incidents can delay court sittings and thus impact on court efficiency. A 2013 Organisation for Economic Co‑operation and Development report emphasised the importance of technology and digitisation for reducing trial length.
While the Department may provide technology to the courts, they are not responsible for deciding when, how or if the technology is used in the courtroom.
The Department is using a significant amount of outdated technology, risking court delays
As of April 2019, the whole court system had 2,389 laptops or desktop computers out of warranty, 56.0 per cent of the court system's fleet. The court system also had 786 printing devices out of their normal warranty period, 75.1 per cent of all printers in use. The Department also advised that many of its court audio transcription machines are out of date. These machines must be running for the court to sit and thus it is critical that they are maintained to a high degree. The then Department of Justice estimated the cost of aligning its hardware across the whole Department with desired levels at $14.0 million per year for three years. Figures for the court system were not calculated but they are likely to be a significant portion of this figure.
Using outdated technology poses a risk to the court system as older equipment may be more likely to break down, potentially delaying courts or slowing down court services. In the court system throughout 2018, hardware made up 30.8 per cent of all critical incidents reported to technical support and 41.9 per cent of all high priority incidents. In addition, 16.2 per cent of all reported issues related to printing devices or printing.
From 2017 to 2018, technical support incidents from courts or court services increased. There were 4,379 technical support incidents in 2017, which increased significantly to 9,186 in 2018. The Department advised that some outside factors may have contributed to this increase. The Department was rolling out its new incident recording system throughout 2017, meaning that there would be an under‑reporting of incidents in that year. The Department also advised that throughout 2018 there was a greater focus on ensuring that every issue was logged, which had not previously been the case. Despite these factors, the use of outdated technology has likely increased the risk of technology breakages and may have contributed to the increase in requests for technical support.
Refreshing technology on a regular basis would reduce the risk of hardware failures and ensure that equipment is covered by warranty.
The Department did not meet all court technical support targets in 2017 and 2018
The Digital and Technology Services branch (DTS) was responsible for providing technical support to the courts and the Courts and Tribunal Services branch prior to July 2019. DTS provided technical support in line with a Service Level Agreement (SLA) with the Department. In 2017, DTS did not provide this support in a timely manner. Performance improved in 2018, though DTS fell short of its targets for critical and moderate priority incidents. Exhibit 7 outlines DTS' targets under the SLA.
| Priority | Target resolution time | Target percentage in time (%) |
| 1. Critical | 4 hours | 80 |
| 2. High | 1 day | 80 |
| 3. Moderate | 3 days | 85 |
| 4. Low | 5 days | 85 |
|
Source: Department of Communities and Justice, 2019.
|
||
Critical incidents are particularly important for the Department to deal with in a timely manner because these include incidents which may delay a court sitting until resolved or incidents which impact on large numbers of staff. Some of the critical incidents raised with DTS specifically stated that they were delaying a court sitting, often due to transcription machines not working. High priority incidents include those where there is some impact on the functions of the business, which may in turn affect the efficiency of the court system. High priority incidents also include those directly impacting on members of the Judiciary.
This audit examined DTS' performance against its SLA in the 2017 and 2018 calendar years across the whole court system, not just the District Court. The total number of incidents, as well as critical and high priority incidents, can be seen in Exhibit 8.
| Priority | 2017 | 2018 |
| All | 4,379 | 9,186 |
| 1. Critical | 48 | 91 |
| 2. High | 128 | 315 |
|
Source: Audit Office of NSW analysis of Department of Communities and Justice data, 2019.
|
||
The Department's results against its SLA in 2017 and 2018 are shown in Exhibit 9.
The Early Appropriate Guilty Pleas (EAGP) reform consists of five main elements:
- early disclosure of evidence from NSW Police Force to the prosecution and defence
- early certification of what the accused is going to be charged with to minimise changes
- mandatory criminal case conferencing between the prosecutor and accused's representation
- changes to Local Court case management
- more structured sentence discounts.
More detailed descriptions of each of these changes can be found in the Introduction. These reform elements are anticipated to have three key effects:
- accelerate the timing of guilty pleas
- increase the overall proportion of guilty pleas
- decrease the average length of contested trials.
Improving District Court efficiency is one of the stated aims of EAGP, which would be achieved by having more cases resolve in the Local Court and having fewer defendants plead guilty on the day of their trial in the District Court. The reform commenced in April 2018 and it is too early to state the impact of this reform on District Court efficiency.
The Department is responsible for delivering EAGP in conjunction with other justice sector agencies. They participated in the Steering Committee and the Working Groups, as well as providing the Project Management Office (PMO).
The Department is not measuring the economic benefits stated in the EAGP business case
The business case for EAGP listed nine quantifiable benefits which were expected to be derived from the achievement of the three key effects listed above. The Department is not measuring one of these benefits and is not measuring the economic benefits for five more, as shown in Exhibit 12.
| Benefit | Economic benefit (over ten years) | Being measured? |
| Accelerated timing of guilty pleas | $54.6m |  |
| Increased guilty plea rate | $90.7m | |
| Decreased average trial length | $27.5m | |
| A reduction in the delay of indictable matters proceeding to trial | N/A |  |
| Increase the number of finalised matters per annum | N/A | |
| Reduction of the current backlog of criminal trials in the District Court | N/A | |
| Reduction in bed pressure on the correction system due to reduced average time in custody |
$13.7m |  |
| Productivity improvements due to reduction in wasted effort | $53.3m | |
| Bankable cost savings due to jury empanelment avoided | $2.5m | |
| Key | |
Measuring | |
Not measuring economic benefit | |
Not measuring |
While it is too early to comment on the overall impact of EAGP, better practice in benefits realisation involves an ongoing effort to monitor benefits to ensure that the reform is on target and determine whether any corrective action is needed.
The Department is measuring the number of finalised matters per annum and while the Department is not measuring the reduction in the backlog as part of this program, this measure is reported as part of the Department's internal reporting framework. The Department is not monitoring the reduction in delay of indictable matters proceeding to trial directly as part of this reform, but this does form part of the monthly Operational Performance Report which the Department sends to the EAGP Steering Committee.
The Department is not monitoring any of the economic benefits stated in the business case. These economic benefits are a mixture of bankable savings and productivity improvements. This amounts to a total of $242.3 million over ten years which was listed in the business case as potential economic benefits from the implementation of this reform against the total cost of $206.9 million over ten years. The Department is collecting proxy indicators which would assist in these calculations for several indicators, but it is not actively monitoring these savings. For example, the Department is monitoring average trial length, but is not using this information to calculate economic benefits derived from changes in trial length.
The Department is also not collecting information related to the average length of custody as part of this program. This means that it is unable to determine if EAGP is putting less pressure on the correctives system and it is not possible for the Department to calculate the savings from this particular benefit.
While stakeholders are optimistic about the impact of EAGP, not measuring the expected benefits stated in the business case means that the Department does not know if the reform is achieving what it was designed to achieve. Further, the Department does not know if it must take corrective action to ensure that the program achieves the stated benefits. These two things put the overall program benefits at risk.
The Department has not assigned responsibility for the realisation of each benefit stated in the business case. The Department holds the Steering Committee responsible for the realisation of all benefits. Benefits realisation is the process which ensures that the agency reaches benefits as stated in the business case. Assigning responsibility for benefits realisation to the Steering Committee rather than individuals is not in line with good practice.
Good practice benefits realisation involves assigning responsibility for the realisation of each benefit to an individual at the business unit level. This ensures there is a single point of accountability for each part of the program with knowledge of the benefit and the ability to take corrective action if it looks like that benefit will not be realised. This responsibility should sit at the operational level where detailed action can most easily be undertaken. The role of a Steering Committee in benefits realisation is to ensure that responsible parties are monitoring their benefits and taking appropriate corrective action.
The Department advised that it believes the Steering Committee should have responsibility for the realisation of benefits due to the difficulty of attributing the achievement of each benefit to one part of the reform alone. Given the Steering Committee meets only quarterly, it is not well placed to take action in response to variances in performance.
BOCSAR are planning to undertake an overall evaluation of EAGP which is planned for release in 2021. Undertaking this evaluation will require high quality data to gain an understanding of the drivers of the reform. However, data captured throughout the first year of EAGP has proven unreliable, which may reduce the usefulness of BOCSAR's evaluation. These data issues were discussed in Exhibit 5 in Chapter 2, above. Access to accurate data is vital for conducting any program evaluation and inaccurate data raises the risk that the BOCSAR evaluation will not be able to provide an accurate evaluation of the impact of EAGP.
In addition to the BOCSAR evaluation, the Department had plans for a series of 'snapshot' evaluations for some of the key elements of the reform to ensure that they were operating effectively. These were initially delayed due to an efficiency dividend which affected EAGP. In August 2019, the Department commissioned a review of the implementation of several key success factors for EAGP.
The implementation stage of EAGP had clear governance, lines of authority and communication. The Steering Committee, each Working Group and each agency had clear roles and responsibilities, and these were organised through a Project Management Office (PMO) provided by the former Department of Justice. The governance structure throughout the implementation phase can be seen at Exhibit 13.
The Steering Committee was established in December 2016 and met regularly from March 2017. It comprised senior members of key government agencies, as well as the Chief Judge and the Chief Magistrate for most of the duration of the implementation period. The Steering Committee met at least monthly throughout the life of the program. The Steering Committee was responsible for overseeing the delivery of EAGP and making key decisions relating to implementation, including spending decisions. The Chief Judge and the Chief Magistrate abstained from financial decisions. The Steering Committee updated the governance and membership of the Steering Committee as appropriate throughout the life of the reform.
Appendix one – Response from agency
Appendix two – About the audit
Appendix three – Performance auditing
Copyright Notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary Reference: Report number #329 - released 18 December 2019
Planning, Industry and Environment 2019
This report outlines the results of audits of the financial statements of agencies now grouped in the NSW Planning, Industry and Environment cluster.
Unqualified audit opinions were issued for 56 of the 66 cluster agencies’ 30 June 2019 financial statements. Ten audits remain incomplete. The cluster agencies need to improve the timeliness of financial reporting.
The Audit Office continued to identify issues regarding unprocessed Aboriginal land claims and the recognition of Crown land. ‘Auditor-General’s reports to parliament have recommended action to reduce the level of unprocessed land claims since 2007. However, the number of unprocessed claims continued to increase’, Margaret Crawford said.
One in five internal control findings were repeat issues. Key themes included information technology, asset management and improvements required to expense and payroll controls.
The report makes several recommendations including:
- Property NSW should urgently address the deficiencies in the lease data used to calculate the impact of the new leasing standard effective from 1 July 2019
- the Department of Planning, Industry and Environment should prioritise action to reduce unprocessed Aboriginal land claims
- the Department of Planning, Industry and Environment should ensure the Crown land database is complete and accurate so state agencies and local government councils are better informed about the Crown land they control.
This report analyses the results of our audits of financial statements of the Planning, Industry and Environment cluster agencies for the year ended 30 June 2019. The table below summarises our key observations.
1. Machinery of Government changes
| Creation of the Planning, Industry and Environment cluster |
The Machinery of Government (MoG) changes abolished the former Planning and Environment cluster and former Industry cluster, and created the Planning, Industry and Environment cluster on 1 July 2019. The Department of Planning and Environment (DPE), the Department of Industry (DOI), the Office of Environment and Heritage, and the Office of Local Government were abolished and the majority of their functions were transferred to the new Department of Planning, Industry and Environment (DPIE). |
| The Department of Planning, Industry and Environment is still in the process of implementing changes |
The MoG changes bring risks and challenges to the cluster. A MoG Steering Committee, with the support of various project control groups and working groups, identified and developed responses to key risks arising from the changes. However, the DPIE will take some time to fully integrate the policies, systems and processes of the abolished Departments and agencies. |
2. Financial reporting
| Audit opinions | Unqualified audit opinions were issued for 56 of the 66 cluster agencies' 30 June 2019 financial statements audits. Ten financial statements audits are still ongoing. |
| Timeliness of financial reporting |
Fifty-five of the 57 agencies subject to statutory deadlines submitted their financial statements on time. Due to issues identified during the audit, 13 financial statements audits were not completed and audit opinions issued by the statutory deadline. Agencies prepared and submitted their early close procedures in accordance with the mandatory timeframe set by NSW Treasury. However, 17 of the 49 agencies where we reviewed early close procedures were assessed as either partially addressing or not addressing one or more of the mandatory requirements. The cluster agencies could benefit from an increased focus on early close procedures. |
| Introduction of AASB 16 'Leases' |
We noted errors in the lease data used in Property NSW's AASB 16 impact calculations, which affect both Property NSW and other government agencies. These errors were significant enough to present a risk of material misstatements to the financial statements of Property NSW and other government agencies in future reporting periods. We had similar findings in our recent performance audit on 'Property Asset Utilisation', which highlighted issues with the quality of Property NSW's records. Recommendation: Property NSW should urgently address the deficiencies in the lease data used to calculate the impact of the new leasing standard effective from 1 July 2019. |
| Unprocessed Aboriginal land claims have continued to increase |
Despite an increase in the number of claims resolved, the number of unprocessed Aboriginal land claims increased by 7.2 per cent from the prior year to 35,855 at 30 June 2019. Claims can be made over Crown land assets of the DPIE or other government agencies. Until claims are resolved, there is an uncertainty over who is entitled to the land and the uses and activities that can be carried out on the land. We first recommended action to address unprocessed claims in 2007. Recommendation (repeat issue): The DPIE should prioritise action to reduce unprocessed Aboriginal land claims. |
3. Audit observations
| Internal controls |
One in five internal control issues identified and reported to management in 2018–19 were repeat issues. The lack of user access review was the most common IT general control issue in the cluster. |
| Drought relief |
The NSW Government announced an emergency drought relief package of $500 million in 2018, in addition to other financial assistance measures already in place. Limited documentation and written agreements between relevant delivery agencies resulted in a $31.0 million misstatement relating to grant revenue. |
| Recognition of Crown land |
Crown land is an important asset of the state. Management and recognition of Crown land assets is weakened when there is confusion over who is responsible for a particular Crown land parcel. Last year we recommended the DOI should ensure the database of Crown land is complete and accurate. While the DOI has commenced actions to improve the database, this continued to be an issue in 2018–19. Recommendation (repeat issue): The DPIE should ensure the Crown land database is complete and accurate so state agencies and local government councils are better informed about the Crown land they control. |
| Developer contributions | The former DPE continued to accumulate more developer contributions revenues than it spent on infrastructure projects. Total unspent funds increased to $274 million at 30 June 2019. |
This report provides parliament and other users of the Planning, Industry and Environment cluster agencies financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
This cluster was created by the Machinery of Government changes on 1 July 2019. This report is focused on agencies in the Planning, Industry and Environment cluster from 1 July 2019. However, these agencies were all in other clusters during 2018–19. Please refer to the section on Machinery of Government changes for more details.
Machinery of Government (MoG) refers to how the government organises the structures and functions of the public service. MoG changes are where the government reorganises these structures and functions that are given effect by Administrative orders.
The MoG changes, announced following the NSW State election on 23 March 2019, created the Planning, Industry and Environment (PIE) cluster. The Administrative Changes Orders issued on 2 April 2019, 1 May 2019 and 28 June 2019 gave effect to these changes. These orders became effective on 1 July 2019.
Section highlights
The 2019 MoG changes significantly impacted the former Planning and Environment, and Industry clusters and agencies.
- The PIE cluster combines most of the functions and agencies of the former Planning and Environment and Industry clusters from 1 July 2019.
- The Department of Planning, Industry and Environment is the principal agency in the PIE cluster.
- The MoG changes bring risks and challenges to the PIE cluster.
- A MoG Steering Committee was established to oversee the transitional processes.
- The full integration of the systems and processes will not be completed in the near future.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Planning, Industry and Environment (PIE) cluster for 2019. In this chapter, the Department of Planning, Industry and Environment is referred to as DPIE, the former Department of Planning and Environment as DPE, and the former Department of Industry as DOI.
Section highlights
- Unqualified audit opinions were issued for all completed 30 June 2019 financial statements audits. However, some cluster agencies can further enhance the quality of financial reporting.
- Timeliness of financial reporting remains an issue for 13 agencies.
- Deficiencies were identified in the data used to calculate the impact of AASB 16 ‘Leases’ effective from 1 July 2019. Property NSW should urgently address these deficiencies.
- Unprocessed Aboriginal land claims continue to increase. DPIE should prioritise action to reduce unprocessed Aboriginal land claims.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our audit observations and insights from our financial statement audits of agencies in the Planning, Industry and Environment (PIE) cluster for 2019. In this chapter, the Department of Planning, Industry and Environment is referred to as DPIE, the former Department of Planning and Environment as DPE, and the former Department of Industry as DOI.
Section highlights
- One in five issues identified and reported to management in 2018–19 were repeat issues.
- The lack of user access review was the most common IT general control issue in the PIE cluster.
- The PIE cluster provided significant financial assistance for drought relief.
- There continues to be significant deficiencies in Crown land records. The DPIE should ensure the Crown land database is complete and accurate.
- Unspent developer contributions funds continued to build up in 2018–19.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – Cluster agencies
Appendix four – Financial data
Appendix five – Management letter findings
Appendix six – Timeliness of financial reporting
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Stronger Communities 2019
A report has been released on the NSW Stronger Communities cluster.
From 1 July 2019, the functions of the former Department of Justice, the former Department of Family and Community Services and many of the cluster agencies moved to the new Stronger Communities cluster. The Department of Communities and Justice is the principal agency in the new Stronger Communities cluster.
The report focuses on key observations and findings from the most recent financial audits of agencies in the Stronger Communities cluster.
Unqualified audit opinions were issued on the financial statements for all agencies in the cluster.
There were 157 audit findings on internal controls. Two of these were high risk and 59 were repeat findings from previous financial audits. ‘Cluster agencies should prioritise actions to address internal control weaknesses promptly with particular focus given to issues that are assessed as high risk’, the Auditor-General said.
The report notes that the NSW Government’s new workers' compensation legislation, which gave eligible firefighters presumptive rights to workers' compensation, cost emergency services agencies $180 million in 2018–19, mostly in increased premiums.
This report analyses the results of our audits of financial statements of the agencies comprising the Stronger Communities cluster for the year ended 30 June 2019. The table below summarises our key observations.
This report provides parliament and other users of the financial statements of agencies in the Stronger Communities cluster with the results of our audits, our observations, analyses, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
This cluster was significantly impacted by the Machinery of Government (MoG) changes on 1 July 2019. This report focuses on the agencies that from 1 July 2019, comprised the Stronger Communities cluster. The MoG changes moved some agencies from the clusters to which they belonged in 2018–19 to the Stronger Communities cluster. Conversely, the MoG also moved some agencies formerly in the Family and Community Services cluster and Justice cluster elsewhere. Please refer to the section on Machinery of Government changes for more details.
The Department of Communities and Justice is the principal agency of the cluster. The newly created department combines functions of the former Department of Justice and the Department of Family and Community Services.
Machinery of Government (MoG) refers to how the government organises the structures and functions of the public service. MoG changes occur when the government reorganises these structures and functions and those changes are given effect by Administrative Orders.
The MoG changes announced following the NSW State election on 23 March 2019 significantly impacted the Stronger Communities cluster through Administrative Changes Orders issued on 2 April 2019 and 1 May 2019. These orders took effect on 1 July 2019.
Section highlights
The 2019 MoG changes significantly impacted the former Justice and Family and Community Services (FACS) departments and clusters.
- The Stronger Communities cluster combines most of the functions and agencies of the former Justice and FACS clusters from 1 July 2019.
- The Department of Communities and Justice is now the principal agency in the new cluster.
- The MoG changes bring new responsibilities, risks and challenges to the cluster.
- A temporary office has been established by the Department of Communities and Justice to support the cluster in the planning, delivery and reporting associated with implementing the changes.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations relating to the financial reporting of agencies in the Stronger Communities cluster for 2019.
Section highlights
- Unqualified audit opinions were issued for all agencies' 30 June 2019 financial statements. However, further actions can be taken by some cluster agencies to enhance the quality of their financial reporting.
- In November 2018, the Department of Justice implemented a new Victims Support Services system called VS Connect. Significant data quality issues arising from the VS Connect system implementation impacted the Department's ability to reliably estimate its Victims Support Scheme claims liabilities at 30 June 2019.
We recommend the Department of Communities and Justice resolves the data quality issues in the new VS Connect System before 30 June 2020 and capture and apply lessons learned from recent project implementations, including LifeLink, Justice SAP and VS Connect, in any relevant future implementations. - Our audits found some cluster agencies needed to do more work on their impact assessments and preparedness to implement the new accounting standards, to minimise the risk of errors in their 2019–20 financial statements.
- Cluster agencies with annual leave balances exceeding the State's target should further review their approach to managing leave balances.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.
Section highlights
- Cluster agencies should action recommendations to address internal control weaknesses promptly. Particular focus should be given to prioritising high risk issues. The 2018–19 financial audits of cluster agencies identified 157 internal control issues. Of these, two were high risk and 37.6 per cent were repeat findings from previous audits.
- Data from the Department of Justice shows the inmate population reached a maximum of 13,798, compared to an operational capacity of 14,626 beds on 31 August 2019. This equates to an operational vacancy rate of 5.7 per cent, which is more than the recommended 5.0 per cent buffer. This is the first time the vacancy rate has exceeded the target over the last five years. Growth in the NSW prison population is being managed through the NSW Government's $3.8 billion Prison Bed Capacity Program.
- In September 2018, the NSW Government introduced new workers' compensation legislation, which gives eligible firefighters presumptive rights to workers' compensation when diagnosed with one of 12 prescribed cancers. The new legislation cost emergency services agencies $180 million in 2018–19, mainly through additional workers' compensation premiums.
Appendix one – Timeliness of financial reporting by agency
Appendix two – Management letter findings by agency
Appendix three – List of 2019 recommendations
Appendix four – Status of 2018 recommendations
Appendix five – Cluster agencies
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Health 2019
This report focuses on key observations and findings from the most recent financial audits of the Ministry of Health, local health districts, specialty health networks, health corporations and independent health agencies in New South Wales. The report also summarises self-reported performance measures across the network.
The number and value of adjustments to financial statements of entities in the Health Cluster decreased from the prior year. And unqualified audit opinions were issued for all heath entities’ financial statements.
Audit findings relating to internal controls deficiencies increased across health entities. Contributing to this increase were deficiencies in information system controls, which accounted for nearly a quarter of all control deficiencies. Repeat audit findings also accounted for more than a quarter of all control deficiencies.
The report notes health entities continued to experience challenges with managing employees’ excessive annual leave and time recording practices. The Ambulance Service of New South Wales continued to report high overtime payments to its employees.
This report analyses the results of our audits of financial statements of the agencies comprising the Health cluster for the year ended 30 June 2019. The table below summarises our key observations.
1. Machinery of Government changes
| Cluster changes | Machinery of Government (MoG) changes refer to how the government reorganises agency structures and functions and realigns ministerial responsibilities. The Health cluster was not impacted by the MoG changes. |
2. Financial reporting
| Financial reporting |
The financial statements of NSW Health and its controlled entities received unqualified audit opinions before the legislative deadline. |
| Financial performance | Overall, NSW Health recorded an operating surplus of $1.1 billion in 2018–19, an increase of $699 million from 2017–18. This was the result of additional funding received for capital expenditure on the construction of new facilities, upgrades and redevelopments. Budgeted expense for the 15 local health districts and two speciality networks increased from $18.3 billion to $19.4 billion in 2018–19. The 15 health entities recorded unfavourable variances between actual and budgeted expenses. |
| Excess annual leave |
Managing excess annual leave remains a challenge for NSW Health, 36.9 per cent of the workforce have excess annual leave balances. Recommendation: Health entities should further review their approach to managing excess annual leave in 2019–20, and:
|
| Overtime payments | NSW Health entities generally manage overtime well. The Ambulance Service of NSW’s overtime payments of $83.1 million (9.8 per cent of total salaries and wages), remain significantly higher than other health entities. Recommendation: The Ambulance Service of NSW should further review the effectiveness of its rostering practices to identify strategies to reduce overtime payments. |
3. Audit observations
| Internal control deficiencies | We identified more internal control deficiencies in 2018–19. The number of repeat issues from prior years also remains high with more than one quarter of issues having been previously reported. More than a quarter of deficiencies related to information system controls. |
| Infrastructure delivery | NSW Health defines projects with a budgeted cost greater than $50.0 million as 'major projects'. There were significant revisions to planned financial completion dates and budgeted costs of these projects. The revised total budgets for the 30 ongoing major capital projects at 30 June 2019 is $10.2 billion, $2.2 billion more than the original budget. Health Infrastructure completed three major capital projects during 2018–19. |
| Asset maintenance | The total cost of maintaining the health entities’ $19.8 billion of assets was $635 million for 2018–19. Health entities' approaches to setting maintenance budgets vary. Most entities are addressing their backlog maintenance, although many were not able to quantify the full extent of their backlog maintenance. Although health entities continue to use fully depreciated assets, the replacement cost of these assets is decreasing. |
This report provides parliament and other users of the financial statements of agencies within the Health cluster with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas for the year ended 30 June 2019:
- financial reporting
- audit observations.
The Health cluster was not impacted by the Machinery of Government changes on 1 July 2019.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the health cluster for 2019.
Section highlights
- We issued unqualified audit opinions for all health entities’ financial statements and identified fewer misstatement than last year. Health entities continue to meet statutory deadlines.
- The Ministry of Health sets significant accounting policies centrally and provides a template for the preparation of health entities’ financial statements. These processes promote consistent quality in the financial reports of health entities and reduce the number of misstatements we identify.
- NSW Health recorded an operating surplus of $1.1 billion, an increase of $699 million from 2017–18. This is because of additional capital grants for new facilities, upgrades and redevelopments. The capital replacement ratio (investment in new assets divided by depreciation) for NSW Health is 2.6.
- NSW Health’s expenses increased by 7.0 per cent in 2018–19 (5.5 per cent in 2017–18). This is one percentage point higher than the projected long-term annual expense growth rate of six per cent. The primary causes for the growth in expenses are increased:
- employee related expenses because provisions for employee benefits increased when the discount rate decreased
- operating expenses associated with the opening of Northern Beaches Hospital.
- Excess annual leave balances continue to increase for the NSW Health workforce, with excess annual leave balances impacting 37 per cent of employees (34 per cent in 2017–18).
- Health entities should further review their approach to managing excess annual leave in 2019–20 by monitoring current and projected leave balances on a regular basis, agreeing formal leave plans with employees and encouraging staff that perform key control functions to take a minimum of two consecutive weeks’ leave a year as a fraud mitigation strategy.
- The Ambulance Services continued to report overtime payments higher than other health entities. The Ambulance Service paid its employees $83.1 million in overtime payments in 2018–19 ($74.8 million in 2017–18).
- We issued a qualified audit opinion for the Ministry of Health's Annual Prudential Compliance Statement for aged care facilities operated by NSW Health. We identified 40 instances of material non-compliance with the Fees and Payments Principles 2014 (No. 2) (the Principles) in 2018–19 (17 in 2017–18).
Audit opinions
We issued unqualified audit opinions for all health entities and quality of financial reporting continues to improve
We identified fewer misstatements this year, and the errors were less significant. In 2018–19 no errors exceeded $5.0 million (eight errors recorded in 2017–18). Ten health entities conducted a full revaluation of their land, buildings and infrastructure systems in 2018–19, but more robust processes avoided the errors identified in the previous year.
| Number of misstatements | ||||||
| Year ended 30 June | 2019 | 2018 | 2017 | |||
 |
 |
|
|
|
|
|
| Less than $50,000 | -- | -- | -- | 6 | 3 | 3 |
| $50,000 to $249,999 | -- | 1 | -- | -- | 2 | 3 |
| $250,000 to $999,999 | 1 | -- | -- | -- | 1 | 3 |
| $1 million to $4,999,999 | -- | 2 | -- | 2 | 1 | 5 |
| $5 million and greater | -- | -- | 6 | 2 | 1 | 2 |
| Total number of misstatements | 1 | 3 | 6 | 10 | 8 | 16 |
Corrected mistatements. Uncorrected statements.We issued a qualified audit opinion for our compliance audit of the Ministry of Health's Annual Prudential Compliance Statement
The Ministry of Health operates eight aged care facilities in NSW and is required to comply with the Fees and Payments Principles 2014 (No. 2) (the Principles) when entering into agreements with and managing payments to and from care recipients. The Principles are set by the Commonwealth Assistant Minister for Social Services. We identified 40 instances of material non-compliance in 2018–19, including:
- not agreeing maximum accommodation amounts payable with aged care recipients before they entered the residential care services
- not entering into accommodation agreements with care recipients within the specified period
- charging incorrect fees for activities or services to one care recipient
- not refunding two bond balances within the statutory framework
- not paying the correct amount of interest for 14 care recipients’ bonds refunded during the year.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the health cluster.
Section highlights
- The number of internal control deficiencies has increased since 2017–18. More than a quarter of control deficiencies are repeat issues and almost a quarter relate to information system controls. Both employee time recording and leave management remain as repeat issues in 2018–19.
- Control deficiencies that relate to managing employees' leave, employees’ time recording or information system limitations can be difficult for entities to resolve in a timely manner.
- Agreements for the treatment of New South Wales residents while they are interstate, and interstate residents while they are in New South Wales, are unsigned for Queensland, Victoria and the Australian Capital Territory for 2016–17, 2017–18 and 2018–19.
- NSW Health recorded $113.6 million in revenue from fees charged to Medicare ineligible patients during 2018–19 but has received payment for less than half of this.
- NSW Health reported that they completed three major capital projects during 2018–19.
- As at 30 June 2019 there were 30 ongoing major capital health projects in NSW. The revised capital budget for these projects in total was $2.2 billion more than the original budget of $8.0 billion.
- Health entities spent $635 million maintaining assets with a fair value of $19.8 billion of assets. Almost all entities were working through backlog maintenance during 2018–19, although several were unable to quantify the backlog.
- While entities are now regularly reassessing the useful lives of their assets, entities are still using a high volume of assets that are fully depreciated. Due to the age and nature of these assets the impact was not material.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – Financial data
Appendix four – Analysis of financial indicators
Appendix five – Analysis of performance against budget
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Internal Controls and Governance 2019
This report covers the findings and recommendations from the 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector. The 40 agencies selected for this report constitute around 84 per cent of total expenditure for all NSW public sector agencies.
The report provides insights into the effectiveness of controls and governance processes across the NSW public sector. It evaluates how agencies identify, mitigate and manage risks related to:
- financial controls
- information technology controls
- gifts and benefits
- internal audit
- contingent labour
- sensitive data.
The Auditor-General recommended that agencies do more to prioritise and address vulnerabilities in their internal controls and governance. The Auditor-General also recommended agencies increase the transparency of their management of gifts and benefits by publishing their registers on their websites.
This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2019.
1. Internal control trends
| New, repeat and high risk findings |
There was an increase in internal control deficiencies of 12 per cent compared to last year. The increase is predominately due to a 100 per cent increase in repeat financial and IT control deficiencies. Some agencies attributed the delay in actioning repeat findings to the diversion of staff from their regular activities to implement and operationalise the recent Machinery of Government changes. As a result, actions to address audit recommendations have been deferred or re prioritised, as the changes are implemented. Agencies need to ensure they are actively managing the risks associated with having these vulnerabilities in internal control systems unaddressed for extended periods of time. |
| Common findings |
A number of findings were common to multiple agencies. These findings often related to areas that are fundamental to good internal control environments and effective organisational governance, such as:
|
2. Information technology controls
| IT general controls |
We examined information security controls over key financial systems that support the preparation of agency financial statements. We found:
We also found 20 per cent of agencies had deficient IT program change controls, mainly related to segregation of duties in approval and authorisation processes, and user acceptance testing of program changes prior to deployment into production environments. User acceptance testing helps identify potential issues with software incompatibility, operational workflows, absent controls and software issues, as well as areas where training or user support may be required. |
3. Gifts and benefits
| Gifts and benefits registers |
All agencies had a gifts and benefits policy and 90 per cent of agencies maintain a gifts and benefits register. However, 51 per cent of the gifts and benefits registers we examined contained incomplete declarations, such as missing details for the approving officer, value of the gift and/or benefit offered and reasons supporting the decision. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate, compliant with policy and were not direct or indirect inducements to the recipients to favour suppliers or service providers. Agencies should ensure their gifts and benefits register includes all key fields specified in the Public Service Commission's minimum standards for gifts and benefits. Agencies should also perform regular reviews of the register to ensure completeness and ensure any gift or benefit accepted by a staff member meets the public's expectations for ethical behaviour. |
| Managing gifts and benefits |
We found opportunities to improve gifts and benefits processes and enhance transparency. For example, only three per cent of agencies publish their gifts and benefits registers on their websites. Agencies can improve management of gifts and benefits by:
|
| Reporting and monitoring |
Only 35 per cent of agencies reported trends in the number and nature of gifts and benefits recorded in their registers to the agency's senior executive management and/or a governance committee. Agencies should regularly report to the agency executive or other governance committee on trends in the offer and acceptance of gifts and benefits. |
4. Internal audit
| Obtaining value from the internal audit function |
Agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value. For example, only 73 per cent of CAEs regularly attend meetings of the agency board or executive management committee. Internal audit functions can add greater value by involving the CAE more extensively in executive forums as an observer. Internal audit functions should also consider producing an annual report on internal audit. An annual report allows the internal audit function to report on their performance and add value by drawing to the attention of audit and risk committees and senior management strategic issues, thematic trends and emerging risks. |
| Role of the Chief Audit Executive |
Forty-five per cent of agencies assigned responsibilities to the Chief Audit Executive (CAE) that were broader than internal audit, but 17 per cent of these had not documented safeguards to protect the independence of the CAE. The reporting lines and status of the CAE at some agencies also needs review. At two agencies, the CAE reported to the CFO. Agencies should ensure:
|
| Quality assurance and improvement program |
Thirty-five per cent of agencies did not have a documented quality assurance and improvement program for its internal audit function. The policy and the International Standards for the Professional Practice of Internal Auditing require agencies to have a documented quality assurance and improvement program. The results of this program should be reported annually. Agencies should ensure there is a documented and operational Quality Assurance and Improvement Program for the internal audit function that covers both internal and external assessments. |
5. Managing contingent labour
| Obtaining value for money from contingent labour |
According to NSW Procurement data, spend on contingent labour has increased by 75 per cent over the last five years, to $1.5 billion in 2018–19. Improvements in internal processes and a renewed focus on agency monitoring and oversight of contingent labour can help ensure agencies get the best value for money from their contingent workforces. Agencies can improve their management of contingent labour by:
We also found 57 per cent of the 23 agencies we examined with contingent labour spend of more than $5 million in 2018–19 have implemented the government's vendor management system and service provider 'Contractor Central'. |
6. Managing sensitive data
| Identifying and assessing sensitive data |
Sixty-eight per cent of agencies maintain an inventory of their sensitive data and where it resides. However, these inventories are not always complete and risks may be overlooked. Agencies can improve processes to manage sensitive data by:
|
| Managing data breaches |
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents. Agencies should maintain a data breach register to effectively manage the actions undertaken to contain, evaluate and remediate each data breach. |
This report covers the findings and recommendations from our 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies (refer to Appendix three) in the NSW public sector. The 40 agencies selected for this volume constitute around 84 per cent of total expenditure for all NSW public sector agencies.
Although the report includes several agencies that have changed as a result of the Machinery of Government changes that were effective from 1 July 2019, its focus on sector wide issues and insights means that its findings remain relevant to NSW public sector agencies, including newly formed agencies that have assumed the functions of abolished agencies.
This report offers insights into internal controls and governance in the NSW public sector
This is the third report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. For example, if they do not have strong information technology controls, sensitive information may be at risk of unauthorised access and misuse.
Areas of specific focus of the report have changed since last year
Last year's report topics included transparency and performance reporting, management of purchasing cards and taxi use, and fraud and corruption control. We are reporting on new topics this year and re-visiting agency management of gifts and benefits, which we first covered in our 2017 report. Re-visiting topics from prior years provides a baseline to show the NSW public sectors’ progress implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures and report on those that present heightened risks for agencies to mitigate. This year the report focusses on:
- internal control trends
- information technology controls, including access to agency systems
- protecting sensitive information held within agencies
- managing large and diverse workforces (controls around employing and managing contingent workers)
- maintaining an ethical culture (management of gifts and benefits)
- effectiveness of internal audit function and its oversight by Audit and Risk Committees.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, internal controls and audit observations are included in the individual 2019 cluster financial audit reports, which will be tabled in parliament from November to December 2019.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.
Key conclusions and sector wide learnings
- out of date policies or an absence of policies to guide appropriate decisions
- poor record keeping and document retention
- incomplete or inaccurate centralised registers or gaps in these registers.
Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage gifts and benefits.
Key conclusions and sector wide learnings
We found most agencies have implemented the Public Service Commission's minimum standards for gifts and benefits. All agencies had a gifts and benefits policy and 90 per cent of agencies maintained a gifts and benefits register and provided some form of training to employees on the treatment of gifts and benefits.
Based on our analysis of agency registers, we found some areas where opportunities existed to make processes more effective. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate and compliant with policy. Fifty-one per cent of the gifts and benefits registers reviewed contained declarations where not all fields of information had been completed. Seventy-seven per cent of agencies that maintained a gifts and benefits register did not include all key fields suggested by the minimum standards.
Areas where agencies can improve their management of gifts and benefits include:
- ensuring agency policies comprehensively cover the elements necessary to make it effective in an operational environment, such as identifying risks specific to the agency and actions that will be taken in the event of a policy breach
- establishing and publishing a statement of business ethics on the agency's website to clearly communicate expected behaviours to clients, customers,suppliers and contractors
- updating gifts and benefits registers to include all key fields suggested by the minimum standards, as well as performing regular reviews of the register to ensure completeness
- providing on-going training, awareness activities and support to employees, not just at induction
- regularly reporting gifts and benefits to executive management and/or a governance committee such as the audit and risk committee, focussing on trends in the number and types of gifts and benefits offered to and accepted by agency staff
- publishing their gifts and benefits registers on their websites to demonstrate a commitment to a transparently ethical environment.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency internal audit functions.
Key conclusions and sector wide learnings
We found agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems as required by TPP15-03 'Internal Audit and Risk Management Policy for the NSW Public Sector'. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value, including:
- documenting and implementing safeguards to address conflicting roles performed by the Chief Audit Executive (CAE)
- ensuring the reporting lines for the CAE comply with the NSW Treasury policy, and the CAE reports neither functionally or administratively to the finance function or other significant recipients of internal audit services
- involving the CAE more extensively in executive forums as an observer
- documenting a Quality Assurance and Improvement Program for the internal audit function and performing both internal and external performance assessments to identify opportunities for continuous improvement
- reporting against key performance indicators or a balanced scorecard and producing an annual report on internal audit to bring to the attention of the audit and risk committee and senior management strategic issues, thematic trends and emerging risks that may require further attention or resources.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to on-board, manage and off-board contingent labour.
Key conclusions and sector wide learnings
Agencies have implemented controls to manage contingent labour and most agencies have some level of reporting and oversight of contingent labour at an executive level. However, the increasing trend in spend on contingent labour warrants a renewed focus on agency monitoring and oversight of their use of contingent labour. Over the last five years spend on contingent labour has increased by 75 per cent, to $1.5 billion in 2018–19.
There are also some key gaps that limit the ability of agencies to effectively manage contingent labour. Key areas where agencies can improve their management of contingent labour include:
- preparing workforce plans to inform their resourcing strategy, and confirm prior to engaging contingent labour, that this solution aligns with the strategy and best meets business needs
- involving agency human resources units in decisions about engaging contingent labour
- regularly reporting on contingent labour use to agency executive teams, particularly in terms of trends in agency spend, tenure and compliance with policies and procedures
- strengthening on-boarding and off-boarding processes, including establishing checklists to on-board and off-board contingent labour, making provisions for knowledge transfer, and assessing, documenting and capturing performance information.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of governance and processes in relation to the management of sensitive data.
Key conclusions and sector wide learnings
Information technology risks are rapidly increasing. More interfaces between agencies and greater connectivity means the amounts of data agencies generate, access, store and share continue to increase. Some of this information is sensitive information, which is protected by the Privacy Act 1988.
It is important that agencies understand what sensitive data they hold, the risks associated with the inadvertent release of this information and how they are mitigating those risks. We found that agencies need to continue to identify and record their sensitive data, as well as expand the methods they use to identify sensitive data. This includes data held in unstructured repositories, such as network shared drives and by agency service providers.
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents.
Key areas where agencies can improve their management of sensitive data include:
- identifying sensitive data, based on a comprehensive and structured process and maintaining an inventory of the data
- assessing the criticality and sensitivity of the data so that the protection of high risk data can be prioritised
- developing comprehensive data breach management policies to ensure data breaches are appropriately managed
- maintaining a data breach incident register to record key information in relation to identified data breaches incidents, including the estimated cost of the breach
- providing on-going training and awareness activities to employees in relation to sensitive data and managing data breaches.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – In-scope agencies
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Ensuring contract management capability in government - HealthShare NSW
This report examined whether HealthShare NSW, a part of NSW Health, has the required contract management capability to effectively manage goods and services contracts valued over $250,000.
The report found that HealthShare has a procurement framework that should support effective contract management, but it is not applying it consistently. In particular, the audit found that HealthShare was not applying key contract management elements to over 80 per cent of the high-value contracts it manages. The audit also found that HealthShare’s contract management practices were limited by inadequate performance monitoring.
'Effective contract management is essential to ensure the contracts HealthShare enters into are delivering as expected and ensuring value for money,' said the Auditor-General. 'Without this, the value for money or savings HealthShare achieves when it negotiates these contracts is at risk of being eroded over the life of the contract.'
The report recommends that NSW Health develop a performance improvement plan to ensure HealthShare is fully compliant with procurement policies and that NSW Health meets its obligations under the Government's Accreditation Program for Goods and Services Procurement.
HealthShare is a NSW Health entity responsible for providing shared services, including procurement, to support the delivery of patient care within the NSW health system. In 2018, HealthShare procured high value goods and services contracts with an annual estimated total spend of around $1.8 billion, with most of the contracts of long duration.
NSW Government agencies are increasingly delivering services and projects through contracts with third parties. These contracts can be complex and governments face challenges in negotiating and implementing them effectively. A robust contract management framework helps ensure all parties meet their obligations, contractual relationships are well managed, agencies achieve value for money, and deliverables meet the required standards and agreed timeframes.
Contract management capability is a broad term, which can include aspects of individual staff capability (such as staff knowledge, skills and experience) as well as organisational capability (such as policies, frameworks and processes).
The NSW Procurement Board is responsible for overseeing the Government's procurement system, setting policy and ensuring compliance. It has accredited the Health Administration Corporation (HAC) to procure goods and services with no upper financial limit. Under the terms of this accreditation, the Secretary, NSW Health (as head of HAC) has delegated the procurement of high-value (over $250,000) goods and services contracts within NSW Health to only the Ministry of Health and HealthShare NSW (HealthShare).
HealthShare NSW (HealthShare) is a NSW Health entity responsible for providing shared services, including procurement, to support the delivery of patient care within the NSW health system. In 2018, HealthShare procured high-value goods and services contracts with an annual estimated total spend of around $1.8 billion, with most of the contracts of long duration.
HealthShare’s Contract Management Guide states that, without rigorous contract management, 75 per cent of projected sourcing savings can disappear within 18 months of the contract starting.
This audit examined whether HealthShare has the required capability to effectively manage high-value goods and services contracts. Contracts we examined included critical items such as food services in hospitals, patient transport services, intravenous equipment and kidney dialysis services, where risks include patient safety as well as value for money. We did not examine infrastructure, construction or information communication and technology contracts. We also did not examine HealthShare’s sourcing processes, including identifying business needs, tendering and contract award.
We assessed HealthShare against the following criteria:
- HealthShare's systems, policies and procedures support effective contract management and are consistent with relevant frameworks, policies and guidelines.
- HealthShare has capable personnel to effectively conduct the monitoring activities throughout the life of the contract.
We included the NSW Public Service Commission and NSW Treasury, through NSW Procurement, as auditees because they administer policies which directly affect contract management capability. These include:
- NSW Procurement Board Directions and policies
- NSW Government Procurement Policy Framework
- Accreditation Program for Goods and Services Procurement
- the NSW Public Sector Capability Framework.
NSW Procurement was transferred to NSW Treasury from the former Department of Finance, Services and Innovation on 1 July 2019 as part of changes to government administrative arrangements.
Appendix one – Response from agencies
Appendix two – Contract performance management summary
Appendix three – About the audit
Appendix four – Performance auditing
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary Reference: Report number #328 - released 31 October 2019
Contracting non-government organisations
This report found the Department of Family and Community Services (FACS) needs to do more to demonstrate it is effectively and efficiently contracting NGOs to deliver community services in the Permanency Support Program (a component of out-of-home-care services) and Specialist Homelessness Services. It notes that FACS is moving to an outcomes-based commissioning model and recommends this be escalated consistent with government policy.
Government agencies, such as the Department of Family and Community Services (FACS), are increasingly contracting non-government organisations (NGOs) to deliver human services in New South Wales. In doing so, agencies are responsible for ensuring these services are achieving expected outcomes. Since the introduction of the Commissioning and Contestability Policy in 2016, all NSW Government agencies are expected to include plans for customer and community outcomes and look for ways to use contestability to raise standards.
Two of the areas receiving the greatest funding from FACS are the Permanency Support Program and Specialist Homelessness Services. In the financial year 2017–18, nearly 500 organisations received $784 million for out-of-home care programs, including the Permanency Support Program. Across New South Wales, specialist homelessness providers assist more than 54,000 people each year and in the financial year 2017–18, 145 organisations received $243 million for providing short term accommodation and homelessness support, including Specialist Homelessness Services.
In the financial year 2017–18, FACS entered into 230 contracts for out-of-home care, of which 49 were for the Permanency Support Program, representing $322 million. FACS also entered into 157 contracts for the provision of Specialist Homelessness Services which totalled $170 million. We reviewed the Permanency Support Program and Specialist Homelessness Services for this audit.
This audit assessed how effectively and efficiently FACS contracts NGOs to deliver community services. The audit could not assess how NGOs used the funds they received from FACS as the Audit Office does not have a mandate that could provide direct assurance that NGOs are using government funds effectively.
|
Conclusion
FACS cannot demonstrate it is effectively and efficiently contracting NGOs to deliver community services because it does not always use open tenders to test the market when contracting NGOs, and does not collect adequate performance data to ensure safe and quality services are being provided. While there are some valid reasons for using restricted tenders, it means that new service providers are excluded from consideration - limiting contestability. In the service delivery areas we assessed, FACS does not measure client outcomes as it has not yet moved to outcomes-based contracts. FACS' procurement approach sometimes restricts the selection of NGOs for the Permanency Support Program and Specialist Homelessness Services
FACS has a procurement policy and plan which it follows when contracting NGOs for the provision of human services. This includes the option to use restricted tenders, which FACS sometimes uses rather than opening the process to the market. The use of restricted tenders is consistent with its procurement plan where there is a limited number of possible providers and the services are highly specialised. However, this approach perpetuates existing arrangements and makes it very difficult for new service providers to enter the market. The recontracting of existing providers means FACS may miss the opportunity to benchmark existing providers against the whole market. FACS does not effectively use client data to monitor the performance of NGOs funded under the Permanency Support Program and Specialist Homelessness Services
FACS' contract management staff monitor individual NGO performance including safety, quality of services and compliance with contract requirements. Although FACS does provide training materials on its intranet, FACS does not provide these staff with sufficient training, support or guidance to monitor NGO performance efficiently or effectively. FACS also requires NGOs to self-report their financial performance and contract compliance annually. FACS verifies the accuracy of the financial data but conducts limited validation of client data reported by NGOs to verify its accuracy. Instead, FACS relies on contract management staff to identify errors or inaccurate reporting by NGOs. FACS' ongoing monitoring of the performance of providers under the Permanency Support Program is particularly limited due to problems with timely data collection at the program level. This reduces FACS' ability to monitor and analyse NGO performance at the program level as it does not have access to ongoing performance data for monitoring service quality. In the Specialist Homelessness Services program, FACS and NGOs both provide the data required for the National Minimum Data Set on homelessness and provide it to the Australian Institute of Health and Welfare, as they are required to do. However, this data is not used for NGO performance monitoring or management. FACS does not yet track outcomes for clients of NGOs
FACS began to develop an approach to outcomes-based contracting in 2015. Despite this, none of the contracts we reviewed are using outcomes as a measure of success. Currently, NGOs are required to demonstrate their performance is consistent with the measures stipulated in their contracts as part of an annual check of their contract compliance and financial accounts. NGOs report against activity-based measures (Key Performance Indicators) and not outcomes. FACS advises that the transition to outcomes-based contracting will be made with the new rounds of funding which will take place in 2020–2021 for Specialist Homelessness Services and 2023 for the Permanency Support Program. Once these contracts are in place, FACS can transition NGOs to outcomes based reporting. Incomplete data limits FACS' effectiveness in continuous improvement for the Permanency Support Program and Specialist Homelessness Services
FACS has policies and procedures in place to learn from past experiences and use this to inform future contracting decisions. However, FACS has limited client data related to the Permanency Support Program which restricts the amount of continuous improvement it can undertake. In the Specialist Homelessness Support Program data is collected to inform routine contract management discussions with service providers but FACS is not using this data for continuous improvement. |
Appendix one – Response from agency
Appendix two – About the audit
Appendix three – Performance auditing
Parliamentary Reference: Report number #323 - released 26 June 2019
Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Engagement of probity advisers and probity auditors
Three key agencies are not fully complying with the NSW Procurement Board’s Direction for engaging probity practitioners, according to a report released today by the Acting Auditor-General for New South Wales, Ian Goodwin. They also do not have effective processes to achieve compliance or assure that probity engagements achieved value for money.
Probity is defined as the quality of having strong moral principles, honesty and decency. Probity is important for NSW Government agencies as it helps ensure decisions are made with integrity, fairness and accountability, while attaining value for money.
Probity advisers provide guidance on issues concerning integrity, fairness and accountability that may arise throughout asset procurement and disposal processes. Probity auditors verify that agencies' processes are consistent with government laws and legislation, guidelines and best practice principles.
According to the NSW State Infrastructure Strategy 2018-2038, New South Wales has more infrastructure projects underway than any state or territory in Australia. The scale of the spend on procuring and constructing new public transport networks, roads, schools and hospitals, the complexity of these projects and public scrutiny of aspects of their delivery has increased the focus on probity in the public sector.
A Procurement Board Direction, 'PBD-2013-05 Engagement of probity advisers and probity auditors' (the Direction), sets out the requirements for NSW Government agencies' use and engagement of probity practitioners. It confirms agencies should routinely take into account probity considerations in their procurement. The Direction also specifies that NSW Government agencies can use probity advisers and probity auditors (probity practitioners) when making decisions on procuring and disposing of assets, but that agencies:
- should use external probity practitioners as the exception rather than the rule
- should not use external probity practitioners as an 'insurance policy'
- must be accountable for decisions made
- cannot substitute the use of probity practitioners for good management practices
- not engage the same probity practitioner on an ongoing basis, and ensure the relationship remains robustly independent.
The scale of probity spend may be small in the context of the NSW Government's spend on projects. However, government agencies remain responsible for probity considerations whether they engage external probity practitioners or not.
The audit assessed whether Transport for NSW, the Department of Education and the Ministry of Health:
- complied with the requirements of ‘PBD-2013-05 Engagement of Probity Advisers and Probity Auditors’
- effectively ensured they achieved value for money when they used probity practitioners.
These entities are referred to as 'participating agencies' in this report.
We also surveyed 40 NSW Government agencies with the largest total expenditures (top 40 agencies) to get a cross sector view of their use of probity practitioners. These agencies are listed in Appendix two.
Conclusion
We found instances where each of the three participating agencies had not fully complied with the requirements of the NSW Procurement Board Direction ‘PBD-2013-05 Engagement of Probity Advisers and Probity Auditors’ when they engaged probity practitioners. We also found they did not have effective processes to achieve compliance or assure the engagements achieved value for money.
In the sample of engagements we selected, we found instances where the participating agencies did not always:
- document detailed terms of reference
- ensure the practitioner was sufficiently independent
- manage probity practitioners' independence and conflict of interest issues transparently
- provide practitioners with full access to records, people and meetings
- establish independent reporting lines reporting was limited to project managers
- evaluate whether value for money was achieved.
We also found:
- agencies tend to rely on only a limited number of probity service providers, sometimes using them on a continuous basis, which may threaten the actual or perceived independence of probity practitioners
- the NSW Procurement Board does not effectively monitor agencies' compliance with the Direction's requirements. Our enquiries revealed that the Board has not asked any agency to report on its use of probity practitioners since the Direction's inception in 2013.
There are no professional standards and capability requirements for probity practitioners
NSW Government agencies use probity practitioners to independently verify that their procurement and asset disposal processes are transparent, fair and accountable in the pursuit of value for money.
Probity practitioners are not subject to regulations that require them to have professional qualifications, experience and capability. Government agencies in New South Wales have difficulty finding probity standards, regulations or best practice guides to reference, which may diminish the degree of reliance stakeholders can place on practitioners’ work.
The NSW Procurement Board provides direction for the use of probity practitioners
The NSW Procurement Board Direction 'PBD-2013-15 for engagement of probity advisers and probity auditors' outlines the requirements for agencies' use of probity practitioners in the New South Wales public sector. All NSW Government agencies, except local government, state owned corporations and universities, must comply with the Direction when engaging probity practitioners. This is illustrated in Exhibit 1 below.
Governance of Local Health Districts
The main roles, responsibilities and relationships between Local Health Districts (LHDs), their Boards and the Ministry of Health are clear and understood, according to a report released today by the Auditor-General for New South Wales, Margaret Crawford. However, there are opportunities to achieve further maturity in the system of governance and the audit report recommended a series of actions to further strengthen governance arrangements.
Fifteen Local Health Districts (LHDs) are responsible for providing public hospital and related health services in NSW. LHDs are:
- established as statutory corporations under the Health Services Act 1997 to manage public hospitals and provide health services within defined geographical areas
- governed by boards of between six and 13 people appointed by the Minister for Health
- managed by a chief executive who is appointed by the board with the concurrence of the Secretary of NSW Health
- accountable for meeting commitments made in annual service agreements with the NSW Ministry of Health.
The NSW Ministry of Health (the Ministry) is the policy agency for the NSW public health system, providing regulatory functions, public health policy, as well as managing the health system, including monitoring the performance of hospitals and health services.
The current roles and responsibilities of LHDs and the Ministry, along with other agencies in NSW Health, were established in 2011 following a series of reforms to the structure and governance of the system. These reforms began with the report of the 'Special Commission of Inquiry into Acute Care Services in NSW Public Hospitals' ('the Garling Inquiry'), which was released in 2008, and were followed by reforms announced by the incoming coalition government in 2011.
These reforms were intended to deliver greater local decision making, including better engagement with clinicians, consumers, local communities, and other stakeholders in the primary care (such as general practitioners) and non-government sectors.
The reforms empowered LHDs by devolving some management and accountability from the Ministry for the delivery of health services in their area. LHDs were made accountable for meeting annual obligations under service agreements.
This audit assessed the efficiency and effectiveness of the governance arrangements for LHDs. We answered two questions:
- Are there clear roles, responsibilities and relationships between the Ministry of Health and LHDs and within LHDs?
- Does the NSW Health Performance Framework establish and maintain accountability, oversight and strategic guidance for LHDs?
- continued progress in moving toward patient experience, outcome, and quality and safety measures
- improving the Health Performance Framework document to ensure it is comprehensive, clear and specifies decision makers
- greater clarity in the nexus between underperformance and escalation decisions
- including governance-related performance measures
- more rigour in accountability for non-service activity functions, including consumer and community engagement
- ensuring that performance monitoring and intervention is consistent with the intent of devolution.
NSW Health is large and complex system, operating in a dynamic environment. The governance reforms introduced in 2011 were significant and it is reasonable that they take time to mature.
The main roles of LHDs and the Ministry are clear and well-understood, and there is good collaboration between different parts of the system. This provides a sound foundation on which to further mature the governance arrangements of LHDs.
While the broad roles of LHDs, their boards, and the Ministry are well understood by stakeholders in the system, there are matters of detail and complexity that create ambiguity and uncertainty, including:
- the roles and relationships between the LHDs and the Pillars
- to what extent LHDs have discretion to pursue innovation
- individual responsibility and obligations between chairs, boards, executive staff, and the Ministry.
These should be addressed collaboratively between boards, their executives, and the Ministry, and should be informed by a statement of principles that guides how devolved decision making should be implemented.
Better clinician engagement in health service decision making was a key policy driver for devolution. Priority should be given by LHDs and the Ministry to ensuring that clinicians are adequately engaged in LHD decision making. It appears that in many cases they are not, and this needs to be addressed.
The quality of board decision making depends on the information they are provided and their capacity to absorb and analyse that information. More can be done to promote good decision making by improving the papers that go to boards, and by ensuring that board members are well positioned to absorb the information provided. This includes ensuring that the right type and volume of information are provided to boards, and that members and executive managers have adequate data literacy skills to understand the information.
Recommendations
- By December 2019, the Ministry of Health should:
- work with LHDs to identify and overcome barriers that are limiting the appropriate engagement of clinicians in decision making in LHDs
- develop a statement of principles to guide decision making in a devolved system
- provide clarity on the relationship of the Agency for Clinical Innovation and the Clinical Excellence Commission to the roles and responsibilities of LHDs.
- By June 2020, LHDs boards, supported where appropriate by the Ministry of Health, should address the findings of this performance audit to ensure that local practices and processes support good governance, including:
- providing timely and consistent induction; training; and reviews of boards, members and charters
- ensuring that each board's governance and oversight of service agreements is consistent with their legislative functions
- improving the use of performance information to support decision making by boards and executive managers.
This cultural shift has achieved greater recognition of the importance of transparency in how well LHDs perform. However, as NSW Health is a large, complex and dynamic system, it is important that these accountability and oversight mechanisms continue to evolve to ensure that they are sufficiently robust to support good governance.
There are areas where accountability and oversight can be improved including:
- continued progress in moving toward patient experience, outcome and value-based measures
- improving the Health Performance Framework document to ensure it is comprehensive, clear and specifies decision makers
- greater clarity in the nexus between underperformance and escalation decisions
- by adding governance-related performance measures to service agreements
- more rigour in accountability for non-service activity functions, such as consumer and community engagement
- ensuring that performance monitoring and intervention is consistent with the intent of devolution.
Recommendations
3. By June 2020, the Ministry of Health should improve accountability and oversight mechanisms by:
a) revising the Health Performance Framework so that it is a cohesive and comprehensive document
b) clarifying processes and decision making for managing performance concerns
c) developing a mechanism to adequately hold LHDs accountable for non-service activity functions
d) reconciling performance monitoring and intervention with the policy intent of devolution.
Appendix one - Response from agency
Appendix two - Functions of a Local Health District
Appendix three - Functions of a Local Health District Board
Appendix four - Routine performance monitoring and reporting
Appendix five - Escalation model for the NSW Health Performance Framework
Appendix six - About the audit
Appendix seven - Performance auditing
Parliamentary Reference: Report number #316 - released 18 April 2019
Internal Controls and Governance 2017
Agencies need to do more to address risks posed by information technology (IT).
Effective internal controls and governance systems help agencies to operate efficiently and effectively and comply with relevant laws, standards and policies. We assessed how well agencies are implementing these systems, and highlighted opportunities for improvement.
1. Overall trends
|
New and repeat findings |
The number of reported financial and IT control deficiencies has fallen, but many previously reported findings remain unresolved. |
|
High risk findings |
Poor systems implementations contributed to the seven high risk internal control deficiencies that could affect agencies. |
|
Common findings |
Poor IT controls are the most commonly reported deficiency across agencies, followed by governance issues relating to cyber security, capital projects, continuous disclosure, shared services, ethics and risk management maturity. |
2. Information Technology
|
IT security |
Only two-thirds of agencies are complying with their own policies on IT security. Agencies need to tighten user access and password controls. |
|
Cyber security |
Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
|
Other IT systems |
Agencies can improve their disaster recovery plans and the change control processes they use when updating IT systems. |
3. Asset Management
|
Capital investment |
Agencies report delays delivering against the significant increase in their budgets for capital projects. |
|
Capital projects |
Agencies are underspending their capital budgets and some can improve capital project governance. |
|
Asset disposals |
Eleven per cent of agencies were required to sell their real property through Property NSW but didn’t. And eight per cent of agencies can improve their asset disposal processes. |
4. Governance
|
Governance arrangements |
Sixty-four per cent of agencies’ disclosure policies support communication of key performance information and prompt public reporting of significant issues. |
|
Shared services |
Fifty-nine per cent of agencies use shared services, yet 14 per cent do not have service level agreements in place and 20 per cent can strengthen the performance standards they set. |
5. Ethics and Conduct
|
Ethical framework |
Agencies can reinforce their ethical frameworks by updating code‑of‑conduct policies and publishing a Statement of Business Ethics. |
|
Conflicts of interest |
All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
6. Risk Management
|
Risk management maturity |
All agencies have implemented risk management frameworks, but with varying levels of maturity. |
|
Risk management elements |
Many agencies can improve risk registers and strengthen their risk culture, particularly in the way that they report risks to their lead agency. |
This report covers the findings and recommendations from our 2016–17 financial audits related to the internal controls and governance of the 39 largest agencies (refer to Appendix three) in the NSW public sector. These agencies represent about 95 per cent of total expenditure for all NSW agencies and were considered to be a large enough group to identify common issues and insights.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2017 cluster financial audit reports tabled in Parliament from October to December 2017.
This new report offers strategic insight on the public sector as a whole
In previous years, we have commented on internal control and governance issues in the volumes we published on each ‘cluster’ or agency sector, generally between October and December. To add further value, we then commented more broadly about the issues identified for the public sector as a whole at the start of the following year.
This year, we have created this report dedicated to internal controls and governance. This will help Parliament to understand broad issues affecting the public sector, and help agencies to compare their own performance against that of their peers.
Without strong control measures and governance systems, agencies face increased risks in their financial management and service delivery. If they do not, for example, properly authorise payments or manage conflicts of interest, they are at greater risk of fraud. If they do not have strong information technology (IT) systems, sensitive and trusted information may be at risk of unauthorised access and misuse.
These problems can in turn reduce the efficiency of agency operations, increase their costs and reduce the quality of the services they deliver.
Our audits do not review every control or governance measure every year. We select a range of measures, and report on those that present the most significant risks that agencies should mitigate. This report divides these into the following six areas:
- Overall trends
- Information technology
- Asset management
- Governance
- Ethics and conduct
- Risk management.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume then illustrates this year’s controls and governance findings in more detail.
|
Issues |
Recommendations |
|
1.1 New and repeat findings |
|
|
The number of internal control deficiencies reduced over the past three years, but new higher-risk information technology (IT) control deficiencies were reported in 2016–17. Deficiencies repeated from previous years still make up a sizeable proportion of all internal control deficiencies. |
Recommendation Agencies should focus on emerging IT risks, but also manage new IT risks, reduce existing IT control deficiencies, and address repeat internal control deficiencies on a more timely basis. |
|
1.2 High risk findings |
|
|
We found seven high risk internal control deficiencies, which might significantly affect agencies. |
Recommendation Agencies should rectify high risk internal control deficiencies as a priority |
|
1.3 Common findings |
|
|
The most common internal control deficiencies related to poor or absent IT controls. We found some common governance deficiencies across multiple agencies. |
Recommendation Agencies should coordinate actions and resources to help rectify common IT control and governance deficiencies. |
Information technology (IT) has become increasingly important for government agencies’ financial reporting and to deliver their services efficiently and effectively. Our audits reviewed whether agencies have effective controls in place over their IT systems. We found that IT security remains the source of many control weakness in agencies.
| Issues | Recommendations |
2.1 IT security |
|
|
User access administration While 95 per cent of agencies have policies about user access, about two-thirds were compliant with these policies. Agencies can improve how they grant, change and end user access to their systems. |
Recommendation Agencies should strengthen user access administration to prevent inappropriate access to sensitive systems. Agencies should:
|
|
Privileged access Sixty-eight per cent of agencies do not adequately manage who can access their information systems, and many do not sufficiently monitor or restrict privileged access. |
Recommendation Agencies should tighten privileged user access to protect their information systems and reduce the risks of data misuse and fraud. Agencies should ensure they:
|
|
Password controls Forty-one per cent of agencies did not meet either their own standards or minimum standards for password controls. |
Recommendation Agencies should review and enforce password controls to strengthen security over sensitive systems. As a minimum, password parameters should include:
|
2.2 Cyber Security |
|
|
Cyber security framework Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
Recommendation The Department of Finance, Services and Innovation should revisit its existing framework to develop a shared cyber security terminology and strengthen the current reporting requirements for cyber incidents. |
|
Cyber security strategies While 82 per cent of agencies have dedicated resources to address cyber security, they can strengthen their strategies, expertise and staff awareness. |
Recommendations The Department of Finance, Services and Innovation should:
Agencies should ensure they adequately resource staff dedicated to cyber security. |
2.3 Other IT systems |
|
|
Change control processes Some agencies need to improve change control processes to avoid unauthorised or inaccurate system changes. |
Recommendation Agencies should consistently perform user acceptance testing before system upgrades and changes. They should also properly approve and document changes to IT systems. |
|
Disaster recovery planning Agencies can do more to adequately assess critical business systems to enforce effective disaster recovery plans. This includes reviewing and testing their plans on a timely basis. |
Recommendation Agencies should complete business impact analyses to strengthen disaster recovery plans, then regularly test and update their plans. |
Agency service delivery relies on developing and renewing infrastructure assets such as schools, hospitals, roads, or public housing. Agencies are currently investing significantly in new assets. Agencies need to manage the scale and volume of current capital projects in order to deliver new infrastructure on time, on budget and realise the intended benefits. We found agencies can improve how they:
- manage their major capital projects
- dispose of existing assets.
| Issues | Recommendations or conclusions |
3.1 Capital investment |
|
|
Capital asset investment ratios Most agencies report high capital investment ratios, but one-third of agencies’ capital investment ratios are less than one. |
Recommendation Agencies with high capital asset investment ratios should ensure their project management and delivery functions have the capacity to deliver their current and forward work programs. |
|
Volume of capital spending Most agencies have significant forward spending commitments for capital projects. However, agencies’ actual capital expenditure has been below budget for the last three years. |
Conclusion The significant increase in capital budget underspends warrant investigation, particularly where this has resulted from slower than expected delivery of projects from previous years. |
3.2 Capital projects |
|
|
Major capital projects Agencies’ major capital projects were underspent by 13 percent against their budgets. |
Conclusion The causes of agency budget underspends warrant investigation to ensure the NSW Government’s infrastructure commitment is delivered on time. |
|
Capital project governance Agencies do not consistently prepare business cases or use project steering committees to oversee major capital projects. |
Conclusion Agencies that have project management processes that include robust business cases and regular updates to their steering committees (or equivalent) are better able to provide those projects with strategic direction and oversight. |
3.3. Asset disposals |
|
|
Asset disposal procedures Agencies need to strengthen their asset disposal procedures. |
Recommendations Agencies should have formal processes for disposing of surplus properties. Agencies should use Property NSW to manage real property sales unless, as in the case for State owned corporations, they have been granted an exemption. |
Governance refers to the high-level frameworks, processes and behaviours that help an organisation to achieve its objectives, comply with legal and other requirements, and meet a high standard of probity, accountability and transparency.
This chapter sets out the governance lighthouse model the Audit Office developed to help agencies reach best practice. It then focuses on two key areas: continuous disclosure and shared services arrangements. The following two chapters look at findings related to ethics and risk management.
| Issues | Recommendations or conclusions |
4.1 Governance arrangements |
|
|
Continuous disclosure Continuous disclosure promotes improved performance and public trust and aides better decision-making. Continuous disclosure is only mandatory for NSW Government Businesses such as State owned corporations. |
Conclusion Some agencies promote transparency and accountability by publishing on their websites a continuous disclosure policy that provides for, and encourages:
|
4.2 Shared services |
|
|
Service level agreements Some agencies do not have service level agreements for their shared service arrangements. Many of the agreements that do exist do not adequately specify controls, performance or reporting requirements. This reduces the effectiveness of shared services arrangements. |
Conclusion Agencies are better able to manage the quality and timeliness of shared service arrangements where they have a service level agreement in place. Ideally, the terms of service should be agreed before services are transferred to the service provider and:
|
|
Shared service performance Some agencies do not set performance standards for their shared service providers or regularly review performance results. |
Conclusion Agencies can achieve better results from shared service arrangements when they regularly monitor the performance of shared service providers using key measures for the benefits realised, costs saved and quality of services received. Before agencies extend or renegotiate a contract, they should comprehensively assess the services received and test the market to maximise value for money. |
All government sector employees must demonstrate the highest levels of ethical conduct, in line with standards set by The Code of Ethics and Conduct for NSW government sector employees.
This chapter looks at how well agencies are managing these requirements, and where they can improve their policies and processes.
We found that agencies mostly have the appropriate codes, frameworks and policies in place. But we have highlighted opportunities to improve the way they manage those systems to reduce the risks of unethical conduct.
| Issues | Recommendations or conclusions |
5.1 Ethical framework |
|
|
Code of conduct All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
Recommendation Agencies should regularly review their code-of-conduct policies and ensure they keep their codes of conduct up-to-date. |
|
Statement of business ethics Most agencies maintain an ethical framework, but some can enhance their related processes, particularly when dealing with external clients, customers, suppliers and contractors. |
Conclusion Agencies can enhance their ethical frameworks by publishing a Statement of Business Ethics, which communicates their values and culture. |
5.2 Potential conflicts of interest |
|
|
Conflicts of interest All agencies have a conflicts-of-interest policy, but most can improve how they identify, manage and avoid conflicts of interest. |
Recommendation Agencies should improve the way they manage conflicts of interest, particularly by:
|
|
Gifts and benefits While all agencies already have a formal gifts-and-benefits policy, we found gaps in the management of gifts and benefits by some that increase the risk of unethical conduct. |
Recommendation Agencies should improve the way they manage gifts and benefits by promptly updating registers and providing annual training to staff. |
Risk management is an integral part of effective corporate governance. It helps agencies to identify, assess and prioritise the risks they face and in turn minimise, monitor and control the impact of unforeseen events. It also means agencies can respond to opportunities that may emerge and improve their services and activities.
This year we looked at the overall maturity of the risk management frameworks that agencies use, along with two important risk management elements: risk culture and risk registers.
| Issues | Recommendations or conclusions |
6.1 Risk management maturity |
|
|
All agencies have implemented risk management frameworks, but with varying levels of maturity in their application. Agencies’ averaged a score of 3.1 out of five across five critical assessment criteria for risk management. While strategy and governance fared best, the areas that most need to improve are risk culture, and systems and intelligence. |
Conclusion Agencies have introduced risk management frameworks and practices as required by the Treasury’s:
However, more can be done to progress risk management maturity and embed risk management in agency culture. |
6.2 Risk management elements |
|
|
Risk culture Most agencies have started to embed risk management into the culture of their organisation. But only some have successfully done so, and most agencies can improve their risk culture.
|
Conclusion Agencies can improve their risk culture by:
|
|
Risk registers and reporting Some agencies do not report their significant risks to their lead agency, which may impair the way resources are allocated in their cluster. Some agencies do not integrate risk registers at a divisional and whole-of-enterprise level. |
Conclusion Agencies not reporting significant risks at the cluster level increases the likelihood that significant risks are not being mitigated appropriately. |
Effective risk management can improve agency decision-making, protect reputations and lead to significant efficiencies and cost savings. By embedding risk management directly into their operations, agencies can also derive extra value for their activities and services.
