What this report is about

NSW local councils provide a wide range of essential services and infrastructure to their communities and are increasingly reliant on digital technologies.

Councils need to manage cyber security risks to ensure their information, data and systems are appropriately safeguarded. Councils also need to be prepared to detect, respond and recover when a cyber security incident occurs.

The audit assessed how effectively three selected councils identified and managed cyber security risks.

The audit also included the Department of Planning, Housing and Infrastructure (Office of Local Government) and Department of Customer Service (Cyber Security NSW), due to their roles in providing guidance and support to local councils.

Audit findings

The audit found that the selected councils are not effectively identifying and managing cyber security risks. Each of the councils undertook activities to improve their cyber security during the audit period, but this audit found significant gaps in their cyber security risk management and cyber security processes.

Such gaps result in unmitigated risks to the security of information and assets which, if compromised, could impact their local communities, service delivery and public infrastructure.

Cyber Security NSW and the Office of Local Government recommend that councils adopt requirements in the Cyber Security Guidelines for Local Government, but could do more to monitor whether the Guidelines are enabling better cyber security risk management in the sector.

Audit recommendations

In summary, the councils should:

• integrate assessment and monitoring of cyber security risks into corporate governance processes
• self-assess their performance against Cyber Security NSW's guidelines for local government
• develop and implement a risk-based cyber security improvement plan and program of activities
• develop, implement and test a cyber incident response plan.

Cyber Security NSW and the Office of Local Government should regularly consult on cyber security risks facing local government, and review the effectiveness of guidelines and related resources for the sector.

While this report focuses on the performance of the selected councils, the findings and recommendations should be considered by all councils to better understand their risks and challenges relevant to managing cyber security risks.

Read the PDF report

Parliamentary reference - Report number #392- released 26 March 2024

What this report is about

Results of the local government sector financial statement audits for the year ended 30 June 2023.

Findings

Unqualified audit opinions were issued for 85 councils, eight county councils and 12 joint organisations.

Qualified audit opinions were issued for 36 councils due to non-recognition of rural firefighting equipment vested under section 119(2) of the Rural Fires Act 1997.

The audits of seven councils, one county council and one joint organisation remain in progress at the date of this report due to significant accounting issues.

Fifty councils, county councils and joint organisations missed the statutory deadline of submitting their financial statements to the Office of Local Government, within the Department of Planning, Housing and Infrastructure, by 31 October.

Audit management letters included 1,131 findings with 40% being repeat findings and 91 findings being high-risk. Governance, asset management and information technology continue to represent 65% of the key areas for improvement.

Fifty councils do not have basic governance and internal controls to manage cyber security.

Recommendations

To improve quality and timeliness of financial reporting, councils should:

• adopt early financial reporting procedures, including asset valuations
• ensure integrity and completeness of asset source records
• perform procedures to confirm completeness, accuracy and condition of vested rural firefighting equipment.

To improve internal controls, councils should:

• track progress of implementing audit recommendations, and prioritise high-risk repeat issues
• continue to focus on cyber security governance and controls.

Read the PDF report

What this report is about

In this report, we present findings and recommendations relevant to regulation from selected reports between 2018 and 2024.

This analysis includes performance audits, compliance audits and the outcomes of financial audits.

Effective regulation is necessary to ensure compliance with the law as well as to promote positive social and economic outcomes and minimise risks with certain activities.

The report is a resource for public sector leaders. It provides insights into the challenges and opportunities for more effective regulation.

Audit findings

The analysis of findings and recommendations is structured around four key themes related to effective regulation:

• governance and accountability
• processes and procedures
• data and information management
• support and guidance.

The report draws from this analysis to present insights for agencies to promote effective regulation. It also includes relevant examples from recent audit reports.

In this report, we also draw out insights for agencies that provide a public sector stewardship role.

The report highlights the need for agencies to communicate a clear regulatory approach. It also emphasises the need to have a consistent regulatory approach, supported by robust information about risks and accompanied with timely and proportionate responses.

The report highlights the need to provide relevant support to regulated parties to facilitate compliance and the importance of transparency through reporting of meaningful regulatory information.

Read the PDF report

What this report is about

Results of the Regional NSW financial statements audits for the year ended 30 June 2023.

What we found

Unqualified audit opinions were issued on all completed audits in the Regional NSW portfolio agencies.

The number of monetary misstatements identified in our audits increased from 28 in 2021–22 to 30 in 2022–23.

What the key issues were

Effective 1 July 2023, staff employed in the Northern Rivers Reconstruction Corporation Division of the Department of Regional NSW transferred to the NSW Reconstruction Authority Staff Agency.

The Regional NSW portfolio agencies were migrated into a new government wide enterprise resourcing planning system.

The total number of audit management letter findings across the portfolio of agencies decreased from 36 to 23.

A high risk matter was raised for the NSW Food Authority to improve the internal controls in the information technology environment including monitoring and managing privilege user access.

What we recommended

Local Land Services should prioritise completing all mandatory early close procedures.

Portfolio agencies should:

• ensure any changes to employee entitlements are assessed for their potential financial statements impact under the relevant Australian Accounting Standards
• prioritise and address internal control deficiencies identified in audit management letters.

This report provides Parliament and other users of the Regional NSW portfolio of agencies financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Regional NSW portfolio of agencies (the portfolio) for 2023.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Regional NSW portfolio.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What this report is about

Results of the Premier and Cabinet portfolio of agencies' financial statement audits for the year ended 30 June 2023.

What we found

Unqualified audit opinions were issued for all Premier and Cabinet portfolio agencies.

What the key issues were

The Administrative Arrangements Orders, effective 1 July 2023, changed the name of the Department of Premier and Cabinet to the Premier's Department and transferred parts of Department of Premier and Cabinet to The Cabinet Office.

The number of monetary misstatements identified in our audits decreased from 15 in 2021–22 to 12 in 2022–23.

The total number of management letter findings across the portfolio of agencies increased from ten in 2021–22 to 20 in 2022–23.

Thirty per cent of all issues were repeat issues. The most common repeat issues related to deficiencies in controls over financial reporting.

What we recommended

Portfolio agencies should:

• ensure any changes to employee entitlements are assessed for their potential financial statements impact under the relevant Australian Accounting Standards
• prioritise and address internal control deficiencies identified in Audit Office management letters.

This report provides Parliament and other users of the Premier and Cabinet portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Premier and Cabinet portfolio of agencies (the portfolio) for 2023.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Premier and Cabinet portfolio.

Appendix one – Early close procedures

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What this report is about

Results of the Stronger Communities financial statement audits for the year ended 30 June 2023.

What we found

Unqualified audit opinions were issued on all completed Stronger Communities portfolio agencies.

Machinery of government changes during the year returned the sports-related agencies to the Stronger Communities portfolio.

Resilience NSW was abolished on 16 December 2022 with most of its functions transferred to the newly created NSW Reconstruction Authority.

The Trustee for the First Australian Mortgage Acceptance Corporation (FANMAC) is a prescribed entity under the Government Sector Finance Regulation 2018. The Trustee should have presented the FANMAC's financial statements for audit after it became a GSF agency on 1 July 2020.

The number of monetary misstatements identified in our audits decreased from 42 in 2021–22 to 29 in 2022–23.

What the key issues were

In 2022–23, agencies in the portfolio recorded net revaluation uplifts to land and buildings totalling $643 million.

Out of home care and permanency support grant expenditure has increased by 27% since 2019–20. An upcoming performance audit report will focus on the timeliness and quality of the child protection services provided by the department and its non-government service providers.

A high-risk matter was raised for the department over segregation of duties deficiencies in the Justice Link system.

Four high-risk matters reported in 2021–22 have been resolved.

Thirty-three agencies were onboarded into a new government-wide enterprise resource planning system. Additional agencies will be onboarded in three tranches from April 2024 through to October 2024.

What we recommended

Portfolio agencies should:

• ensure any changes to employee entitlements are assessed for their financial statement impact under the relevant Australian Accounting Standards
• prioritise and address internal control deficiencies identified in our management letters.

This report provides Parliament and other users of the Stronger Communities portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities portfolio of agencies (the portfolio) for 2023.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities portfolio.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

This report is about

Results of the local government sector financial statement audits for the year ended 30 June 2022.

What we found

Unqualified audit opinions were issued for 83 councils, 11 joint organisations and nine county councils' financial statements.

The financial audits for two councils and two joint organisations are in progress due to accounting issues.

Fifty-seven councils and joint organisations (2021: 41) required extensions to submit their financial statements to the Office of Local Government (OLG), within the Department of Planning and Environment (the department).

The audit opinion on Kiama Municipal Council's 30 June 2021 financial statements was disclaimed due to deficient books and records.

Qualified audit opinions were issued on 43 councils' financial statements due to non-recognition of rural firefighting equipment vested under section 119 (2) of the Rural Fires Act 1997. Forty-seven councils appropriately recognised this equipment.

What we recommended

Consistent with the NSW Government's accounting position and the department's role of assessing councils' compliance with legislative responsibilities, standards or guidelines, the department should intervene where councils do not recognise vested rural firefighting equipment.

The key issues

There were 1,045 audit findings reported to councils in audit management letters, with 52% being unresolved from prior years.

What we recommended

Councils need to track progress of implementing audit recommendations, giving priority to high-risk and repeat issues.

Ninety-three high-risk matters were identified across the sector mainly relating to asset management, information technology, financial accounting and council governance procedures.

Asset valuations

Audit management letters reported 267 findings relating to asset management. Fifty-three councils had deficiencies in processes that ensure assets are fairly stated.

What we recommended

Councils need to complete timely asset valuations (repeat recommendation).

Integrity and completeness of asset source records

Fifty-two councils had weak processes over the integrity of fixed asset registers.

What we recommended

Councils need to improve controls that ensure integrity of asset records (repeat recommendation).

Cybersecurity

Our audits found that 47% of councils did not have a cyber security plan.

What we recommended

All councils need to prioritise creation of a cyber security plan to ensure data and assets are safeguarded.

Pursuant to the Local Government Act 1993 I am pleased to present my Auditor-General's report on Local Government 2022. My report provides the results of the 2021–22 financial audits of 126 councils, 11 joint organisations and nine county councils. The audits for two councils and two joint organisations are in progress due to significant accounting issues.

Unqualified audit opinions were issued for 83 councils, 11 joint organisations and nine county councils' 2021–22 financial statements. The statements for 43 councils were qualified due to non-recognition of rural firefighting equipment vested under section 119 (2) of the Rural Fires Act 1997. And the audit opinion on Kiama Municipal Council's 30 June 2021 financial statements was disclaimed due to deficiencies in books and records.

This year has again been challenging for many New South Wales local councils still recovering from the impact of emergency events and facing cost and resourcing pressures. We appreciate the efforts of council staff and management in meeting their financial reporting obligations. We share a mutual interest in raising the standard of financial management in this sector, and the importance of accurate and transparent reporting.

Disappointingly, accounting for the value of rural firefighting equipment vested in councils continued to be an unnecessary distraction and resulted in 43 councils having their financial statements qualified. We continue to recommend that the Office of Local Government should intervene where councils fail to comply with Australian Accounting Standards by not recognising assets vested to them under section 119(2) of the Rural Fires Act 1997.

Sound financial management is critical to councils' ability to instil trust and properly serve their communities. The recommendations in this report are intended to further improve their financial management and reporting capability, and encourage sound governance arrangements and cyber resilience. I am committed to continuing this work with councils in the 2022–23 year and beyond.

Margaret Crawford PSM

Auditor-General for New South Wales

Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines audit observations related to the financial reporting audit results of councils and joint organisations.

A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations, and support ethical government.

This chapter outlines the overall trends in governance and internal controls across councils and joint organisations in 2021–22.

Financial audits focus on key governance matters and internal controls supporting the preparation of councils’ financial statements. Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues are reported to management and those charged with governance through audit management letters. These letters include our observations, related implications, recommendations and risk ratings.

Total number of findings reported in audit management letters decreased

The following shows the overall findings of the 2021–22 audits reported in management letters compared with the previous year.

Appendix one – Response from the Office of Local Government within the Department of Planning and Environment

Appendix two – Status of audits

Appendix three – Councils received qualified audit opinions

Appendix four – Common reasons for council extensions

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What the report is about

Cyber Security NSW is part of the Department of Customer Service, and aims to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats.

This audit assessed the effectiveness of Cyber Security NSW's arrangements in contributing to the NSW Government's commitments under the NSW Cyber Security Strategy, in particular, increasing the NSW Government's cyber resiliency. The audit asked:

• Are internal planning and governance processes in place to support Cyber Security NSW meet its objectives? 
• Are Cyber Security NSW's roles and responsibilities defined and understood across the public sector?

What we found

Cyber Security NSW has a clear purpose that is in line with wider government policy and objectives. However, it does not clearly and consistently communicate its key objectives, with too few reliable and meaningful ways of measuring progress toward those objectives.

Cyber Security NSW does not provide adequate assurance of the cyber security maturity self assessments performed by NSW Government agencies. Department heads are accountable for ensuring their agency's compliance with NSW government policy.

Cyber Security NSW has a remit to assist local government to improve cyber resilience. However, it cannot mandate action and does not have a strategic approach guiding its efforts.

What we recommended

By 30 June 2023 the Department of Customer Service should:

1. implement an approach that provides reasonable assurance that NSW government agencies are assessing and reporting their compliance with the NSW Government Cyber Security Policy in a manner that is consistent and accurate
2. ensure that Cyber Security NSW has a strategic plan that clearly demonstrates how the functions and services provided by Cyber Security NSW contribute to meeting its purpose and achieving NSW government outcomes
3. ensure that Cyber Security NSW has a detailed, complete and accessible catalogue of services available to agencies and councils
4. develop a comprehensive engagement strategy and plan for the local government sector, including councils, government bodies, and other relevant stakeholders. 

The NSW Cyber Security Strategy details a vision for ‘…NSW to become a world leader in cyber security, protecting, growing, and advancing our digital economy’. Cyber Security NSW, located within the Department of Customer Service, has lead responsibility for one of the four commitments in the strategy: to increase the NSW Government’s cyber resilience.

Cyber Security NSW ‘aims to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats’. It does not provide broader consumer-focused services.

In August 2020, the NSW Government approved a business case to enhance the funding and remit of Cyber Security NSW to include a broader range of services and functions. As a result, Cyber Security NSW is receiving $60 million in funding from 2020–21 to 2022–23, an increase from its previous funding of around $5 million per year (which had been sourced from contributions from each NSW Government department).

The objective of this performance audit was to assess the effectiveness of Cyber Security NSW’s arrangements in contributing to the NSW Government’s commitments under the NSW Cyber Security Strategy, in particular, to increase the NSW Government’s cyber resilience.

We assessed this objective through two lines of inquiry:

1. Are internal planning and governance processes in place to support Cyber Security NSW meet its objectives?
2. Are Cyber Security NSW roles and responsibilities defined and understood across the public sector?

The Audit Office of New South Wales has reported on the topic of cyber security previously. Most recently, the Internal Controls and Governance 2022 report included findings and recommendations relating to cyber security internal controls and governance at 25 of the largest agencies in the NSW public sector. While that report is multi-agency and sought to assess the level of cyber security attained in selected agencies, this current performance audit report focuses specifically on Cyber Security NSW and how well-equipped it is to meet its whole-of-government cyber security leadership and coordination roles.

Cyber security is an evolving landscape where the nature and scale of threats are increasing. The Australian Cyber Security Centre (ACSC), the Australian Government lead agency for cyber security, reported in its in 2020–21 annual report that it received over 67,500 cybercrime reports, equating to one report of a cyber attack every eight minutes, with no sector of the economy or type of government agency immune.

Citizens of NSW are increasingly accessing online government services in this context, providing different types of sensitive personal information. This reliance and transition to digital services has increased in recent times, particularly during the COVID-19 pandemic. The NSW Legislative Council’s Portfolio Committee (the Committee) noted in the March 2021 inquiry report into cyber security in NSW that ‘a failure to get cyber security right in New South Wales represents a significant risk to the State’s economy, business and community, and will affect public trust in government’.

The Committee noted that sound cyber security practices across NSW Government agencies, which Cyber Security NSW was established to drive, will enable the State and community to leverage opportunities from the digital world. Indeed, NSW aims to become a world leader in cyber security by protecting, growing and advancing the digital economy.

Establishment of Cyber Security NSW

Prior to the establishment of Cyber Security NSW, the Office of the Government Chief Information Security Officer was responsible for cyber security across the NSW government sector. This role was announced in March 2017 and was tasked with ‘identifying areas of high risk of attack, and working across NSW agencies to share intelligence, facilitate minimum security standards, and ultimately ensure that citizens can trust in the NSW Government’s delivery of digital transformation’. At the time of this appointment, the Minister for Customer Service and Digital Government stated that ‘cyber security and risk has emerged as one of the most high-profile, borderless and rapidly evolving risks facing government’.

The Office of the Government Chief Information Security Officer was renamed on 20 May 2019 to Cyber Security NSW. Governance updates at the time note that this was undertaken to ‘better reflect the leadership and coordination role required to uplift cyber security and decision-making across NSW Government’. The establishment of Cyber Security NSW was also partly in response to the Audit Office of New South Wales 2018 performance audit report on ‘Detecting and Responding to Cyber Security Incidents’. That audit found that there was no whole-of-government capability to detect and respond effectively to cyber security incidents. Cyber Security NSW is relatively new and is established as a branch within the Department of Customer Service (DCS).

The Office of the Government Chief Information Security Officer, and subsequently Cyber Security NSW, was initially funded through a levy imposed on clusters. Funding arrangements for Cyber Security NSW changed with the announcement in August 2020 of $240 million over three years for the stated purpose of bolstering the NSW Government’s cyber security capability and creating a world leading cyber industry. This funding included direct investment of $60 million from 2020–21 to 2022–23 for Cyber Security NSW to increase its capability and capacity, with the size of the team at the time expected to grow from 25 to 100 staff. In announcing this funding, the Minister for Customer Service and Digital Government stated that ‘…this is the biggest single cyber security investment in national history and will strengthen the government's capacity to detect and respond to the fast-moving cyber threat landscape’.

Cyber Security NSW is divided into two directorates, with one directorate having a focus on operations, and the other on policy and awareness. In turn, there are seven teams within the two directorates. As at March 2022, Cyber Security NSW had 76 ongoing positions filled, five contractors and 22 vacancies.

Cyber Security NSW states that its aim ‘…is to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats. By building a stronger cyber resilience across whole-of-government, Cyber Security NSW is able to support the economic growth prosperity and efficiency of NSW’.

NSW Government Cyber Security Strategy

The NSW Government Cyber Security Strategy was released in September 2018 to ‘…guide and inform the safe management of government’s growing cyber footprint’. The 2018 Cyber Security Strategy also set out an action plan with success criteria against each of the six themes of the NSW cyber security framework. Based on a framework from the US National Institute of Standards and Technology (NIST), these themes are:

• lead
• prepare
• prevent
• detect 
• respond 
• recover.

The Strategy was revised in 2021 and combined with the Cyber Security Industry Development Strategy. The aim of this current strategy is to ‘…outline the key strategic objectives, guiding principles, and high-level focus areas that the NSW Government will use to align existing and future programs of work’. The strategy includes four NSW Government commitments to:

• increase NSW Government cyber resiliency
• help NSW cyber security businesses grow
• enhance cyber security skills and workforce 
• support cyber security research and innovation.

Cyber Security NSW has responsibility as ‘lead agency’ on the first commitment. This role requires it to set commitment objectives and focus areas for the strategy and provide central leadership and coordination of programs and initiatives.

NSW Government Cyber Security Policy

The NSW Government’s Cyber Security Policy was released in February 2019, replacing the former Digital Information Security Policy. All NSW Government agencies must comply with the Cyber Security Policy, and it was recommended for adoption by State Owned Corporations (SOC), local councils, and universities.

The current version of the Cyber Security Policy sets out a range of mandatory requirements for agencies, including: 

• annual reporting of their self-assessed levels of maturity against all the mandatory requirements of the Policy and the Australian Cyber Security Centre’s ‘Essential Eight’ requirements 
• that agencies must provide a list of their ‘crown jewels’ and high and extreme risks to their cluster Chief Information Security Officer (CISO).

The Policy sets out that Cyber Security NSW:

• may assist agencies with their implementation of the Policy with an FAQ document and guidelines on several cyber security topics
• will summarise the maturity reports provided by agencies and provide the results to the relevant governance bodies including the Cyber Security Steering Group, Secretaries’ Board, relevant committees of Cabinet, Cyber Security Senior Officers’ Group, and the ICT and Digital Leadership Group, as well as use these reports to identify common themes and areas for improvement across NSW Government.

As discussed further in Chapter 3, a mandatory guideline issued by the Secretary of the Department of Customer Service in 2020 established that departments and agencies will be subject to audits by Cyber Security NSW. This is to test compliance with the Cyber Security Policy and report these outcomes to the Secretaries’ Board.

This chapter considers whether the Department of Customer Service has a strategic plan for Cyber Security NSW that includes a consistent hierarchy of priorities, which are then reflected in workplans, and inform decisions about specific functions and activities. It also considers whether:

• there was a sound, evidence-based rationale for why Cyber Security NSW was established
• the specific services and functions Cyber Security NSW provides are adequately targeted to agency and council needs
•  there is adequate performance assessment of how the services and functions performed by Cyber Security NSW contribute to uplifting cyber maturity and increasing cyber resilience.

This chapter considers the distribution of responsibility for cyber security in the NSW public sector, as well as whether the responsibilities and roles of Cyber Security NSW are clear and understood by agencies and councils. It also considers whether Cyber Security NSW has sufficient authority and mandate to fulfill its responsibilities for both NSW Government agencies and the local government sector.

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #374 - released 8 February 2023

What the report is about

Results of the Stronger Communities cluster agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unqualified audit opinions were issued on all completed 30 June 2022 financial statement audits. One audit is ongoing.

All 13 cluster agencies that have accommodation arrangements with Property NSW derecognised right-of-use assets and lease liabilities of $917 million and $1 billion respectively. The agencies also collectively recorded a gain on derecognition of $136 million.

The Department of Communities and Justice (the department) assumed the responsibility for delivery of the Process and Technology Harmonisation program from the Department of Customer Service. In 2021–22, the department incurred costs of $42.8 million in relation to the project, which remains ongoing.

The number of monetary misstatements identified during the audits decreased from 50 in 2020–21 to 48 in 2021–22.

What the key issues were

Six of the 15 cluster agencies required to submit 2021–22 mandatory early close procedures did not meet the statutory deadlines. One agency did not complete all mandatory procedures.

Five high-risk findings were identified in 2021–22. They related to deficiencies in:

• user access administration at the department, NSW Rural Fire Service and New South Wales Aboriginal Land Council (NSWALC)
• segregation of duties at the NSW Trustee and Guardian and NSWALC.

Recommendations were made to those agencies to address these control deficiencies.

This report provides Parliament and other users of the Stronger Communities cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster (the cluster) for 2022.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What the report is about

Result of the Premier and Cabinet cluster financial statement audits for the year ended 30 June 2022. 

What we found

Unmodified audit opinions were issued for all Premier and Cabinet cluster agencies.

The machinery of government changes within the Premier and Cabinet cluster resulted in the transfer of net assets of $1 billion from the Department of Premier and Cabinet.

The Department of Premier and Cabinet, Public Service Commission and Parliamentary Counsel's Office accepted changes to their office leasing arrangements managed by Property NSW. These changes resulted in the collective de-recognition of $167.3 million of right-of-use assets, $225.1 million in lease liabilities and recognition of $47.8 million of other gains/losses. 

What the key issues were

The number of issues we reported to management decreased. 

Forty per cent of issues were repeated from the prior year.

Four moderate risk issues were reported in the management letters for Department of Premier and Cabinet and New South Wales Electoral Commission. Three out of the four moderate risk issues were repeat issues. 

The repeat issues related to internal control deficiencies in agencies' including lack of updated procurement policies and procedures and information technology general controls.

This report provides Parliament and other users of the Premier and Cabinet’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Premier and Cabinet cluster for 2022.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Premier and Cabinet cluster.

Appendix one – Early close procedures

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.