Reports
Actions for Internal Controls and Governance 2017
Internal Controls and Governance 2017
Agencies need to do more to address risks posed by information technology (IT).
Effective internal controls and governance systems help agencies to operate efficiently and effectively and comply with relevant laws, standards and policies. We assessed how well agencies are implementing these systems, and highlighted opportunities for improvement.
1. Overall trends
New and repeat findings |
The number of reported financial and IT control deficiencies has fallen, but many previously reported findings remain unresolved. |
High risk findings |
Poor systems implementations contributed to the seven high risk internal control deficiencies that could affect agencies. |
Common findings |
Poor IT controls are the most commonly reported deficiency across agencies, followed by governance issues relating to cyber security, capital projects, continuous disclosure, shared services, ethics and risk management maturity. |
2. Information Technology
IT security |
Only two-thirds of agencies are complying with their own policies on IT security. Agencies need to tighten user access and password controls. |
Cyber security |
Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
Other IT systems |
Agencies can improve their disaster recovery plans and the change control processes they use when updating IT systems. |
3. Asset Management
Capital investment |
Agencies report delays delivering against the significant increase in their budgets for capital projects. |
Capital projects |
Agencies are underspending their capital budgets and some can improve capital project governance. |
Asset disposals |
Eleven per cent of agencies were required to sell their real property through Property NSW but didn’t. And eight per cent of agencies can improve their asset disposal processes. |
4. Governance
Governance arrangements |
Sixty-four per cent of agencies’ disclosure policies support communication of key performance information and prompt public reporting of significant issues. |
Shared services |
Fifty-nine per cent of agencies use shared services, yet 14 per cent do not have service level agreements in place and 20 per cent can strengthen the performance standards they set. |
5. Ethics and Conduct
Ethical framework |
Agencies can reinforce their ethical frameworks by updating code‑of‑conduct policies and publishing a Statement of Business Ethics. |
Conflicts of interest |
All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
6. Risk Management
Risk management maturity |
All agencies have implemented risk management frameworks, but with varying levels of maturity. |
Risk management elements |
Many agencies can improve risk registers and strengthen their risk culture, particularly in the way that they report risks to their lead agency. |
This report covers the findings and recommendations from our 2016–17 financial audits related to the internal controls and governance of the 39 largest agencies (refer to Appendix three) in the NSW public sector. These agencies represent about 95 per cent of total expenditure for all NSW agencies and were considered to be a large enough group to identify common issues and insights.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2017 cluster financial audit reports tabled in Parliament from October to December 2017.
This new report offers strategic insight on the public sector as a whole
In previous years, we have commented on internal control and governance issues in the volumes we published on each ‘cluster’ or agency sector, generally between October and December. To add further value, we then commented more broadly about the issues identified for the public sector as a whole at the start of the following year.
This year, we have created this report dedicated to internal controls and governance. This will help Parliament to understand broad issues affecting the public sector, and help agencies to compare their own performance against that of their peers.
Without strong control measures and governance systems, agencies face increased risks in their financial management and service delivery. If they do not, for example, properly authorise payments or manage conflicts of interest, they are at greater risk of fraud. If they do not have strong information technology (IT) systems, sensitive and trusted information may be at risk of unauthorised access and misuse.
These problems can in turn reduce the efficiency of agency operations, increase their costs and reduce the quality of the services they deliver.
Our audits do not review every control or governance measure every year. We select a range of measures, and report on those that present the most significant risks that agencies should mitigate. This report divides these into the following six areas:
- Overall trends
- Information technology
- Asset management
- Governance
- Ethics and conduct
- Risk management.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume then illustrates this year’s controls and governance findings in more detail.
Issues |
Recommendations |
1.1 New and repeat findings |
|
The number of internal control deficiencies reduced over the past three years, but new higher-risk information technology (IT) control deficiencies were reported in 2016–17. Deficiencies repeated from previous years still make up a sizeable proportion of all internal control deficiencies. |
Recommendation Agencies should focus on emerging IT risks, but also manage new IT risks, reduce existing IT control deficiencies, and address repeat internal control deficiencies on a more timely basis. |
1.2 High risk findings |
|
We found seven high risk internal control deficiencies, which might significantly affect agencies. |
Recommendation Agencies should rectify high risk internal control deficiencies as a priority |
1.3 Common findings |
|
The most common internal control deficiencies related to poor or absent IT controls. We found some common governance deficiencies across multiple agencies. |
Recommendation Agencies should coordinate actions and resources to help rectify common IT control and governance deficiencies. |
Information technology (IT) has become increasingly important for government agencies’ financial reporting and to deliver their services efficiently and effectively. Our audits reviewed whether agencies have effective controls in place over their IT systems. We found that IT security remains the source of many control weakness in agencies.
Issues | Recommendations |
2.1 IT security |
|
User access administration While 95 per cent of agencies have policies about user access, about two-thirds were compliant with these policies. Agencies can improve how they grant, change and end user access to their systems. |
Recommendation Agencies should strengthen user access administration to prevent inappropriate access to sensitive systems. Agencies should:
|
Privileged access Sixty-eight per cent of agencies do not adequately manage who can access their information systems, and many do not sufficiently monitor or restrict privileged access. |
Recommendation Agencies should tighten privileged user access to protect their information systems and reduce the risks of data misuse and fraud. Agencies should ensure they:
|
Password controls Forty-one per cent of agencies did not meet either their own standards or minimum standards for password controls. |
Recommendation Agencies should review and enforce password controls to strengthen security over sensitive systems. As a minimum, password parameters should include:
|
2.2 Cyber Security |
|
Cyber security framework Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
Recommendation The Department of Finance, Services and Innovation should revisit its existing framework to develop a shared cyber security terminology and strengthen the current reporting requirements for cyber incidents. |
Cyber security strategies While 82 per cent of agencies have dedicated resources to address cyber security, they can strengthen their strategies, expertise and staff awareness. |
Recommendations The Department of Finance, Services and Innovation should:
Agencies should ensure they adequately resource staff dedicated to cyber security. |
2.3 Other IT systems |
|
Change control processes Some agencies need to improve change control processes to avoid unauthorised or inaccurate system changes. |
Recommendation Agencies should consistently perform user acceptance testing before system upgrades and changes. They should also properly approve and document changes to IT systems. |
Disaster recovery planning Agencies can do more to adequately assess critical business systems to enforce effective disaster recovery plans. This includes reviewing and testing their plans on a timely basis. |
Recommendation Agencies should complete business impact analyses to strengthen disaster recovery plans, then regularly test and update their plans. |
Agency service delivery relies on developing and renewing infrastructure assets such as schools, hospitals, roads, or public housing. Agencies are currently investing significantly in new assets. Agencies need to manage the scale and volume of current capital projects in order to deliver new infrastructure on time, on budget and realise the intended benefits. We found agencies can improve how they:
- manage their major capital projects
- dispose of existing assets.
Issues | Recommendations or conclusions |
3.1 Capital investment |
|
Capital asset investment ratios Most agencies report high capital investment ratios, but one-third of agencies’ capital investment ratios are less than one. |
Recommendation Agencies with high capital asset investment ratios should ensure their project management and delivery functions have the capacity to deliver their current and forward work programs. |
Volume of capital spending Most agencies have significant forward spending commitments for capital projects. However, agencies’ actual capital expenditure has been below budget for the last three years. |
Conclusion The significant increase in capital budget underspends warrant investigation, particularly where this has resulted from slower than expected delivery of projects from previous years. |
3.2 Capital projects |
|
Major capital projects Agencies’ major capital projects were underspent by 13 percent against their budgets. |
Conclusion The causes of agency budget underspends warrant investigation to ensure the NSW Government’s infrastructure commitment is delivered on time. |
Capital project governance Agencies do not consistently prepare business cases or use project steering committees to oversee major capital projects. |
Conclusion Agencies that have project management processes that include robust business cases and regular updates to their steering committees (or equivalent) are better able to provide those projects with strategic direction and oversight. |
3.3. Asset disposals |
|
Asset disposal procedures Agencies need to strengthen their asset disposal procedures. |
Recommendations Agencies should have formal processes for disposing of surplus properties. Agencies should use Property NSW to manage real property sales unless, as in the case for State owned corporations, they have been granted an exemption. |
Governance refers to the high-level frameworks, processes and behaviours that help an organisation to achieve its objectives, comply with legal and other requirements, and meet a high standard of probity, accountability and transparency.
This chapter sets out the governance lighthouse model the Audit Office developed to help agencies reach best practice. It then focuses on two key areas: continuous disclosure and shared services arrangements. The following two chapters look at findings related to ethics and risk management.
Issues | Recommendations or conclusions |
4.1 Governance arrangements |
|
Continuous disclosure Continuous disclosure promotes improved performance and public trust and aides better decision-making. Continuous disclosure is only mandatory for NSW Government Businesses such as State owned corporations. |
Conclusion Some agencies promote transparency and accountability by publishing on their websites a continuous disclosure policy that provides for, and encourages:
|
4.2 Shared services |
|
Service level agreements Some agencies do not have service level agreements for their shared service arrangements. Many of the agreements that do exist do not adequately specify controls, performance or reporting requirements. This reduces the effectiveness of shared services arrangements. |
Conclusion Agencies are better able to manage the quality and timeliness of shared service arrangements where they have a service level agreement in place. Ideally, the terms of service should be agreed before services are transferred to the service provider and:
|
Shared service performance Some agencies do not set performance standards for their shared service providers or regularly review performance results. |
Conclusion Agencies can achieve better results from shared service arrangements when they regularly monitor the performance of shared service providers using key measures for the benefits realised, costs saved and quality of services received. Before agencies extend or renegotiate a contract, they should comprehensively assess the services received and test the market to maximise value for money. |
All government sector employees must demonstrate the highest levels of ethical conduct, in line with standards set by The Code of Ethics and Conduct for NSW government sector employees.
This chapter looks at how well agencies are managing these requirements, and where they can improve their policies and processes.
We found that agencies mostly have the appropriate codes, frameworks and policies in place. But we have highlighted opportunities to improve the way they manage those systems to reduce the risks of unethical conduct.
Issues | Recommendations or conclusions |
5.1 Ethical framework |
|
Code of conduct All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
Recommendation Agencies should regularly review their code-of-conduct policies and ensure they keep their codes of conduct up-to-date. |
Statement of business ethics Most agencies maintain an ethical framework, but some can enhance their related processes, particularly when dealing with external clients, customers, suppliers and contractors. |
Conclusion Agencies can enhance their ethical frameworks by publishing a Statement of Business Ethics, which communicates their values and culture. |
5.2 Potential conflicts of interest |
|
Conflicts of interest All agencies have a conflicts-of-interest policy, but most can improve how they identify, manage and avoid conflicts of interest. |
Recommendation Agencies should improve the way they manage conflicts of interest, particularly by:
|
Gifts and benefits While all agencies already have a formal gifts-and-benefits policy, we found gaps in the management of gifts and benefits by some that increase the risk of unethical conduct. |
Recommendation Agencies should improve the way they manage gifts and benefits by promptly updating registers and providing annual training to staff. |
Risk management is an integral part of effective corporate governance. It helps agencies to identify, assess and prioritise the risks they face and in turn minimise, monitor and control the impact of unforeseen events. It also means agencies can respond to opportunities that may emerge and improve their services and activities.
This year we looked at the overall maturity of the risk management frameworks that agencies use, along with two important risk management elements: risk culture and risk registers.
Issues | Recommendations or conclusions |
6.1 Risk management maturity |
|
All agencies have implemented risk management frameworks, but with varying levels of maturity in their application. Agencies’ averaged a score of 3.1 out of five across five critical assessment criteria for risk management. While strategy and governance fared best, the areas that most need to improve are risk culture, and systems and intelligence. |
Conclusion Agencies have introduced risk management frameworks and practices as required by the Treasury’s:
However, more can be done to progress risk management maturity and embed risk management in agency culture. |
6.2 Risk management elements |
|
Risk culture Most agencies have started to embed risk management into the culture of their organisation. But only some have successfully done so, and most agencies can improve their risk culture.
|
Conclusion Agencies can improve their risk culture by:
|
Risk registers and reporting Some agencies do not report their significant risks to their lead agency, which may impair the way resources are allocated in their cluster. Some agencies do not integrate risk registers at a divisional and whole-of-enterprise level. |
Conclusion Agencies not reporting significant risks at the cluster level increases the likelihood that significant risks are not being mitigated appropriately. |
Effective risk management can improve agency decision-making, protect reputations and lead to significant efficiencies and cost savings. By embedding risk management directly into their operations, agencies can also derive extra value for their activities and services.
Actions for Family and Community Services 2017
Family and Community Services 2017
The following report focuses on key observations and findings from the most recent audits of agencies in the Family and Community Services cluster.
The report includes a range of findings on service delivery. The Department of Family and Community Services' data indicates that family preservation programs are having a positive impact on children and young people entering statutory care. On the other hand, waiting times for social housing applicants increased in 2016-17.
1. Financial reporting and controls
Quality of financial reporting | Unqualified audit opinions were issued for all cluster agencies' financial statements. |
Timeliness of financial reporting | Agencies completed mandatory early close procedures and all but one agency submitted financial statements by the statutory deadline. |
Internal controls | The 2016–17 audits reported 29 internal control improvements to cluster agencies’ management. None of these findings were high risk. Eleven related to information technology control weaknesses in key financial business systems. |
2. Service Delivery
Commissioning | Non-government organisations (NGOs) received $2.6 billion in 2016–17 to deliver services. |
Children and young people |
The Department of Family and Community Services data indicates that family preservation programs are reducing the number of children and young people entering statutory care. The Department's data shows 86 per cent of children and young people in statutory care had their placements reviewed in the 12 months to 30 June 2017. Legislation requires all placements are reviewed at least every 12 months. |
Social Housing | The Department's data shows waiting times for social housing applicants are longer than last year. |
People with disability | Under the current timetable for implementing the National Disability Insurance Scheme, the Department plans to transfer direct disability services to NGOs by 30 June 2018. |
This report provides Parliament and others with the audit results, observations, conclusions and recommendations for Family and Community Services cluster agencies. The report has been structured into two chapters focusing on financial reporting and controls and service delivery.
The Family and Community Services cluster works with children, adults, families and communities to improve lives and help people realise their potential.
This chapter outlines audit observations, conclusions and recommendations related to the financial reporting and controls of agencies in the Family and Community Services cluster for 2016–17.
Financial reporting is an important element of good governance. Confidence in public sector decision making and transparency is enhanced when financial reporting is accurate and timely.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
Observation | Conclusion or recommendation |
2.1 Quality of financial reporting | |
Unqualified audit opinions were issued for all cluster agencies' financial statements. | The quality of financial reporting remains high across the cluster. |
2.2 Timeliness of financial reporting | |
Agencies completed mandatory early close procedures and all but one submitted financial statements by the deadline. | Early close procedures continue to allow issues and financial reporting risk areas to be addressed early in the audit process. There are opportunities to improve effectiveness of early close procedures. |
2.3 Internal controls | |
The 2016–17 audits reported 29 internal control weaknesses. While none were high risk, the Department had five repeat issues. |
Management accepted the audit findings and advised they are actioning recommendations. Timely action is important to ensure internal controls operate effectively. |
Eleven of these internal control weaknesses were related to IT system user access administration and security over financial systems. |
Controls weaknesses may compromise the integrity and security of financial data. Recommendation Agencies should:
|
Government outcomes can be improved by delivering the right mix of services, whether from the public, private or not for profit sectors. Service delivery reform will be most successful if there is clear accountability for service delivery outcomes, decisions are aligned to strategic direction and performance is monitored and evaluated.
This chapter outlines our audit observations, conclusions and recommendations related to service delivery by agencies in the Family and Community Services cluster for 2016–17.
Observation | Conclusion or recommendation |
3.1 Commissioning |
|
Non-government organisations (NGOs) received $2.6 billion funding in 2016–17 to deliver services. | Commissioning of service delivery can change the profile of risks that need to be managed. The Department has established a Commissioning Division and developed its ‘Commissioning for Better Outcomes Framework’. |
3.2 Children and young people |
|
All the Department's Districts are accredited to provide out-of-home care services. The Department's data indicates 66 more children and young people were in statutory care at 30 June 2017 compared to 30 June 2016. This contrasts to the previous year where 1,150 more children were in statutory care at 30 June 2016 than at 30 June 2015. |
The Department is complying with out-of-home care service standards, but one District has an additional condition attached to its accreditation. Department’s data indicates that family preservation programs are having a positive impact.. |
The Department's data shows 86 per cent of children and young people in statutory care had their placement reviewed at 30 June 2017. The Department’s data shows, at 30 June 2017, 41 per cent of children and young people with closed case plans for the 12 months ended 30 June 2016 were re-reported at risk of significant harm. |
The Department did not meet the legislative requirement to review the placement of all children and young people in statutory care annually. The number of children being re-reported at risk of significant harm is above the Premier’s Priority target of 34 per cent by June 2019. |
3.3. Social Housing |
|
Waiting time for priority and non-priority social housing applicants increased in 2016–17, by 19 per cent and 3 per cent respectively. | Some factors impacting waiting time for social housing applicants are outside the control of the Department. |
3.4 People with disability |
|
A Bilateral Agreement between the Australian and NSW Governments sets out how eligible persons access the National Disability Insurance Scheme (NDIS) between 1 July 2016 and 30 June 2018. |
Under the timetable for the NDIS, the Department plans to transfer direct disability services to NGOs. |
Actions for Agency compliance with NSW Government travel policies
Agency compliance with NSW Government travel policies
Overall, agencies materially complied with NSW Government travel policies.
However, the Auditor-General found some agencies:
- did not always book official travel through the approved supplier
- had weaknesses in their travel approval processes
- had travel policies that were inconsistent with the NSW Government policy
- did not adequately manage their travel records.
We asked the 15 participating agencies to complete a self assessment of the processes they have implemented to comply with the new policy. The key observations are summarised below.
Actions for Energy rebates for low income households
Energy rebates for low income households
The Department of Planning and Environment provides more than $245 million in energy rebates to around 27 percent of NSW households. This report highlights that the department is not monitoring the rebate schemes to understand whether they are delivering the best outcomes.
Most rebates are ongoing payments applied directly to energy bills reducing the amount payable by the householder. The structure of these rebates is complex and can be inequitable. Some households are eligible for four different rebates, each with its own eligibility criteria. Also, some households in very similar circumstances receive different levels of support depending on what type of energy is used in their home or which adult in the house is the energy account holder. For example, a household using both electricity and gas receives more assistance than a household with electricity alone even if total energy bills are the same.
By September 2018, the Department of Planning and Environment should:
- Ensure effective strategies are in place to make information about rebates available to all eligible, low-income households
- Evaluate alternative models and develop advice for government to reduce complexity and improve equity of ongoing rebates
- Establish measurable objectives for schemes that provide ongoing support, and monitor and measure performance of all schemes against objectives and outcome measures
- Assess the impacts of the forecast increase in embedded networks and develop strategies to manage any increased administrative risk
- Strengthen assurance that EAPA is being provided in accordance with its objectives and guidelines by implementing accreditation and compliance programs
- Ensure those eligible for EAPA financial support are not disadvantaged by inflexible payments, inconsistent provider practices, or inability to access an EAPA provider in a timely manner. Options include:
- moving from a fixed-value voucher to a flexible payment based on need irrespective of energy type
- establishing a ‘Provider of Last Resort’ facility for households that cannot access an EAPA Provider.
Parliamentary reference - Report number #292 - released 19 September 2017
Actions for 2016 - An overview
2016 - An overview
This report focuses on key observations and findings from 2016 audits and highlights key areas of focus for financial and performance audits in 2017.
Financial reporting | |
Observation | Conclusion |
Only one qualified audit opinion was issued on the 2015–16 financial statements of NSW public sector agencies, compared to two in 2014–15. | The quality of financial reporting continued to improve across the NSW public sector. |
More 2015–16 financial statements and audit opinions were signed within three months of the year end. | Timely financial reporting was facilitated by more agencies resolving significant accounting issues early, completing asset valuations on time and compiling sufficient evidence to support financial statement balances. |
NSW Treasury’s early close procedures in 2015–16 were again successful in improving the quality and timeliness of financial reporting, largely facilitated by the early resolution of accounting issues. For 2016–17, NSW Treasury has narrowed the scope of mandatory early close procedures. |
The narrowed scope of mandatory early close procedures may diminish the good performance in ensuring the quality and timeliness of financial reporting achieved in recent years. To mitigate this risk, NSW Treasury has mandated that agencies perform non-financial asset valuations and prepare proforma financial statements in their early close procedures. It also encourages them to continue with the good practices embedded in recent years. |
Although most agencies complied with NSW Treasury’s early close asset revaluation procedures we identified areas where they can improve. | Asset revaluations need to commence early enough to ensure all assets are identified and the results are analysed, recorded and reflected accurately in the early close financial statements. |
Number of misstatements | |||||
Year ended 30 June | 2015-16 | 2014-15 | 2013-14 | 2012-13 | 2011-12 |
Total reported misstatements | 298 | 396 | 459 | 661 | 1,077 |
All material misstatements identified by agencies and audit teams were corrected before the financial statements and audit opinions were signed. A material misstatement relates to an incorrect amount, classification, presentation or disclosure in the financial statements that could reasonably be expected to influence the economic decisions of users.
Significant matters reported to the portfolio Minister, Treasurer and Agency Head
In 2015–16, we reported the following significant matters to the portfolio Minister, Treasurer and agency head in our Statutory Audit Reports:
Appropriate financial controls help ensure the efficient and effective use of resources and the implementation and administration of agency policies. They are essential for quality and timely decision making.
In 2015–16, our audit teams made the following key observations on the financial controls of NSW public sector agencies.
Financial controls | |
Observation | Conclusion |
More needs to be done to implement audit recommendations on a timely basis. We found 212 internal control issues identified in previous audits had not been adequately addressed by 30 June 2016. |
Delays in implementing audit recommendations can impact the quality of financial information and the effectiveness of decision making. Agencies need to ensure they have action plans, timeframes and assigned responsibilities to address recommendations in a timely manner. |
Agencies continue to face challenges managing information security. Most information technology issues we identified related to poor IT user administration in areas like password controls and inappropriate access. | Agencies should review the design and effectiveness of information security controls to ensure data is adequately protected. |
We found shared service provider agreements did not always adequately address information security requirements. |
Where agencies use shared service providers they should consider whether the service level arrangements adequately address information security. |
Thirteen of 108 agencies required to attest to having a minimum set of information security controls did not do so in their 2015 annual reports. | The 'NSW Government Digital Information Security Policy' recognises the growing need for effective information security. With cyber security threats continuing to increase as digital services expand we plan to look at cyber security as part of our 2017–18 performance audit program. |
We identified instances where service level agreements with shared service providers were outdated, signed too late or did not exist. | Corporate and shared service arrangements are more effective when service level arrangements are negotiated and signed in time, clearly detail rights and responsibilities and include meaningful KPIs, fee arrangements and dispute resolution processes. |
Internal controls at GovConnect, the private sector provider of transactional and information technology services to many NSW public sector agencies were ineffective in 2015–16. We found mitigating actions taken to manage transition risks from ServiceFirst to GovConnect were ineffective in ensuring effective control over client transactions and data. | The Department of Finance, Services and Innovation should ensure GovConnect addresses the control deficiencies. It should also examine the breakdowns in the transition of the shared service arrangements and apply the learnings to other services being transitioned to the private sector. |
Maintenance backlogs exist in several NSW public sector agencies, including Roads and Maritime Services, Sydney Trains, NSW Health, the Department of Education and the Department of Justice. | To address backlog maintenance it is important for agencies to have asset lifecycle planning strategies that ensure newly built and existing assets are funded and maintained to a desired service level. |
Actions for Building the readiness of the non-government sector for the NDIS
Building the readiness of the non-government sector for the NDIS
The Department of Family and Community Services has managed the risks of the transition to the National Disability Insurance Scheme (NDIS) in New South Wales effectively by increasing the overall capacity of the non-government sector and investing in provider capability.
The National Disability Insurance Scheme (NDIS) is a major reform that aims to change the way disability support is provided and received. Responsibility for overseeing the system to support people with disability in New South Wales will transfer from the NSW Government to the National Disability Insurance Agency (NDIA), an independent statutory agency of the Australian Government. Eligible people with disability will receive individual funding from the NDIA and purchase support from their chosen service providers, rather than being referred to services funded or provided by government. The NSW Government will transfer all disability services it currently provides to the non-government sector.
Approximately 78,000 people received NSW Government-funded disability support in 2015–16 at a cost of around $3.3 billion. An estimated 142,000 people will have an individual NDIS support plan in New South Wales, with total funding rising to around $6.8 billion in 2018–19. NDIS trials began in New South Wales in 2013. The full scheme was introduced in July 2016 and is scheduled to be operating across the state by July 2018.
This audit assessed the effectiveness of the NSW Department of Family and Community Services' (the Department's) management of the risks of the NDIS transition in New South Wales. It focused on the Department's work to build the readiness of the non-government sector for the NDIS. To make this assessment, we asked whether:
- the Department supported the non-government sector to build capacity to meet the expected increase in demand under the NDIS
- the Department supported disability service providers in NSW to improve their capability to deliver NDIS services
- the Department's work to prepare for the NDIS has been coordinated with the Australian Government's NDIS readiness work.
In addition to the audit questions above, this audit identified principles governments should consider when building the capacity and capability of the non-government sector to deliver human services.
Conclusion
The Department of Family and Community Services has managed the risks of the transition to the NDIS in New South Wales effectively by increasing the overall capacity of the sector and investing in provider capability building initiatives. More work is needed to build the sector's capacity to provide services to people with more complex support needs and to help existing providers complete the transition to the NDIS successfully.
The Department expanded the capacity of the non-government sector over the past decade in a way that was consistent with NDIS objectives. The development of a national market and workforce for the NDIS is an Australian Government responsibility and the Department has supported the Australian Government's work. More targeted work will be needed to build the capacity of the non-government sector to provide services to people with the most complex support and access needs.
The Department invested in provider capability building by funding programs that were delivered in partnership with sector peak bodies. The larger programs were evaluated and received positive feedback, but many providers will need more support to transition to the NDIS. The overall impact of the programs on provider readiness for the NDIS is not clear because baseline information on provider capability was not collected and targets for improvement were not set.
The Department managed the transition coordination risks by establishing comprehensive governance arrangements, contributing to the Australian Government's sector development work through national policy coordination forums and sharing lessons from New South Wales.
Building the capacity of the non-government sector
The Department supported an increase in the capacity of non-government providers
The Department started building the capacity of the non-government sector before the NDIS was developed. This included moving services provided by government into the non‑government sector, funding early intervention and community-based disability support, and introducing some individual support packages. The Department checks that the business and operational systems of non-government disability providers are adequate. However, its understanding of the outcomes for people using the services is limited.
Service gaps are possible for people with more complex support or access needs
There are risks to the supply of services to people who have more complex support or access needs, including people who need specialist clinical support, people in remote areas, Aboriginal and Torres Strait Islander communities and culturally and linguistically diverse communities. The Department has supported the NDIA's initial market development work and funded some programs to help providers build their capacity to support these groups. However, there is a risk the market will not expand quickly enough to meet the increase in demand for services.
Sector sustainability depends on support from outside the disability services sector
The sustainability of funded disability services provided by the non-government sector depends on support from outside the sector. Most people with disability receive significant unpaid support from family members, so carers will play a key role in the sustainability of the NDIS. There are opportunities for organisations that do not provide specific disability services to contribute to sector sustainability by providing some NDIS services. To do this, many will need help to make their services more accessible and inclusive to people with disability.
Helping non-government providers develop their capability
The Department invested in capability building programs for providers
The Department has spent more than $30 million over six years on programs that aim to improve the capability of disability support providers. This work began before the NDIS was established and was adjusted to focus on NDIS readiness from December 2012. It was guided by an industry development strategy that was developed after consultation with the sector and delivered in partnership with sector peak bodies. This approach gave the sector some responsibility for developing its own capability, which is important because the sector will not receive support from the NSW Government after the transition to the NDIS.
The overall impact of the programs on the capability of providers is not clear
The overall effectiveness of the Department's spending on provider capability is not clear. The Department had some information on the general financial health and organisational capability of providers from previous industry development work. However, baseline information on provider capability was not collected before programs commenced and targets for improvements in provider capability were not set. Without this information, the Department cannot demonstrate clearly that the capability building programs it funded represent good value for money.
Most providers will need more support to transition to the NDIS effectively
In late 2015, the Department assessed the transition progress of providers in New South Wales. This assessment indicates almost one third of providers are highly likely to need additional assistance to transition to the NDIS successfully, with only 14 per cent unlikely to need further assistance. We conducted a survey of 299 providers in New South Wales in August 2016. Most reported that they feel they are on track to transition to the NDIS successfully. Sixty-two per cent said the Department-funded programs and resources they had used had improved their readiness for the NDIS. Fifty-four per cent said the changes made because of using these programs and resources had a lasting impact on their organisation.
Coordinating sector development
Governance systems and planning processes for the NDIS transition were established
The Department developed governance arrangements for the transition in New South Wales. It contributed actively to the development of national policy and strategy documents including a strategy for national market development.
The Department shared sector readiness lessons with the Australian Government
Two NDIS sector readiness programs funded by the NSW Government were later expanded to national programs through funding from the Australian Government. New South Wales only received around five per cent of the total Australian Government funding for NDIS sector readiness initiatives. A report by the Australian National Audit Office in 2016 found there was limited evidence of a strategic approach by the Australian Government when allocating this funding to states and territories.
The Department has monitored transition issues and mitigated these where possible
The Department has monitored administrative issues for providers, which have included the changes in funding arrangements and registering for the NDIS. It has taken action to mitigate these where possible, although some issues, such as the operation of NDIA administrative systems, are beyond its control.
The National Disability Insurance Scheme (NDIS)
The NDIS is a fundamental change to the disability support system
The NDIS is a major reform that aims to make significant changes to the way disability support is provided and received. Under the NDIS, the administration of funding for disability support in New South Wales will transfer from the NSW Government to the National Disability Insurance Agency (NDIA), an independent statutory agency of the Australian Government. The NSW and Australian Governments will both contribute to funding the NDIS. The size of the disability services sector in New South Wales is expected to more than double when the NDIS is fully operational (Exhibit 1).
Measure of sector capacity | Pre-NDIS (2015-16) | NDIS (2018-19) |
---|---|---|
Funding for services | $3.3 billion | $6.8 billion |
People receiving support | 78,000 | 142,000 |
Workforce required | 25,000-30,000 | 48,000-59,000 |
Number of providers | 699 | Determined by the market |
One of the main objectives of the NDIS is to increase the choice and control that people with disability have over the support they receive. Under the NDIS, people with disability receive individual funding packages which they can use to pay their chosen providers for the support they need, instead of being referred to services that are deemed appropriate for their needs. This is a fundamental change to the nature of disability support. Before the NDIS, people with disability were moved around the system according to decisions made by government or other organisations providing disability support. Under the NDIS, the funding will move around the system based on the choices people with disability make. The development of the new market for NDIS disability services is expected to take up to ten years because the changes to the system are so extensive.
In addition to increasing choice and control for participants, the NDIS aims to:
- improve outcomes for people with disability by intervening early to help reduce the need for support later in life
- increase integration by helping people with disability access mainstream government services such as health and education
- increase the involvement of people with disability in the community by making it easier to access community services such as sports clubs and community groups.
The transition to the NDIS is underway
The transition to the NDIS is underway in most Australian states and territories, following trials over the last three years. In New South Wales, a trial site was established in the Hunter area in July 2013. Early roll out of the NDIS began in July 2015 for people aged under 18 in the Nepean Blue Mountains area. On 30 June 2016, about 7,800 people had an NDIS plan in the Hunter trial site and around 1,800 people had a plan in the Nepean Blue Mountains area.
The full roll out of the NDIS began in about half of New South Wales in July 2016. The NDIS will start operating in the rest of the state from July 2017 and the transition is scheduled to be completed by July 2018 (Exhibit 2).
For the rest of the transition, the Department of Family and Community Services should:
- Work with the Australian Government, NDIA and other NSW Government agencies to identify gaps and develop the capacity of specialist clinical services, focusing on regional and rural areas.
- Continue to implement projects to increase the number of organisations that can support Aboriginal and Torres Strait Islander and culturally and linguistically diverse communities.
- Target remaining capability building assistance to less prepared providers, including via one-to-one support and mentoring in identified areas of weakness.
- Continue working with the Australian Government and the NDIA to ensure lessons from sector capability programs are shared.
Principles for developing the non-government sector
- Commence work to increase the capacity of the non-government sector early to allow time for service capacity to be built in a sustainable way.
- Decide whether to increase the capacity of the sector by supporting existing providers to expand their operations, attracting new organisations from outside the existing provider group, or some combination of these.
- Tailor approaches to supporting groups that have additional support or access needs because of cultural or geographic factors.
- Define the desired outcomes for people using services and, where possible, include outcomes in service delivery contracts.
- Invest in the sector by partnering with sector peak bodies to deliver capability programs.
- Include one-to-one support and mentoring in capability building programs where possible to improve the targeting of support to the specific needs of providers.
- Collect baseline information on provider capability before commencing programs and build robust tracking and evaluation into their design.
- Establish whole-of-government governance arrangements to ensure roles, responsibilities and accountability for delivery are clear.
Parliamentary reference - Report number #280 - released 23 February 2017
Actions for Assessing major development applications
Assessing major development applications
The Planning Assessment Commission (the Commission) has improved its decision-making processes for major development applications in recent years. The Commission has improved how it consults the public and manages conflicts of interest, and now also publishes records of its meetings with applicants and stakeholders.
The Planning Assessment Commission (the Commission) is an independent body established in 2008 under the Environmental Planning and Assessment Act 1979 (the EP&A Act). It makes decisions on major development applications in New South Wales. Along with the Department of Planning and Environment (the Department) and the Land and Environment Court, it is one of three bodies that have a role in making decisions on these applications.
The Department refers development applications to the Commission where 25 or more objections have been received from the community, a local council objects to the proposal, or the applicant has donated to a political party.
These applications are often complex and controversial, and can attract a high level of public interest. This may mean that, regardless of the process, not all stakeholders are satisfied with the outcome.
The Commission is required to take into account section 79C of the EP&A Act when making decisions. Section 79C includes consideration of the likely environmental, social and economic impacts of the development.
This audit assessed the extent to which the Commission’s decisions on major development applications are made in a consistent and transparent manner. To assist us in making this assessment, we asked whether the Commission:
- has sound processes in place to help it make decisions on major development applications that are informed and made in a consistent manner
- ensures its decisions are free from bias and transparent to stakeholders and the public.
Conclusion
Over the last two years, the Commission has improved its decision-making process. It has improved how it consults the public and manages conflicts of interest, and now also publishes records of its meetings with applicants and stakeholders.
However, there are still some vital issues to be addressed to ensure it makes decisions in a consistent and transparent manner. Most importantly, the Commission was not able to show in every decision we reviewed how it met its statutory obligation to consider the matters in section 79C of the EP&A Act.
Despite improved probity measures put in place by the Commission, there is a perception among some stakeholders that it is not independent of the Department. The reasons for some of these concerns are outside of the Commission’s control. For example, the Commission becomes involved after the Department has prepared an assessment report which recommends whether a development should proceed. This creates the perception that the Commission is acting on the recommendation of the Department. The Department’s assessment report should state whether an application meets relevant legislative and policy requirements, but not recommend whether a development should be approved or not.
More can also be done to improve transparency in decision-making and the public’s perception of the independence of Commissioners. The Commission should continue to improve how it communicates the reasons for its decisions and also publish on its website a summary of Commissioners’ conflict of interest declarations for each development application.
Decision-making processes have improved but some key aspects need to be addressed
Although not articulated in one document, there is a framework in place to assist Commissioners make decisions on major development applications. This includes setting out the information to be considered, who to consult, and that a report is to be prepared. The Commission has recently improved how it conducts public meetings and the level of support provided to Commissioners to ensure they understand the decision-making process. The Commissioners we interviewed all showed a good understanding of their role.
As a consent authority, the Commission is required to consider the matters in section 79C of the EP&A Act when making a decision. However, it was not able to show how it met this requirement in every decision we reviewed. We found some evidence of these considerations in six of the nine cases we reviewed, for example in meeting notes or in its report on a decision. Of these six cases, the degree to which the Commission considered all matters under section 79C varied considerably. The larger, more complex applications were more likely to address these considerations. To demonstrate compliance with the EP&A Act, the Commission must be able to show how it considers all matters in section 79C for each decision it makes.
We found that the Commission has access to relevant information to make a decision and consults stakeholders for their views of the development. The level of consultation depends on the size and complexity of an application. If Commissioners decide they need more information to make a decision, they consult local councils, the community, other government agencies and experts as needed.
The Commission’s public meetings are a valuable part of the decision-making process, where new perspectives or issues are often raised. However, some aspects could be improved. For example, many stakeholders thought the five minutes allowed for individual speakers was insufficient. The Commission could be more flexible with this timeframe. Identifying new ways to notify the public of its meetings, other than advertisements on its website and in newspapers, would also ensure it reaches as many interested parties as possible.
Improved transparency and probity but the Commission is not seen by some as impartial
The Commission has sound processes in place to ensure that its decisions are impartial and transparent to the community. It has improved its probity measures over the last two years, following a review by the NSW Ombudsman in 2014. We found that the Commission:
- has probity policies and procedures which are available on its website
- has improved its record keeping of some processes, such as meetings with applicants and stakeholders
- publishes its decision and supporting documentation, such as meeting notes, on its website.
Conflicts of interest are a significant risk for the Commission because they could lead to corruption, abuse of public office, and affect the public’s view of its independence. The Commission manages this risk well. It has a policy in place to address potential, perceived or actual conflicts. Commissioners update their conflicts of interest records annually, and declare any conflicts when the Commission assigns them to a development application. Unlike the Commission’s probity polices, Commissioners’ conflict of interest declarations are not available on its website. Providing a summary of this information on its website when Commissioners are allocated to a development application would further improve transparency around conflicts of interest.
The Commission has been improving how it communicates its decisions to the public. It now produces fact sheets for its decisions on matters that attract a high level of public interest. Its reports on decisions for complex applications also discuss issues raised by the community. However, the level of detail varied in the decisions we reviewed, and it was not always clear how conditions placed on a development would resolve identified issues. Similarly, the reports did not clearly address the matters under section 79C of the EP&A Act. Reporting this would further improve the transparency of its decisions, and clearly demonstrate compliance with the EP&A Act.
While we did not find any issues that would make us question the integrity or independence of Commissioners, there remains a perception among some stakeholders that the Commission is not impartial. Some of these concerns are within the Commission’s control to fix, such as allowing individual speakers at public meetings extra time to discuss their issues, therefore avoiding perceptions of bias.
Other perceptions, such as the Commission being part of the Department and not an independent decision making authority, are outside the Commission’s immediate control. For example, the Commission receives applications at the end of the assessment process, after the Department has prepared an assessment report recommending whether the application should be approved. This means there are effectively two reports on an application; the Department’s assessment report and the Commission’s report on its decision. However, there is only one decision-maker: the Commission. This may cause community confusion about the roles of the Department and the Commission in the decision-making process. Clearer separation of their roles in assessing applications and preparing reports is needed.
To minimise the perception that the Commission is simply ‘rubber stamping’ the Department’s recommendations, assessment reports should not recommend whether or not a project be approved. Instead, they should provide the Department’s views on whether a project meets relevant legislative and policy requirements. The Commission should also be involved earlier in the process, so it can establish key facts and identify relevant issues sooner. It should request that the Department’s assessment report covers matters Commissioners consider particularly important when assessing projects under section 79C. Earlier referral of applications should also help the Commission to plan its work in assessing applications, and may reduce the time taken to reach a decision.
Unless these issues are addressed, stakeholders will continue to believe the Commission does not act in a transparent and impartial manner, which could erode public confidence in the Commission.
The Planning Assessment Commission
The Planning Assessment Commission (the Commission) is a planning authority established in 2008 under the Environmental Planning and Assessment Act 1979 (the EP&A Act). One of its functions is to make decisions on major development applications.
The Commission is independent of the Department of Planning and Environment (the Department) and the Minister for Planning. This means its decisions are not subject to the direction or control of the Department or the Minister.
The Department refers applications for major development to the Commission, including state significant development and infrastructure applications. These projects are generally initiated by the private sector. Applications are referred to the Commission when one or more of the following criteria are met:
- more than 25 objections are received about the proposal
- the local council objects to the proposal
- the applicant has donated $1,000 or more to a political party or member of parliament.
These applications are often controversial and may attract a high level of public interest. Of the 29 development applications the Commission received in 2015–16, almost 40 per cent were in the mining and energy sectors, and another 40 per cent related to urban development.
Section 79C of the EP&A Act outlines the matters the Commission must consider when making decisions about major development applications. These include:
- any relevant environmental and planning instruments
- likely environmental, social and economic impacts of the development
- suitability of the site for the development
- submissions received about the application
- the public interest.
In addition to making decisions about major development applications, the Commission also reviews major developments as part of the planning process, and provides independent expert advice to the government on planning and development matters. Since the Commission’s inception, it has provided advice on 76 matters, conducted 39 reviews, and made 444 decisions on development applications.
Process for approving major development applications
The Commission is one of three bodies that have a role in the planning and approval process for major development applications in New South Wales, as seen in Exhibit 1. The other two bodies are the Department of Planning and Environment, and the Land and Environment Court.
The Department determines the outcomes of major development applications. When an application meets one of the criteria listed above, it refers these to the Commission to make the decision. In certain circumstances, the Land and Environment Court hears appeals against decisions made by either the Department or the Commission.
A Memorandum of Understanding between the Commission and the Department sets out timeframes the Commission must meet when making a decision, specifically:
- two weeks where no stakeholder meetings are required
- three weeks where stakeholder meetings are required
- six weeks when a public meeting is required.
Parliamentary reference - Report number #279 - released 19 January 2017