Reports
Internal controls and governance 2021
This report analyses the internal controls and governance of the 25 largest agencies in the NSW public sector, excluding state owned corporations and public financial corporations, for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the ‘Report on State Finances’ focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the ‘Report on State Finances’ has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no matters in this report impacting the Total State Sector Accounts we have decided to break with normal practice and table this report ahead of the ‘Report on State Finances’.
What the report is about
This report analyses the internal controls and governance of the 25 largest agencies in the NSW public sector, excluding state owned corporations and public financial corporations, for the year ended 30 June 2021.
What we found
Internal control trends
The proportion of control deficiencies identified as high risk this year increased to 2.8 per cent (2.5 per cent in 2019–20). Six high risk findings related to financial controls while three related to IT controls. Two were repeat findings from the previous year.
Repeat findings of control deficiencies now represent 49 per cent of all findings (42 per cent in 2019–20).
Information technology
We continue to see a high number of deficiencies relating to IT general controls, particularly around user access administration and privileged user access which affected 82 per cent of agencies.
Cyber security
Agencies' self-assessed maturity levels against the NSW Cyber Security Policy (CSP) mandatory requirements are low. Although agencies are required to demonstrate continuous improvement against the CSP, 20 per cent have not set target levels and of those that have set target levels, 40 per cent have not met their target levels.
Policies, processes and definition around security incidents and data breaches lack consistency. Improvement is required to ensure breaches are recorded in registers and action taken to address the root cause of incidents.
Conflicts of interest
Agencies' policies generally meet the minimum requirements of the Ethical Framework set out in the Government Sector Employment Act 2013. However, few meet the Independent Commission Against Corruption's best practice guidelines. Policies could be strengthened in relation to requirements around annual declarations of interests from employees and contractors.
Masterfile management
Policies governing the management of supplier masterfiles and employee masterfiles existed in 79 per cent and 54 per cent of agencies respectively.
Weaknesses were identified in those policies. Access restriction, segregation of duties and record keeping were the most common opportunities for improvement.
Tracking recommendations
Most agencies do not maintain a register to monitor recommendations from performance audits and public inquiries. Registers of recommendations could be improved to include risk ratings and record revisions to due dates. While recommendations can take several years to fully address, the oldest open items were originally due for completion by June 2016.
What we recommended
Agencies should:
- prioritise actions to address repeat control deficiencies, particularly those that have been repeated findings for a number of years
- prioritise improvements to their cyber security and resilience as a matter of urgency
- formalise and implement policies on tracking and monitoring the progress of implementing recommendations from performance audits and public inquiries.
Fast facts
The 25 largest NSW government agencies in this report cover all nine clusters and represent over 95 per cent of total expenditure for NSW public sector.
- 9 high risk audit findings were identified this year
- 40% of agencies have not formally accepted residual cyber risk based on their self-assessed maturity levels
- 52% of agencies do not have a policy on tracking recommendations from performance audits and public inquiries
- 50% of all internal control deficiencies identified in 2020–21 were repeat findings
- 75% is the average completion rate of annual staff declarations of interests.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.
The scope of this year's report covers 25 general government sector agencies. Last year's report covered 40 agencies within the total state sector. For consistency and comparability, we have adjusted the 2020 results to include only the agencies remaining within scope of this year's report. Therefore, the 2020 figures will not necessarily align with those reported in our 2020 report.
Section highlights
|
This chapter outlines our audit observations, conclusions and recommendations arising from our review of agency controls to manage key financial systems.
Section highlights
|
This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' cyber security planning and governance arrangements.
Section highlights
|
This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' conflicts of interest management processes.
Section highlights
|
This chapter outlines our audit observations, conclusions and recommendations arising from our review of agency's management of supplier and employee masterfiles.
Section highlights
|
This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' processes to track and monitor the implementation of recommendations from performance audits and public inquiries.
Section highlights
|
Customer Service 2021
This report analyses the results of our audits of the Customer Service cluster agencies for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the ‘Report on State Finances’ focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the ‘Report on State Finances’ has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no outstanding matters relating to audits in the Customer Service cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.
What the report is about
The results of Customer Service cluster agencies' financial statement audits for the year ended 30 June 2021.
What we found
Unmodified audit opinions were issued for all Customer Service cluster agencies.
The number of monetary misstatements decreased from 48 in 2019–20 to 46 in 2020–21.
Seven out of eight agencies did not complete all mandatory early close procedures.
What the key issues were
Upon the implementation of AASB 1059 'Service Concession Arrangements: Grantors', the Department of Customer Service (the department) recognised a service concession asset, the land titling database, totalling $845 million for the first time at 1 July 2019.
The department reported several retrospective corrections of prior period errors.
The 2020–21 audits identified three high-risk and 59 moderate risk issues across the cluster. The high-risk issues were related to:
- the Department of Customer Service – internal control qualifications and control deviations in GovConnect service providers
- the Department of Customer Service – significant control deficiencies in information technology change management controls
- Rental Bond Board – uncertainties in the accounting treatment of rental bonds.
The percentage of repeat issues we report to management and those charged with governance in management letters increased from 29 per cent in prior year to 42 per cent in 2020–21 while the number of items decreased from 94 to 93.
The magnitude and number of internal control exceptions in GovConnect service providers increased resulting in additional audit procedures to address the risks of fraud and errors in the financial statements.
What we recommended
The department should improve the validation process of key valuation assumptions and inputs provided by the private operator NSW Land Registry Services. It should revisit its accounting treatment of new land titling records.
The department should ensure GovConnect service providers prioritise the remediation of control deficiencies in information technology services.
The department should continue to improve controls in cyber security management.
Cyber Security NSW and NSW Government agencies need to prioritise improvements to their cyber security resilience as a matter of urgency.
The New South Wales Government Telecommunications Authority should improve its fixed assets management and financial reporting process to accommodate its growing fixed assets profile.
Fast factsThe Customer Service cluster aims to plan, prioritise, fund and drive digital transformation and customer service across every cluster in the NSW Government.
|
This report provides Parliament and other users of the Customer Service cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Customer Service cluster (the cluster) for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Customer Service.
Section highlights
|
Findings reported to management
Forty-two per cent of findings reported to management were repeat issues
Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.
In 2020–21, there were 93 findings raised across the cluster (94 in 2019–20). Forty-two per cent of all issues were repeat issues (29 per cent in 2019–20).
The most common repeat issues related to weaknesses in controls over information technology user access administration.
A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.
The table below describes the common issues identified across the cluster by category and risk rating.
| Risk rating | Issue |
| Information technology | |
| High3 1 new, 1 repeat |
The financial audits identified the need for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with:
High-risk issues are discussed later in the chapter. |
|
Moderate2 |
|
|
Low1 |
|
| Internal control deficiencies or improvements | |
|
Moderate2 |
The financial audits identified internal control weaknesses across key business processes, including:
|
|
Low1 |
|
| Financial reporting | |
|
High3 |
The financial audits identified opportunities for agencies to strengthen financial reporting, including:
High-risk issues are discussed later in the chapter. |
|
Moderate2 |
|
|
Low1 |
|
| Governance and oversight | |
| Moderate2 10 new, 3 repeat |
The financial audits identified opportunities for agencies to improve governance and oversight processes, including:
|
| Low1 3 new |
|
| Non-compliance with key legislation and/or central agency policies | |
| Moderate2 4 new, 4 repeat |
The financial audits identified the need for agencies to improve its compliance with key legislation and central agency policies, including:
|
| Low1 1 repeat |
|
2020–21 audits identified three high-risk findings
High-risk findings, including repeat findings, were reported at the following cluster agencies. One of the 2019–20 high-risk findings were not resolved.
| Agency | Description |
| 2020–21 findings | |
| Department of Customer Service Repeat finding: Qualifications and control deviations in GovConnect NSW controls assurance reports |
The GovConnect information technology general controls (ITGC) provided by the department, Infosys and Unisys were qualified in 2020–21. The key controls over user access, system changes and batch process failed in all ITGC reports. Most of these deviations were not mitigated or sufficiently mitigated to address the risk of unauthorised user access. The control deficiencies in ITGC increase:
The role of the department has changed significantly from a coordinating agency on behalf of GovConnect customers to a GovConnect IT service provider. It is leading a new IT operating model called ‘Service Integration and Application Management’ (SIAM) to strengthen governance and improve performance of GovConnect service providers. The Department is responsible for the remediation of control deficiencies and continuous improvement in the GovConnect environment. This matter was assessed as high-risk, if not adequately addressed, it had the potential to result in material fraud and error in the department's financial statements and reputation damages. This issue is further discussed later in this chapter. |
| 2020–21 findings | |
| Department of Customer Service New finding: Change management significant control deficiencies |
Revenue NSW, a division of the department has a key role in managing the State’s finances. It administers State taxes, manages fines, recovers State debt and administers grants and subsidies. The audit team found significant control deficiencies in change management controls:
We have included this matter as a high-risk management letter finding, as the audit team could not identify mitigating controls. The system activity of these developers was also not being independently logged and monitored. This increases the risk of unauthorised system change. This can significantly affect the integrity of tax calculation, business process approvals, invalid changes to bank accounts, unauthorised refunds and write-offs. The audit team conducted a risk analysis over the relevant business processes affected by this issue and performed additional audit procedures to address the audit risk. |
| Rental Bond Board Repeat finding: Accounting treatment of rental bonds held in trust |
The Rental Bond Board (the Board) holds rental bonds totalling $1.7 billion at 30 June 2021. The Board treated the rental bonds off-balance sheet and disclosed the rental bonds as ‘trust funds’. This treatment is based on management’s judgement that the Board does not have control of these funds. Previously the Board obtained advices from the Crown Solicitors who stated that in their view the rental bond funds held in the rental bond account were not moneys held in trust and the Residential Tenancies Act 2010 (the Act) should be reviewed and amended to better support its accounting treatment of rental bonds. The Board has initiated the need to amend the Act, however the implementation of the legislative amendments is still pending. This matter was assessed as high-risk, if not adequately supported, it had the potential to result in material misstatements in the Board's financial statements. |
The number of moderate risk findings increased from prior year
Fifty-nine moderate risk findings were reported in 2020–21, which was a 11.3 per cent increase from 2019–20. Of these, 26 were repeat findings, and 33 were new issues.
Moderate risk findings include:
- weaknesses in user access management, such as untimely access removal for terminated staff, and a lack of periodic user access review
- accounting for leases such as the review of extension options, assessing indicators of impairment and reviewing the lease reports for completeness and accuracy
- formalising arrangements between agencies including corporate service arrangements, funding arrangements, leases, use of SAP system and computer assets
- use of purchasing cards where our data analytics performed indicated potential gaps and controls and non-compliance with government policies.
The magnitude and number of internal control exceptions in GovConnect service providers have increased
In 2015, the NSW Government selected Unisys Australia Pty Limited’s (Unisys) as an information technology (IT) outsourced service provider and Infosys Limited (Infosys) as a business process outsourced service provider. The outsourced services arrangement was branded GovConnect NSW (GovConnect). The Department of Customer Service (the department) is the contract authority for the NSW Government. In 2019, the NSW Government transitioned a number of Unisys’ IT services progressively to the department and ceased all Unisys's IT services in May 2021. In 2020-21, Infosys, Unisys and the Department were co-providers of business processes and information technology services that constitute the GovConnect environment.
The role of the department has changed significantly from a coordinating agency on behalf of GovConnect customers to a GovConnect IT service provider. The department is responsible for the remediation of control deficiencies and continuous improvement in GovConnect internal control environment.
The department leads the project management of GovConnect services, including the arrangement to provide internal control assurance reports to customers in 2020–21. It engages an independent service auditor (service auditor) from the private sector to perform annual assurance reviews of controls at GovConnect service providers in accordance with Australian Standard on Assurance Engagements 3402 'Assurance Reports on Controls at a Service Organisation' (ASAE 3402). The service auditor reports on the internal controls at a service organisation, which are relevant to a user entity's internal control environment.
The service auditor issued eight ASAE 3402 reports covering business processes controls and information technology general controls (ITGC) provided by the service providers. Four out of eight reports were qualified, a significant increase from previous years.
The table below shows the service auditor's ASAE 3402 opinions issued in various business processes and information technology services provided by service providers for the last five years.
| ASAE 3402 controls report# | 2015–16^ | 2016–17 | 2017–18 | 2018–19 | 2019–20 | 2020–21 |
| Infosys Accounts receivable | Qualified | Unqualified | Unqualified | Unqualified | Unqualified | Qualified |
| Infosys Accounts payable | Qualified | Qualified | Unqualified | Unqualified | Unqualified | Unqualified |
| Infosys Fixed assets | Qualified | Unqualified | Unqualified | Unqualified | Unqualified | Unqualified |
| Infosys General ledger | Qualified | Qualified | Unqualified | Unqualified | Unqualified | Unqualified |
| Infosys Payroll | Adverse | Qualified | Unqualified | Unqualified | Unqualified | Unqualified |
| Infosys ITGC | Qualified | Qualified | Unqualified | Unqualified | Unqualified | Qualified |
| Unisys ITGC | Qualified | Unqualified | Qualified | Qualified | Unqualified | Qualified |
| The department ITGC* | -- | -- | -- | -- | Qualified | Qualified |
| ServiceFirst** | Disclaimer | -- | -- | -- | -- | -- |
In 2020–21, the information technology services controls reports issued to the department, Infosys and Unisys were qualified. Infosys' accounts receivable business process controls report was also qualified. The audit qualifications were because:
- the service auditor did not get access to the complete set of records processed during the financial year for several ITGC controls. The system that stored these records was hosted at Unisys. From December 2019 to 28 May 2021, the services at Unisys were progressively migrated to the department's IT environment but this system could not be migrated to the department in the required format, resulting in audit scope limitation for service auditors
- of the deviations identified during sample testing of ITGC controls
- the monthly follow up of outstanding receivables was not performed regularly, which was the only key control to address the timely collection of accounts receivable.
Internal control exceptions in GovConnect information and technology services require urgent remediations
The relevant controls over user access, system changes and password controls failed in all three ASAE 3402 GovConnect ITGC reports. These control failures can lead to unauthorised system access, system and configuration changes (workflow approvals, three-way match, etc.) and modifications to key reports. It increases the risk of:
- fraud and error in the financial statements
- ineffective segregation of duties controls
- accuracy and completeness of system generated reports for the agencies using the SAPConnect system.
The table shows the number of ITGC control deviations compared to prior year:
| Year ended 30 June | 2021 | 2020 | ||
| Total controls tested | Total number of control deviations and findings | Total controls tested | Total number of control deviations and findings | |
| Infosys ITGC | 41 | 16 | 35 | 8 |
| Unisys ITGC | 25 | 11 | 33 | 4 |
| DCS ITGC | 31 | 9 | 10 | 5 |
Most of these deviations were not mitigated or sufficiently mitigated to address the risk of unauthorised user access.
The service auditor identified significant areas for remediation:
- governance arrangement of the IT services
- user access management controls
- SAP database controls
- logical access
- incident management.
In response to the internal control qualifications, the audit teams performed data analytics over payroll and accounts payable. The data analytics identified several terminated employees that were paid long after their termination dates which resulted in salary overpayments during 2020–21. While management had put processes in place to recover these overpayments, the payroll processing controls need to be improved to prevent such overpayments.
The Department of Customer Service advised that it established a ‘Control Reframe Project’ (the project) to address the internal control exceptions at GovConnect service providers. The objective of the project is to ensure the GovConnect assurance model is aligned with clear lines of responsibility and remediation actions are in place to support the delivery of services and achieve an improved outcome for future years.
Recommendation
We recommend the Department of Customer Service:
- improve governance and internal control environment over the information technology services
- ensure GovConnect service providers prioritise remediation actions to address internal control exceptions
- perform a post-implementation review of the transition of the Unisys arrangement to identify lessons learnt and continuous improvement
- develop data analytics to help analyse and identify high-risk patterns and anomalies in GovConnect key transaction systems, augmenting their existing monitoring and detective controls.
The NSW Public Sector's cyber security resilience needs urgent attention
The 2020 'Central Agencies' Report to Parliament highlighted the need for Cyber Security NSW, a business unit within the Department of Customer Service, and NSW Government agencies to prioritise improvements to their cyber security resilience as a matter of urgency. A status update of the 2020 recommendation is included in Appendix five of this report.
The Audit Office's Annual Work Program identifies cyber security as a focus area for the Audit Office in 2021–24. It outlines a three-pronged approach to auditing cyber security in this period:
- considering how agencies are responding to the risks associated with cyber security across our financial audits across the NSW public sector
- examining the effectiveness of cyber security planning and governance arrangements for large NSW state government agencies for our Internal Controls and Governance report
- conducting deep-dive performance audits of the effectiveness of specific agency activities in preparing for, and responding to cyber security risks.
A performance audit 'Managing cyber risks' was tabled in Parliament in July 2021. The audit made several recommendations to audited agencies to uplift their cyber security management. It also recommended the Department of Customer Service to:
- clarify the requirement of the NSW Cyber Security Policy (CSP) reporting to all systems
- require agencies to report the target level of maturity for each mandatory requirement.
A compliance audit 'Compliance with the NSW Cyber Security Policy' was tabled in October 2021. The audit examined whether agencies are complying with the NSW Cyber Security Policy to ensure all NSW Government departments and public service agencies are managing cyber security risks to their information and systems.
The report found that key elements to strengthen cyber security governance, controls and culture are not sufficiently robust and not consistently applied. There has been insufficient progress to improve cyber security safeguards across NSW Government agencies. The poor levels of cyber security maturity are a significant concern. Improvement requires dedicated leadership and resourcing. To comply with some elements of the government’s policy agencies will have to invest in technical uplift and some measures may take time to implement. However, other elements of the policy do not require any investment in technology. They simply require leadership and management commitment to improve cyber literacy and culture. And they require accountability and transparency. Transparent reporting of performance is a key means to improve performance.
The report noted that the CSP was not achieving the objective of improved cyber governance, controls and culture. The compliance audit made several recommendations to Cyber Security NSW and other NSW Government agencies.
The 2021 maturity self-assessment results against the Australian Cyber Security Centre Essential 8 for the 25 largest NSW State Government agencies are reported in the 2021 'Internal Control and Governance' Report to Parliament.
Repeat recommendation
Cyber Security NSW and NSW Government agencies need to prioritise improvements to their cyber security resilience as a matter of urgency.
Management of cyber security risk
Our 2020-21 financial audit assessed whether cyber security risks represent a risk of material misstatement to the department's own financial statements. A request performance audit 'Service NSW's handling of personal information' was tabled on 18 December 2020. The audit followed two cyber security incidents that resulted in data breaches of customer information. As part of our audit procedures, we obtained an understanding of the controls the department has in place to address the risk of cyber security incidents and respond to any incidences which may have occurred during the year, including its impact on the audit.
Our assessment of the department’s own cyber risk management shows that:
- an approved security incident response plan was not in place during the reporting period. There was a lack of testing over incident detection and monitoring process
- a formal process over patch management that includes assessment, determining relevance and priority, timely rollout and escalation and reporting of long outstanding patches to senior management is being established.
The department provides information security services including cyber security management to cluster agencies. We found that there were insufficient communications within the Customer Service cluster over the controls and assurance over cyber security risk management. Some cluster agencies had put in place limited controls over cyber security risk management.
Recommendation
We recommend the Department of Customer Service:
- establish an approved security incident response plan and formal process over patch management
- improve communications with cluster agencies over the controls and assurance in cyber security management.
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Appendix five – Status of 2020 recommendations
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Health 2021
This report analyses the results of our audits of the Health cluster agencies for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no outstanding matters relating to audits in the Health cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.
What the report is about
The results of Health cluster (the cluster) agencies' financial statements audits for the year ended 30 June 2021.
What we found
Unmodified audit opinions were issued for the financial statements of all Health cluster agencies.
The COVID-19 pandemic increased the complexity and number of accounting matters faced by the cluster. The total gross value of corrected misstatements in 2020–21 was $250.2 million, of which $226.0 million were pandemic related.
A qualified audit opinion was issued on the Annual Prudential Compliance Statement. The basis of the qualification related to 19 instances (18 in 2018–19) of non-compliance relating to three of the 20 prudential requirements across five aged care facilities.
What the key issues were
The total number of matters we reported to management across the cluster increased from 112 in 2019–20 to 116 in 2020–21. Of the 116 issues raised in 2020–21, three were high risk (one in 2019–20) and 57 were moderate risk (47 in 2019–20). Nearly one half of the issues were repeat issues.
The three new high-risk issues identified were:
Hotel Quarantine (HQ) fees
The absence of a tailored debt recovery strategy, data integrity issues and uncertainties around future HQ arrangements increased risks around the recoverability of HQ fees from travellers.
COVID-19 inventories
Data errors and anomalies in the impairment model and difficulties forecasting key factors impacting the management of Personal Protective Equipment (PPE) increased uncertainty associated with the valuation and impairment of COVID-19 inventories.
COVID-19 vaccines
The Commonwealth did not provide information about the cost of vaccines provided to NSW free of charge, which required the performance of internal valuations to reflect the consumption of vaccines in the financial statements.
What we recommended
Hotel Quarantine (HQ) fees
Develop a tailored assessment methodology to estimate recoverability of HQ fees and work with Revenue NSW to develop a tailored debt recovery strategy.
COVID-19 inventories
Review the current stocktaking and impairment methodology to incorporate validation of data key to the management of COVID-19 related PPE.
COVID-19 vaccines
Work with the Commonwealth to obtain primary price information on COVID-19 vaccines.
Fast facts
The Health cluster, comprising 15 local health districts, five pillars agencies, two specialty health networks and six shared state-wise services agencies, deliver health services to the people of New South Wales.
- 100% unqualified audit opinions were issued on agencies' 30 June 2021 financial statements
- 24 monetary misstatements were reported in 2020–21
- 3 high risk management letter findings were identified
- 47.4% of reported issues were repeat issues
- $23.5b property, plant and equipment as at 30 June 2021
- $26.8b total expenditure incurred in 2020–21
This report provides Parliament and other users of the Health cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely. This chapter outlines our audit observations related to the financial reporting of agencies in the Health cluster (the cluster) for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making. This chapter outlines our observations and insights from our financial statement audits of agencies in the Health cluster.
Section highlights
|
Findings reported to management
The number of findings reported to management has increased, with 47.4 per cent of all issues being repeat issues
Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of cluster agencies. The Audit Office does this through our management letters, which include observations, implications, recommendations and risk ratings.
In 2020–21, there were 116 findings raised across the cluster (112 in 2019–20). 47.4 per cent of all issues were repeat issues (38.4 per cent in 2019–20).
A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.
The table below describes the common issues identified across the cluster by category and risk rating.
| Risk rating | Issue |
| Information technology | |
|
Moderate2 |
We identified the need for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with:
Repeat issues included:
|
|
Low1 |
|
| Internal control deficiencies or improvements | |
|
High3 1 new, 0 repeat |
We identified internal control weaknesses across key business processes, including new issues relating to:
Repeat issues included:
|
|
Moderate2 |
|
|
Low1 |
|
| Financial reporting | |
|
High3 2 new, |
We identified weaknesses with respect to financial reporting in relation to the:
|
|
Moderate2 |
|
|
Low1 |
|
| Governance and oversight | |
| Moderate2 9 new, 5 repeat |
We identified opportunities for agencies to improve governance and oversight processes, including:
Repeat issues include:
|
| Low1 2 new, 2 repeat |
|
| Non-compliance with key legislation and/or central agency policies | |
| Moderate2 1 new, 7 repeat |
We identified the need for agencies to improve compliance with key legislation and central agency policies, with new findings including:
Repeat issues include:
|
| Low1 5 new, 13 repeat |
|
4Extreme risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
3 High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
1 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.
Complexities arising from the COVID-19 response
The 2020–21 audit identified three new high-risk findings
COVID-19 has presented the cluster with several new accounting challenges. New and evolving matters arose from changes to operating conditions, which characterised the 2020–21 financial reporting period. Issues with a high degree of estimation uncertainty will require ongoing attention as the strategies employed to deal with the COVID-19 pandemic evolve.
Expected rate of recovery of outstanding Hotel Quarantine invoices
The estimation of the amount likely to be recovered is complicated not only by the uncertainties that exist regarding the assumptions those estimations rely upon, but also the debt collection processes and strategies put into place to manage the accumulated debtors' balance. Debt collection is not administered by the cluster, but rather Revenue NSW. We observed an absence of a methodology to assess the likelihood of recovery. Instead, Sydney Local Health District was relying on Revenue NSW to develop and execute on a collection strategy. Sydney Local Health District was using the same approach to hotel quarantine debts as it did to other Health receivables. As the approach to managing international borders evolves over time, so too will the cluster's need to develop robust estimation models to assess the likely collectability of debtors.
Procurement, management and impairment of COVID-19 inventories
$656.2 million of COVID-19 inventories were procured in 2020–21, with $220.2 million consumed; $558.7 million impaired and a further $217.1 million written off. Estimates of the degree to which inventories are expired, not fit for purpose or are faulty is often based on management judgement at all stages in the procurement cycle.
With respect to the stocktaking methodology applied, the following issues were identified:
- discrepancies noted in the stock bin listing provided for audit
- discrepancies in the recount sheet generated
- inconsistent application of the stocktake methodology
- inconsistent labelling of quarantined stock
- a lack of an approach for validating stock expiry dates, which is a key input to the impairment calculations.
Although management had developed processes and a methodology to count as well as to assess the level of inventory that was not fit for purpose, ongoing attention to the operating environment that emerges post pandemic will be important in assessing the degree to which existing COVID-19 inventories can be integrated into a ‘business as usual’ model going forward. Further refinement of the key elements of the stocktaking methodology will also be required to ensure that key inputs upon which management relies to calculate the year-end inventory impairment provision can be appropriately validated.
Valuation and recognition of COVID-19 vaccines received from the Commonwealth Government
The 2020–21 financial reporting period saw the Commonwealth acquire COVID-19 vaccines and provide these to state jurisdictions to dispense to their communities. The vaccines, although provided free of charge require recognition. However, Health entities were not responsible for acquiring the vaccines and data on the vaccines' cost was not shared by the Commonwealth. Management undertook a valuation using publicly available data to estimate the value to attribute to the vaccine inventory; developed new systems and leveraged existing pharmacy systems to track physical quantities received from the Commonwealth and ultimately distributed to NSW citizens. As the response to the pandemic evolves, larger quantities, and new lines of vaccine stock will be dealt with, and policy settings will need to adapt when patterns of distribution of those vaccines (e.g., timing of third booster shots) emerge. The Ministry of Health will need to ensure that the valuations applied to the prices of inventory distributed and held in stock are as accurate as possible. This can be done through further refinement of the existing valuation methodology, obtaining price information from the Commonwealth and engaging specialist pharmaceutical valuers.
Emerging trends
Recognition of provisions without sufficient support
Several NSW Health entities raised accruals and provisions in 2020–21, which did not have an appropriate basis for recognition. Liabilities can only be recognised where there is a present obligation to make a payment arising from a past event. A number of these errors remain uncorrected in the financial statements of those entities as they are not material, individually or in aggregate to the financial statements as a whole. Increased training and guidance are required to ensure that treatment within the cluster is consistent and reflects events that have occurred and give rise to obligations.
Treatment of Commonwealth funding
In the 2020–21 and 2019–20 financial reporting periods, we observed prior period errors arising from the treatment of Commonwealth funding. These errors related to recognising revenue under funding agreements entered into with the Commonwealth in the incorrect period. The conditions of these funding arrangements, the transactional information requiring validation and the circumstances when revenue should be recognised are not always clear and can be complex. Early and continuous engagement with the Commonwealth is required to ensure that revenue recognition principles are consistently applied across the cluster.
Key repeat issues
Management of excessive annual leave
NSW Treasury guidelines stipulate annual leave balances exceeding 30 days are considered excess annual leave balances. Managing excess annual leave balances has been reported as an issue for the cluster for more than five years, with the average percentage of employees with excessive leave balances over the last five years being 36.1 per cent (35.5 per cent over five years covering 2015–16 to 2019–20).
The operational demands required to manage the COVID-19 pandemic have presented new challenges for the cluster in trying to manage its excessive leave balances. 39.2 per cent of employees now have excess leave balances at 30 June 2021 (35.4 per cent at 30 June 2020).
The state's leave policy C2020-12 Managing Accrued Recreation Leave Balances requires agencies to manage excessive leave balances to 30 days or less to maintain their workforces physical and mental health.
Accurate time recording
Forced-finalisation of time records by system administrators within HealthRoster remains an issue and we continue to observe time records forced-finalised by system administrators so pay runs can be finalised on a timely basis. During 2020–21, a total of two million (2.2 million in 2019–20) time records were force approved, which represents 5.7 per cent of total time records (6.9 per cent in 2019–20).
Existence, completeness and accuracy of key agreements
Delivery of major capital projects
Health Infrastructure (a division of the Health Administration Corporation) is responsible for the delivery of major capital projects with a budgeted spend of more than $10.0 million. Health Infrastructure oversee the planning, design, procurement, and construction phases. Capital works in progress are recognised in the financial statements of the health entity that intends to use those assets upon completion. The health entities recognise both the capital work in progress and the revenue associated with the capital funding from the Ministry for the construction of the assets. Capital funding is currently agreed with health entities as part of the annual Service Agreement. The assumption that the health entities control the assets during their construction is consistent with Health Infrastructure's role as an agent for the health entity and the Ministry's policy directive PD2020-033 'Management and control of Health Administration Corporation owned Real Property'.
We continued to observe a lack of clarity regarding agreements between Health Infrastructure, the Ministry and the cluster agency that will eventually receive the completed asset. This can lead to confusion and uncertainty around the rights and obligations of each party to the transaction.
Cross border patient funding arrangements
When patients require medical care in a jurisdiction where they are not generally domiciled, there are arrangements in place to provide funding to support cross border patient treatments. We have previously observed that agreements between NSW and other jurisdictions have not been finalised, and this continues to be the case. In the case of Victoria, no agreement has been finalised for the past seven years.
We continue to note that the cluster has long outstanding receivables and payables with other states. The absence of formal agreements between the states hampers the settlement of the debts relating to the treatment of cross border patients. The following table shows the status of Cross Border Agreements between NSW and other jurisdictions:
| States | 2014–15 | 2015–16 | 2016–17 | 2017–18 | 2018–19 | 2019–20 | 2020–21 |
| Queensland | Signed | Signed | Signed | Signed | Signed | Not finalised | Not finalised |
| Victoria | Not finalised | Not finalised | Not finalised | Not finalised | Not finalised | Not finalised | Not finalised |
| Australian Capital Territory | Signed | Signed | Signed | Signed | Signed | Signed | Not finalised |
| South Australia | Signed | Signed | Signed | Signed | Signed | Signed | Not finalised |
| Tasmania | Signed | Signed | Signed | Signed | Signed | Signed | Not finalised |
| Northern Territory | Signed | Signed | Signed | Signed | Signed | Signed | Not finalised |
| Western Australia | Signed | Signed | Signed | Signed | Signed | Signed | Not finalised |
Albury Base Hospital
Albury Base hospital is located on the border of NSW and Victoria and services residents of both states. Documentation supporting the extension of the expired Intergovernmental Agreement 2009–2017 between NSW and Victoria in relation to the integration of health services in Wodonga and Albury could not be located.
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Premier and Cabinet 2021
This report analyses the results of our audits of the Premier and Cabinet cluster agencies for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no outstanding matters relating to audits in the Premier and Cabinet cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.
What the report is about
The results of the Premier and Cabinet cluster (the cluster) agencies' financial statement audits for the year ended 30 June 2021.
What we found
Unmodified audit opinions were issued for all Premier and Cabinet cluster agencies.
The number of monetary misstatements decreased from 49 in 2019–20 to 38 in 2020–21.
The Library Council of New South Wales corrected a prior period error of $325 million. In 2017, the council split its collection assets into six asset classes, but not the related asset revaluation reserves. To correct this error, some revaluation decrements previously recognised in asset revaluation reserves were reclassified to accumulated funds.
Eight agencies did not complete all of the mandatory early close procedures.
What the key issues were
The Premier and Cabinet cluster was impacted by three Machinery of Government (MoG) changes during 2020–21.
The changes resulted in the transfer of activities and functions in and out of the cluster and the creation of a new entity - Investment NSW.
The transferor entities continued to provide services to Investment NSW subsequent to 30 June 2021. There were no formal service level agreements in place for the provision of these services.
The New South Wales Electoral Commission (the Commission) and Sydney Opera House Trust obtained letters of financial support from their relevant Minister and/or NSW Treasury in 2020–21. The postponement of local government elections impacted the Commission's operations due to increased planned expenditure to support a COVID-safe election. Sydney Opera House Trust's ability to generate revenue was impacted due to the closure of the Concert Hall partly due to COVID-19 and planned renovations.
The number of repeated audit issues raised with management and those charged with governance increased from 22 in 2019–20 to 24 in 2020–21.
There were 47 moderate risk and 28 low risk findings identified. Of the total findings there were 24 repeat issues.
What we recommended
Investment NSW should ensure services received from other agencies are governed by service level agreements.
Fast facts
The Department of Premier and Cabinet supports the Premier and Cabinet to deliver the government's objectives, infrastructure, preparedness for disaster, incident recovery, arts and culture.
- $11.9b of property, plant and equipment as at 30 June 2021
- $4.4b total expenditure incurred in 2020-21
- 100% unqualified audit opinions were issued on agencies' 30 June 2021 financial statements
- 47 moderate risk findings were reported to management
- 38 monetary misstatements were reported in 2020-21
- 32% of all reported issues were repeat issues.
This report provides Parliament and other users of the Premier and Cabinet’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Premier and Cabinet cluster (the cluster) for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Premier and Cabinet cluster.
Section highlights
|
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Central Agencies 2020
This report analyses the results of our audits of the financial statements of the Treasury, Premier and Cabinet, Customer Service cluster agencies (central agencies), and the Legislature for the year ended 30 June 2020. The table below summarises our key observations.
1. Financial reporting
| Audit opinions and timeliness of reporting |
Unqualified audit opinions were issued on the 2019–20 financial statements of central agencies and the Legislature. The audit opinion on the Social and Affordable Housing NSW Fund's compliance with the payment requirements of the Social and Affordable Housing NSW Fund Act 2016 was qualified. All agencies met statutory deadlines for submitting |
| Agencies were financially impacted by recent emergency events | The NSW Government allocated $1.4 billion to provide small business support and bushfire recovery relief, support COVID-19 quarantine compliance management, recruit more staff to respond to increased customer demand, and meet additional COVID-19 cleaning requirements. Agencies spent $901 million (64 per cent of the allocated funding) for the financial year ended 30 June 2020. NSW Self Insurance Corporation reported an increase of $850 million in its liability for claims related to emergency events. |
| AASB 16 'Leases' resulted in significant changes to agencies' financial position | The implementation of new accounting standards was challenging for many agencies. The New South Wales Government Telecommunications Authority was not well-prepared to implement AASB 16 'Leases' and had not completely assessed contracts that contained leases. This resulted in understatements of leased assets and liabilities by $56 million which were subsequently corrected. |
| Implementation of new revenue standards | NSW Treasury did not adequately implement the new revenue standard AASB 1058 ‘Income of Not-for-Profit Entities’ for the Crown Entity. This resulted in understatements of $274 million in opening equity and $254 million to current year revenue, which have been corrected in the final financial statements. |
2. Audit observations
| Management letter findings and repeat issues | Our 2019–20 audits identified nine high risk and 122 moderate risk issues across central agencies and the Legislature. The high risk issues were identified in the audits of:
High risk findings include:
Of the 122 moderate risk issues, 36 per cent were repeat issues. The most common repeat issue related to weaknesses in controls over information technology user access administration, which increases the risk of inappropriate access to systems and records. |
| Grants administration for disaster relief | Service NSW delivers grants responding to emergency events on behalf of other NSW Public Sector agencies. Since the first grant program commenced in January 2020, Service NSW processed approximately $791 million to NSW citizens and businesses impacted by emergency events for the financial year ended 30 June 2020. A performance audit of grants administration for disaster relief is planned for 2020–21. It will assess whether grants programs administered under the Small Business Support Fund were effectively designed and implemented to provide disaster relief. |
| Internal controls at GovConnect NSW service providers require enhancement |
GovConnect NSW provides transactional and information technology services to central agencies. It engages an independent service auditor (service auditor) from the private sector to perform annual assurance reviews of controls at service providers, namely Infosys, Unisys and the Department of Customer Service (DCS). The service auditor issued:
These may impact on the ability of agencies to detect and respond to a cyber incident. Recommendation: We recommend DCS work with GovConnect service providers to resolve the identified control deficiencies as a matter of priority. |
| The NSW Public Sector's cyber security resilience needs to improve |
The NSW Cyber Security Policy requires agencies to provide a maturity self-assessment against the Australian Cyber Security Centre (ACSC) Essential 8 to the head of the agency and Cyber Security NSW annually. Completed self-assessment returns highlighted limited progress in implementing the Essential 8. Repeat recommendation: Cyber Security NSW and NSW government agencies need to prioritise improvements to their cyber security resilience as a matter of urgency |
| Three Insurance and Care NSW (icare) entities had net asset deficiencies at 30 June 2020 | The Workers Compensation Nominal Insurer, NSW Self Insurance Corporation and the Lifetime Care and Support Authority of NSW all had negative net assets at 30 June 2020. These icare entities did not hold sufficient assets to meet the estimated present value of all of their future payment obligations at 30 June 2020. The deterioration in net assets was largely due to increases in outstanding claims liabilities. Notwithstanding the overall net asset deficiencies, the financial statements for these entities were prepared on a going concern basis. This is because future payment obligations are not all due within the next 12 months. Settlement is instead expected to occur over years into the future, depending on the nature of the benefits provided by each scheme. |
| icare has not been able to demonstrate that its allocation of costs reflects the actual costs incurred by the Workers Compensation Nominal Insurer and other schemes |
Costs are incurred by icare as the 'service entity' of the statutory scheme it administers, and then subsequently recovered from the schemes through 'service fees'. In the absence of documentation supported by robust supporting analysis, there is a risk of the schemes being overcharged, and the allocation of costs being in breach of legislative requirements. Recommendation: icare should ensure its approach to allocating service fees to the Workers Compensation Nominal Insurer and the other schemes it manages, is transparent and reflects actual costs. |
| icare did not comply with GIPA requirements | icare did not comply with the Government Information (Public Access) Act 2009 (GIPA) contract disclosure requirements in 2019–20 and has not complied for several years. A total of 417 contracts were identified by management as not having been published on the NSW Government’s eTendering website. The final upload of these past contracts occurred on 20 August 2020. |
| Implementation of Machinery of Government (MoG) changes | MoG changes impacted the governance and business processes of some agencies. Our audits identified and reported areas for improvement in the consolidation of corporate functions following MoG implementation processes at Infrastructure NSW and in the Customer Service cluster. |
This report provides Parliament and other users of NSW Government central agencies' financial statements and the Legislature's financial statements with the results of our financial audits, observations, analyses, conclusions and recommendations.
Emergency events, such as bushfires, floods and the COVID-19 pandemic significantly impacted agencies in 2019–20. Our findings on nine agencies that were most impacted by recent emergency events are included throughout this report.
Refer to Appendix one for the names of all central agencies and Appendix four for the nine agencies most impacted by emergency events.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely. This chapter outlines our audit observations on the financial reporting of central agencies and the Legislature for 2020, including the financial implications from recent emergency events.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines:
- our observations and insights from the financial statement audits of agencies in the central agencies and the Legislature
- our assessment of how well agencies adapted their systems, policies, procedures and governance arrangements in response to recent emergencies.
Section highlights
|
Health 2020
This report analyses the results of our audits of financial statements of the Health cluster for the year ended 30 June 2020. The table below summarises our key observations.
1. Financial reporting
| Financial reporting |
Unqualified financial audit opinions The financial statements of NSW Health and its 25 controlled entities received unqualified opinions. The number of corrected and uncorrected misstatements increased from the prior year. Misstatements related predominantly to the implementation of new accounting standards, asset revaluations and accounting for new revenue streams to cover the cost of HSW Health’s response to the COVID-19 pandemic. Qualified compliance audit opinion We issued a qualified audit opinion for the Ministry of Health’s Annual Prudential Compliance Statement for aged care facilities operated by NSW Health. We identified 18 instances of material non-compliance with the Fees and Payments Principles 2014 (No. 2) (the Principles) in 2019–20 (30 in 2018–19). |
| Financial performance |
NSW Health received an additional $3.3 billion in funding to cover costs associated with its response to the COVID-19 pandemic. The impacts of the COVID-19 pandemic on the cluster were significant for health entities and included changes to operations, increased revenues, expenditure, assets and liabilities. Cancellation of elective surgery and decreased emergency department presentations meant that despite the pandemic, activity levels at many health entities decreased. Health Pathology and HealthShare were notable exceptions. In the period to the 30 June 2020, NSW Health reported that over 900,000 COVID-19 tests were conducted. Health Pathology conducted over 500,000 of these tests. Health Pathology's surge requirements were enhanced through arrangements with 13 private sector providers. HealthShare purchased $864.2 million of personal protective equipment. Overall, NSW Health recorded an operating surplus of $3.1 billion in 2019–20, an increase of $2.0 billion from 2018–19. As in previous years, the surplus largely resulted from additional revenue received to fund capital projects including the construction of new facilities, upgrades and redevelopments. In 2019–20 additional Commonwealth and State funding for the purchase and stockpiling of personal protective equipment also contributed to the operating surplus. |
| Overtime payments | The Ambulance Service of NSW’s (NSW Ambulance) reduced their overtime payments to $79.7 million in 2019–20 ($83.1 million in 2018–19). Overtime payments in 2019–20 included $6.8 million related to the response to the 2019–20 bushfire season. NSW Ambulance overtime payments represent 16.8 per cent of total overtime payments in the cluster. |
2. Audit observations
| Internal control deficiencies |
We identified more internal control deficiencies in 2019–20. The number of repeat issues from prior years also remains high. NSW Health addressed 18 out of the 25 information system control deficiencies during the year. Several key agreements lacked formal documentation. This included agreements between the Ministry and health entities, between health entities and agencies in other clusters and between the Ministry and health departments in other jurisdictions. |
| Infrastructure delivery | NSW Health had 44 ongoing major capital projects at 30 June 2020 with a total revised budget of $12.3 billion. The revised total budget of $12.3 billion is $2.0 billion more than the original budget. NSW Health revises budgets when it combines project stages. |
This report provides parliament and other users of the Health cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
The impacts of the COVID-19 pandemic on the cluster were significant and included changes to the operations of the health entities and increased revenue, expenditure, assets and liabilities.
As a part of this year's audits of health entities, we have considered:
- financial implications of the COVID-19 emergency at both health entity and cluster levels
- changes to agencies' operating models
- agencies' access to technology and the maturity of systems and controls to prevent unauthorised and fraudulent access to data.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
The response to the COVID-19 pandemic primarily impacted the financial reporting of NSW Health through:
- additional revenue from the State government in the form of grants and stimulus payments
- additional revenue from the Commonwealth government under the National Partnership Agreement for COVID-19 to cover part of the cost of responding to the COVID-19 pandemic
- increased expenses, largely due to increased payments to private health operators to maintain their viability during the COVID-19 pandemic and later to assist with public patient elective surgery waitlists and increased cleaning costs
- increased purchases of personal protective equipment.
Chapter one outlines the impacts of NSW Health’s response to the COVID-19 pandemic. This chapter outlines our other audit observations related to the financial reporting of agencies in the Health cluster for 2020.
Section highlights
- Unqualified audit opinions were issued for all health entities’ financial statements, although more misstatements were identified than last year.
- NSW Health recorded an operating surplus of $3.1 billion, an increase of $2.0 billion from 2018–19. This is largely due to additional capital grants for new facilities, upgrades and redevelopments and additional Commonwealth and State funding for the purchase of personal protective equipment.
- NSW Health’s expenses increased by 5.5 per cent in 2019–20 (7.0 per cent in 2018–19) despite the impact of the COVID-19 pandemic. The primary causes for the growth in expenses are increases in:
- employee related expenses due to higher employee numbers, increased overtime and a 2.5 per cent award increase
- payments to private health operators to maintain their viability during the COVID-19 pandemic and later to assist with public patient elective surgery waitlists
- payments to private health operators due to the first full year of operation of the Northern Beaches hospital.
- The Ambulance Service of NSW (NSW Ambulance) continued to report higher overtime payments than other health entities. However, despite the response to the 2019–20 bushfire season, their overtime payments were lower than last year. NSW Ambulance paid $79.7 million in overtime payments in 2019–20 ($83.1 million in 2018–19).
- A qualified audit opinion was issued for the Ministry of Health’s Annual Prudential Compliance Statement for aged care facilities operated by NSW Health. There were 18 instances of material non-compliance with the Fees and Payments Principles 2014 (No. 2) (the Principles) in 2019–20 (30 in 2018–19)
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
The primary impact of the COVID-19 pandemic on the effectiveness of the internal controls of NSW Health and health entities relates to the effectiveness of controls implemented by HealthShare relating to the stocktake of personal protective equipment inventories. Inventory managed by HealthShare increased by 2,746 per cent during 2019–20. HealthShare’s inventory controls did not maintain pace with the sudden, significant increase.
The impacts of NSW Health’s response to the COVID-19 pandemic are outlined in chapter one. This chapter outlines other observations and insights from our financial statement audits of agencies in the Health cluster.
Section highlights
- The number of internal control deficiencies has increased since 2018–19. More than a third of control deficiencies are repeat issues.
- Control deficiencies that relate to managing employees’ leave and employee’s time recording continue to be difficult for entities to resolve, particularly during the ongoing response to the COVID-19 pandemic.
- Several key agreements were undocumented. These included agreements between the Ministry and the health entities, between health entities, and between the Ministry and entities in other clusters and jurisdictions. These related to:
- a loan arrangement between the Ministry and HealthShare for $319 million.
- Northern Sydney Local Health District's use of land and buildings owned by the Graythwaite Charitable Trust
- agreements for the treatment of New South Wales residents while they are interstate, and interstate residents receiving treatment while they are in New South Wales from Queensland, Victoria, South Australia and the ACT for both 2019–20 and 2018–19.
- NSW Health reported that they completed nine major capital projects during 2019–20. As at 30 June 2020 there were 44 ongoing major capital health projects in NSW. The revised capital budget for these projects in total was $2.0 billion more than the original budget of $10.3 billion. NSW Health reported the budget revisions are largely the result of combining project stages.
Appendix one – List of 2020 recommendations
Appendix two – Status of 2019 recommendations
Appendix three – Financial data
Appendix four – Analysis of financial indicators
Appendix five – Analysis of performance against budget
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Auditor-General’s Report to Parliament
Health 2020
11 December 2020
This corrigendum has been prepared to amend the following text within the Auditor-General’s Report to Parliament on Health 2020, dated 10 December 2020.
NSW Health emergency department treatment times
On page five the original text was as follows:
NSW Health also measures the percentage of patients whose clinical care in emergency departments is completed within four hours. The measure is used as an indicator of accessibility to public hospital services.
NSW Health aims to complete clinical care in the emergency department for 81 per cent of patients within four hours. In 2019–20 NSW Health reports it completed clinical care within four hours for 72.1 per cent of patients (a 7.3 per cent decrease from 2018–19).
At Western Sydney Local Health District, 59 per cent of patients were treated within the targeted timeframe. NSW Health attribute this to the profile of patients presenting in emergency departments and additional time taken processing COVID-19 patients to ensure staff safety.
The original text has now been changed to:
NSW Health also measures the percentage of patients with total time in the emergency department of four hours or less for each local health district. The measure is used as an indicator of accessibility to public hospital services.
| Local Health Districts | Target % (2019–20) | Actual % (2019–20) |
| Central Coast | 77.0 | 59.9 |
| Far West | 90.2 | 86.6 |
| Hunter New England | 81.0 | 72.5 |
| Illawarra Shoalhaven | 79.0 | 60.2 |
| Mid North Coast | 82.0 | 76.7 |
| Murrumbidgee | 85.3 | 81.9 |
| Nepean Blue Mountains | 79.0 | 65.5 |
| Northern NSW | 81.0 | 78.2 |
| Northern Sydney | 79.0 | 73.9 |
| South Eastern Sydney | 78.0 | 70.3 |
| South Western Sydney | 78.0 | 61.2 |
| Southern NSW | 85.0 | 83.0 |
| Sydney | 76.0 | 70.9 |
| Sydney Children’s Hospitals Network | 80.0 | 72.1 |
| Western NSW | 85.9 | 81.0 |
| Western Sydney | 78.0 | 59.0 |
| St Vincent's Health Network* | 75.0 | 65.4 |
The above changes will be reflected in the version of the report published on the Audit Office website and should be considered the true and accurate version.
Transport 2020
1. Financial Reporting |
|
| Audit opinion | Unmodified audit opinions issued for the financial statements of all Transport cluster entities. |
| Quality and timeliness of financial reporting | All cluster agencies met the statutory deadlines for completing the early close and submitting the financial statements. Transport cluster agencies continued to experience some challenges with accounting for land and infrastructure assets. The former Roads and Maritime Services and Sydney Metro recorded prior period corrections to property, plant and equipment balances. |
| Impact of COVID-19 on passenger revenue and patronage | Total patronage and revenue for public transport decreased by approximately 18 per cent in 2019–20 due to COVID-19. The Transport cluster received additional funding from NSW Treasury during the year to support the reduced revenue and additional costs incurred such as cleaning on all modes of public transport and additional staff to manage physical distancing. |
| Completion of the CBD and South East Light Rail | The CBD and South East Light Rail project was completed and commenced operations in this financial year. At 30 June 2020, the total cost of the project related to the CBD and South East Light Rail was $3.3 billion. Of this total cost, $2.6 billion was recorded as assets, whilst $700 million was expensed. |
2. Audit Observations |
|
| Internal control | While internal controls issues raised in management letters in the Transport cluster have decreased compared to the prior year, control weaknesses continue to exist in access security for financial systems. We identified 56 management letter findings across the cluster and 43 per cent of all issues were repeat issues. The majority of the repeat issues relate to information technology controls around user access management. There were three high risk issues identified - two related to financial reporting of assets and one for implementation of TAHE (see below). |
| Agency responses to emergency events | Transport for NSW established the COVID-19 Taskforce in March 2020 to take responsibility for the overall response of planning and coordination for the Transport cluster. It also implemented the COVIDSafe Transport Plan which incorporates guidance on physical distancing, increasing services to support social distancing and cleaning. |
| RailCorp transition to TAHE | On 1 July 2020, RailCorp was renamed Transport Asset Holding Entity of New South Wales (TAHE) and converted to a for-profit statutory State-Owned Corporation. TAHE is a commercial for-profit Public Trading Entity with the intent to provide a commercial return to its shareholders. A plan was established by NSW Treasury to transition RailCorp to TAHE which covered the period 1 July 2015 to 1 July 2019. A large portion of the planned arrangements were not implemented by 1 July 2020. As at the time of this report, the TAHE operating model, Statement of Corporate Intent (SCI) and other key plans and commercial agreements are not finalised. The State Owned Corporations Act 1989 generally requires finalisation of an SCI three months after the commencement of each financial year. However, under the Transport Administration Act 1988, TAHE received an extension from the voting shareholders, the Treasurer and Minister for Finance and Small Business, to submit its first SCI by 31 December 2020. In accordance with the original plan, interim commercial access arrangements were supposed to be in place with RailCorp prior to commencement of TAHE. Under the transitional arrangements, TAHE is continuing to operate in accordance with the asset and safety management plans of RailCorp. The final operating model is expected to include considerations of safety, operational, financial and fiscal risks. This should include a consideration of the potential conflicting objectives of a commercial return, and maintenance and safety measures. This matter has been included as a high risk finding in our management letter due to the significance of the financial reporting impacts and business risks for TAHE. Recommendation: TAHE management should:
Resolution of the above matters are critical as they may significantly impact the financial reporting arrangements for TAHE for 2020–21, in particular, accounting policies adopted as well as measurement principles of its significant infrastructure asset base. |
| Completeness and accuracy of contracts registers | Across the Transport cluster, contracts and agreements are maintained by the transport agencies using disparate registers. Recommendation (repeat): Transport agencies should continue to implement a process to centrally capture all contracts and agreements entered. This will ensure:
|
This report provides parliament and other users of the Transport cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- the impact of emergencies and the pandemic.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Transport cluster for 2020, including any financial implications from the recent emergency events.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our:
- observations and insights from our financial statement audits of agencies in the Transport cluster
- assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies.
Section highlights
|
Appendix one – List of 2020 recommendations
Appendix two – Status of 2019, 2018 and 2017 recommendations
Appendix three – Management letter findings
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Internal controls and governance 2020
The Auditor-General for New South Wales, Margaret Crawford today released her report on the findings and recommendations from the 2019–20 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector.
The bushfire and flood emergencies and the COVID‑19 pandemic continue to have a significant impact on the people and public sector of New South Wales. The scale of the government response to these events has been significant. The report focuses on the effectiveness of internal controls and governance processes, including relevant agencies’ response to the emergencies. In particular, the report focuses on:
- financial and information technology controls
- business continuity and disaster recovery planning arrangements
- procurement, including emergency procurement
- delegations that support timely and effective decision-making.
Due to the ongoing impact of COVID‑19 agencies have not yet returned to a business‑as‑usual environment. ‘Agencies will need to assess their response to the recent emergencies and update their business continuity, disaster recovery and other business resilience frameworks to reflect the lessons learnt from these events’ the Auditor-General said.
The report noted that special procurement provisions were put in place to allow agencies to better respond to the COVID-19 pandemic. The Auditor-General recommended agencies update their procurement policies to reflect the current requirements of the NSW Procurement Framework and the emergency procurement requirements.
This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2020. These 40 agencies constitute an estimated 85 per cent of total expenditure for all NSW public sector agencies.
1. Internal control trends
| New, repeat and high risk findings |
Internal control deficiencies increased by 13 per cent compared to last year. This is predominately due to a seven per cent increase in new internal control deficiencies and 24 per cent increase in repeat internal control deficiencies. There were ten high risk findings compared to four last year. The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies. Agencies should:
|
| Common findings |
A number of findings remain common across multiple agencies over the last four years, including:
|
2. Information technology controls
| IT general controls |
We found deficiencies in information security controls over key financial systems including:
The deficiencies above increase the risk of non-compliance with the NSW Cyber Security Policy, which requires agencies to have processes in place to manage user access, including privileged user access to sensitive information or systems and remove that access once it is not required or employment is terminated. |
3. Business continuity and disaster recovery planning
| Assessing risks to business continuity and Scenario testing |
The response to the recent emergencies and the COVID-19 pandemic has encompassed a wide range of activities, including policy setting, on-going service delivery, safety and availability of staff, availability of IT and other systems and financial management. Agencies were required to activate their business continuity plans in response, and with the continued impact of COVID-19 have not yet returned to a business-as-usual environment. Our audits focused on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic. We identified deficiencies in agency business continuity and disaster recovery planning arrangements. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities. Agencies can also improve the content of their BIA. For example, ten per cent of agencies' BIAs did not include recovery time objectives and six per cent of agencies did not identify key IT systems that support critical business functions. Scenario testing improves the effectiveness with which a live crisis is handled, but 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. There were also opportunities to improve the effectiveness of scenario testing exercises by:
Agencies have responded to the recent emergencies but addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required. During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'. |
| Responding to disruptions |
We found agencies' governance functions could have been better informed about responses to disruptive incidents that had activated a business continuity or disaster recovery response between 1 January 2019 to 31 December 2019. For instance: in 89 per cent of instances where a business continuity response was activated, a post-incident review had been performed. In 82 per cent of these instances, the outcomes were reported to a relevant governance or executive management committee in 95 per cent of instances where a disaster recovery response was activated, a post incident review had been performed. In 86 per cent of these instances, the outcomes were reported to a relevant governance committee or executive management committee. Examples of recorded incidents included extensive air quality issues and power outages due to bushfires, system and network outages, and infected and hijacked servers. Agencies should assess their response to the recent emergencies and the COVID-19 pandemic and update business continuity, disaster recovery and other business resilience frameworks to incorporate lessons learned. Agencies should report to those charged with governance on the results and planned actions. |
| Management review and oversight | Eighty-two per cent and 86 per cent of agencies report to their audit and risk committees (ARC) on their business continuity and disaster recovery planning arrangements, respectively. Only 18 per cent and five per cent of ARCs are briefed on the results of respective scenario testing. Briefing ARCs on the results of scenario testing exercises helps inform their decisions about whether sound and effective business continuity and disaster recovery arrangements have been established. |
4. Procurement, including emergency procurement
| Policy framework |
Agency procurement policies did not capture the requirements of several key NSW Procurement Board Directions (the Directions), increasing the risk of non-compliance with the Directions. We noted:
Recommendation: Agencies should review their procurement policies and guidelines to ensure they capture the key requirements of the NSW Government Procurement Policy Framework, including NSW Procurement Board Directions. |
| Managing contracts |
Eighty-eight per cent of agencies maintain a central contract register to record all details of contracts above $150,000, which is a requirement of GIPA legislation. Of the agencies that maintained registers, 13 per cent did not capture all contracts and eight per cent did not include all relevant contract details. Sixteen per cent of agencies did not periodically review their contract register. Timely review increases compliance with GIPA legislation, and enhances the effectiveness with which procurement business units monitor contract end dates, contract extensions and commence new procurement. |
| Training and support |
Ninety-three per cent of agencies provide training to staff involved in procurement processes, and a further 77 per cent of agencies provide this training on an on-going basis. Of the seven per cent of agencies that had not provided training to staff, we noted gaps in aspects of their procurement activity, including:
Training on procurement activities ensures there is effective management of procurement processes to support operational requirements, and compliance with procurement directions. |
| Procurement activities | While agencies had implemented controls for tender activities above $650,000, 43 per cent of unaccredited agencies did not comply with the NSW Procurement Policy Framework because they had not had their procurement endorsed by an accredited agency within the cluster or by NSW Procurement. This endorsement aims to ensure the procurement is properly planned to deliver a value for money outcome before it commences. |
| Emergency procurement |
As at 30 June 2020, agencies within the scope of this report reported conducting 32,239 emergency procurements with a total contract value of $316,908,485. Emergency procurement activities included the purchase of COVID-19 cleaning and hygiene supplies. The government, through NSW Procurement released the 'COVID-19 Emergency procurement procedure', which relaxed procurement requirements to allow agencies to make COVID-19 emergency procurements. Our review against the emergency procurement measures found most agencies complied with requirements. For example:
Complying with the procedure helps to ensure government resources are being efficiently, effectively, economically and in accordance with the law. Recommendation: Agency procurement frameworks should be reviewed and updated so they can respond effectively to emergency situations that may arise in the future. This includes:
|
5. Delegations
| Instruments of delegation |
We found that agencies have established financial and human resources delegations, but some had not revisited their delegation manuals following the legislative and machinery of government changes. For those agencies impacted by machinery of government changes we noted:
Delegations manuals are not always complete; 16 per cent of agencies had no delegation for writing off bad debts and 26 per cent of agencies had no delegation for writing off capital assets. Recommendation: Agencies should ensure their financial and human resources delegation manuals contain regular set review dates and are updated to reflect the Government Sector Finance Act 2018, machinery of government changes and their current organisational structure and roles and responsibilities. |
| Compliance with delegations |
Agencies did not understand or correctly apply the requirements of the Government Sector Finance Act 2018 (GSF Act), resulting in non-compliance with the Act. We found that 18 per cent of agencies spent deemed appropriations without obtaining an authorised delegation from the relevant Minister(s), as required by sections 4.6(1) and 5.5(3) of the GSF Act. Further detail on this issue will be included in our Auditor-General's Reports to Parliament on Central Agencies, Education, Health and Stronger Communities, which will be tabled throughout December 2020. Recommendation: Agencies should review financial and human resources delegations to ensure they capture all key functions of laws and regulations, and clearly specify the relevant power or function being conferred on the officer. |
6. Status of 2019 recommendations
| Progress implementing last year's recommendations |
Recommendations were made last year to improve transparency over reporting on gifts and benefits and improve the visibility management and those charged with governance had over actions taken to address conflicts of interest that may arise. This year, we continue to note:
While we acknowledge the significance of the recent emergencies, which have consumed agency time and resources, we note limited progress has been made implementing these recommendations. Further detail on the status of implementing all recommendations is in Appendix 2. Recommendation: Agencies should re-visit the recommendations made in last year's report on internal controls and governance and action these recommendations. |
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.
|
Section highlights We identified ten high risk findings, compared to four last year with two findings repeated from the previous year. There was an overall increase of 13 per cent in the number of internal control deficiencies compared to last year due to a seven per cent increase in new internal control deficiencies, and a 24 per cent increase in repeat internal control deficiencies. The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies. We identified a number of findings that remain common across multiple agencies over the last four years. Some of these findings related to areas that are fundamental to good internal control environments and effective organisational governance. Examples include:
Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.
|
Section highlights Government agencies’ financial reporting is heavily reliant on information technology (IT). We continue to see a high number of deficiencies related to IT general controls, particularly those related to user access administration. These controls are key in adequately protecting IT systems from inappropriate access and misuse. IT is also important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our financial audits do not review all agency IT systems. For example, IT systems used to support agency service delivery are generally outside the scope of our financial audit. However, agencies should also consider the relevance of our findings to these systems. Agencies need to continue to focus on assessing the risks of inappropriate access and misuse and the implementation of controls to adequately protect their systems, focussing on the processes in place to grant, remove and monitor user access, particularly privileged user access. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency business continuity and disaster recovery planning arrangements.
|
Section highlights We identified deficiencies in agency business continuity and disaster recovery planning arrangements and opportunities for agencies to enhance their business continuity management and disaster recovery planning arrangements. This will better prepare them to respond to a disruption to their critical functions, resulting from an emergency or other serious event. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities and 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. Scenario testing improves the effectiveness with which a live crisis is handled. This section focusses on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic. While agencies have responded to the recent emergencies, proactively addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required. During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of procurement agency procurement policies and procurement activity.
|
Section highlights We found agencies have procurement policies in place to manage procurement activity, but the content of these policies was not sufficiently detailed to ensure compliance with NSW Procurement Board Directions (the Directions). The Directions aim to ensure procurement activity achieves value for money and meets the principles of probity and fairness. Agencies have generally implemented controls over their procurement process. In relation to emergency procurement activity, agencies reported conducting 32,239 emergency procurements with a total contract value of $316,908,485 up to 30 June 2020. Our review of emergency procurement activity conducted during 2019–20 identified areas where some agencies did not fully comply with the 'COVID-19 Emergency procurement procedure'. We also found not all agencies are maintaining complete and accurate contract registers. This not only increases the risk of non-compliance with GIPA legislation, but also limits the effectiveness of procurement business units to monitor contract end dates, contract extensions and commence new procurement in a timely manner. We noted instances where agencies renewed or extended contracts without going through a competitive tender process during the year. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency compliance with financial and human resources delegations.
Appendix one – List of 2020 recommendations
Appendix two – Status of 2019 recommendations
Appendix three – Cluster agencies
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
State Finances 2020
The Auditor-General for New South Wales, Margaret Crawford, released her report today on State Finances for the year ended 30 June 2020.
‘I am pleased to once again report that I issued an unmodified audit opinion on the State’s consolidated financial statements,’ the Auditor-General said.
The report acknowledges this has been a challenging year, with New South Wales impacted by natural disasters and the COVID-19 pandemic.
The State’s Budget Result, reported in the financial statements, was a deficit of $6.9 billion. This is different to the 2019-20 budget forecast surplus of $1.0 billion and is an outcome of the government’s significant response to bushfires and COVID-19.
The report summarises a number of audit and accounting matters arising from the audit of the Total State Sector Accounts, a sector that comprises 291 entities controlled by the NSW Government with total assets of $495 billion and total liabilities of $256 billion.
Our audit opinion on the State’s 2019–20 financial statements was unmodified
An unmodified audit opinion was issued on the State’s 2019–20 consolidated financial statements.
The State extended signing its financial statements by six weeks.
Natural disasters, the COVID-19 pandemic and other factors impacted the State’s 2019–20 reporting timetable. The State extended signing its financial statements by six weeks, compared with 2018–19.
All agencies were also given a two-week extension to prepare their financial statements compared with 2018–19. Further extensions beyond two weeks were subsequently approved for the following 11 agencies (7 in 2018–19) to submit completed financial statements for audit:
- Department of Communities and Justice
- Department of Customer Service
- Department of Planning, Industry and Environment
- Department of Regional NSW
- Department of Transport
- Environment Protection Authority
- Infrastructure NSW
- Lord Howe Island Board
- NSW Crown Holiday Parks Land Manager
- Service NSW
- Water Administration Ministerial Corporation.
The extensions reflected that the COVID-19 pandemic impacted agencies’ work environments during the first six months of 2020. This was at a time when many were still implementing machinery of government changes and preparing to implement three significant new accounting standards:
- AASB 15 Revenue from Contracts with Customers (issued December 2014, effective 1 July 2019)
- AASB 16 Leases (issued February 2016, effective 1 July 2019)
- AASB 1058 Income of Not-for-profit entities (issued December 2016, effective 1 July 2019).
These new accounting standards were issued some years before they became effective, to allow reporting entities sufficient time to prepare for implementation. Notwithstanding this, some agencies had not fully implemented the new accounting standards in time for early close procedures, and the unforeseen impact of COVID-19 further complicated the year-end financial reporting processes for the State and its agencies.
The graph below shows the number of reported errors exceeding $20 million over the past five years in agencies’ financial statements presented for audit.
In 2019–20, agency financial statements presented for audit contained 19 errors exceeding $20 million (six in 2018–19). The total value of these errors increased to $1.4 billion ($927 million in 2018–19).
The errors resulted from:
- incorrectly applying Australian Accounting Standards and Treasury Policies
- incorrect judgements and assumptions when valuing noncurrent physical assets and liabilities
- incorrectly interpreting the accounting treatment for unspent stimulus funding.
Errors in agency financial statements exceeding $20m (2016–2020)
$4.1 billion in stimulus funding was allocated in 2019–20
The government implemented an economic stimulus package primarily to mitigate the impacts of the COVID-19 pandemic on New South Wales.
The COVID-19 pandemic and bushfires had a significant impact on the State’s finances, reducing its revenue and increasing its expenses especially in sectors directly responsible for responding to the COVID-19 pandemic, such as Health.
The government announced a $4.1 billion health and economic stimulus package in 2019–20. This primarily included:
- $2.2 billion in health measures including purchases of essential medical equipment and increasing clinical health capacity (like intensive care spaces)
- $1.0 billion in small business and land tax relief
- $355 million in extra cleaning services and quarantine costs.
Cluster agencies had spent $3.0 billion (just under 75 per cent) of the COVID-19 stimulus package by 30 June 2020.
The Health cluster incurred most of this expenditure.
Total spend relating to bushfires was $1.3 billion in 2019–20.
The graph below shows the total allocation and spend by cluster to 30 June 2020.
Economic stimulus allocation and spend by cluster to 30 June 2020
Deficit of $6.9 billion compared with a budgeted surplus of $1.0 billion
An outcome of the government’s overall activity and policies is its net operating balance (Budget Result). This is the difference between the cost of general government service delivery and the revenue earned to fund these sectors.
The General Government Sector, which comprises 199 entities, generally provides goods and services funded centrally by the State.
The Non-General Government Sector, which comprises 92 government businesses, generally provides goods and services, such as water, electricity and financial services that consumers pay for directly.
The Budget Result for the 2019–20 financial year was a deficit of $6.9 billion. The original budget forecast, set before the COVID-19 pandemic and bushfires, was a $1.0 billion surplus. The main driver of the change in result was:
- $1.3 billion of higher employee costs, mainly due to:
- increased workers compensation claims
- additional personnel required (mainly in the Health sector) to respond to the COVID-19 pandemic
- $2.3 billion of higher operating expenses, mainly due to:
- $828 million from first time recognition of a child abuse claim liability
- $507 million from additional insurance claims from the NSW bushfires
- $343 million from COVID-19 claims by agencies for loss of revenue.
- $1.8 billion in higher grants and subsidy expenses, mainly due to:
- small business grants
- COVID-19 quarantine compliance measures
- costs incurred in response to the 2019–20 bushfires, drought and disaster relief payments
- third party-controlled assets that were subsequently transferred to councils and utility providers, mainly arising from construction of the CBD and South East Light Rail.
The deficit was further driven by:
- $1.9 billion less taxation revenue, mainly resulting from:
- $1.3 billion less in payroll tax due to relief measures introduced by the government as part of its COVID-19 economic stimulus
- $424 million less in gambling and betting taxes, due to venue closures required by COVID-19 public health orders
- $523 million less in dividends and income tax revenue from the Non-General Government Sector, due to lower dividends received from NSW Treasury Corporation and from the State’s other commercial government businesses
- lower fines, regulatory fees and other revenue, due to a $305 million decrease in mining royalties, largely driven by lower coal prices.
Main drivers of the 2019–20 actual vs. budget variance
Revenues increased $209 million to $86.3 billion
In 2019–20, the State’s total revenues increased by $209 million to $86.3 billion, 0.2 per cent higher than in 2018–19. COVID-19 impacted taxation revenue, which fell by $1.1 billion and revenue from the sale of goods and services, which fell by $1.1 billion. These falls were offset by a $2.5 billion (7.7 per cent) increase in grants and subsidies from the Australian Government, mainly in the form of additional stimulus funding.
Taxation revenue fell 3.5 per cent
Taxation revenue fell by $1.1 billion, mainly due to a:
- $861 million fall in payroll tax as a result of COVID-19 relief (reduced payroll tax payments for eligible small businesses)
- $430 million fall in stamp duty collections, driven by lower than expected growth in the property market
- $427 million decline in gambling and betting taxes, mainly due to venue closures driven by COVID-19 public health orders.
Stamp duties of $8.8 billion were the largest source of taxation revenue, $473 million higher than payroll tax, the second-largest source of taxation revenue.
Australian Government grants and subsidies
The State received $34.2 billion in grants and subsides which are mainly from the Australian Government, $2.4 billion more than in 2018–19.
The increase was driven by a $1.1 billion increase in Commonwealth Specific Purpose Payments to support the Health cluster respond to the COVID-19 pandemic. Commonwealth National Partnership Payments increased by a similar amount to provide the State with Natural Disaster relief.
Sales of goods and services
In 2019–20, sales of goods and services fell $1.1 billion. This was due to the COVID-19 pandemic reducing:
- patronage and related transport passenger revenue
- health billing activities with elective surgery being put on hold
Fines, regulatory fees and other revenues
Fines, regulatory fees and other revenues fell $505 million. This was mainly due to a $409 million decrease in mining royalties attributed to a drop in thermal coal prices during 2019–20.
Other dividends and distributions
Other dividends and distributions rose by $616 million due to higher distributions received from the State’s investments. This was due to an additional $1.3 billion held in the State’s investment portfolio compared with last year.
Expenses increased $8.2 billion to $96.0 billion
The State’s expenses increased 9.3 per cent compared with 2018–19. Most of the increase was due to higher employee expenses, other operating costs and grants and subsidies.
Employee expenses, including superannuation, increased 5.7 per cent to $42.6 billion.
Salaries and wages increased to $42.6 billion from $40.3 billion in 2018–19. This was mainly due to increases in staff numbers and a 2.5 per cent increase in pay rates across the sector. Salaries and wages for the Education and Health sectors increased by $659 million and $732 million in each sector respectively.
The Health sector employed an additional 2,763 full time staff in 2019–20. It also incurred more overtime in response to COVID-19. Education increased staff numbers by 4,866 full time equivalents and paid a one off 11 per cent pay rise to school administration staff in 2019–20. Historically, the government wages policy aims to limit growth in employee remuneration and other employee related costs to no more than 2.5 per cent per annum.
Operating expenses increased 8.7 per cent to $27.0 billion.
Operating expenses increased to $27.0 billion in 2019–20 ($24.8 billion in 2018–19) due to higher operating activities in Health. The higher level of activities and related costs is attributed to a full year of operations at the Northern Beaches Hospital (opened November 2018), and responding to COVID-19. The response to COVID-19 involved the State providing viability payments to private hospitals, higher visiting medical officer costs due to additional overtime hours and spending more on equipment to set up COVID-19 testing clinics.
Insurance claims increased by $2.0 billion. This was mainly due to NSW Self Insurance Corporation (SiCorp) recognising a liability for child abuse claims incurred but not reported for the first time, and claims for the 2019–20 bushfires, floods and COVID-19.
Health costs remain the State’s highest expense.
Total expenses of the State were $96 billion ($87.8 billion in 2018–19). Traditionally, the following clusters have the highest expenses as a percentage of total government expenses:
- Health – 24.3 per cent (25.8 per cent in 2018–19)
- Education – 17.6 per cent (19.3 per cent in 2018–19)
- Transport - 12.8 per cent (12.6 per cent in 2018–19).
General public service expenses as a percentage of total State expenses is higher due to a $2.0 billion increase in SiCorp’s accrued claim expenses.
Other expenses increased due to additional grant funding by the State for drought relief and COVID-19 stimulus spend.
Health expenses increased by $632 million compared with 2018–19 but fell as a proportion of total State expenses.
Education expenses remained stable compared with last year due to savings in student transportation costs primarily driven by COVID-19. This led to a decrease in the proportion of the State’s costs relating to education activities.
Grants and subsidies increased $2.5 billion to $14.1 billion.
The increase in grants and subsidies was due to payments the State made to support businesses and local communities in the face of COVID-19 and bushfires. In addition, the State transferred CBD and South East Light Rail assets to councils and utility providers during 2019–20 as it no longer controlled these.
Depreciation expense increased $1.0 billion to $9.2 billion.
Depreciation increased to $9.2 billion from $8.0 billion in 2018–19. At 1 July 2019, the State implemented the new leases standard recognising a right of use (ROU) asset and related lease liability in its financial statements. The value of ROU assets are amortised over the term of the lease. This contributed to $980 million of the increase in 2019–20 depreciation expense. Last year, these costs were previously reported within other operating expenses.
Assets grew by $28.0 billion to $495 billion
The State’s assets primarily include physical assets such as land, buildings and infrastructure, and financial assets such as cash, and other financial instruments and equity investments. The value of total assets increased by $28.0 billion to $495 billion. This was a six per cent increase compared with 2018–19, mostly due to changes in asset carrying values.
Of the State’s $28.0 billion increase in asset values, $9.3 billion was due to a new accounting standard requirement for operating leases to be valued and recorded on balance sheet for the first time.
AASB 16 Leases requires entities recognise values for right-ofuse assets (ROU) for the first time. An ROU asset is a lessee’s right to use an asset, the value of which is amortised over the term of the lease. This standard came into effect from 1 July 2019.
Valuing the State’s physical assets
| State’s physical assets valued at $365 billion. |
The value of the State’s physical assets increased by $14.1 billion to $365 billion in 2019–20. The assets include land and buildings ($168 billion), infrastructure ($180 billion) and plant and equipment ($16.7 billion). A prior period error relating to the valuation of RMS infrastructure assets reduced the reported values by $1.0 billion from $352 billion to $351 billion at 30 June 2019.
The movement in physical asset values between years includes additions, disposals, depreciation and valuation adjustments. Other movements include reclassification of physical assets leased under finance leases to right of use assets upon adoption of AASB 16 Leases on 1 July 2019.
Movements in physical asset values
Liabilities increased $38.4 billion to $256 billion
The State borrowed additional funds in response to natural disasters and COVID-19.
The State’s borrowings rose by $33.9 billion to $113.8 billion at 30 June 2020. This accounted for most of the increase in the State’s total liabilities.
The value of TCorp bonds on issue increased by $25.2 billion to $97.0 billion to largely fund capital expenditure and costs associated with the bushfires, drought and COVID-19.
TCorp bonds are actively traded in financial markets and are guaranteed by the NSW Government.
Over 2019–20, TCorp continued to take advantage of lower interest rates, buying back short-term bonds and replacing them with longer dated debt. This lengthens the portfolio matching liabilities with the funding requirements for infrastructure assets.
With effect from 1 July 2019, AASB 16 Leases required the State to recognise liabilities for operating leases for the first time. This increased total lease liabilities from $5.3 billion at 30 June 2019 to $11.8 billion at 30 June 2020.
More than a third of the State’s liabilities relate to its employees. They include unfunded superannuation and employee benefits, such as long service and recreation leave.
Valuing these obligations involves complex estimation techniques and significant judgements. Small changes in assumptions and other variables, such as a lower discount rate, can materially impact the valuation of liability balances in the financial statements.
The State’s unfunded superannuation liability rose $300 million from $70.7 billion to $71.0 billion at 30 June 2020. This was mainly due to a lower discount rate of 0.87 per cent (1.32 per cent in 2018–19). The State’s unfunded superannuation liability represents the value of its obligations to past and present employees less the value of assets set aside to fund those obligations.
The State maintained its AAA credit rating
The object of the Fiscal Responsibility Act 2012 is to maintain the State’s AAA credit rating.
The government manages New South Wales’ finances in accordance with the Fiscal Responsibility Act 2012 (the Act).
The Act establishes the framework for fiscal responsibility and the strategy to maintain the State’s AAA credit rating and service delivery to the people of New South Wales.
The legislation sets out targets and principles for financial management to achieve this.
This year, the State’s credit rating from Standard & Poor’s changed from AAA/Stable to AAA/Negative. Moody’s Investors Service credit rating of Aaa/Stable did not change from the previous year.
The fiscal target for achieving this objective is that General Government annual expenditure growth should be lower than long term average revenue growth.
The State did not achieve its fiscal target of maintaining annual expenditure growth below the long-term revenue growth rate target of 5.6 per cent.
In 2019–20, General Government expenditure grew by 9.7 per cent (5.5 per cent in 2018–19).
Expenditure items that contributed most to the growth rate include:
- recurrent grants and subsidies (20.4 per cent)
- other operating expenses (9.5 per cent)
- employee costs (including superannuation) (5.6 per cent)
Recurrent grant and subsidy expenses increased by $2.8 billion in 2019–20 mainly due to the COVID-19 and natural disaster payments. Other operating expenses increased mainly due to a $2.0 billion increase in SiCorp insurance claims. This included the $828 million provision for child abuse claims incurred but not reported. The bushfires and COVID-19 pandemic also increased the number and cost of claims in 2019–20.
