Reports
Actions for Managing risks in the NSW public sector: risk culture and capability
Managing risks in the NSW public sector: risk culture and capability
The Ministry of Health, NSW Fair Trading, NSW Police Force, and NSW Treasury Corporation are taking steps to strengthen their risk culture, according to a report released today by the Auditor-General, Margaret Crawford. 'Senior management communicates the importance of managing risk to their staff, and there are many examples of risk management being integrated into daily activities', the Auditor-General said.
We did find that three of the agencies we examined could strengthen their culture so that all employees feel comfortable speaking openly about risks. To support innovation, senior management could also do better at communicating to their staff the levels of risk they are willing to accept.
Effective risk management is essential to good governance, and supports staff at all levels to make informed judgements and decisions. At a time when government is encouraging innovation and exploring new service delivery models, effective risk management is about seizing opportunities as well as managing threats.
Over the past decade, governments and regulators around the world have increasingly turned their attention to risk culture. It is now widely accepted that organisational culture is a key element of risk management because it influences how people recognise and engage with risk. Neglecting this ‘soft’ side of risk management can prevent institutions from managing risks that threaten their success and lead to missed opportunities for change, improvement or innovation.
This audit assessed how effectively NSW Government agencies are building risk management capabilities and embedding a sound risk culture throughout their organisations. To do this we examined whether:
- agencies can demonstrate that senior management is committed to risk management
- information about risk is communicated effectively throughout agencies
- agencies are building risk management capabilities.
The audit examined four agencies: the Ministry of Health, the NSW Fair Trading function within the Department of Finance, Services and Innovation, NSW Police Force and NSW Treasury Corporation (TCorp). NSW Treasury was also included as the agency responsible for the NSW Government's risk management framework.
In assessing an agency’s risk culture, we focused on four key areas:
Executive sponsorship (tone at the top)
In the four agencies we reviewed, senior management is communicating the importance of managing risk. They have endorsed risk management frameworks and funded central functions tasked with overseeing risk management within their agencies.
That said, we found that three case study agencies do not measure their existing risk culture. Without clear measures of how employees identify and engage with risk, it is difficult for agencies to tell whether employee's behaviours are aligned with the 'tone' set by the executive and management.
For example, in some agencies we examined we found a disconnect between risk tolerances espoused by senior management and how these concepts were understood by staff.
Employee perceptions of risk management
Our survey of staff indicated that while senior leaders have communicated the importance of managing risk, more could be done to strengthen a culture of open communication so that all employees feel comfortable speaking openly about risks. We found that senior management could better communicate to their staff the levels of risk they should be willing to accept.
Integration of risk management into daily activities and links to decision-making
We found examples of risk management being integrated into daily activities. On the other hand, we also identified areas where risk management deviated from good practice. For example, we found that corporate risk registers are not consistently used as a tool to support decision-making.
Support and guidance to help staff manage risks
Most case study agencies are monitoring risk-related skills and knowledge of their workforce, but only one agency has addressed the gaps it identified. While agencies are providing risk management training, surveyed staff in three case study agencies reported that risk management training is not adequate.
NSW Treasury provides agencies with direction and guidance on risk management through policy and guidelines. In line with better practice, NSW Treasury's principles-based policy acknowledges that individual agencies are in a better position to understand their own risks and design risk management frameworks that address those risks. Nevertheless, there is scope for NSW Treasury to refine its guidance material to support a better risk culture in the NSW public sector.
Recommendation
By May 2019, NSW Treasury should:
- Review the scope of its risk management guidance, and identify additional guidance, training or activities to improve risk culture across the NSW public sector. This should focus on encouraging agency heads to form a view on the current risk culture in their agencies, identify desirable changes to that risk culture, and take steps to address those changes.
Appendix one - Response from agencies
Appendix three - About the audit
Appendix four - Performance auditing
Parliamentary reference - Report number #298 - released 23 April 2018
Actions for Report on Local Government 2017
Report on Local Government 2017
Under section 421C of the Local Government Act 1993, I am pleased to present our first report on the statutory financial audits of councils, to NSW Parliament.
My appointment as the auditor of local government in New South Wales is the most significant change to the Auditor-General's mandate in nearly three decades.
Moving to the new audit arrangements over the past 18 months has been challenging but rewarding. It has confirmed my appreciation of local government – a sector passionate about the community and focused on delivering local services.
The unique relationship each council has with its community differentiates it from other tiers of government.
Our audits
I am pleased to report that we completed 139 out of 140 financial statement audits for the 2016–17 audit cycle. The remaining council received an extension to lodge its financial statements.
We have also released a performance audit report on council reporting on service delivery. We will soon release another report on fraud controls in local councils and a report on council shared services later this year.
- While the new audit mandate brings immense responsibility, my office has embraced the challenges involved and the objectives that NSW Parliament gave us:
- strengthening governance and financial oversight in local government
- providing greater consistency in external audit
- ensuring reliable financial information is available to assess council performance
- improving financial management, fiscal responsibility and public accountability in how councils use citizens’ funds.
This report
This report is rich in data extracted from the results of the 2016–17 financial audits. For the first time, it presents a consistent view of financial performance across the New South Wales local government landscape. The report also provides guidance and includes recommendations to councils and the Office of Local Government aimed at strengthening financial reporting, asset management, governance and internal controls.
The report will help NSW Parliament understand the common challenges that councils face. It provides points of comparison for councils and signposts matters that will be the focus of future audits. Importantly, this report and the data visualisation that accompanies it, provides comprehensive and accessible information to citizens regarding the management and performance of their councils.
I would like to acknowledge the cooperation of councils throughout the audit process and our partnerships with the contract audit firms that helped us to deliver the audits. Together we can learn from each other and work towards improving outcomes for the community.
1. Introduction | |
Local government sector | NSW has 140 councils: 128 local councils serving a geographic area and 12 county councils formed for a specific purpose. We completed audits of 139 councils' 2016–17 financial statements and eight councils' 2015–16 financial statements. Bayside Council received a lodgement extension from the Office of Local Government (OLG) and has not yet presented their 2016–17 financial statements for audit. |
Service delivery | Each council provides a range of services, influenced by population density, demographics, the local economy, geographic and climatic characteristics. These differences influence the financial profile of councils. |
2. Financial reporting | |
Quality of financial reporting |
The overall quality of financial reporting needs to improve:
OLG guidance for council year-end financial reporting needs to align with Australian Accounting Standards and be issued earlier. |
Timeliness of financial reporting | Timeliness of financial reporting needs to improve. Forty councils required lodgement extensions past the 31 October 2017 statutory reporting deadline. |
3. Financial performance and sustainability | |
Operating revenue | Eighteen councils operating expenses exceed current operating revenue. Fifty-nine councils do not meet OLG’s target of 60 per cent for own source operating revenue. |
Liquidity and working capital | Most councils have sufficient liquidity and working capital. However, there are indicators that:
|
Asset management measures | Reporting against OLG’s asset management performance measures highlights that councils need to consider whether spending on existing infrastructure assets is sufficient to ensure they continue to meet service delivery standards:
|
4. Asset management | |
High risk issues | We reported ten high risk issues relating to councils’ asset management and accounting practices. |
Asset reporting | The accuracy of asset registers requires improvement and all assets need to be reported in the financial statements. At 30 June 2017, 62 councils did not record all rural fire-fighting equipment in their financial statements. A large proportion of rural fire-fighting equipment is not reported in either State government or local government financial statements. |
Asset valuation | We reported seven high risk matters related to asset valuations, including two that resulted in qualified audit opinions. |
Asset useful life estimates | We identified that accounting for the useful lives of similar assets varied across councils, resulting in variable depreciation expense for these assets. In addition, the useful lives of assets need to be reviewed annually. This review should be supported by current condition assessments. |
Asset policy and planning | Thirteen councils do not have an asset management strategy, policy and plan, as required by the Office of Local Government’s Integrated Planning and Reporting Framework. |
5. Governance and internal controls | |
High risk issues | We reported 17 high risk issues relating to governance, financial accounting, purchasing and payables and payroll matters. |
Governance | There is currently no requirement for councils to have an audit, risk and improvement committee and internal audit function. Consequently, 53 councils do not have an audit committee and 52 councils do not have an internal audit function. The Office of Local Government has incomplete information on the number of entities established by councils. There is no financial reporting framework for the variety of entities established by councils. Councils can strengthen policies and procedures to support critical business processes, practices for risk management and compliance with key laws and regulations. |
Internal controls | Councils can improve internal controls over manual journals, reconciliations, purchasing and payables and payroll. |
6. Information technology | |
High risk issues | We reported nine high risk issues relating to information technology. |
Access to IT systems | Controls over user access to IT systems need to be strengthened. |
Information Technology governance | IT governance benefits from appropriate policies, standards and guidelines across all critical IT processes. We identified that:
|
Accurate and timely financial statements are an important element of sound financial management. They bring accountability and transparency to the way councils use public resources. Our financial audits assessed the following aspects of councils’ financial reporting:
- quality of financial reporting
- timeliness of financial reporting.
Observation | Conclusion or recommendation |
2.1 Quality of financial reporting | |
Qualified audit opinions
|
The councils that received unmodified audit opinions prepared financial statements that fairly present their financial position and results. |
We issued modified (qualified) opinions on the:
|
Councils with modified opinions should address the issues that give rise to the audit qualification. |
Significant audit matters We reported 39 significant matters in 29 councils. They included material accounting issues and significant deficiencies in internal controls. Seventy-seven per cent of the matters related to assets. |
Significant issues with the quality of financial reporting delayed the completion of a number of audits. Improving the reporting on assets should be a priority. |
Prior period errors We found 33 material errors worth $9.1 billion in the previous audited financial statements of 22 councils. These all required prior-year audited balances to be corrected. Eighty eight per cent of these were asset related. |
The high number of asset-related prior-period errors reinforces the need for councils to improve the way they value and account for assets. |
Financial statements We reported 43 moderate risk findings where councils can improve the way they complete their financial statements. |
Recommendation Councils can improve the quality of financial reporting by reviewing their financial statements close processes to identify areas for improvements. |
Of the councils that had an audit, risk and improvement committee, 55 per cent of these did not review the financial statements before audit. | Recommendation Councils can improve the quality of financial reporting by involving an audit, risk and improvement committee in the review of financial statements. |
OLG guidance To support councils in preparing 30 June 2017 financial statements, OLG issued guidance documents in June 2017 and September 2017. This limited the time councils had to prepare financial statements in the prescribed form and resolve financial reporting and audit issues. |
Recommendation The Office of Local Government should release the Local Government Code of Accounting Practice and Financial Reporting and the End of Year Financial Reporting Circular earlier in the audit cycle, ideally by 30 April each year. |
The Code applicable for the 2016–17 financial reporting period provided options and guidance that in some instances did not fully align with Australian Accounting Standards. | Recommendation The Local Government Code of Accounting Practice and Financial Reporting should align with Australian Accounting Standards. |
2.2 Timeliness of financial reporting | |
Statutory deadlines One hundred councils submitted audited financial statements to OLG by the statutory deadline of 31 October 2017. Thirty-nine councils received reporting extensions up to 28 February, including 16 of the 20 newly amalgamated councils. Bayside Council received a reporting extension to 31 May 2018 and has not yet presented their financial statements for audit. |
Councils need to improve their financial reporting processes in order to lodge their financial statements by the statutory reporting deadline. |
Early close procedures Councils currently do not use early close procedures to resolve accounting issues before the end of the financial year. |
Recommendation The Office of Local Government should introduce early close procedures with an emphasis on asset valuations. |
3 The Auditor‑General was appointed statutory auditor of eight councils for the 2015–16 reporting period at the specific request of councils, due to the failure by councils to appoint an auditor, or the inability of the previous auditor to complete the audit due to external investigation or auditor retirement.
Strong and sustainable financial performance provides the platform for councils to deliver services and respond to the needs of their community. This chapter outlines our audit observations on the performance of councils against the Office of Local Government's (OLG) performance indicators, grouped in three areas:
- operating revenue performance measures
- liquidity and working capital performance measures
- asset management performance measures.
Our analysis indicates that some councils face challenges in meeting these performance and sustainability measures.
Observations | Conclusions |
3.1 Operating revenue performance measures | |
Operating performance Another 20 councils would not have met OLG’s operating performance benchmark without the receipt of 2017–18 financial assistance grants which was recorded as revenue during 2016–17. Eleven councils have not met OLG’s operating performance benchmark for the last three years. |
It is important that councils have financial management strategies that support their financial sustainability and ability to meet OLG’s operating performance benchmark over the long term. |
Operating performance measures how well councils contain operating expenses within operating revenue. OLG has prescribed a benchmark of greater than zero. | |
Own source operating revenue |
Rural councils have high-value infrastructure assets that cover large areas with smaller populations and less capacity to raise revenue from alternative sources compared with metropolitan councils. |
Own source operating revenue measures a council’s fiscal flexibility and the degree to which it can generate revenue from own sources compared with total revenue from all sources. OLG has prescribed a benchmark of more than 60 per cent of total revenue. | |
3.2 Liquidity and working capital performance measures | |
Unrestricted current ratio |
Most councils can meet short-term obligations as they fall due. |
The unrestricted current ratio represents a council’s ability to meet its short-term obligations as they fall due. OLG has prescribed a benchmark of greater than 1.5 times. | |
Debt service cover ratio Regional councils have 56 per cent of the value of all borrowings in the sector. |
Most councils have sufficient operating cash available to service their borrowings. Regional councils borrow more heavily than metropolitan councils to deliver water and sewerage infrastructure. Metropolitan councils do not have the responsibility to provide water and sewerage infrastructure. |
The debt service cover ratio measures the operating cash available to service debt including interest, principal and lease payments. OLG has prescribed a benchmark of greater than two times. | |
Rates and annual charges outstanding These councils also did not meet the infrastructure backlog ratio. |
Most councils are collecting rates and annual charges levied. Councils with higher levels of uncollected rates and charges can experience increased pressure on the working capital available to fund operations. |
The rates and annual charges outstanding measure assesses the impact of uncollected rates and annual charges on a council’s liquidity and the adequacy of debt recovery efforts. OLG has prescribed a benchmark of less than five per cent for metropolitan and less than ten per cent for other councils. | |
Cash expense cover ratio |
Most councils have the capacity to cover more than three months of operating expenses. |
The cash expense cover ratio indicates the number of months a council can continue paying its expenses without additional cash inflows. OLG has prescribed a benchmark of greater than three months. | |
This measure does not exclude externally and internally restricted funds. If externally restricted funds are excluded, all councils would still meet OLG’s benchmark. If both externally and internally restricted funds are excluded:
|
Councils with a higher proportion of restricted funds may have less flexibility to pay operational expenses than the cash expense cover ratio suggests. However, councils can resolve to lift internal restriction if required. |
3.3. Asset management performance measures (not audited) |
|
Building and infrastructure renewals ratio Most councils included expenditure related to work-in-progress in calculating this ratio. OLG are of the view that work-in-progress should be excluded and as a result identified that a further 23 councils do not meet the benchmark. |
These councils appear to not be renewing assets in line with the rate they are depreciating them. This raises questions as to whether council asset management plans are adequate to determine whether assets are being kept up to agreed standards. Uncertainty on the inclusion of work-in-progress assets does need to be is clarified in order to ensure consistency in determining whether councils are adequately renewing their assets. |
The building and infrastructure renewals ratio represents the rate at which assets are being renewed relative to the rate at which they are depreciating. OLG has prescribed a benchmark of greater than 100 per cent. | |
Infrastructure backlog ratio |
These councils may not be maintaining their infrastructure backlog at a manageable level. |
The infrastructure backlog ratio represents the proportion of infrastructure backlog relative to the total net book value of a council's infrastructure assets. OLG has prescribed a benchmark of less than two per cent. | |
Asset maintenance ratio |
These councils’ maintenance expenditure may be insufficient to sustain their assets in a functional state so they reach their predicted useful life. |
The asset maintenance ratio represents the rate at which assets are being maintained relative to the rate at which they are required to be maintained. OLG has prescribed a benchmark of greater than 100 per cent. | |
Costs to bring assets to agreed service level |
There is variability between councils in the amount of outstanding renewal works to be completed. |
This ratio represents the estimated cost to renew or rehabilitate existing infrastructure assets that have reached the condition-based interval level adopted by a council, relative to the gross replacement cost of all infrastructure assets. OLG has not prescribed a benchmark for this performance measure. |
OLG’s benchmarks for financial performance and sustainability
Each local council has unique characteristics such as its size, location and services provided to their communities. These differences affect the nature of each council's assets and liabilities, revenue and expenses, and in turn the financial performance measures against which it reports.
The Office of Local Government prescribes performance indicators for council reporting
The analysis in this chapter is based on performance measures prescribed in OLG’s Code of Accounting Practice and Financial Reporting (the Code). Councils report against these measures in their annual report, which includes the audited financial statements and other unaudited information. In the audited financial statements, councils report performance against six financial sustainability measures:
- operating performance
- own source operating revenue
- unrestricted current ratio
- debt service cover ratio
- rates and annual charges outstanding percentage
- cash expense cover ratio.
Councils also include the unaudited Special Schedule 7 'Report on Infrastructure Assets' in their annual reports. In this schedule, councils report to OLG on performance against four further measures:
- building and infrastructure renewals ratio
- infrastructure backlog ratio
- asset maintenance ratio
- cost to bring assets to agreed service level.
Each audited measure and three of the four unaudited measures has a prescribed benchmark. OLG’s benchmarks are the same for metropolitan, regional, rural and county councils, with the exception of the rates and annual charges outstanding percentage. Regional, rural and county councils have a different benchmark to metropolitan councils for this measure.
Three rural councils did not meet three of the audited OLG benchmarks
Most councils met OLG’s benchmarks for at least five or all of the six audited performance measures. Eight rural, four regional, four metropolitan and two county councils did not meet OLG’s benchmarks for two out of the six audited performance measures. Three rural councils did not meet OLG’s benchmarks for three out of the six audited performance measures.
The following table summarises how the councils performed across the six audited performance measures.
Number of OLG benchmarks met by councils | Number of councils | |||
Metropolitan | Regional | Rural | County | |
6 | 12 | 12 | 29 | 5 |
5 | 17 | 21 | 17 | 5 |
4 | 4 | 4 | 8 | 2 |
3 | -- | -- | 3 | -- |
Not available* | 1 | -- | -- | -- |
Total | 34 | 37 | 57 | 12 |
Source: Audited Financial Statements for 2016–17.
Appendix ten lists the performance of each council against all performance measures.
NSW councils own and manage a significant range of assets, including infrastructure, property, plant and equipment with a total value of $136 billion.
Many of the issues that our local government audits identified related to asset management. This chapter discusses some of the asset accounting issues we found, focusing on five areas:
- overall asset management issues
- asset registers
- asset valuation
- recognition and asset useful life estimates
- asset policy and planning.
Observations | Conclusion or recommendation |
4.1 High risk issues | |
Significant matters reported to those charged with council governance |
High risk issues affect council’s ability to maintain their assets in the condition required to deliver essential services. |
4.2 Asset reporting | |
Accuracy of asset registers |
Maintaining accurate asset records is important as it enables councils to manage their assets effectively and report on finances appropriately. |
Unrecorded land and infrastructure assets |
Assets not captured in council records is at risk of not being subject to their care and control, nor recorded in the financial statements. |
Rural fire-fighting equipment |
Recommendation In doing so, the Office of Local Government should work with NSW Treasury to ensure there is a whole‑of‑government approach. |
4.3 Asset valuation |
|
Restricted assets Nine councils corrected the land values in their 2016–17 financial statements, reducing the reported value of community land and land under roads by $12.1 billion. |
The valuation of community land and land under roads should reflect the physical and legislative restrictions on these assets as required by Australian Accounting Standards. The impact of restrictions can be significant. Councils should consider engaging experts to assist with the determination of asset fair values, as necessary. |
Asset revaluations Our audits found many cases where councils did not review valuation results, comply with applicable codes, or work effectively with valuers to obtain accurate asset valuations. |
Valuing large infrastructure assets is a complex process. Councils would benefit if the process is started earlier and there is a clear plan to ensure valuations are appropriately managed and documented. |
4.4 Asset useful life estimates |
|
Asset useful life estimates In some cases, the useful lives of assets are not reviewed annually or supported by regular condition assessment. |
Depreciation is a significant expense for councils and therefore impacts on reported financial results and key performance indicators. To comply with Australian Accounting Standards, councils need to reassess the useful lives of all assets annually. Regular condition assessments are essential to identify maintenance requirements and maintain service delivery. |
4.5 Asset policy and planning |
|
Asset management strategy Thirteen councils do not have an asset management policy, strategy and plan, as required by OLG's Integrated Planning and Reporting Framework. Newly amalgamated councils have until 30 June 2018 to implement this. |
An effective asset management strategy, policy and plan helps councils to manage their assets appropriately over their life cycle and to make informed decisions on the allocation of resources. |
Asset overview
NSW councils own and manage a significant range of assets, including infrastructure, property, plant and equipment.
At 30 June 2017, the combined carrying value of NSW council assets was as follows.
Good governance systems help councils to operate effectively and comply with relevant laws and standards. Internal controls assist councils to operate reliably and produce effective financial statements.
This chapter highlights the high risk issues we found and reports on a range of governance and control areas. Governance and control issues relating to asset management and information technology are covered in separate chapters.
Observation | Conclusion or recommendation |
5.1 High risk issues | |
Significant matters reported to those charged with council governance | |
Our 2016–17 audits identified 36 high risk governance and internal control deficiencies across 17 councils. | Asset practices accounted for the highest number of high risk issues and information technology accounted for the largest overall number of control deficiencies. These matters are covered in chapters four and six respectively. |
We reported:
|
High risk issues affect council’s ability to achieve their objectives and increase the risk of fraud and error. |
5.2 Governance | |
Audit committees | |
Councils are currently not required to have an audit, risk and improvement committee. Consequently, 53 councils do not have an audit committee. |
Proposed legislative changes will require councils to establish an audit, risk and improvement committee by March 2021. Recommendation |
Internal audit |
Recommendation |
Council entities |
Recommendation |
The Local Government Act 1993 does not stipulate a financial reporting framework for council entities. |
Recommendation |
Policies and procedures |
It is important there are current policies, standards and guidelines available to staff and contractors across all critical business processes. |
Legislative compliance frameworks |
Councils can improve practices in monitoring compliance with key laws and regulations. This includes implementing a legislative compliance framework, register and policy. |
Risk management |
Council risk management practices are enhanced when there is a fit-for-purpose risk management framework, register and policy to outline how risks are identified, managed and monitored. |
5.3 Internal controls | |
Financial accounting We identified 51 high and moderate risk issues across 39 councils where reconciliation processes need to improve to support the preparation of accurate financial statements |
Sound financial accounting processes include controls to ensure:
|
Purchasing and payables We found 102 high and moderate risk deficiencies in purchasing and payable controls across 64 councils. Sound purchasing controls are important to minimise error, unauthorised purchases, fraud and waste. |
As councils spend a substantial amount each year to procure goods and services, strong controls over purchasing and payment practices are critical. These include:
|
Payroll Managing excess annual leave balances was a challenge for 32 councils. |
Effective payroll controls are important because employee expenses represent a large portion of council expenditure. These controls include segregation of duties in the review of payroll master file data, timesheets, leave forms, payroll exception reports and termination payments. Excessive annual leave balances can have implications on employee costs, disrupts service delivery and affect work, health and safety. Excess annual leave balances should be continuously monitored and managed. |
Like most public sector agencies, councils increasingly rely on information technology (IT) to deliver services and manage sensitive information. While IT delivers considerable benefits, it also presents risks that councils need to address.
Our review of council IT systems focused on understanding the processes and controls that support the integrity, availability and security of the data used to prepare financial statements. This chapter outlines issues in three broad areas:
- high risk issues
- access to IT systems
- IT governance.
Issues | Conclusion |
6.1 High risk issues | |
Significant matters reported to those charged with council governance | |
Our 2016–17 audits identified nine high risk IT control deficiencies across seven councils. The issues related to user access controls, privileged access controls and user developed applications. | High risk issues affect council’s ability to achieve their objectives and increase the risk of fraud and error. |
6.2 Access to IT systems | |
User access controls We identified 107 issues across 56 councils where user access controls could be strengthened. |
Inadequate IT policies and controls around user access, including privileged access, increases the risk of individuals having excessive or unauthorised access to critical financial systems and data. |
Privileged access |
|
User developed applications Our audits found 22 councils using spreadsheets for business operations, decision making and financial reporting that were not adequately secured, with changes that were not tracked, tested or reviewed. We also identified five councils where finance staff and senior management use database query tools to directly modify financial data, circumventing system-based business process controls. |
It is important councils are aware of all circumstances they are relying on UDAs to limit the risk of errors and potential misuse. This allows councils to:
|
6.3 IT Governance | |
Strategy, policies and procedures Sixty-six councils do not have an adequate information security policy. |
IT governance is enhanced where there is:
|
Disaster recovery and business continuity The ability to restore data from backups is critical to ensure business continuity in the face of a system disaster. We also found that 15 councils do not periodically test their ability to restore backups of data relevant to financial reporting. |
Sound management of disaster recovery and business continuity includes:
We expect to focus on these areas in our future audits. |
Appendix one - Response from the Office of Local Government
Appendix two - List of recommendations
Appendix three - Sources of information and council classifications
Appendix four - Councils amalgamated in 2016
Appendix five - Status of audits
Appendix seven - OLG’s performance indicators from the audited financial statement - Descriptions
Appendix eight - OLG’s performance indicators from the unaudited special schedule 7 - Descriptions
Appendix nine - Financial information
Actions for Detecting and responding to cyber security incidents
Detecting and responding to cyber security incidents
A report released today by the Auditor-General for New South Wales, Margaret Crawford, found there is no whole-of-government capability to detect and respond effectively to cyber security incidents. There is very limited sharing of information on incidents amongst agencies, and some agencies have poor detection and response practices and procedures.
The NSW Government relies on digital technology to deliver services, organise and store information, manage business processes, and control critical infrastructure. The increasing global interconnectivity between computer networks has dramatically increased the risk of cyber security incidents. Such incidents can harm government service delivery and may include the theft of information, denial of access to critical technology, or even the hijacking of systems for profit or malicious intent.
This audit examined cyber security incident detection and response in the NSW public sector. It focused on the role of the Department of Finance, Services and Innovation (DFSI), which oversees the Information Security Community of Practice, the Information Security Event Reporting Protocol, and the Digital Information Security Policy (the Policy).
The audit also examined ten case study agencies to develop a perspective on how they detect and respond to incidents. We chose agencies that are collectively responsible for personal data, critical infrastructure, financial information and intellectual property.
Some of our case study agencies had strong processes for detection and response to cyber security incidents but others had a low capability to detect and respond in a timely way.
Most agencies have access to an automated tool for analysing logs generated by their IT systems. However, coverage of these tools varies. Some agencies do not have an automated tool and only review logs periodically or on an ad hoc basis, meaning they are less likely to detect incidents.
Few agencies have contractual arrangements in place for IT service providers to report incidents to them. If a service provider elects to not report an incident, it will delay the agency’s response and may result in increased damage.
Most case study agencies had procedures for responding to incidents, although some lack guidance on who to notify and when. Some agencies do not have response procedures, limiting their ability to minimise the business damage that may flow from a cyber security incident. Few agencies could demonstrate that they have trained their staff on either incident detection or response procedures and could provide little information on the role requirements and responsibilities of their staff in doing so.
Most agencies’ incident procedures contain limited information on how to report an incident, who to report it to, when this should occur and what information should be provided. None of our case study agencies’ procedures mentioned reporting to DFSI, highlighting that even though reporting is mandatory for most agencies their procedures do not require it.
Case study agencies provided little evidence to indicate they are learning from incidents, meaning that opportunities to better manage future incidents may be lost.
Recommendations
The Department of Finance, Services and Innovation should:
- assist agencies by providing:
- better practice guidelines for incident detection, response and reporting to help agencies develop their own practices and procedures
- training and awareness programs, including tailored programs for a range of audiences such as cyber professionals, finance staff, and audit and risk committees
- role requirements and responsibilities for cyber security across government, relevant to size and complexity of each agency
- a support model for agencies that have limited detection and response capabilities
- revise the Digital Information Security Policy and Information Security Event Reporting Protocol by
- clarifying what security incidents must be reported to DFSI and when
- extending mandatory reporting requirements to those NSW Government agencies not currently covered by the policy and protocol, including State owned corporations.
DFSI lacks a clear mandate or capability to provide effective detection and response support to agencies, and there is limited sharing of information on cyber security incidents.
DFSI does not currently have a clear mandate and the necessary resources and systems to detect, receive, share and respond to cyber security incidents across the NSW public sector. It does not have a clear mandate to assess whether agencies have an acceptable detection and response capability. It is aware of deficiencies in agencies and across whole‑of‑government, and has begun to conduct research into this capability.
Intelligence gathering across the public sector is also limited, meaning agencies may not respond to threats in a timely manner. DFSI has not allocated resources for gathering of threat intelligence and communicating it across government, although it has begun to build this capacity.
Incident reporting to DFSI is mandatory for most agencies, however, most of our case study agencies do not report incidents to DFSI, reducing the likelihood of containing an incident if it spreads to other agencies. When incidents have been reported, DFSI has not provided dedicated resources to assess them and coordinate the public sector’s response. There are currently no formal requirements for DFSI to respond to incidents and no guidance on what it is meant to do if an incident is reported. The lack of central coordination in incident response risks delays and increased damage to multiple agencies.
DFSI's reporting protocol is weak and does not clearly specify what agencies should report and when. This makes agencies less likely to report incidents. The lack of a standard format for incident reporting and a consistent method for assessing an incident, including the level of risk associated with it, also make it difficult for DFSI to determine an appropriate response.
There are limited avenues for sharing information amongst agencies after incidents have been resolved, meaning the public sector may be losing valuable opportunities to improve its protection and response.
Recommendations
The Department of Finance, Services and Innovation should:
- develop whole‑of‑government procedure, protocol and supporting systems to effectively share reported threats and respond to cyber security incidents impacting multiple agencies, including follow-up and communicating lessons learnt
- develop a means by which agencies can report incidents in a more effective manner, such as a secure online template, that allows for early warnings and standardised details of incidents and remedial advice
- enhance NSW public sector threat intelligence gathering and sharing including formal links with Australian Government security agencies, other states and the private sector
- direct agencies to include standard clauses in contracts requiring IT service providers report all cyber security incidents within a reasonable timeframe
- provide assurance that agencies have appropriate reporting procedures and report to DFSI as required by the policy and protocol by:
- extending the attestation requirement within the DISP to cover procedures and reporting
- reviewing a sample of agencies' incident reporting procedures each year.
Appendix one - Response from agency
Appendix two - ISMS maturity model
Appendix three - About the audit
Appendix four - Performance auditing
Parliamentary reference - Report number #297 - released 2 March 2018
Actions for Council reporting on service delivery
Council reporting on service delivery
New South Wales local government councils’ could do more to demonstrate how well they are delivering services in their reports to the public, according to a report released today by the Auditor-General for New South Wales, Margaret Crawford. Many councils report activity, but do not report on outcomes in a way that would help their communities assess how well they are performing. Most councils also did not report on the cost of services, making it difficult for communities to see how efficiently they are being delivered. And councils are not consistently publishing targets to demonstrate what they are striving for.
I am pleased to present my first local government performance audit pursuant to section 421D of the Local Government Act 1993.
My new mandate supports the Parliament’s objectives to:
- strengthen governance and financial oversight in the local government sector
- improve financial management, fiscal responsibility and public accountability for how councils use citizens’ funds.
Performance audits aim to help councils improve their efficiency and effectiveness. They will also provide communities with independent information on the performance of their councils.
For this inaugural audit in the local government sector, I have chosen to examine how well councils report to their constituents about the services they provide.
In this way, the report will enable benchmarking and provide improvement guidance to all councils across New South Wales.
Specific recommendations to drive improved reporting are directed to the Office of Local Government, which is the regulator of councils in New South Wales.
Councils provide a range of services which have a direct impact on the amenity, safety and health of their communities. These services need to meet the needs and expectations of their communities, as well as relevant regulatory requirements set by state and federal governments. Councils have a high level of autonomy in decisions about how and to whom they provide services, so it is important that local communities have access to information about how well they are being delivered and meeting community needs. Ultimately councils should aim to ensure that reporting performance is subject to quality controls designed to provide independent assurance.
Councils report extensively on the things they have done, but minimally on the outcomes from that effort, efficiency and performance over time.
Councils could improve reporting on service delivery by more clearly relating the resources needed with the outputs produced, and by reporting against clear targets. This would enable communities to understand how efficiently services are being delivered and how well councils are tracking against their goals and priorities.
Across the sector, a greater focus is also needed on reporting performance over time so that communities can track changes in performance and councils can demonstrate whether they are on target to meet any agreed timeframes for service improvements.
The degree to which councils demonstrate good practice in reporting on service delivery varies greatly between councils. Metropolitan and regional town and city councils generally produce better quality reporting than rural councils. This variation indicates that, at least in the near-term, OLG's efforts in building capability in reporting would be best directed toward rural councils.
Recommendation
By mid-2018, OLG should:
- assist rural councils to develop their reporting capability.
The Framework which councils are required to use to report on service delivery, is intended to drive good practice in reporting. Despite this, the Framework is silent on a number of aspects of reporting that should be considered fundamental to transparent reporting on service delivery. It does not provide guidance on reporting efficiency or cost effectiveness in service delivery and provides limited guidance on how annual reports link with other plans produced as part of the Framework. OLG's review of the Framework, currently underway, needs to address these issues.
Recommendation
By mid-2018, OLG should:
- issue additional guidance on good practice in council reporting, with specific information on:
- reporting on performance against targets
- reporting on performance against outcome
- assessing and reporting on efficiency and cost effectiveness
- reporting performance over time
- clearer integration of all reports and plans that are required by the Framework, particularly the role of End of Term Reporting
- defining reporting terms to encourage consistency.
The Framework is silent on inclusion of efficiency or cost effectiveness indicators in reports
The guidelines produced by OLG in 2013 to assist councils to implement their Framework requirements advise that performance measures should be included in all plans. However, the Framework does not specifically state that efficiency or cost effectiveness indicators should be included as part of this process. This has been identified as a weakness in the 2012 performance audit report and the Local Government Reform Panel review of reporting by councils on service delivery.
The Framework and supporting documents provide limited guidance on reporting
Councils' annual reports provide a consolidated summary of their efforts and achievements in service delivery and financial management. However, OLG provides limited guidance on:
- good practice in reporting to the community
- how the annual report links with other plans and reports required by the Framework.
Further, the Framework includes both Annual and End of Term Reports. However, End of Term reports are published prior to council elections and are mainly a consolidation of annual reports produced during a council’s term. The relationship between Annual reports and End of Term reports is not clear.
OLG is reviewing the Framework and guidance
OLG commenced work on reviewing of the Framework in 2013 but this was deferred with work re‑starting in 2017. The revised guidelines and manual were expected to be released late in 2017.
OLG should build on the Framework to improve guidance on reporting on service delivery, including in annual reports
The Framework provides limited guidance on how best to report on service delivery, including in annual reports. It is silent on inclusion of efficiency or cost effectiveness indicators in reporting, which are fundamental aspects of performance reporting. Councils we consulted would welcome more guidance from OLG on these aspects of reporting.
Our consultation with councils highlighted that many council staff would welcome a set of reporting principles that provide guidance to councils, without being prescriptive. This would allow councils to tailor their approach to the individual characteristics, needs and priorities of their local communities.
Consolidating what councils are required to report to state agencies would reduce the reporting burden and enable councils to better report on performance. Comparative performance indicators are also needed to provide councils and the public with a clear understanding of councils' performance relative to each other.
Recommendations
By mid-2018, OLG should:
- commence work to consolidate the information reported by individual councils to NSW Government agencies as part of their compliance requirements.
- progress work on the development of a Performance Measurement Framework, and associated performance indicators, that can be used by councils and the NSW Government in sector-wide performance reporting.
Streamlining the reporting burden would help councils improve reporting
The NSW Government does not have a central view of all local government reporting, planning and compliance obligations. A 2016 draft IPART ‘Review of reporting and compliance burdens on Local Government’ noted that councils provide a wide range of services under 67 different Acts, administered by 27 different NSW Government agencies. Consolidating and coordinating reporting requirements would assist with better reporting over time and comparative reporting. It would also provide an opportunity for NSW Government agencies to reduce the reporting burden on councils by identifying and removing duplication.
Enabling rural councils to perform tailored surveys of their communities may be more beneficial than a state-wide survey in defining outcome indicators
Some councils use community satisfaction survey data to develop outcome indicators for reporting. The results from these are used by councils to set service delivery targets and report on outcomes. This helps to drive service delivery in line with community expectations. While some regional councils do conduct satisfaction surveys, surveys are mainly used by metropolitan councils which generally have the resources needed to run them.
OLG and the Department of Premier and Cabinet have explored the potential to conduct state-wide resident satisfaction surveys with a view to establishing measures to improve service delivery. This work has drawn from a similar approach adopted in Victoria. Our consultation with stakeholders in Victoria indicated that the state level survey is not sufficiently detailed or specific enough to be used as a tool in setting targets that respond to local circumstances, expectations and priorities. Our analysis of reports and consultation with stakeholders suggest that better use of resident survey data in rural and regional areas may support improvements in performance reporting in these areas. Rural councils may benefit more from tailored surveys of groups of councils with similar challenges, priorities and circumstances than from a standard state-wide survey. These could potentially be achieved through regional cooperation between groups of similar councils or regional groups.
Comparative reporting indicators are needed to enable councils to respond to service delivery priorities of their communities
The Local Government Reform Panel in 2012 identified the need for ‘more consistent data collection and benchmarking to enable councils and the public to gain a clear understanding of how a council is performing relative to their peers’.
OLG commenced work in 2012 to build a new performance measurement Framework for councils which aimed to move away from compliance reporting. This work was also strongly influenced by the approach used in Victoria that requires councils to report on a set of 79 indicators which are reported on the Victorian 'Know your council' website. OLG’s work did not fully progress at the time and several other local government representative bodies have since commenced work to establish performance measurement frameworks. OLG advised us it has recently recommenced its work on this project.
Our consultation identified some desire amongst councils to be able to compare their performance to support improvement in the delivery of services. We also identified a level of frustration that more progress has not been made toward establishment of a set of indicators that councils can use to measure performance and drive improvement in service delivery.
Several councils we spoke with were concerned that the current approaches to comparative reporting did not adequately acknowledge that councils need to tailor their service types, level and mix to the needs of their community. Comparative reporting approaches tend to focus on output measures such as number of applications processed, library loans annually and opening hours for sporting facilities, rather than outcome measures. These approaches risk unjustified and adverse interpretations of performance where councils have made a decision based on community consultation, local priorities and available resources. To mitigate this, it is important to
- adopt a partnership approach to the development of indicators
- ensure indicators measure performance, not just level of activity
- compare performance between councils that are similar in terms of size and location.
It may be more feasible, at least in the short term, for OLG to support small groups of like councils to develop indicators suited to their situation.
Based on our consultations, key lessons from implementing a sector-wide performance indicator framework in Victoria included the benefits of:
- consolidation of the various compliance data currently being reported by councils to provide an initial platform for comparative performance reporting
- adopting a partnership approach to development of common indicators with groups of like councils.
Appendix one - Response from agency
Appendix two - Service delivery categorisation
Appendix three - Reporting targets and performance over time
Appendix four - Performance auditing
Appendix five - About the audit
Parliamentary reference - Report number #296 - released 1 February 2018
Actions for Internal Controls and Governance 2017
Internal Controls and Governance 2017
Agencies need to do more to address risks posed by information technology (IT).
Effective internal controls and governance systems help agencies to operate efficiently and effectively and comply with relevant laws, standards and policies. We assessed how well agencies are implementing these systems, and highlighted opportunities for improvement.
1. Overall trends
New and repeat findings |
The number of reported financial and IT control deficiencies has fallen, but many previously reported findings remain unresolved. |
High risk findings |
Poor systems implementations contributed to the seven high risk internal control deficiencies that could affect agencies. |
Common findings |
Poor IT controls are the most commonly reported deficiency across agencies, followed by governance issues relating to cyber security, capital projects, continuous disclosure, shared services, ethics and risk management maturity. |
2. Information Technology
IT security |
Only two-thirds of agencies are complying with their own policies on IT security. Agencies need to tighten user access and password controls. |
Cyber security |
Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
Other IT systems |
Agencies can improve their disaster recovery plans and the change control processes they use when updating IT systems. |
3. Asset Management
Capital investment |
Agencies report delays delivering against the significant increase in their budgets for capital projects. |
Capital projects |
Agencies are underspending their capital budgets and some can improve capital project governance. |
Asset disposals |
Eleven per cent of agencies were required to sell their real property through Property NSW but didn’t. And eight per cent of agencies can improve their asset disposal processes. |
4. Governance
Governance arrangements |
Sixty-four per cent of agencies’ disclosure policies support communication of key performance information and prompt public reporting of significant issues. |
Shared services |
Fifty-nine per cent of agencies use shared services, yet 14 per cent do not have service level agreements in place and 20 per cent can strengthen the performance standards they set. |
5. Ethics and Conduct
Ethical framework |
Agencies can reinforce their ethical frameworks by updating code‑of‑conduct policies and publishing a Statement of Business Ethics. |
Conflicts of interest |
All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
6. Risk Management
Risk management maturity |
All agencies have implemented risk management frameworks, but with varying levels of maturity. |
Risk management elements |
Many agencies can improve risk registers and strengthen their risk culture, particularly in the way that they report risks to their lead agency. |
This report covers the findings and recommendations from our 2016–17 financial audits related to the internal controls and governance of the 39 largest agencies (refer to Appendix three) in the NSW public sector. These agencies represent about 95 per cent of total expenditure for all NSW agencies and were considered to be a large enough group to identify common issues and insights.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2017 cluster financial audit reports tabled in Parliament from October to December 2017.
This new report offers strategic insight on the public sector as a whole
In previous years, we have commented on internal control and governance issues in the volumes we published on each ‘cluster’ or agency sector, generally between October and December. To add further value, we then commented more broadly about the issues identified for the public sector as a whole at the start of the following year.
This year, we have created this report dedicated to internal controls and governance. This will help Parliament to understand broad issues affecting the public sector, and help agencies to compare their own performance against that of their peers.
Without strong control measures and governance systems, agencies face increased risks in their financial management and service delivery. If they do not, for example, properly authorise payments or manage conflicts of interest, they are at greater risk of fraud. If they do not have strong information technology (IT) systems, sensitive and trusted information may be at risk of unauthorised access and misuse.
These problems can in turn reduce the efficiency of agency operations, increase their costs and reduce the quality of the services they deliver.
Our audits do not review every control or governance measure every year. We select a range of measures, and report on those that present the most significant risks that agencies should mitigate. This report divides these into the following six areas:
- Overall trends
- Information technology
- Asset management
- Governance
- Ethics and conduct
- Risk management.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume then illustrates this year’s controls and governance findings in more detail.
Issues |
Recommendations |
1.1 New and repeat findings |
|
The number of internal control deficiencies reduced over the past three years, but new higher-risk information technology (IT) control deficiencies were reported in 2016–17. Deficiencies repeated from previous years still make up a sizeable proportion of all internal control deficiencies. |
Recommendation Agencies should focus on emerging IT risks, but also manage new IT risks, reduce existing IT control deficiencies, and address repeat internal control deficiencies on a more timely basis. |
1.2 High risk findings |
|
We found seven high risk internal control deficiencies, which might significantly affect agencies. |
Recommendation Agencies should rectify high risk internal control deficiencies as a priority |
1.3 Common findings |
|
The most common internal control deficiencies related to poor or absent IT controls. We found some common governance deficiencies across multiple agencies. |
Recommendation Agencies should coordinate actions and resources to help rectify common IT control and governance deficiencies. |
Information technology (IT) has become increasingly important for government agencies’ financial reporting and to deliver their services efficiently and effectively. Our audits reviewed whether agencies have effective controls in place over their IT systems. We found that IT security remains the source of many control weakness in agencies.
Issues | Recommendations |
2.1 IT security |
|
User access administration While 95 per cent of agencies have policies about user access, about two-thirds were compliant with these policies. Agencies can improve how they grant, change and end user access to their systems. |
Recommendation Agencies should strengthen user access administration to prevent inappropriate access to sensitive systems. Agencies should:
|
Privileged access Sixty-eight per cent of agencies do not adequately manage who can access their information systems, and many do not sufficiently monitor or restrict privileged access. |
Recommendation Agencies should tighten privileged user access to protect their information systems and reduce the risks of data misuse and fraud. Agencies should ensure they:
|
Password controls Forty-one per cent of agencies did not meet either their own standards or minimum standards for password controls. |
Recommendation Agencies should review and enforce password controls to strengthen security over sensitive systems. As a minimum, password parameters should include:
|
2.2 Cyber Security |
|
Cyber security framework Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
Recommendation The Department of Finance, Services and Innovation should revisit its existing framework to develop a shared cyber security terminology and strengthen the current reporting requirements for cyber incidents. |
Cyber security strategies While 82 per cent of agencies have dedicated resources to address cyber security, they can strengthen their strategies, expertise and staff awareness. |
Recommendations The Department of Finance, Services and Innovation should:
Agencies should ensure they adequately resource staff dedicated to cyber security. |
2.3 Other IT systems |
|
Change control processes Some agencies need to improve change control processes to avoid unauthorised or inaccurate system changes. |
Recommendation Agencies should consistently perform user acceptance testing before system upgrades and changes. They should also properly approve and document changes to IT systems. |
Disaster recovery planning Agencies can do more to adequately assess critical business systems to enforce effective disaster recovery plans. This includes reviewing and testing their plans on a timely basis. |
Recommendation Agencies should complete business impact analyses to strengthen disaster recovery plans, then regularly test and update their plans. |
Agency service delivery relies on developing and renewing infrastructure assets such as schools, hospitals, roads, or public housing. Agencies are currently investing significantly in new assets. Agencies need to manage the scale and volume of current capital projects in order to deliver new infrastructure on time, on budget and realise the intended benefits. We found agencies can improve how they:
- manage their major capital projects
- dispose of existing assets.
Issues | Recommendations or conclusions |
3.1 Capital investment |
|
Capital asset investment ratios Most agencies report high capital investment ratios, but one-third of agencies’ capital investment ratios are less than one. |
Recommendation Agencies with high capital asset investment ratios should ensure their project management and delivery functions have the capacity to deliver their current and forward work programs. |
Volume of capital spending Most agencies have significant forward spending commitments for capital projects. However, agencies’ actual capital expenditure has been below budget for the last three years. |
Conclusion The significant increase in capital budget underspends warrant investigation, particularly where this has resulted from slower than expected delivery of projects from previous years. |
3.2 Capital projects |
|
Major capital projects Agencies’ major capital projects were underspent by 13 percent against their budgets. |
Conclusion The causes of agency budget underspends warrant investigation to ensure the NSW Government’s infrastructure commitment is delivered on time. |
Capital project governance Agencies do not consistently prepare business cases or use project steering committees to oversee major capital projects. |
Conclusion Agencies that have project management processes that include robust business cases and regular updates to their steering committees (or equivalent) are better able to provide those projects with strategic direction and oversight. |
3.3. Asset disposals |
|
Asset disposal procedures Agencies need to strengthen their asset disposal procedures. |
Recommendations Agencies should have formal processes for disposing of surplus properties. Agencies should use Property NSW to manage real property sales unless, as in the case for State owned corporations, they have been granted an exemption. |
Governance refers to the high-level frameworks, processes and behaviours that help an organisation to achieve its objectives, comply with legal and other requirements, and meet a high standard of probity, accountability and transparency.
This chapter sets out the governance lighthouse model the Audit Office developed to help agencies reach best practice. It then focuses on two key areas: continuous disclosure and shared services arrangements. The following two chapters look at findings related to ethics and risk management.
Issues | Recommendations or conclusions |
4.1 Governance arrangements |
|
Continuous disclosure Continuous disclosure promotes improved performance and public trust and aides better decision-making. Continuous disclosure is only mandatory for NSW Government Businesses such as State owned corporations. |
Conclusion Some agencies promote transparency and accountability by publishing on their websites a continuous disclosure policy that provides for, and encourages:
|
4.2 Shared services |
|
Service level agreements Some agencies do not have service level agreements for their shared service arrangements. Many of the agreements that do exist do not adequately specify controls, performance or reporting requirements. This reduces the effectiveness of shared services arrangements. |
Conclusion Agencies are better able to manage the quality and timeliness of shared service arrangements where they have a service level agreement in place. Ideally, the terms of service should be agreed before services are transferred to the service provider and:
|
Shared service performance Some agencies do not set performance standards for their shared service providers or regularly review performance results. |
Conclusion Agencies can achieve better results from shared service arrangements when they regularly monitor the performance of shared service providers using key measures for the benefits realised, costs saved and quality of services received. Before agencies extend or renegotiate a contract, they should comprehensively assess the services received and test the market to maximise value for money. |
All government sector employees must demonstrate the highest levels of ethical conduct, in line with standards set by The Code of Ethics and Conduct for NSW government sector employees.
This chapter looks at how well agencies are managing these requirements, and where they can improve their policies and processes.
We found that agencies mostly have the appropriate codes, frameworks and policies in place. But we have highlighted opportunities to improve the way they manage those systems to reduce the risks of unethical conduct.
Issues | Recommendations or conclusions |
5.1 Ethical framework |
|
Code of conduct All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
Recommendation Agencies should regularly review their code-of-conduct policies and ensure they keep their codes of conduct up-to-date. |
Statement of business ethics Most agencies maintain an ethical framework, but some can enhance their related processes, particularly when dealing with external clients, customers, suppliers and contractors. |
Conclusion Agencies can enhance their ethical frameworks by publishing a Statement of Business Ethics, which communicates their values and culture. |
5.2 Potential conflicts of interest |
|
Conflicts of interest All agencies have a conflicts-of-interest policy, but most can improve how they identify, manage and avoid conflicts of interest. |
Recommendation Agencies should improve the way they manage conflicts of interest, particularly by:
|
Gifts and benefits While all agencies already have a formal gifts-and-benefits policy, we found gaps in the management of gifts and benefits by some that increase the risk of unethical conduct. |
Recommendation Agencies should improve the way they manage gifts and benefits by promptly updating registers and providing annual training to staff. |
Risk management is an integral part of effective corporate governance. It helps agencies to identify, assess and prioritise the risks they face and in turn minimise, monitor and control the impact of unforeseen events. It also means agencies can respond to opportunities that may emerge and improve their services and activities.
This year we looked at the overall maturity of the risk management frameworks that agencies use, along with two important risk management elements: risk culture and risk registers.
Issues | Recommendations or conclusions |
6.1 Risk management maturity |
|
All agencies have implemented risk management frameworks, but with varying levels of maturity in their application. Agencies’ averaged a score of 3.1 out of five across five critical assessment criteria for risk management. While strategy and governance fared best, the areas that most need to improve are risk culture, and systems and intelligence. |
Conclusion Agencies have introduced risk management frameworks and practices as required by the Treasury’s:
However, more can be done to progress risk management maturity and embed risk management in agency culture. |
6.2 Risk management elements |
|
Risk culture Most agencies have started to embed risk management into the culture of their organisation. But only some have successfully done so, and most agencies can improve their risk culture.
|
Conclusion Agencies can improve their risk culture by:
|
Risk registers and reporting Some agencies do not report their significant risks to their lead agency, which may impair the way resources are allocated in their cluster. Some agencies do not integrate risk registers at a divisional and whole-of-enterprise level. |
Conclusion Agencies not reporting significant risks at the cluster level increases the likelihood that significant risks are not being mitigated appropriately. |
Effective risk management can improve agency decision-making, protect reputations and lead to significant efficiencies and cost savings. By embedding risk management directly into their operations, agencies can also derive extra value for their activities and services.
Actions for Transport 2017
Transport 2017
The following report focuses on key observations and findings from the most recent financial statement audits of agencies in the Transport cluster.
Unqualified audit opinions were issued for all agencies' financial statements. However, the report notes the agencies can improve their asset revaluation processes.
Actions for Agency compliance with NSW Government travel policies
Agency compliance with NSW Government travel policies
Overall, agencies materially complied with NSW Government travel policies.
However, the Auditor-General found some agencies:
- did not always book official travel through the approved supplier
- had weaknesses in their travel approval processes
- had travel policies that were inconsistent with the NSW Government policy
- did not adequately manage their travel records.
We asked the 15 participating agencies to complete a self assessment of the processes they have implemented to comply with the new policy. The key observations are summarised below.
Actions for Central Agencies 2017
Central Agencies 2017
This report highlights the results of the financial audits of NSW Government central agencies. The report focuses on key observations and findings from the most recent financial statement audits of agencies in the Treasury, Premier and Cabinet, and Finance, Services and Innovation clusters.
The report includes a range of findings in respect to service delivery. One repeat finding is that while the Government regularly reports on the 12 Premier's priorities, there is no comprehensive reporting on the 18 State priorities.
1. Financial reporting and controls
Audit Opinions | Unqualified audit opinions were issued for all agencies' 30 June 2017 financial statements. |
Early close | Early close procedures continue to facilitate the timely preparation of financial statements and completion of audits, but agencies can make further improvement. |
Deficient user administration access | User access administration over financial systems remains an area of weakness. Agencies need to strengthen user access administration to critical systems. |
Transitioning to outsourced service providers | Transitioning of services to outsourced service providers can be improved. Outsourcing services can lead to better outcomes, which may include lower transaction costs and improved services, but it also introduces new risks. |
2. Service delivery
Premier and State Priorities | A comprehensive report of performance against the 18 State Priorities is yet to be published. While some measures are publicly reported through agency annual reports or other sources, a comprehensive report of performance against the 18 State Priorities would ensure all State Priorities are publicly reported, provide a single and easily accessible source of reference and improve transparency. |
ICT and digital government | The Digital Government Strategy was released in May 2017. Targets will need to be set to assess and monitor progress against the Strategy. |
Digital information security | Not all agencies are complying with the NSW Government's information security policy. This increases the risk of noncompliance with legislation, information security breaches and difficulty restoring data or maintaining business continuity in the event of a disaster or disruption. |
Property and asset utilisation | Property NSW's performance reporting would be enhanced by developing and reporting on customer satisfaction, reporting against set targets and benchmarking cost of service to the private sector. |
3. Government financial services
Prudential oversight of NSW Government superannuation funds |
Prudential oversight of SAS Trustee Corporation Pooled Fund and Parliamentary Contributory Superannuation Fund has not been prescribed. Structured and comprehensive prudential oversight of these funds remains important as they operate in a specialised, complex and continuously changing investment market sector, have over 106,000 members and manage investments in excess of $42.4 billion. |
Green slip scheme affordability | Currently, Green Slips in NSW are the most expensive in Australia. However, CTP reforms are expected to reduce the cost of Green Slips. |
This report sets out the results of the 30 June 2017 financial statement audits of NSW Government's central agencies and their cluster agencies.
Central agencies play a key role in ensuring policy coordination, good administrative and people management practices and prudent fiscal management. The central agencies and their key responsibilities are set out below.
Confidence in public sector decision‑making and transparency is enhanced when financial reporting is accurate and timely. Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. This chapter outlines our audit observations, conclusions or recommendations related to financial reporting and controls of agencies for 2016–17.
Observation | Conclusion or recommendation |
2.1 Quality of financial reporting | |
Unqualified audit opinions were issued for all agency financial statements. | The quality of financial reporting continues to remain strong across the clusters. |
2.2 Timeliness of financial reporting | |
Most agencies complied with the statutory timeframes for completion of early close procedures and preparation and audit of financial statements. | Early close procedures continue to facilitate the timely preparation of financial statements and completion of audits, but agencies can make further improvement. |
2.3 Financial performance and sustainability | |
We assessed the performance of agencies listed in Appendix six against some key financial sustainability indicators. This highlighted two agencies with negative operating margins of more than ten per cent and one agency with a liquidity ratio of less than 0.5. | These agencies have strategies in place to remain financially sustainability and manage their liquidity. Our analysis found that, overall, the agencies are not at high risk of sustainability concerns. |
2.4 Internal Controls | |
User access administration over financial systems remains an area of weakness. Sixteen moderate risk and ten low risk issues related to user access administration across eight agencies were identified. |
Recommendation: Agencies should review user access administration to critical systems to ensure:
|
Transitioning of services to outsourced service providers can be improved. Our 2016–17 audits identified one high risk issue relating to Property NSW's outsourcing of property and facility management services to the private sector. While a high risk issue was identified in 2015–16 from the Department of Finance, Services and Innovation's outsourcing of transactional and information technology services to GovConnect there has been an improvement in GovConnect's internal control environment throughout |
Outsourcing services can lead to better outcomes, which may include lower transaction costs and improved services, but it also introduces new risks. The transition needs to be carefully managed and requires thorough planning and effective project governance. This should be supported by oversight and direction from senior management and independent project assurance. |
2.5 Human Resources | |
The percentage of full‑time equivalent staff with annual leave greater than 30 days in the Finance, Services and Innovation, Premier and Cabinet and the Treasury clusters is 7.9 per cent, 17.1 per cent and 18.4 per cent respectively. | Agencies have strategies in place to reduce annual leave balances that are greater than 30 days. The effectiveness of these strategies will need to be monitored to ensure they are helping to achieve the desired outcome. |
This chapter outlines our audit observations, conclusions and recommendations relating to service delivery for 2016–17.
Observation | Conclusion or recommendation |
3.1 Premier and State priorities | |
The Department of Premier and Cabinet monitors the achievement of targets and the implementation of initiatives to deliver the 12 Premier’s Priorities. Responsible ministers and agencies manage the 18 State Priorities. A comprehensive report of performance against the 18 State Priorities is yet to be published. |
While some measures are publicly reported through agency annual reports or other sources, a comprehensive report of performance against the 18 State Priorities would ensure all State Priorities are publicly reported, provide a single and easily accessible source of reference and improve transparency. Where possible, independent sources are used to measure performance, however without independent assurance there is an increased risk that the target measures are inaccurate, not relevant or do not fairly represent actual performance. |
Performance against the State Priority to make NSW the easiest state to start a business is not currently published. |
Initiatives, such as easy to do business and red tape reduction are in place to help achieve this priority. The regulatory policy framework is under review following an October 2016 performance audit on ‘Red tape reduction’ that found the regulatory burden of legislation had increased. |
3.2 Financial management | |
Revenue NSW earned record crown revenue of $30.0 billion in 2016–17 to support the state's finances. | Record crown revenue has been driven by the sustained increase in duties revenue, which has increased by 93.7 per cent over the last five years. This is a consequence of the continued strength in the property market over this time and large one off NSW Government business asset sales and leases. |
3.3 ICT and digital government | |
The Digital Government Strategy (the Strategy) was released in May 2017 to build on reforms set out in previous ICT strategies. | The Strategy’s priorities and enablers aim to support digital innovation. Targets and measures will need to be set to assess and monitor progress against the Strategy. |
The Digital Information Security Policy (DISP) is a key tool that helps ensure a minimum set of information security controls are implemented across NSW Government agencies. A review of 2016 annual reports found 15 agencies (13 in 2015) did not attest to compliance with the DISP and of the agencies that attested to compliance, 34 reported issues associated with their compliance. |
The Strategy’s priorities and enablers aim to support digital innovation. Targets and measures will need to be set to assess and monitor progress against the Strategy. |
3.4 Property and asset utilisation | |
Property NSW's performance reporting could be |
Property NSW's performance reporting would be enhanced by developing and reporting on customer satisfaction, reporting against set targets and benchmarking cost of service to the private sector. |
This chapter outlines our audit observations, conclusions and recommendations specific to NSW Government agencies providing financial services.
Observation | Conclusion or recommendation |
4.1 Key issues | |
The SAS Trustee Corporation (STC) Pooled Fund and the Parliamentary Contributory Superannuation (PCS) Fund are not required to comply with the prudential and reporting standards issued by the Australian Prudential Regulation Authority (APRA). Amendments to relevant legislation allows the Minister for Finance, Services and Property to prescribe applicable prudential standards and audit requirements. |
Structured and comprehensive prudential oversight of these funds remains important as they operate in a specialised, complex and continuously changing investment market sector, have over 106,000 members and manage investments of more than $42.4 billion. Recommendation: The Treasury should liaise with the respective Trustees to implement appropriate prudential standards and oversight arrangements for the exempt public sector superannuation funds. |
Currently, Green Slips in NSW are the most expensive in Australia. Average premiums for Sydney Metropolitan vehicles increased by 10.4 per cent between 1 January 2016 and 31 December 2016. |
CTP reforms are expected to reduce the cost of Green Slips. The State Insurance Regulatory Authority will need to ensure it has appropriate processes in place to track and report against the expected benefits. |
4.2 Financial performance and sustainability | |
Net unfunded superannuation liabilities were $15.0 billion at 30 June 2017. Under the Fiscal Responsibility Act 2012, the NSW Government’s target is to eliminate unfunded superannuation liabilities by 2030. |
The superannuation funds’ strategic asset allocation and investment strategies are monitored and adjusted to help achieve a fully funded position by 2030. |
The Home Warranty Scheme commenced in 2011. Over this time total premiums collected have not been sufficient to cover expected claim costs. | Funding arrangements introduced during 2016–17 allow the Home Building Compensation Fund to apply to the Crown for reimbursement of unfunded realised losses from under-pricing of premiums. Other reforms are planned to address the long term sustainability of the home building compensation scheme. |
4.3 Investment performance | |
The NSW Government’s main superannuation funds have maintained the management expense ratio (MER) at consistent levels over the past two years. The Parliamentary Contributory Superannuation (PCS) Fund does not set an MER target. | MER is an industry recognised ratio to measure the performance of funds and investment managers. Recommendation: The Fund Secretary for the PCS Fund, in conjunction with the Trustee, should consider establishing an appropriate management expense ratio target to measure performance. |
Actions for Government Advertising: Campaigns for 2015–16 and 2016–17
Government Advertising: Campaigns for 2015–16 and 2016–17
The 'Stronger Councils, Stronger Communities' and the 'Dogs deserve better' government advertising campaigns complied with the Government Advertising Act and most elements of the Government Advertising Guidelines.
However, some advertisements were designed to build support for government policy and used subjective or emotive messages. This is inconsistent with the requirement in the Government Advertising Guidelines for 'objective presentation in a fair and accessible manner'.
Advertisements in the 'Stronger Councils, Stronger Communities' campaign used subjective statements such as 'the system is broken' and 'brighter future'. While advertisements in the 'Dogs deserve better' campaign used confronting imagery such as gun targets, blood smears and gravestones.
The Government Advertising Act 2011 (the Act) requires the Auditor-General to conduct a performance audit in relation to at least one government advertising campaign in each financial year. The performance audit assesses whether advertising campaigns were carried out effectively, economically and efficiently and in compliance with the Act, the regulations, other laws and the Government Advertising Guidelines (the Guidelines). In this audit, we examined two campaigns:
- the ‘Stronger Councils, Stronger Communities’ campaign run by the Office of Local Government and the Department of Premier and Cabinet
- the ‘Dogs deserve better’ campaign run by the Department of Justice.
Section 6 of the Act details the specific prohibitions on political advertising. Under this section, material that is part of a government advertising campaign must not contain the name, voice or image of a minister, member of parliament or a candidate nominated for election to parliament or the name, logo or any slogan of a political party. Further, a campaign must not be designed so as to influence (directly or indirectly) support for a political party.
The ‘Stronger Councils, Stronger Communities’ government advertising campaign was run by the Office of Local Government and the Department of Premier and Cabinet in four phases from August 2015 to May 2016. The total cost of the campaign was over $4.5 million. See Appendix 2 for more details on this campaign.
Two factors potentially compromised value for money for the campaign. The request for quotes for the design of the Phase 1 advertisement did not reflect the full scale of work to be undertaken, which was substantially greater than initially quoted. Further, the department did not meet all recommended timeframes to minimise media booking costs for all phases of the campaign.
The campaign did not comply with all administrative requirements in all phases. Advertising for Phase 1 commenced before the compliance certificate was signed. There was no evidence that a compliance certificate was signed for Phase 2 extension. The cost benefit analyses for Phase 2 and Phase 2 extension did not sufficiently consider alternatives to advertising, as is required by the Government Advertising Guidelines.
Advertisements adopted subjective messages designed to build public support for council mergers and directed audiences to websites for more detailed information. Campaign research identified statements that were most likely to reduce resistance to mergers. Some advertising content used subjective language, which we consider inconsistent with the requirement for ‘objective presentation’. Evaluations of advertising effectiveness also measured the success of the advertisements in increasing public support for council mergers.
No breach of specific prohibitions in the Act
Section 6 of the Act prohibits the use of government advertising for political advertising. A government advertising campaign must not:
- be designed to influence (directly or indirectly) support for a political party
- contain the name, voice or image of a minister, any other member of parliament or a candidate nominated for election to parliament
- contain the name, logo or any slogan of, or any other reference relating to, a political party.
We did not identify any breach of the specific prohibitions listed above in the advertising content of this campaign.
Request for quotes to design advertisement did not reflect the full scope required
The request for quotes for the design of the Phase 1 advertisement did not reflect the full scale of work that was to be undertaken, and this created a risk to achieving value for money. The Office of Local Government sought quotes for design of a television advertisement only. It did not request an estimate for radio, online advertisements, or translation for linguistically diverse audiences, which were ultimately required for the campaign.
A full and fair assessment of which supplier could provide the best value for money could not be made given that the quotes obtained did not reflect the full scope of work. The final amount paid for the design of Phase 1 was 2.7 times the original quote. It is possible that another supplier that provided a quote could have provided overall better value for money.
The Office of Local Government continued to use the Phase 1 supplier for Phase 2 and Phase 2 extension (Exhibit 4). Where there are other suppliers that could feasibly compete for a contract, direct negotiation increases the risk the agency has not obtained the best value for money. The department advised that it continued with the same agency to avoid costs involved in briefing a new agency on the campaign.
The ‘Dogs deserve better’ government advertising campaign was run by the Department of Justice from August 2016, after the government announced its decision to prohibit greyhound racing, and was terminated in October 2016 after a change of government policy. The campaign had a budget of $1.6 million, with an actual spend of $1.3 million. See Appendix 2 for more details on this campaign.
The Secretary of the department determined that urgent circumstances existed that required advertising to commence prior to completing a cost benefit analysis and peer review. There was a concern that industry participants may make impulse decisions to destroy greyhounds without further information on support services; there was also an identified need to promote public greyhound adoptions.
Phase 1 advertisements focused on explaining the reasons for the prohibition on greyhound racing with a reference to a website for further information. While industry participants were identified as the primary audience, media expenditure was not specifically targeted to this group. Phase 2 advertisements more effectively addressed the originally identified ‘urgent needs’ of providing information on support services for greyhound owners and information on how the public could adopt a greyhound.
The urgency to advertise potentially compromised value for money. The department did not use price competition when selecting a creative supplier due to a concern this would add to timeframes. Further, the department did not meet recommended timeframes to minimise media booking costs.
We identified three other areas in Phase 1 advertisements that were inconsistent with government advertising requirements. Advertisements used provocative language and confronting imagery, which we consider to be inconsistent with the requirement for ‘objective presentation’. Two statements presented as fact based on the Special Commission’s Inquiry report were inaccurate; one of these was due to a calculation error. Radio advertisements did not clearly identify that they were authorised by the New South Wales Government for the first few days of the campaign.
No breach of specific prohibitions in the Act
Section 6 of the Act prohibits the use of government advertising for political advertising. A government advertising campaign must not:
- be designed to influence (directly or indirectly) support for a political party
- contain the name, voice or image of a minister, any other member of parliament or a candidate nominated for election to parliament
- contain the name, logo or any slogan of, or any other reference relating to, a political party.
We did not identify any breach of the specific prohibitions listed above in the advertising content of this campaign.
Animal welfare concerns were identified as the reason for urgent advertising
A brief prepared by the department in July 2016 raised concerns about the welfare of greyhounds following the NSW Premier’s announcement that the government would prohibit greyhound racing. The brief raised the risk that industry members may make impulse decisions to destroy their greyhounds without information on support that was being offered.
The department used the provisions in Sections 7(4) and 8(3) of the Act to expedite the release of advertising due to ‘other urgent circumstances’. This provision allows advertising to commence prior to completing the peer review process and cost benefit analysis.
In introducing the Government Advertising Bill to parliament in 2011, the then Premier noted that exceptional circumstances would cover situations ‘such as a civil emergency or sudden health epidemic’. There is no other guidance on when it is appropriate to use this section. It is at the discretion of a government agency head to determine whether a campaign is urgent.
Phase 1 advertisements did not focus on the urgent needs
This advertising campaign had three overarching objectives:
- to increase public awareness of the animal welfare reasons for the closure of the greyhound racing industry
- to change the behaviour of dog owners from potentially harming their greyhounds to treating them humanely, by accessing the support options and packages available
- to promote greyhound adoptions by the public.
Alongside advertising, the department took other steps to engage with the greyhound racing industry. This included direct mail, face to face meetings around the State, setting up a call centre and community consultation through an online survey. Other government agencies and animal welfare agencies were also engaged to reach out to affected stakeholders.
Phase 1 advertising content focused on providing information about the reasons for the closure of the industry. The department’s radio and television advertisements did not refer to support packages or encourage the public to adopt a greyhound. While print advertisements did mention these things, this was only presented in fine print. In all advertisements, audiences were referred to a website for further information.
The focus of advertisements on the reasons for industry closure was not consistent with the identified needs to urgently commence advertising to influence the behaviour of dog owners and encourage the public to adopt a greyhound.
The content in Phase 2 advertisements, which began around four weeks after the first phase, was more explicit in highlighting the services and support for industry members such as offering business and retraining advice. These advertisements also referred audiences to a call centre number as well as the website.
Peer review process limited to influencing second phase of advertisements
In urgent circumstances, the Act allows for peer review to be completed after advertising has commenced. For this campaign, the peer review process was completed on 19 August 2016, two weeks after advertising had commenced. Where advertising commences before the peer review process is completed, the usefulness of peer reviewers’ recommendations is limited to informing subsequent phases of advertising and the post-campaign evaluation.
The peer review report found the messages in Phase 1 advertisements were not clearly defined, and the role of advertising was not clearly defined amongst other campaign activities. These recommendations informed the second phase of advertising, which ran from 27 August 2016 until the campaign was terminated in October 2016.
The department could not demonstrate value for money was achieved for creative work
The department provided a fixed budget for creative work when requesting quotes from creative agencies to develop advertising material. This is not consistent with the quotation requirements in the government’s Guidelines for Advertising and Digital Communication Services. This approach creates risks to achieving value for money as creative agencies are not required to compete on price for their services. The department advised that it had pre-set the creative costs based on a comparative government campaign of a similar size. This was done due to a concern that requiring agencies to compete on price would affect the short timeframe given to develop creative material.
Three creative agencies accepted the opportunity to present design ideas for the campaign. The department was unable to provide evidence of how it chose the preferred supplier out of these three agencies. Records are important for accountability and allow a procurement decision to be audited after an urgent decision.
Short notice did not allow for cost-efficient media booking for all phases
Placement of advertisements in various media channels was done through the State’s Media Agency Services contract. This contract achieves savings as the government can use its aggregated media spend to gain discounts from the media supplier.
The Department of Premier and Cabinet provides guidance to ensure cost efficient media booking. For example, media time for a television advertisement should be booked at least 6 to 12 weeks in advance. Radio advertisements should be booked at least 2 to 8 weeks in advance.
The peer review report noted that the department did not have adequate time to look for the most cost-efficient way to advertise. In its response to the peer reviewers, the department acknowledged this to be due to the urgency to start advertising. The media booking authority was signed by the department one day before the campaign commenced.
The department used a wide public campaign for a narrow target audience
The campaign identified greyhound industry participants as the primary target audience. In 201516 there were 1,342 greyhound trainers, 1,695 owner/trainers, 983 attendants and 1,247 breeders in New South Wales. The department’s advertising submission identified ‘concerns that industry members could make impulsive decisions, potentially jeopardising the welfare of a large number of dogs, prior to the shutdown of the industry’.
The submission’s evidence of advertising effectiveness focused on increasing the level of wider community support for the ban rather than stopping industry members from making impulse decisions. It used an early opinion poll to show that total support for the ban on greyhound racing rises by 17 points and opposition drops by four points following explanation of the findings of the Special Commission of Inquiry report.
The peer review report noted that the role of advertising was not clearly defined amongst the department’s range of other direct and targeted communications and consultations held with industry members.
No demonstrated basis for use of confronting imagery and provocative language
The Guidelines require ‘objective presentation in a fair and accessible manner’. Neither the Guidelines or Handbook further explain what objective presentation means. We have used an ordinary definition of this term as ‘not influenced by personal feelings or opinions in considering and representing facts’. This is synonymous with terms like ‘impartial’, ‘neutral’, and ‘dispassionate’ and opposite to ‘subjective’. We consider that to meet the current requirements in the Guidelines for objectivity, advertising content should contain accurate statements or facts, and avoid subjective language.
Phase 1 focussed on the ongoing consequences if no action was taken to close the industry. The advertisements used provocative language, for example ‘Up to 70 per cent of dogs are deemed wastage by their own industry. Wastage! Slaughtered just for being slow’. Advertisements used confronting imagery like gravestones, blood smears and gun targets.
Our literature review into this area highlighted mixed findings on the effectiveness of confrontational advertising materials. In some cases, shock campaigns may cause an audience to reject or ignore the message, and may even encourage people to do the opposite of the intended behaviour. In other cases, such as in road safety campaigns, this style of advertising can be successful. This shows the importance of conducting pre-campaign research before adopting a confrontational or emotive approach in advertising.
The Government Advertising Handbook recommends that an agency explain the rationale and the evidence for their chosen advertising approach. There was no evidence that the department researched the effectiveness of its advertising approach with its target audience. The department had planned to undertake creative concept testing as part of a strategy to ensure the creative material was understood by its audience. The department advised that due to the urgency of the campaign, it did not have time to conduct this testing.
Not all Phase 1 radio advertisements clearly identified that they were authorised by the New South Wales Government
For the first few days on air, Phase 1 radio advertisements ended by referring the audience to a government website, instead of clearly identifying that it had been authorised by the New South Wales Government. Government authorisations and logos ensure the work and the programs of the NSW Government are easily identifiable by the community.
The department’s cost benefit analysis did not consider alternatives to advertising
For government advertising campaigns that cost over $1.0 million, the Act requires the advertising agency to carry out a cost benefit analysis and obtain approval from the Cabinet Standing Committee on Communications, prior to commencing the campaign.
The department engaged with audiences through direct mail, face to face forums, and a telephone helpline in addition to advertising. However, the department’s cost benefit analysis did not meet the requirements in the Guidelines to specify the extent to which expected benefits could be achieved without advertising, and to compare costs of options other than advertising that could be used to successfully implement the program (see Exhibit 6).
The cost benefit analysis made optimistic assumptions about the impact of the campaign on greyhound adoptions. It estimated that 2,360 greyhounds would be adopted if the campaign was run. This is significantly higher than the ‘most optimistic outcome’ of re-homing in the Special Commission Inquiry report (we calculated this to be 1,467 greyhounds). There was insufficient evidence to support the higher number of adoptions in the cost benefit analysis.
The sensitivity analysis shows that using the Special Commission’s ‘most optimistic outcome’ figure of re-homing would reduce the net present value of advertising to be negative. Further, the cost benefit analysis also assumed that increased government funding would be made available to animal welfare and rehoming organisations to support more adoptions, but did not estimate or include this cost when calculating the net present value of advertising.
There were two factual inaccuracies in key messages used for Phase 1 advertisements
Section 8(2) of the Act requires the head of a government agency to certify that the proposed campaign ‘contains accurate information’. The Secretary of the Department of Justice signed the compliance certificate on 29 July 2016, before advertisements commenced.
We examined the accuracy of factual claims in this advertising campaign, by comparing the key statements to the report of Special Commission of Inquiry into the Greyhound Racing Industry (the Commissioner report). The Commissioner report was quoted by the NSW Government as the basis for its policy to transition the greyhound racing industry to closure.
We identified that two of the key statements used in Phase 1 advertisements to support the animal welfare reasons for industry closure were inaccurate (Exhibit 7).
Appendix one - Responses from agencies
Appendix two - About the campaigns
Appendix three - About the Audit
Appendix four - Performance Auditing
Parliamentary reference - Report number #294 - released 2 November 2017
Actions for State Finances 2017
State Finances 2017
Total State Sector Accounts received an unqualified audit opinion for the fifth consecutive year.
There was a $5.7 billion State budget surplus and continued investment in new infrastructure, in part funded by the long-term leases of Ausgrid and Endeavour Energy assets. This report also comments on key accounting matters, including the correction of some previously reported balances and the first time reporting of combined Cabinet members’ compensation in the Total State Sector Accounts.
Pursuant to the Public Finance and Audit Act 1983, I present my Report on State Finances 2017.
You will note that the format of this report has changed from previous years.
The intent of this change is to draw attention to the key matters that have been the focus of our audit and highlight significant factors that have contributed to the outcome.
First, it is pleasing to report once again that I issued a clear audit opinion on the State’s consolidated financial statements. This outcome demonstrates the Government’s continued focus on the quality of financial reporting across the NSW public sector.
High quality financial management and reporting are crucial to properly inform the public and build community confidence in our system of government.
The Treasury’s Financial Management Transformation program also aims to improve financial governance, budgeting and reporting arrangements across the sector. My Office is working collaboratively with The Treasury on reforms to reduce the burden of reporting, without weakening established safeguards.
The reforms should include measures to provide independent assurance of the budget process, of outcome reporting by agencies, and the power to “follow the dollar” given the increasing use of non-government organisations to deliver Government programs.
This Report also highlights another year of strong financial performance. The State’s budget result was a $5.7 billion surplus, and investment in new infrastructure has continued, in part funded by the long-term leases of Ausgrid and Endeavour Energy assets.
Finally, could I take this opportunity to thank the staff of The Treasury for the way they approached this audit. Our partnership is critical to ensuring NSW is an exemplar of quality financial management and reporting.
Margaret Crawford
24 October 2017
A clear audit opinion on the State’s consolidated financial statements was issued.
Timely and accurate financial reporting is essential for informed decision making, effective management of public funds and enhancing public accountability.
This year’s clear audit opinion reflects the Government’s continued efforts to improve the quality of financial reporting across the NSW public sector.
Since the introduction of ‘early close procedures’ in 2011-12, the number of significant errors in financial statements of agencies has generally fallen largely due to identifying and resolving complex accounting issues early. Agencies’ 2016-17 financial statements submitted for audit contained nine errors exceeding $20 million. All errors were subsequently corrected in the individual agencies financial statements.
Agencies should continue to respond to key accounting issues as soon as they are identified. Where issues are identified, accounting position papers should be prepared for consideration by the Audit Office, their Audit and Risk Committee members, and when relevant, The Treasury.
The State addressed the following key accounting matters during 2016-17.
The State recognised rail tunnels and earthworks valued at $8.5 billion.
Some rail tunnels and earthworks have never been valued by the State. These include the City Circle, the country rail network and other tunnels and earthworks built before the year 2000. Some of these tunnels and earthworks date back to the early 1900s.
For many years, the State did not account for these assets as they believed that their value could not be reliably measured. This year an independent valuer was engaged to perform a comprehensive valuation. The methodology used demonstrated
that the assets could have been reflected in the financial statements earlier.
The State recorded an additional $8.5 billion to correct the value of infrastructure assets at 1 July 2016.
Cabinet member’s compensation and related party transactions were reviewed.
Due to changes in Accounting Standards, the State had to consider 'related party information' in the financial statements. Previously this only applied to for-profit entities.
This year, requirements to report related party information extended to members of Cabinet, considered to be “key management personnel” of the State, as defined by Accounting Standards.
The Treasury implemented a process to assess and report Cabinet member’s compensation, and transactions between Cabinet members and/or their close family members, and government agencies.
Collectively, Cabinet members’ remuneration was $8.8 million, which was mainly salaries and allowances, and $3.5 million of non-monetary benefits such as security and drivers. The Treasury determined there were no other specific “related party” transactions or balances that required disclosure in the State’s financial statements.
Information system limitations continue at TAFE NSW.
TAFE NSW has experienced ongoing issues with its student administration system.
TAFE NSW has again implemented additional processes to verify the accuracy and completeness of revenue from sales of goods and services.
TAFE NSW expects to spend up to $89 million on a new information system to address these issues. Modules of the new student enrolment system are expected to be in place for the 2018 enrolment period.
Restatements relating to the General Government Sector's investment in the commercial sector.
The State corrected two previously reported balances relating to the General Government Sector’s investment in the commercial sector.
Accounting Standards require the General Government Sector to effectively store gains or losses related to its investment in the commercial sector in reserves until the investment is derecognised.
When these investments are disposed of, the cumulative gains and losses must be cleared and recognised in the operating result. However, the Government had previously cleared the cumulative gains and losses directly to Accumulated Funds within equity.
To comply with Accounting Standards, a total of $6 billion previously reported as a movement in equity at 30 June 2016, has now been corrected to the operating result.
In addition, Accounting Standards only allow gains or losses on its investments to be stored in reserves. In past years, the State recognised all changes in the value of its investment in Available for Sale Reserves, including the capital contributed to establish the State’s investment. In 2016-17, a total of $23.4 billion of contributed capital was corrected to accumulated funds at 1 July 2015.
The State’s budget result was a $5.7 billion surplus, $2.0 billion higher than the budget estimate.
The Total State Sector comprises 310 entities controlled by the NSW Government.
Of the total, the General Government Sector comprises 215 entities that provide goods and services not directly paid for by consumers.
The non-General Government Sector comprises 95 Government businesses that provide goods and services such as water and electricity, or financial services.
A principal measure of a Government’s overall performance is its Net Operating Balance, or Budget Result. The Net Operating Balance reports the difference between the cost of General Government service delivery and the revenue earned to fund these sectors.
The State has recorded budget surpluses and exceeded the original budget result in nine of the last ten years.
The State maintained its AAA credit rating.
The object of the Act is to maintain the AAA credit rating.
NSW’s finances are managed in alignment with the Fiscal Responsibility Act 2012 (the Act).
The Act established the framework for fiscal responsibility and strategy needed to protect the State’s AAA credit rating and service delivery to the people of NSW.
The purpose of maintaining the AAA credit rating is to reduce the cost of, and ensure the broadest access to, borrowings.
A triple-A credit rating also helps maintain business and consumer confidence so economic activity and employment are sustained. The legislation sets out targets and principles for financial management to achieve this.
New South Wales has credit ratings of AAA/Negative from Standard & Poor’s and Aaa/Stable from Moody’s Investors Service.
The fiscal targets for achieving this objective are:
General Government expenditure growth is lower than long term revenue growth.
General Government expenditure growth was 4.2 per cent in 2016-17, below the long-term revenue growth of 5.6 per cent.
Eliminating unfunded superannuation liabilities by 2030.
The Act sets a target of eliminating unfunded defined benefit superannuation liabilities by 2030. The State’s net superannuation liability was $58.6 billion at 30 June 2017 ($71.2 billion at 30 June 2016).
The Government predicts the 2030 target will be achieved. The State’s funding plan is to contribute amounts escalated by five per cent each year so the schemes will be fully funded by 2030. In 2016-17, the State made employer contributions of $1.5 billion, which is largely consistent with contributions over the past five years.
The liability values in the graph below do not reflect the values recorded in the Total State Sector Accounts. For financial reporting purposes, Accounting Standards (AASB 119 Employee Benefits) require the State to discount its superannuation liability using the government bond rate (refer to page 10 of this report).
The relevant government bond rate in the current economic climate is 2.62 per cent.
The State’s target for the unfunded superannuation liability is measured using AASB 1056 Superannuation Entities. This is because it adopts a measurement basis that reflects expected earnings on fund assets, which are currently between 5.9 and 7.4 per cent. Using these rates, the liability is $15.0 billion at 30 June 2017 ($16.1 billion at 30 June 2016). The unfunded liability is $2.4 billion less than when the Act was introduced.
The State’s assets grew by $31.6 billion during 2016-17 to $409 billion.
Valuing the State’s physical assets.
When we audit the financial statements, we focus on areas we consider as higher risk. These areas are often complex, and require the use of estimates and judgements.
The State has $307.2 billion of physical assets measured at fair value in accordance with Australian Accounting Standards. Fair value calculations are inherently complex and sensitive to assumptions and estimates, increasing the risk these assets are incorrectly valued.
In our audits, we assess the reasonableness and appropriateness of assumptions used in valuing physical assets. This includes obtaining an understanding of the valuation methodologies applied and judgements made. We also review the completeness of asset registers, and the mathematical accuracy of valuation models.
Net movements between years includes additions, disposals, depreciation and valuations. This year, valuations of physical assets added $16.2 billion to the State’s assets, comprising:
-
Transport for NSW and Railcorp $8.5 billion
-
New South Wales Land and Housing Corporation $4.8 billion
-
Roads and Maritime Services $930 million
-
Crown Entity $400 million.
The State’s financial assets increased $27.5 billion in 2016-17
The State’s financial assets have increased by 88 per cent over the past four years. In 2016-17, financial assets increased primarily due to proceeds from the sale of government assets and businesses.
The Government implemented reforms to better use the State’s financial assets. A key element was the creation of an Asset and Liability Committee (ALCO) to provide advice on ways to improve balance sheet management.
Since the creation of the ALCO, reforms include:
-
Establishment of the New South Wales Infrastructure Future Fund (NIFF). The net proceeds from the State’s asset recycling program are invested into the NIFF, which is managed by TCorp, with a balance of $14.6 billion by 30 June 2017. Funds raised are invested through the NIFF until the Government requires them for critical infrastructure projects that are part of the Restart NSW and Rebuilding NSW program of works. ALCO and TCorp provide advice on the NIFF’s performance and management
-
Establishment of the Social and Affordable Housing Fund ($1.1 billion at 30 June 2017). ALCO oversees the Fund to ensure an appropriate investment approach that will maintain funding certainty for new social and affordable housing stock
-
Cash and liquidity management reforms to centralise cash previously held by agencies in the Treasury Banking System. This reform is designed to ensure agencies have adequate levels of liquidity but with surplus funds invested centrally for better returns.
The State’s liabilities decreased by $13.1 billion during 2016-17 to $182 billion.
Valuing the State’s liabilities relies on an actuarial assessment.
Nearly half of the State’s liabilities relate to its employees. This includes unfunded superannuation, and employee benefits, such as long service and recreation leave.
Valuation of these obligations is subject to complex estimation techniques and significant judgements. Small changes in assumptions can materially impact the financial statements.
We address the risk associated with auditing these balances:
-
using actuarial specialists
-
testing controls around underlying employee data used in data models, and testing the accuracy of the calculations
-
evaluating assumptions applied in calculating employee entitlements such as the discount rate and the probability of long service leave vesting conditions being met.
The State’s superannuation obligations reduced by $12.6 billion in 2016-17.
The State’s $58.6 billion superannuation liability represents obligations for past and present employees, less the value of assets set aside to meet those obligations. The superannuation liability decreased from $71.2 billion to $58.6 billion, largely due to an increase in the discount rate from 1.99 per cent to 2.62 per cent. This alone reduced the liability by $9.2 billion
The State’s borrowings totalled $70.6 billion at 30 June 2017.
The State’s borrowings totalled $70.6 billion at 30 June 2017, $9.5 billion less than the previous year. This was largely due to the repayment of borrowings when the assets of Ausgrid and Endeavour Energy were leased to the private sector.
TCorp issues bonds to raise funds for NSW Government agencies. The bonds are actively traded in financial markets providing price transparency and liquidity to public sector borrowers and institutional investors. All TCorp bonds are guaranteed by the NSW Government.
The Government manages its debt liabilities through its balance sheet management strategy. The strategy extends to TCorp, which applies an active risk management strategy to the Government’s debt portfolio.
General Government Sector debt is being restructured by replacing shorter-term debt with longer-term debt. This lengthens the portfolio to better match liabilities with the funding requirements of infrastructure assets and reduces refinancing risks. It also allows the Government to take advantage of the low interest rate environment.
The State recorded revenue of $83.5 billion in 2016-17, an increase of $5.3 billion from 2015-16.
The State’s results are underpinned by revenue growth in taxation, fees and fines.
Taxation, fees, fines and other revenue comprises $30.5 billion of taxation ($28.7 billion in 2015-16) and $5.3 billion of fees, fines and other revenue ($4.6 billion).
Tax revenue for the Total State Sector increased by $1.8 billion, or 6.4 per cent compared to 2015-16, primarily due to:
-
one-off business asset sales and lease transactions, including $718 million in transfer duty from the Ausgrid and Endeavour Energy lease transactions
-
$385 million increase in payroll tax from growth in NSW employment and average employee compensation
-
a $426 million increase in land taxes.
Growth in stamp duty is expected to slow over the next 4 years.
General Government Sector stamp duties have increased from $6.2 billion in 2012-13 to $11.5 billion in 2016-17, an annual average growth rate of 16.5 per cent. The Government’s budget forecasts the growth in stamp duties to decline, to an average annual growth rate of 2.6 per cent between 2016-17 and 2020-21.
The State received Commonwealth grants and subsidies of $30.8 billion in 2016-17.
The State received $30.8 billion from the Commonwealth Government in 2016-17, $1.6 billion more than in 2015-16. This was primarily due to transaction based asset recycling grants of $1.0 billion and a $720 million increase in national land transport grants. This increase was offset by a $435 million decrease in General Purpose Grants, which mainly comprises New South Wales’ share of the Goods and Services Tax (GST).
The State spent $79.4 billion in 2016-17 to deliver services to the community, an increase of $3.9 billion from 2015-16.
Overall expenses increased 5.2 per cent from last year. Most of the increase was due to higher employee costs and operating costs.
Total salaries and wages increased by 4.2 per cent from 2015-16.
Total salaries and wages increased to $30 billion from $28.8 billion in 2015-16. The Government wages policy aims to limit the growth in remuneration and other employee costs to no more than 2.5 per cent per annum.
Operating expenses increased by 12.4 per cent from 2015-16.
Within operating expenses, payments for supplies, services and other expenses increased, in part, due to the State:
-
reacquiring mining licenses worth $482 million and additional land remediation costs of $101 million
-
spending more on health including additional drug supplies relating to Hepatitis C.
State spend on transport and communications increased by 68.1 per cent since 2012-13.
While spending on health and education remain the largest functional areas provided by Government, expenditure on transport and communication increased, on average, by 13.9 per cent annually between 2012-13 and 2016-17. This increase reflects the Government’s investment in transport infrastructure such as the Sydney Metro and Westconnex. Over the same period, spending on health increased by $3.9 billion.
Expenditure on fuel and energy has decreased by an average of 44.7 per cent since 2012-13, reflecting the State’s leases of electricity network assets.
In 2011, the Government established Restart NSW to fund high priority infrastructure projects.
Restart NSW projects are primarily funded from the proceeds from the asset recycling program enabling Government to deliver new infrastructure investment.
Restart NSW provides funding for the delivery of Rebuilding NSW, which is the Government’s 10-year plan to invest $20 billion in new infrastructure.
The State finalised long-term leases of Ausgrid and Endeavour Energy assets.
In June 2017, the Government finalised its long-term lease of 50.4 per cent of Endeavour Energy. This transaction follows on from the long-term leases of TransGrid in December 2015 and 50.4 per cent of Ausgrid in December 2016. Net proceeds of $15.0 billion were paid into Restart NSW relating to these transactions.
The Government also finalised an arrangement for the private sector to provide land titling and registry services to the public for 35 years. The State, through Restart NSW, received an upfront payment of $2.6 billion from the new operator.
Restart NSW is funding $29.8 billion of new infrastructure.
The Government has detailed its plan to invest $20 billion into the Rebuilding NSW plan from Restart NSW.
At 30 June 2017, around $2.9 billion has already been spent on Rebuilding NSW projects from Restart NSW, with a further $9 billion included in the budget aggregates. The Government has also earmarked a further $8.1 billion in Restart NSW for future projects.
The most significant project is the Sydney Metro. The Government has committed $7.0 billion from Restart NSW to build a 30-kilometre metro line, linking Sydney Metro Northwest at Chatswood, through new stations in the lower North Shore, the Sydney CBD and southwest to Bankstown. At 30 June 2017, $2.4 billion has been spent on this project from Restart NSW.
Other significant projects funded by Restart NSW include a $1.8 billion contribution to WestConnex and reserved funding of $1 billion towards the State’s Major Stadia Network program.
The Treasury initiated the Financial Management Transformation (FMT) program with the aim of changing and improving financial governance, budgeting and reporting arrangements of the New South Wales public sector.
FMT aims to deliver better outcomes for the people of New South Wales and focuses on transparency and accountability for expenditure, and better value for money.
New Financial Management System
PRIME is the Information Technology (IT) solution component of the FMT program, replacing several historical systems. PRIME will provide both financial and performance information within one IT platform for all agencies in the NSW public sector.
It is expected to give Government more timely information to plan and deliver its policy priorities and the budget.
Independent assurance over the budget process would improve confidence in the reliability of the State’s financial information.