Refine search

Reports

21 March 2024

Published

Regulation insights

Environment

Finance

Health

Local Government

Planning

Whole of Government

Compliance

Cyber security

Internal controls and governance

Management and administration

Procurement

Regulation

Risk

What this report is about

In this report, we present findings and recommendations relevant to regulation from selected reports between 2018 and 2024.

This analysis includes performance audits, compliance audits and the outcomes of financial audits.

Effective regulation is necessary to ensure compliance with the law as well as to promote positive social and economic outcomes and minimise risks with certain activities.

The report is a resource for public sector leaders. It provides insights into the challenges and opportunities for more effective regulation.

Audit findings

The analysis of findings and recommendations is structured around four key themes related to effective regulation:

governance and accountability
processes and procedures
data and information management
support and guidance.

The report draws from this analysis to present insights for agencies to promote effective regulation. It also includes relevant examples from recent audit reports.

In this report, we also draw out insights for agencies that provide a public sector stewardship role.

The report highlights the need for agencies to communicate a clear regulatory approach. It also emphasises the need to have a consistent regulatory approach, supported by robust information about risks and accompanied with timely and proportionate responses.

The report highlights the need to provide relevant support to regulated parties to facilitate compliance and the importance of transparency through reporting of meaningful regulatory information.

Read the PDF report

20 February 2024

Published

Driver vehicle system

Transport

Finance

Cyber security

Information technology

Internal controls and governance

Project management

Service delivery

What this report is about

Transport for NSW (TfNSW) uses the Driver vehicle System (DRIVES) to support its regulatory functions. The system covers over 6.2 million driver licences and over seven million vehicle registrations.

DRIVES first went live in 1991 and has been significantly extended and updated since, though is still based around the same core system. The system is at end of life but has become an important service for Service NSW and the NSW Police Force.

DRIVES now includes some services to other parts of government and non-government entities which have little or no connection to transport. There are 141 users of DRIVES in total, including commercial insurers, national regulators, and individual citizens.

This audit assessed whether TfNSW is effectively managing DRIVES and planning to transition it to a modernised system.

Audit findings

TfNSW has not effectively planned the replacement of DRIVES.

It is now working on its third business case for a replacement system but has failed to learn lessons from its past attempts.

In the meantime, TfNSW has not taken a strategic approach to managing DRIVES’ growth.

TfNSW has been slow to reduce the risk of misuse of personal information held in DRIVES. With its delivery partner Service NSW, TfNSW has also been slow to develop and implement automatic monitoring of access.

TfNSW uses recognised processes for managing most aspects of DRIVES, but has not kept the system consistently available for users. TfNSW has lacked accurate service availability information since June 2022, when it changed its technology support provider.

TfNSW needs to significantly prioritise cyber security improvements to DRIVES. TfNSW is seeking to lift DRIVES’ cyber defences, but it will not achieve its stated target safeguard level until December 2025.

Even then, one of the target safeguards will not be achieved in full until DRIVES is modernised.

Audit recommendations

TfNSW should:

implement a service management framework including insight into the views of DRIVES users, and ensuring users can influence the service
ensure it can accurately and cost effectively calculate when DRIVES is unavailable due to unplanned downtime
ensure implementation of a capability to automatically detect anomalous patterns of access to DRIVES
ensure that DRIVES has appropriate cyber security and resilience safeguards in place as a matter of priority
develop a clear statement of the future role in whole of government service delivery for the system
resolve key issues currently faced by the DRIVES replacement program including by:
- clearly setting out a strategy and design for the replacement
- preparing a specific business case for replacement.

Read the PDF report

Parliamentary reference - Report number #388 - released 20 February 2024

19 December 2023

Published

Health 2023

Health

Whole of Government

Asset valuation

Compliance

Financial reporting

Information technology

Internal controls and governance

Project management

Regulation

Risk

Shared services and collaboration

Workforce and capability

What this report is about

Results of the Health portfolio of agencies' financial statement audits for the year ended 30 June 2023.

The audit found

Unmodified audit opinions were issued for all Health portfolio agencies' financial statements.

The number of monetary misstatements increased in 2022–23, driven by key accounting issues, including the first-time recognition of paid parental leave and plant and equipment fair value adjustments.

The key audit issues were

NSW Health identified errors regarding the recognition and calculation of long service leave entitlements for employees with ten or more years of service that had periods of part time service in the first ten years, resulting in prior period restatements.

Comprehensive revaluation of buildings at the Graythwaite Charitable Trust found errors in the previous year's valuation, resulting in prior period restatements.

New parental leave legislation increased employee liabilities for portfolio agencies. The Ministry of Health corrected the consolidated financial statements to record parental leave liabilities for all agencies within the Health portfolio.

A repeat high-risk issue relates to processing time records by administrators that have not been reviewed prior to running the pay cycle.

Thirty per cent of reported issues were repeat issues.

The audit recommended

Portfolio agencies should ensure any changes to employee entitlements are assessed for their potential financial statements impact under the relevant Australian Accounting Standards.

Portfolio agencies should address deficiencies that resulted in qualified reports on:

the design and operation of shared service controls
prudential non-compliance at residential aged care facilities.

This report provides Parliament and other users of the Health portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Health portfolio of agencies (the portfolio) for 2023.

Section highlights

Unqualified audit opinions were issued for all portfolio agencies required to prepare general purpose financial statements.
The total number of errors (including corrected and uncorrected) in the financial statements increased compared to the prior year.
The Ministry of Health retrospectively corrected an $18.9 million adjustment in its financial statements relating to long service leave entitlements for certain employees.
Graythwaite Charitable Trust retrospectively corrected a $4.2 million adjustment in its financial statements related to prior period valuations.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines observations and insights from our financial statement audits of agencies in the Health portfolio.

Section highlights

The 2022–23 audits identified one high-risk and 57 moderate risk issues across the portfolio.
The high-risk matter related to the forced-finalisation of time records.
The total number of findings increased from 67 to 111 in 2022–23.
Thirty per cent of the issues were repeat issues. Most repeat issues related to internal control deficiencies or non-compliance with key legislation and/or central agency policies.
Forced-finalisation of time records, accounting for the new paid parental leave provision and user access review deficiencies were the most commonly reported issues.
Qualified Assurance Practitioner's reports were issued on:
- the design and operation of controls as documented by HealthShare NSW
- the Ministry's Annual Prudential Compliance Statements in relation to residential aged care facilities.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

23 June 2023

Published

Management of the Critical Communications Enhancement Program

Finance

Health

Justice

Whole of Government

Cyber security

Information technology

Infrastructure

Internal controls and governance

Project management

Risk

Service delivery

Shared services and collaboration

What the report is about

Effective radio communications are crucial to NSW's emergency services organisations.

The Critical Communications Enhancement Program (CCEP) aims to deliver an enhanced public safety radio network to serve the five emergency services organisations (ESOs), as well as a range of other users.

This report assesses whether the NSW Telco Authority is effectively managing the CCEP.

What we found

Where it has already been delivered (about 50% of the state), the enhanced network meets most of the requirements of ESOs.

The CCEP will provide additional infrastructure for public safety radio coverage in existing buildings agreed to with ESOs. However, radio coverage inside buildings constructed after the CCEP concludes will be at risk because building and fire regulations do not address the need for in-building public safety radio coverage.

Around 98% of radios connected to the network can be authenticated to protect against cloning, though only 42% are.

The NSW Telco Authority has not settled with ESOs on how call encryption will be used across the network. This creates the risk that radio interoperability between ESOs will not be maximised.

When completed, the public safety radio network will be the only mission critical radio network for ESOs. It is unclear whether governance for the ongoing running of the network will allow ESOs to participate in future network operational decisions.

The current estimated capital cost for the NSW Telco Authority to complete the CCEP is $1.293 billion. This is up from an estimated cost of $400 million in 2016. The estimated capital cost was not publicly disclosed until $1.325 billion was shown in the 2021–22 NSW Budget Papers.

We estimate that the full cost to government, including costs to the ESOs, of implementing the enhanced network is likely to exceed $2 billion.

We made recommendations about

The governance of the enhanced Public Safety Network (PSN) to support agency relationships.
The need to finalise a Traffic Mitigation Plan for when the network is congested.
The need to provide advice to the NSW Government about the regulatory gap for ensuring adequate network reach in future buildings.
The need to clarify how encryption and interoperability will work on the enhanced network.
The need for the NSW Telco Authority to comply with its policy on Infrastructure Capacity Reservation.
Expediting measures to protect against the risk of cloning by unauthenticated radios.

Public safety radio networks are critical for operational communications among Emergency Services Organisations (ESOs), which in New South Wales include:

NSW Ambulance
Fire and Rescue NSW
NSW Police Force
NSW Rural Fire Service
NSW State Emergency Service.¹

Since 1993, these five ESOs have had access to a NSW Government owned and operated radio communications network, the Public Safety Network (PSN), to support their operational communications. Around 60 to 70 other entities also have access to this network, including other NSW government entities, Commonwealth government entities, local councils, community organisations, and utility companies.

Pursuant to the Government Telecommunications Act 2018 ('the Act'), the New South Wales Government Telecommunications Authority ('NSW Telco Authority') is responsible for the establishment, control, management, maintenance and operation of the PSN.²

Separate to the PSN, all ESOs and other government entities have historically maintained their own radio communication capabilities and networks. Accordingly, the PSN has been a supplementary source of operational radio communications for these entities.

These other radio networks maintained by ESOs and other entities are of varying size and capability, with many ageing and nearing their end-of-life. There was generally little or no interoperability between networks, infrastructure was often co-located and duplicative, and there were large gaps in geographic coverage.

In 2016, the NSW Telco Authority received dedicated NSW Government funding to commence the Critical Communications Enhancement Program (CCEP).

According to NSW Telco Authority's 2021–22 annual report, the CCEP is a transformation program for operational communications for NSW government agencies. The CCEP '…aims to deliver greater access to public safety standard radio communications for the State’s first responders and essential service agencies'. The objective of CCEP is to consolidate the large number of separate radio networks that are owned and operated by various NSW government entities and to enhance the state’s existing shared PSN. The program also aims to deliver increased PSN coverage throughout New South Wales.

The former NSW Government intended that as the enhanced PSN was progressively rolled-out across NSW, ESOs would migrate their radio communications to the enhanced network, before closing and decommissioning their own networks.

About this Audit

This audit assessed whether the CCEP is being effectively managed by the NSW Telco Authority to deliver an enhanced PSN that meets ESOs' requirements for operational communications.

We addressed the audit objective by answering the following two questions:

Have agreed ESO user requirements for the enhanced PSN been met under day-to-day and emergency operational conditions?
Has there been adequate transparency to the NSW Government and other stakeholders regarding whole-of-government costs related to the CCEP?

In answering the first question, we also considered how the agreed user requirements were determined. This included whether they were supported by evidence, whether they were sufficient to meet the intent of the CCEP (including in considering any role for new or alternative technologies), and whether they met any relevant technical standards and compliance obligations (including for cyber security resilience).

While other NSW government agencies and entities use the PSN, we focused on the experience of the five primary ESOs because these will be the largest users of the enhanced PSN.

Both the cost and time required to complete the CCEP roll-out have increased since 2016. While it was originally intended to be completed in 2020, this is now forecast to be 2027. Infrastructure NSW has previously assessed the reasons for the increases in time and cost. A summary of the findings made by Infrastructure NSW is presented in Chapter 1 of this report. Accordingly, as these matters had already been assessed, we did not re-examine them in this performance audit.

The auditee for this performance audit is the NSW Telco Authority, which is a statutory authority within the Department of Customer Service portfolio.

In addition to being responsible for the operation of the PSN, section 5 of the Act also prescribes that the NSW Telco Authority is:

to identify, develop and deliver upgrades and enhancements to the government telecommunications network to improve operational communications for government sector agencies
to develop policies, standards and guidelines for operational communications using telecommunications networks.

The NSW Telco Authority Advisory Board is established under section 10 of the Act. The role of the board is to advise the NSW Telco Authority and the minister on any matter relating to the telecommunications requirements of government sector agencies and on any other matter relating to the functions of the Authority. As of 2 June 2023, the responsible minister is the Minister for Customer Service and Digital Government.

The five identified ESOs are critical stakeholders of the CCEP and therefore they were consulted during this audit. However, the ESOs were not auditees for this performance audit.

Conclusion

In areas of New South Wales where the enhanced Public Safety Network has been implemented under the Critical Communications Enhancement Program, the NSW Telco Authority has delivered a radio network that meets most of the agreed requirements of Emergency Services Organisations for routine and emergency operations.

In April 2023, the enhanced Public Safety Network (PSN) was approximately 50% completed. In areas where it is used by Emergency Services Organisations (ESOs), the PSN generally meets agreed user requirements. This is demonstrated through extensive performance monitoring and reporting, which shows that agreed performance standards are generally achieved. Reviews by the NSW Government and the NSW Telco Authority found that the PSN performed effectively during major flood events in 2021 and 2022.

Where it is completed, PSN coverage is generally equal to or better than each ESO's individual pre-existing coverage. The NSW Telco Authority has a dedicated work program to address localised coverage gaps (or 'blackspots') in those areas where coverage has otherwise been substantively delivered. Available call capacity on the network far exceeds demand in everyday use. Any operational issues that may occur with the PSN are transparent to ESOs in real time.

The NSW Telco Authority consulted extensively with ESOs on requirements for the enhanced PSN, with relatively few ESO requirements not being included in the specifications for the enhanced PSN. Lessons from previous events, including the 2019–20 summer bushfires, have informed the design and implementation of the enhanced PSN (such as the need to ensure adequate backup power supply to inaccessible sites). The network is based on the Project 25 technical standards for mission-critical radio communications, which is widely-accepted in the public safety radio community throughout Australia and internationally.

There is no mechanism to ensure adequate radio coverage within new building infrastructure after the CCEP concludes, but the NSW Telco Authority and ESOs have agreed an approach to prioritise existing in-building sites for coverage for the duration of the CCEP.

The extent to which the PSN works within buildings and other built structures (such as railway tunnels) is of crucial importance to ESOs, especially the NSW Police Force, NSW Ambulance, and Fire and Rescue NSW. This is because a large proportion of their operational communications occurs within buildings.

There is no mechanism to ensure the adequacy of future in-building coverage for the PSN in new or refurbished buildings after the CCEP concludes. Planning, building, and fire regulations are silent on this issue. We note there are examples in the United States of how in-building coverage for public safety radio networks can be incorporated into building or fire safety codes.

In regard to existing buildings, it is not possible to know whether a building requires its own in-building PSN infrastructure until nearby outside radio sites, including towers and antennae, have been commissioned into the network. Only then can it be determined whether their radio transmissions are capable of penetrating inside nearby buildings. Accordingly, much of this work for in-building coverage cannot be done until outside radio sites are finished and operating.

In March 2023, the NSW Telco Authority and ESOs agreed on a list of 906 mandatory and 7,086

non-mandatory sites for in-building PSN coverage. Most of these sites will likely be able to receive radio coverage via external antennae and towers, however this cannot be confirmed until those nearby external PSN sites are completed. The parties also agreed on an approach to prioritising those sites where coverage is needed but not provided by antennae and towers. Available funding will likely only extend to ensuring coverage in sites deemed mandatory, which is nonetheless expected to meet the overall benchmark of achieving 'same or better' coverage than what ESOs had previously.

There is a risk that radio interoperability between ESOs will not be maximised because the NSW Telco Authority has not settled with ESOs how encryption will be used across the enhanced PSN.

End-to-end encryption of radio transmissions is a security feature that prevents radio transmissions being intercepted or listened to by people who are not meant to. The ability of the PSN to provide end-to-end encryption of operational communications is of critical importance to the two largest prospective users of the PSN: the NSW Police Force and NSW Ambulance. Given that encryption excludes other parties that do not have the requisite encryption keys, its use creates an obstacle to achieving a key intended benefit of the CCEP, that is a more interoperable PSN, where first responders are better able to communicate with other ESOs.

Further planning and collaboration between PSN participants are necessary to consider how these dual benefits can be achieved, including in what operational circumstances encrypted interoperability is necessary or appropriate.

The capital cost to the NSW Telco Authority of the CCEP, originally estimated at $400 million in 2016, was not made public until the 2021–22 NSW Budget disclosed an estimate of $1.325 billon.

The estimated capital cost to complete all stages of the CCEP increased over time. This increasing cost was progressively disclosed to the NSW Government through Cabinet processes between 2015–16 and 2021–22.

In 2016, the full capital cost to the NSW Telco Authority of completing the CCEP was estimated to be $400 million. This estimated cost was not publicly disclosed, nor were subsequent increases, until the cost of $1.325 billion was publicly disclosed in the 2021–22 NSW Budget (revised down in the 2022–23 NSW Budget to $1.293 billion).

There has been no transparency about the whole-of-government cost of implementing the enhanced PSN through the CCEP.

In addition to the capital costs incurred directly by the NSW Telco Authority for the CCEP, ESOs have incurred costs to maintain their own networks due to the delay in implementing the CCEP. The ESOs will continue to incur these costs until they are able to fully migrate to the enhanced PSN, which is expected to be in 2027. These costs have not been tracked or reported as part of transparently accounting for the whole-of-government cost of the enhanced PSN. This is despite Infrastructure NSW in 2019 recommending to the NSW Telco Authority that it conduct a stocktake of such costs so that a whole-of-government cost impact is available to the NSW Government.

¹The definition of 'emergency services organisation' is set out in the State Emergency and Rescue Management Act 1989 (NSW). In addition to the five ESOs discussed in this report, the definition also includes: Surf Life Saving New South Wales; New South Wales Volunteer Rescue Association Inc; Volunteer Marine Rescue NSW; an agency that manages or controls an accredited rescue unit; and a non-government agency that is prescribed by the regulations for the purposes of this definition.
²Section 15(1) of the Government Telecommunications Act 2018 (NSW).

The NSW Telco Authority established and tracked its own costs for the CCEP

Over the course of the program from 2016, the NSW Telco Authority prepared a series of business cases and program reviews that estimated its cost of implementing the program in full, including those shown in Exhibit 6 below.

Exhibit 6: Estimated costs to fully implement the CCEP
Source	Capital cost ($ million)	Operating cost ($ million)	Completion date
March 2016 business case	400	37.3	2020
November 2017 internal review	476.7	41.7	2022
March 2020 business case	950–1,050	--	2025
October 2020 business case	1,263.1	56.1	2026

Source: CCEP business cases as identified.

In response to the 2016 CCEP business case, the then NSW Government approved the NSW Telco Authority implementing the CCEP in full, with funding provided in stages. The NSW Telco Authority tracked its costs against approved funding, with monthly reports provided to the multi-agency Program Steering Committee

Throughout the program, the NSW Government was informed of increasing costs being incurred by the NSW Telco Authority for the CCEP

The various business cases, program updates, and program reviews prepared by the NSW Telco Authority were provided to the NSW Government through the required Cabinet process when seeking approval for the program proceeding and requests for both capital and operational funding. These provided clear indication of the changing overall cost of the CCEP to the NSW Telco Authority, as well as the delays that were being experienced.

There was no transparency to the Parliament and community about changes in the capital cost of the CCEP until the 2021–22 NSW Budget

As the business cases for the CCEP were not publicly available, the only sources of information about capital cost were NSW Budget papers and media releases. The information provided in the annual Budget papers prior to the 2021–22 NSW Budget provided no visibility of the estimated full capital cost to complete all stages of the CCEP. As shown in Exhibit 7 below, this information was fragmented and complex.

Media releases about the progress of the CCEP did not provide the estimated total cost to the NSW Telco Authority of $1.325 billion to complete all stages of the CCEP until June 2021. Prior to this date, media releases only provided funding for the initial stages of the program or for the stages subject to a funding announcement.

Even during the September 2019 and March 2020 Parliamentary Estimate Committee hearings where the costings and delays to the CCEP were raised, the estimated full cost of the CCEP was not revealed.

Exhibit 7: CCEP funding in NSW Budget papers from 2015–16 to 2022–23
Financial year	Type of major work	Description of expenditure	Forecast estimate to complete ($ million)	Estimated duration
2015–16	New work	Infrastructure Rationalisation Program: Planning and Pilot	18.3	2015–16
2016–17	Work in progress	CCEP Planning and Pilot	18.3	2015–17
2016–17	New work	CCEP	45	2016–17
2017–18	New work	CCEP	190.75	2017–21
2018–19	Work in progress	CCEP North Coast and State-wide Detailed Design	190.75	2017–21
2018–19	New work	CCEP Greater Metropolitan Area	236	2018–22
2019–20	Work in progress	CCEP	426.9	2018–22
2020–21	Work in progress	CCEP	664.8	2018–22
2021–22	Work in progress	CCEP	1,325	2018–26
2022–23	Work in progress	CCEP	1,292.8	2018–26

Source: NSW Treasury, Annual State Budget Papers.

The original business case for the CCEP included estimated ESO costs, though these costs were not tracked throughout the program

Estimates for ESO costs for operating and maintaining their own radio networks over the four years from 2016–17 were included in the original March 2016 business case. They included $75.2 million for capital expenditure and $95 million for one-off operating costs. These costs, as well as costs incurred by ESOs due to the delay in the program, were not subsequently tracked by the NSW Telco Authority.

In January 2017, Infrastructure NSW reviewed the CCEP business case of March 2016. In this review, Infrastructure NSW recommended that the NSW Telco Authority identify combined and apportioned costs and cashflow for all ESOs over the CCEP funding period reflecting all associated costs to deliver the CCEP. These to include additional incidental capital costs accruing to ESOs, transition and migration to the new network and the cost (capital and operational) of maintaining existing networks. This recommendation was implemented in the November 2017 program review, with ESO capital costs estimated as $183 million.

In 2019, Infrastructure NSW conducted a Deep Dive Review on the progress of the CCEP. In this review, Infrastructure NSW made what it described as a 'critical recommendation' that the NSW Telco Authority:

…coordinate a stocktake of the costs of operational bridging solutions implemented by PSAs [ESOs] as a result of the 18-month delay, so that a whole-of-government cost impact is available to the NSW Government.

It should be noted that the delay to CCEP completion now is seven years and that further ‘operational bridging solutions’ have been needed by the ESOs.

'Stay Safe and Keep Operational' costs incurred by ESOs will be significantly higher than originally estimated

Stay Safe and Keep Operational (SSKO) funding was established to provide funding to ESOs to maintain their legacy networks while the CCEP was refreshing and enhancing the PSN. This recognised that much of the network infrastructure relied on by ESOs had reached – or was reaching – obsolescence and would either require extensive maintenance or replacement before the PSN was available for ESOs to migrate to it. ESOs may apply to NSW Treasury for SSKO funding, with their specific proposals being reviewed (and endorsed, where appropriate) by the NSW Telco Authority. Accordingly, SSKO expenditure does not fall within the CCEP budget allocation.

As shown in the table below, extracted from the March 2016 CCEP business case, the total expected cost for SSKO purposes over the course of the CCEP was originally $40 million, assuming the enhanced PSN would be fully available by 2020.

Exhibit 8: Stay Safe and Keep Operational forecast costs, 2017 to 2020
Year	2017	2018	2019	2020	Total
SSKO forecast ($ million)	12.5	15	10	2.5	40

Source: March 2016 CCEP business case.

In October 2022, the expected completion date for the CCEP was re-baselined to August 2027. Accordingly, ESOs will be required to continue to maintain their radio networks using legacy equipment for seven years longer than the original 2020 forecast. This will likely become progressively more expensive and require additional SSKO funding. For example, NSW Telco Authority endorsed SSKO bids for 2022–23 exceeded $35 million for that year alone.

Compared to the original forecast made in the March 2016 CCEP business case of $40 million, we found ESOs had estimated SSKO spending to 2027 will be $292.5 million.

A refresh of paging network used by ESOs and the decommissioning of redundant sites were both removed from the original 2016 scope of the CCEP

Paging

A paging network is considered an important user requirement by the Fire and Rescue NSW, NSW Rural Fire Service, and NSW State Emergency Service. The 2016 CCEP business case included a paging network refresh within the program scope of works. This was reiterated in the November 2017 internal review of the program. These documents did not estimate a cost for this refresh. The March 2020 and October 2020 business cases excluded paging from the program scope. The audit is unable to identify when, why or by whom the decision was made to remove paging from the program scope, something that was also not well communicated to the affected ESOs.

In 2021, after representations from the affected ESOs, the NSW Telco Authority prepared a separate business case for a refresh of the paging network at an estimated capital cost of $60.31 million. This program was subsequently approved by the NSW Government and included in the 2022–23 NSW Budget.

In determining an estimated full whole-of-government cost of delivering the enhanced PSN, we have included the budgeted cost of the paging network refresh on the basis that:

it was expressly included in the original approved March 2016 business case
the capability is deemed essential to the needs of three ESOs.

Decommissioning costs

The 2016 CCEP business case included cost estimates for decommissioning surplus sites (whether ‘old’ GRN sites or sites belonging to ESOs’ own networks). These estimates were provided for both the NSW Telco Authority ($38 million) and for the ESOs ($55 million). However, while these estimates were described, they were not included as part of the NSW Telco Authority's estimated capital cost ($400 million) or (more relevantly) operating cost ($37.3 million) for the CCEP. This is despite decommissioning being included as one of eight planned activities for the rollout of the program.

In the October 2020 business case, an estimate of $201 million was included for decommissioning agency networks based on a model whereby:

funding would be coordinated by the NSW Telco Authority
scheduling and reporting through an inter-agency working group and
where appropriate, agencies would be appointed as the most appropriate decommissioning party.

This estimated cost is not included in the CCEP budget.

In determining an estimated full whole-of-government cost of the enhanced PSN, we have included the estimated cost of decommissioning on the basis that:

decommissioning was included in the 2016 CCEP business case as one of eight 'planned activities for the rollout of the program'
effective decommissioning of surplus sites and equipment (including as described in the business case as incorporating asset decommissioning, asset re-use, and site make-good) is an inherent part of the program management for an enhanced PSN
costs incurred in decommissioning are entirely a consequence of the CCEP program.

The estimated minimum cost of building an enhanced PSN consistent with the original proposal is over $2 billion

We have derived two estimated minimum whole-of-government costs for delivering an enhanced PSN. These are:

$2.04 billion when calculated from NSW Telco Authority data – shown as estimate A in Exhibit 9 below.
$2.26 billion when calculated from ESO supplied data – shown as estimate B in Exhibit 9.

Both totals include:

budgeted amounts for both CCEP capital expenditure ($1,292.8 million) and operating expenditure ($139 million)
the NSW Telco Authority's 2020 estimated cost for decommissioning ($201 million)
the NSW Telco Authority's approved funding for paging refresh ($60.3 million).

The two estimated totals primarily vary around the capital expenditure of ESOs (particularly SSKO funding). To determine these costs, we used ESO provided actual SSKO costs to date, as well as their estimates for maintaining their legacy radio networks through to 2027.

The equivalent cost estimates from the NSW Telco Authority were sourced from the November 2017 internal review and the October 2020 business case for CCEP. It should be noted that the amounts for both estimates are not audited, or verified, but do provide an indication of how whole-of-government costs have grown over the course of the program.

The increase in and reasons for the increase in total CCEP costs (capital and one-off operating) incurred or forecast by the NSW Telco Authority (from $437.3 million in 2016 to $1,431.8 million in 2022) have been provided to the NSW Government through various business cases and reviews prepared by the NSW Telco Authority, as well as by reviews conducted by Infrastructure NSW as part of its project assurance responsibilities.

However, the growth in ESO costs and other consequential costs, such as paging and decommissioning, from around $263 million in the 2016 CCEP business case to between $600 million and $800 million, has to a large degree remained invisible and unexplained to the NSW Government and other stakeholders

Exhibit 9: Estimated whole-of-government costs of the enhanced PSN
	Estimated whole-of-government cost, over time
Cost type	2016¹	2017²	2020³	2023–Estimate A⁴	2023–Estimate B⁵
Cost type	$ million	$ million	$ million	$ million	$ million
CCEP capital expenditure	400^a	476.7^b	1,263.1^c	1,292.8^d	1,292.8^d
CCEP operating expenditure	37.3^a	41.7^b	41.5^e	139^d	139^d
CCEP total	437.3	518.4	1,304.6	1,431.8	1,431.8
ESO capital expenditure	75.2^a,f	183^b,e	75.4^e	258.4^g	292.5
ESO one-off operating expenditure	93^a	n.a.^l	86.5^e	86.5^h	273
ESO total	168.2	183	161.9	344.9	565.5
Paging	n.a.ⁱ	n.a.ⁱ	n.a.^j	60.3^k	60.3^k
Decommissioning	93	n.a.^l	201.0	201^h	201
Paging and decommissioning total	93	n.a.	201	261.3	261.3
Whole-of-government total	698.5	701.4	1,667.5	2,038	2,258.6

Notes:

Financial year 2016 to Financial year 2020.
Financial year 2016 to Financial year 2021.
Financial year 2016 to Financial year 2025.
Financial year 2016 to Financial year 2026.
Financial year 2022 to Financial year 2025.
Stay Safe and Keep Operational (SSKO) costs plus terminals costs.
November 2017 internal review and October 2020 Business case.
October 2020 Business case.
Included in CCEP capital expenditure at that time.
By 2020, a refresh of the paging network had been removed from the CCEP scope.
A separate business case for a refresh of the paging network was approved by government in 2022.
Figure not included in the source document.

Sources:

March 2016 CCEP business case.
November 2017 Internal Review conducted by the NSW Telco Authority.
October 2020 CCEP business case.
Derived from business cases, with ESO costs drawn from NSW Telco Authority data.
Derived from business cases, with ESO costs based on data provided to the Audit Office of New South Wales by each of the five ESOs.

Appendix one – Response from agency

Appendix two – Trunked public safety radio networks

Appendix three – About the audit

Appendix four – Performance auditing

Parliamentary reference - Report number #383 - released 23 June 2023

1 June 2023

Published

Natural disasters

Community Services

Environment

Finance

Local Government

Planning

Transport

Treasury

Whole of Government

Asset valuation

Compliance

Financial reporting

Infrastructure

Regulation

Risk

Service delivery

What this report is about

This report draws together the financial impact of natural disasters on agencies integral to the response and impact of natural disasters during 2021–22.

What we found

Over the 2021–22 financial year $1.4 billion from a budget of $1.9 billion was spent by the NSW Government in response to natural disasters.

Total expenses were less than the budget due to underspend in the following areas:

clean-up assistance, including council grants
anticipated temporary accommodation support
payments relating to the Northern Rivers Business Support scheme for small businesses.

Natural disaster events damaged council assets such as roads, bridges, waste collection centres and other facilities used to provide essential services. Additional staff, contractors and experts were engaged to restore and repair damaged assets and minimise disruption to service delivery.

At 30 June 2022, the estimated damage to council infrastructure assets totalled $349 million.

Over the first half of the 2022–23 financial year, councils experienced further damage to infrastructure assets due to natural disasters. NSW Government spending on natural disasters continued with a further $1.1 billion spent over this period.

Thirty-six councils did not identify climate change or natural disaster as a strategic risk despite 22 of these having at least one natural disaster during 2021–22.

Section highlights

$1.4 billion from a budget of $1.9 billion was spent by the NSW Government in response to natural disasters during 2021–22.
Budget underspent for temporary housing and small business support as lower than expected need.

Section highlights

83 local council areas were impacted by natural disasters during 2021–22, with 58 being impacted by more than one type of natural disaster.
$349 million damage to council infrastructure assets at 30 June 2022.

24 January 2023

Published

Design and implementation of the Transport Asset Holding Entity

Transport

Treasury

Asset valuation

Financial reporting

Infrastructure

Procurement

Risk

Service delivery

What the report is about

The Transport Asset Holding Entity (TAHE) is the State's custodian of rail assets. It is a state owned corporation and commenced operating on 1 July 2020.

This audit assessed the effectiveness of NSW Government agencies' design and implementation of TAHE. We audited TAHE, Transport for NSW (TfNSW) and NSW Treasury.

Separate and related audits on TAHE are reported in 'State Finances 2022', 'State Finances 2021' and 'Transport and Infrastructure 2022' reports.

What we found

The design and implementation of TAHE, which spanned seven years, was not effective.

The process was not cohesive or transparent. It delivered an outcome that is unnecessarily complex in order to support an accounting treatment to meet the NSW Government's short-term Budget objectives, while creating an obligation for future governments.

The benefits of TAHE were claimed in the 2015–16 NSW Budget before the enabling legislation was passed by Parliament in 2017. This committed the agencies to implement a solution that justified the 2015–16 Budget impacts, regardless of any challenges that arose.

Rail safety arrangements were a priority throughout TAHE's design and implementation, and risks were raised and addressed.

Agencies relied heavily on consultants on matters related to the creation of TAHE, but failed to effectively manage these engagements. Agencies failed to ensure that consultancies delivered independent advice as an input to decision-making. A small number of firms were used repeatedly to provide advice on the same topic. The final cost of TAHE-related consultancies was $22.6 million compared to the initial estimated cost of $12.9 million.

What we recommended

We recommended that the audited agencies should:

improve accountability and transparency for major new fiscal transformation initiatives
ensure entities do not reflect the financial impact of significant initiatives in the Budget when there is uncertainty, or it creates perverse incentives
review record keeping practices, systems and policies to ensure compliance with the State Records Act 1998, and the NSW Government Information Classification, Labelling and Handling Guidelines
review procurement policies to ensure that consultant use complies with all NSW Government policy requirements.

The NSW Government established the Transport Asset Holding Entity (TAHE), a statutory State Owned Corporation (SOC), on 1 July 2020 to replace the former rail infrastructure owner – RailCorp. It is the State's custodian of rail network assets, including rail tracks and other infrastructure, rolling stock, land, train stations and facilities, retail space, and signal and power systems, within metropolitan and regional New South Wales. It is responsible for $2.8 billion of major capital projects in 2022–23.

TAHE was established under Part 2 of the Transport Administration Act 1988 and is governed by a decision-making board. The Treasurer and the Minister for Finance and Employee Relations are the Shareholding Ministers of TAHE, and they annually agree performance expectations articulated in a Statement of Corporate Intent.

Whereas TAHE is the custodian of rail assets, Sydney Trains and NSW Trains operate public rail services. TAHE does not have responsibility for the operation of the heavy rail network or train services, nor does it have network control functions. TAHE, Sydney Trains and NSW Trains are in the Transport and Infrastructure cluster in the public sector (formerly the Transport cluster and renamed in April 2022), which also includes Sydney Metro and Transport for NSW (TfNSW).

TfNSW leads the Transport and Infrastructure cluster. Its role is to set the strategic direction for transport across the State. This involves the shaping of planning, policy, strategy, regulation, resource allocation and other service and non-service delivery functions for all modes of transport.

TAHE's Operating Licence is granted by the Portfolio Minister and authorises the entity to perform the functions required to acquire, develop, finance, divest and hold assets, pursuant to the Transport Administration Act 1988. The Portfolio Minister also issues a Statement of Expectations which outlines the government’s expectation for the business for the next three to five years.

TAHE's original Portfolio Minister was the Minister for Transport who approved, on 30 June 2020, the issuing of an interim 12-month Operating Licence to enable TAHE to commence operating on 1 July 2020. The Portfolio Minister then granted TAHE's current Operating Licence in 2021. After TAHE requested a 12-month extension to its current Operating Licence, its next Operating Licence is due on 1 July 2024. The current Portfolio Minister is the Minister for Infrastructure, Cities and Active Transport.

About this audit

This audit assessed the effectiveness of NSW Government agencies' design and implementation of TAHE. In making this assessment, we considered whether:

the process of designing and implementing TAHE was cohesive and transparent, and delivered an effective outcome
agencies' roles and responsibilities were clear in the planning of TAHE
agencies effectively identified and managed certain risks.

Conclusion

The design and implementation of TAHE was not effective. The process was not cohesive or transparent. It delivered an outcome that is unnecessarily complex in order to meet the NSW Government's short-term Budget objectives, while creating an obligation for future governments to sustain TAHE through continuing investment, and funding of the state owned rail operators. The ineffective process to design TAHE delivered a model that entails significant uncertainty as to whether the anticipated longer-term financial improvements to the Budget position can be achieved or sustained.

NSW Treasury and TfNSW had different objectives for TAHE

Up to June 2013, RailCorp had been the owner and operator of rail services and maintainer of the metropolitan rail network for almost a decade. It had been operating as a not-for-profit Public Non-Financial Corporation (PNFC).

In 2012, NSW Treasury (hereafter Treasury) decided there was a risk that the Australian Bureau of Statistics (ABS) would reclassify RailCorp to the General Government Sector (GGS), meaning depreciation expenses of approximately $870 million would be reflected in the GGS Budget. Treasury wanted to avoid this impact on the GGS Budget, and considered the establishment of a transport asset holding entity as a means to do so. Capital grants to RailCorp were being treated as an expense to the GGS Budget.

TfNSW also wanted an asset holding entity – but one that would be a non-trading ‘shell’ company with no staff that would hold and manage all public transport assets. TfNSW's concept envisaged the entity would have a structure that would enable future public transport reforms and strategic directions while ensuring vertical integration of operations between asset owners and the rail operators to maintain rail safety.

However, Treasury pursued its objective to improve the GGS Budget result, and sought to expand on TfNSW's 'shell' asset holding entity concept. Treasury wanted an entity that could generate a return on investment, as this meant that government investment in transport assets could be treated as equity investments, rather than a Budget expense, and in turn improve the GGS Budget position. As an example of the potential impact of creating this new entity, capital grants of $2.3 billion were paid to RailCorp in 2013–14. If Treasury's objective was met, grants of this significance would then be treated as an equity investment, rather than an expense in the GGS Budget.

In 2017, Treasury's preferred option was progressed through legislation, but both agencies' central objectives for the proposed asset holding entity would continue to prove difficult to reconcile. To achieve Treasury's objective to improve the Budget result, the entity would need to generate a return on investment (this is further discussed below). However, TfNSW expressed concerns that the prioritisation of rail safety, and the effective management of governance, regulation and operations would be more complex in an entity with commercial imperatives.

Asset holding entities are a common approach to the management of transport assets in Australia and internationally, and there are a range of approaches to how they are structured and used. Such structures should be driven by the goal of improved asset management. Ultimately, TfNSW's objectives could have been delivered through a simpler entity structure. However, reconciling TfNSW's objectives with Treasury's imperative to deliver and justify a Budget improvement in the short-term resulted in an overly lengthy process and an unnecessarily complex outcome that places an obligation on future governments to sustain. There is still significant uncertainty as to whether the short-term improvements to the Budget can continue to be realised in the longer-term.

The Budget benefits of TAHE were claimed before the entity was legislated, committing the agencies to deliver, regardless of the complexities that subsequently arose

The 2015–16 GGS Budget treated the government's investment in TAHE (still known at this time as RailCorp) as an equity contribution. This had the immediate impact of improving the Budget result by $1.8 billion per annum. However, the legislation to enable the establishment of TAHE had not yet been passed by Parliament, key elements of the operating model were still under development, and imminent changes in accounting standards had the potential to impact TAHE's financial model. The decision to book the benefits in the Budget early committed the involved agencies to implement a solution that justified the 2015–16 Budget impacts, irrespective of the challenges that arose.

TAHE's financial structure requires circular government investment to work

For the NSW Government to continue to treat its investment in TAHE as an equity contribution, rather than an expense to the Budget, there must be a reasonable expectation that TAHE will generate a sufficient rate of return as required by the Government Finance Statistics (GFS) framework. In doing so, it needs to recover a revaluation loss created by a $20.3 billion reduction in the value of its assets which was incurred in its first full year of operation. This loss occurred as a result of a revaluation of TAHE's assets when RailCorp (a not-for profit entity) became TAHE (a for-profit commercial entity) – and is discussed further in the 'Key findings' below.

TAHE generates a small portion of its income from transactions with the private sector but, as noted in our report 'State Finances 2021', TAHE receives the majority of its revenue (more than 80%) from access and licence fee agreements with Sydney Trains and NSW Trains. Both of these entities are funded by grants (a Budget expense) to TfNSW from the GGS Budget.

Based on Treasury’s correspondence with the ABS in 2015, TAHE was initially expected to pay a return on equity of 7% in 2016–17. The assumption of a 7% return persisted through to 2018, after the legislation enabling the establishment of TAHE was passed by Parliament. However, when the initial access and licence fees were agreed on 1 July 2020, this figure had been revised to an expected rate of return of 1.5% excluding the revaluation loss. This was below the long-term inflation target and did not include the recovery of the revaluation loss – risking the government's ability to treat its investment in TAHE as an equity contribution. Importantly, as TAHE is primarily reliant on fees paid by the state owned rail operators that, in turn, are funded by the GGS Budget (as an expense), the decision to change the returns model from 7% to 1.5% would in its own right have had a positive impact on the GGS Budget. However, the decision to use a 1.5% return would ultimately be problematic as it made it difficult to treat the government's contributions to TAHE as an equity investment, as discussed below.

On 14 December 2021, to avoid a qualified audit opinion, the NSW Government made the decision to increase TAHE's expected rate of return to 2.5%, equal to the Reserve Bank’s long-term inflation target.

In 2021-22, TAHE needed to start charging rail operators higher access and licence fees in order to generate a return of 2.5%, so as to support the government's treatment of its investment in TAHE as an equity contribution in the GGS Budget. This meant the government needed to provide additional grant (expense) funding to the state owned rail operators so they could pay the increased access and licence fees to TAHE. Based on current projections, TAHE is not expected to recover the revaluation loss until 2046.

There remains a risk that TAHE will not be able to generate a sufficient return on the NSW Government's investment without relying on increased funding to state owned rail operators so that they can in turn pay the higher access and licence fees. TAHE's ability to generate returns on government investment from other sources are uncertain and may not be achievable or sustainable. Current modelling highlights that TAHE remains largely reliant, through to 2046, on increasing fees (which are assumed to increase at 2.5% per annum from 2031 onwards when the current 10 year contracts with rail operators expire) paid by the state owned rail operators that remain principally reliant on GGS Budget grants.

The process of designing and implementing TAHE was not transparent to independent scrutiny

Our report 'State Finances 2021' commented that Treasury did not always provide this Office with information relating to TAHE on a timely basis. Similarly, during this performance audit, there were also multiple instances where auditees were unable to provide documentation regarding key activities in the process to deliver TAHE. Agencies also applied higher sensitivity classifications to large tranches of documents than was justified or required by policy. Of particular concern is the incorrect classification of documents as Cabinet sensitive information. The incorrect or over-classification of documentation as Cabinet sensitive delayed this Office's ability to provide scrutiny or independent assurance.

There was a lack of clarity around the roles and responsibilities of governance structures set up to oversee the design and implementation of TAHE

From 2014, multiple workstreams and advisory committees were established to progress the design and implementation of TAHE. For some of these committees and workstreams, there is limited information on what they were tasked to do and what they achieved. Most had ceased meeting by 2018, before significant work needed to deliver TAHE was completed.

The lack of clarity around the roles and responsibilities of these governance structures reduced opportunities for TfNSW and Treasury to reconcile their differing objectives for TAHE, and resolve key questions earlier in the process.

There was a heavy reliance on consulting firms throughout the process to establish TAHE, and the management of consultant engagements failed to ensure that agencies received independent advice to support objective decision-making

In 2020, Treasury and TfNSW failed to prevent, identify, or adequately manage a conflict of interest when they engaged the same 'Big 4' consulting firm to work on separate TAHE-related projects. Both agencies used the firm's work to further their respective views with regard to the financial implications of TAHE's operating model. At this time those views were still unreconciled.

Treasury engaged the firm to provide a fiscal risk management strategy and advice on the impact of changes to accounting standards. TfNSW engaged the same firm to develop operating and financial models for TAHE, which raised concerns regarding the viability of TAHE. Disputes arose around the findings of these reports. Treasury disagreed with some of the outcomes of the work commissioned by TfNSW, relating to accounting treatment and fiscal advice.

The management of this conflict (real or perceived) was left to the 'Big 4' consulting firm when it was more appropriate for it to be managed by Treasury and TfNSW. If these agencies had communicated more effectively, used available governance structures consistently, and shared information openly about their use of the firm and the nature of their respective engagements, these disputes might have been avoided. This issue, coupled with deficiencies in procurement by both agencies, reflected and further perpetuated the lack of cohesion in the design and implementation of TAHE.

More broadly, over the period 2014 – 2021, 16 separate consulting firms were employed to work on 36 contracts, valued at over $22.56 million, relating to TAHE ranging from accounting and legal advice, project management, and the provision of administrative support and secretariat services.

Consultants are legitimately used by agencies to provide advice on how to achieve the outcomes determined by government, including advising agencies on the risks and challenges in achieving those outcomes. Similarly, consultants can provide expert knowledge in the service of achieving those outcomes and managing the risks. However, the heavy reliance on consulting firms during the design and implementation of TAHE heightened the risk that agencies were not receiving value for money, were outsourcing tasks that should be performed by the public service, and did not mitigate the risk that the advice received was not objective and impartial. The risk that the role of consultants could have been blurred between providing independent advice to government on options and facilitating a pre-determined outcome was not effectively treated or mitigated. This risk was amplified because a small number of firms were used repeatedly to provide advice on one topic. The effective procurement and management of consultants is an obligation of government agencies.

Appendix one – Responses from audited agencies, and Audit Office clarification of matters raised in the TAHE formal response

Appendix two – Classification of government entities

Appendix three – About the audit

Appendix four – Performance auditing

Copyright notice

Parliamentary reference - Report number #372 - released 24 January 2023

20 December 2022

Published

Coordination of the response to COVID-19 (June to November 2021)

Premier and Cabinet

Community Services

Health

Justice

Whole of Government

Internal controls and governance

Risk

Service delivery

Shared services and collaboration

What the report is about

This audit assessed the effectiveness of NSW Government agencies’ coordination of the response to COVID-19, with a focus on the Delta variant outbreak in the Dubbo and Fairfield Local Government Areas (LGA) between June and November 2021. We audited five agencies - the Department of Premier and Cabinet, NSW Health, the NSW Police Force, Resilience NSW and the Department of Customer Service.

The audit also considered relevant planning and preparation activities that occurred prior to June 2021 to examine how emergency management and public health responses learned from previous events.

What we found

Prior to Delta, agencies developed capability to respond to COVID-19 related challenges.

However, lessons learned from prior reviews of emergency management arrangements, and from other jurisdictions, had not been implemented when Delta emerged in June 2021. As a result, agencies were not as fully prepared as they could have been to respond to the additional challenges presented by Delta.

Gaps in emergency management plans affected agencies' ability to support individuals, families and businesses impacted by restrictions to movement and gathering such as stay-at-home orders. In LGAs of concern, modest delays of a few days had a significant impact on people, especially those most vulnerable.

On 23 July 2021, the NSW Government established a cross-government coordinating approach, the Delta Microstrategy, which complemented existing emergency management arrangements, improved coordination between NSW Government agencies and led to more effective local responses.

Where possible, advice provided to government was supported by cross-government consultation, up-to-date evidence and insights. Public Health Orders were updated as the response to Delta intensified or to address unintended consequences of previous orders. The frequency of changes hampered agencies' ability to effectively communicate changes to frontline staff and the community in a rapidly evolving situation.

The NSW Government could provide greater transparency and accountability over decisions to apply Public Health Orders during a pandemic.

What we recommended

The audit made seven recommendations intended to improve transparency, accountability and preparedness for future emergency events.

This audit assessed the effectiveness of NSW Government agencies’ coordination (focused on the Department of Premier and Cabinet, NSW Health, the NSW Police Force, Resilience NSW and the Department of Customer Service) of the COVID-19 response in selected Local Government Areas (Fairfield City Council and Dubbo Regional Council) between June and November 2021.

As noted in this report, Resilience NSW was responsible for the coordination of welfare services as part of the emergency management arrangements. On 16 December 2022, the NSW Government abolished Resilience NSW.

During the audited period, Resilience NSW was tasked with supporting the needs of communities subject to stay-at-home orders or stricter restrictions and it provided secretariat support to the State Emergency Management Committee (SEMC). The SEMC was, and remains, responsible for the coordination and oversight of emergency management policy and preparedness.

Our work for this performance audit was completed on 15 November 2022, when we issued the final report to the five audited agencies. While the audit report does not make specific recommendations to Resilience NSW, it does include five recommendations to the State Emergency Management Committee. On 8 December 2022, the then Commissioner of Resilience NSW provided a response to the final report, which we include as it is the formal response from the audited entity at the time the audit was conducted.

The community of New South Wales has experienced significant emergency events during the past three years. COVID-19 first emerged in New South Wales after bushfire and flooding emergencies in 2019–20. The pandemic is now into its third year, and there have been further extreme weather and flooding events during 2021 and 2022.

Lessons taken from the experience of these events are important to informing future responses and reducing future risks to the community from emergencies.

This audit focuses on the NSW Government's response to the COVID-19 pandemic, and in particular, the Delta variant (Delta) that occurred between June and November 2021. The response to the Delta represents six months of heightened challenges for the NSW Government.

Government responses to emergencies are guided by legislation. The State Emergency and Rescue Management Act 1989 (SERM Act) establishes emergency management arrangements in New South Wales and covers:

coordination at state, regional and local levels through emergency management committees
emergency management plans, supporting plans and functional areas including the State Emergency Management Plan (EMPLAN)
operations centres and controllers at state, regional and local levels.

This audit focuses on the activities of five agencies during the audit period:

The NSW Police Force led the emergency management response and was responsible for coordinating agencies across government in providing the tactical and operational elements that supported and enhanced the health response to the pandemic. The NSW Police Force also led the compliance response which enforced Public Health Orders and included household checks on those required to isolate at home after testing positive to COVID-19. In some parts of NSW, they were supported by the Australian Defence Force in this role.
NSW Health was responsible for leading the health response which coordinated all parts of the health system, initially to prevent, and then to manage, the pandemic.
Resilience NSW coordinated welfare services as part of the emergency management arrangements and provided secretariat support to the State Emergency Management Committee (SEMC). The SEMC is responsible for the coordination and oversight of emergency management policy and preparedness. Resilience NSW was also tasked with supporting the needs of communities subject to stay-at-home orders or stricter restrictions.
The Department of Customer Service (DCS) was responsible for the statewide strategic communications response.
The Department of Premier and Cabinet (DPC) held a key role in providing policy and legal services, as well as supporting the coordination of activity across a range of functional areas and decision-making by our State’s leaders.

This audit assessed the effectiveness of NSW Government agencies’ coordination (focused on the Department of Premier and Cabinet, NSW Health, the NSW Police Force, Resilience NSW and the Department of Customer Service) of the COVID-19 response in selected Local Government Areas (LGA) (Fairfield City Council and Dubbo Regional Council) after June 2021.

The audit investigated whether:

government decisions to apply LGA-specific Public Health Orders were supported by effective crisis management governance and planning frameworks
agencies effectively coordinated in the communication (and enforcement) of Public Health Orders.

While focusing on the coordination of NSW Government agencies’ response to the Delta variant in June through to November 2021, the audit also considered relevant planning and preparation activities that occurred prior to June 2021 to examine how emergency management and public health responses learned from previous events.

This audit does not assess the effectiveness of other specific COVID-19 responses such as business support. It refers to the preparedness, planning and delivery of these activities in the context of supporting communities in selected LGAs. NSW Health's contribution to the Australian COVID-19 vaccine rollout was also subject to a separate audit titled 'New South Wales COVID-19 vaccine rollout' tabled in NSW Parliament on 7 December 2022.

This audit is part of a series of audits which have been completed, or are in progress, regarding the New South Wales COVID-19 emergency response. The Audit Office of New South Wales '2022–2025 Annual Work Program' details the ongoing focus our audits will have on providing assurance on the effectiveness of emergency responses.

In this document Aboriginal refers to the First Nations peoples of the land and waters now called Australia, and includes Aboriginal and Torres Strait Islander peoples.

Conclusion

Prior to June 2021, agencies worked effectively together to adapt and refine pre-existing emergency management arrangements to respond to COVID-19. However, lessons learned from prior reviews of emergency management arrangements, and from other jurisdictions, had not been implemented when Delta emerged in June 2021. As a result, agencies were not as fully prepared as they could have been to respond to the additional challenges presented by Delta.

In the period March 2020 to June 2021, the State's Emergency Management (EM) arrangements coordinated the New South Wales emergency response to COVID-19 with support from the Department of Premier and Cabinet (DPC) which led the cross-government COVID-19 Taskforce. NSW Government agencies enhanced the EM arrangements, which until then had typically been activated in response to natural disasters, to meet the specific circumstances of the pandemic.

However, the State Emergency Management Committee (SEMC), supported by Resilience NSW, did not address relevant recommendations arising from the 2020 Bushfires Inquiry before June 2021 and agencies did not always integrate lessons learned from other jurisdictions or scenario training exercises into emergency management plans or strategies before Delta. As a result, deficiencies in the EM arrangements, including representation of vulnerable communities on EM bodies, well-being support for multicultural communities in locked down environments and cross-agency information sharing, persisted when Delta emerged in June 2021.

It should be noted that for the purposes of this audit there is no benchmark, informed by precedent, that articulates what level of preparation would have been sufficient or proportionate. However, the steps required to address these gaps were reasonable and achievable, and the failure to do so meant that agencies were not as fully prepared as they could have been for the scale and escalation of Delta’s spread across the State.

The Delta Microstrategy complemented the EM arrangements to support greater coordination and agencies are working to improve their capability for future events

The Delta Microstrategy (the Microstrategy) led to innovations in information sharing and collaboration across the public service. Agencies involved in the response have completed, or are completing, reviews of their contribution to the response. That said, none of these reviews includes a focus on whole-of-government coordination.

On 23 July 2021, the NSW Government approved the establishment of the Microstrategy to respond to the additional challenges presented by Delta including the need to support communities most impacted by restrictions to movement and gathering in the LGAs of concern. An extensive range of government agencies were represented across eight Microstrategy workstreams, which coordinated with the existing EM arrangements to deliver targeted strategies to communities in high-risk locations and improve data and information sharing across government. This enhanced the public health, compliance, income and food support, communications and community engagement aspects of the response.

Agencies also leveraged learnings from early weeks of the Delta wave and were able to replicate those lessons in other locations. The use of pre-staging hubs in Fairfield to support food and personal hamper distribution was used a month later in Dubbo which acted as a central hub for more remote parts of the State.

Emergency management plans did not enable government to respond immediately to support vulnerable communities in high-risk LGAs or regional NSW

There are gaps in the emergency management plans relating to the support for individuals, families and businesses impacted by the stay-at-home orders and other restrictions to movement and gathering. These gaps affected agencies' ability to respond immediately when the need arose during Delta.

Emergency management plans and supporting instruments did not include provision for immediate relief for households, which meant arrangements for isolation income support and food security measures had to be designed in the early stages of Delta before it could be approved and deployed.

There were delays – sometimes only days, on occasion, weeks - in providing support to affected communities. In particular, there were delays to the provision of income support and in scaling up efforts to coordinate food and grocery hampers to households in isolation. In LGAs of concern, modest delays of a few days had a significant impact on people, especially those most vulnerable.

Although government issued stricter restrictions for workers in the Fairfield LGA on 14 July 2021, it only approved targeted income support for people in LGAs of concern on 16 August 2021.

Overall, agencies coordinated effectively to provide advice to government but there are opportunities to learn lessons to improve preparedness for future events

Agencies coordinated in providing advice to government. The advice was supported by timely public health information, although this was in the context of a pandemic, where data and information about the virus and its variants was changing regularly. However, agencies did not always consider the impact on key industries or supply chains when they provided advice to government, which meant that Public Health Orders would sometimes need to be corrected.

Public Health Orders were also updated as the response to Delta intensified or to address unintended consequences of previous orders. The frequency of changes hampered agencies' ability to effectively communicate changes to frontline staff and the community in a rapidly evolving situation.

The audit identified several occasions where there were delays, ranging from three to 21 days, between the provision of advice to government and subsequent decision-making (which we have not detailed due to the confidentiality of Cabinet deliberations). Agency officers advised of instances where they were not provided sufficient notice of changes to Public Health Orders to organise local infrastructure (such as traffic support for testing clinics) to support compliance with new requirements.

The COVID-19 pandemic arrived in Australia in late January 2020 as the bushfire and localised flooding emergencies were in their final stages. Between 2020 and mid-2021, agencies responded to the initial variants of COVID-19, managed a border closure with Victoria that lasted nearly four months and dealt with localised ‘flare-ups’ that required postcode-based restrictions on mobility in northern parts of Sydney and regional New South Wales. During this period, New South Wales had the opportunity to learn from events in Victoria which imposed strict restrictions on mobility across the State and the growing emergence of the Delta variant (Delta) across the Asia Pacific.

This section of the report assesses how emergency management and public health responses adapted to these lessons and determined preparedness for, and responses to, widespread community transmission of Delta in New South Wales.

The previous chapter discusses how agencies had refined the existing emergency management arrangements to suit the needs of a pandemic and describes some gaps that were not addressed. This chapter explores the first month of Delta (mid-June to mid-July 2021). It explores the areas where agencies were prepared and responses in place for the outbreak. It also discusses the impact of the gaps that were not addressed in the period prior to Delta and other issues that emerged.

NSW Health provided advice on the removal of restrictions based on up-to-date advice

The NSW Government discussed the gradual process for removing restrictions using the Doherty Institute modelling provided to National Cabinet on 10 August 2021. NSW Health highlighted the importance of maintaining a level of public health and safety measure bundles to further suppress case numbers. This was based on additional modelling from the Doherty Institute.

The Department of Regional NSW led discussion and planning around reopening with a range of proposal through August and September 2021. The Department of Premier and Cabinet and NSW Health jointly developed a paper to provide options on the restrictions when the State reached a level of 70% double dose vaccinations.

The roadmap to reopening was originally published on 9 September 2021. However, by 11 October 2021, the restrictions were relaxed when the 70% double dose threshold was reached to allow:

up to ten fully vaccinated visitors to a home (increased from five)
up to 30 fully vaccinated people attending outdoor gatherings (increased from 20)
weddings and funerals limits increased to 100 people (from 50)
the reopening of indoor pools for training, exercise and learning purposes only.

On the same day, the NSW Government announced further relaxation of restrictions once the 80% double dose threshold was reached. These restrictions were further relaxed on 8 November 2021. This included the removal of capacity restrictions to the number of visitors to a private residence, indoor pools to reopen for all purposes and density limits of one person for every two square metres, dancing allowed in nightclubs and 100% capacity in major stadia.

The NSW Government allowed workers in regional areas who received one vaccination dose to return to their workplace from 11 October 2021.

The Premier extended the date of easing of restrictions for unvaccinated people aged over 16 from 1 December to 15 December 2021.

Many agencies have undertaken reviews of their response to the Delta outbreak but a whole-of-government review has yet to be conducted

Various agencies and entities associated with the response to the Delta outbreak conducted after-action review processes. These processes assessed the achievements delivered, lessons learned and opportunities for improvement. However, a whole-of-government level review has not been conducted. This limits the New South Wales public service's ability to improve how it coordinates responses in future emergencies.

The agencies/entities that conducted reviews included:

South West Metropolitan region, Western NSW region, Fairfield Local Emergency Management Committee (LEMC), Dubbo Local Emergency Operations Controller (LEOCON), which were collated centrally by the State Emergency Operations Centre (SEOC)
Aboriginal Affairs NSW assessed representation and relevance of the emergency management arrangements for Aboriginal communities following the 2019 bushfires
Resilience NSW developed case studies to capture improved practice with regard to food security and supply chains
a community support and empowerment-focused after-action review undertaken by the Pillar 5 workstream of the Microstrategy.

Key lessons collated from the after-action reviews include:

the impact of variation in capability across agencies on the management of key aspects of the response including welfare support and logistics
issues with boundary differences between NSW Police Force regions, local government areas (LGA and local health districts (LHD) caused issues in delivering and coordinating services in an emergency situation
the need to improve relationships between state and local Government outside of acute emergency responses to improve service delivery
issues arising from impediments to information sharing between agencies and jurisdictions, such as:
- timeliness and accuracy of data used to direct compliance activities
- the impact of insufficient advance notice on changes to Public Health Orders
- timely access to data across public sector agencies and other jurisdictions to inform decision-making, analysis and communications
- gaps in data around ethnicity, geolocation of recent positive cases and infection/vaccination rates in Aboriginal communities.
the lack of Aboriginal community representation on many LEMCs
compared with the response to COVID-19 in 2020, improved coordination of communications with Culturally and Linguistically Diverse (CALD) populations with a reduction in overlapping messages and over-communication
improved attendance from agency representatives in LEMCs, and regional emergency operations centres (REOC) to improve interagency communications, planning, capability development and community engagement issues
deficiencies in succession planning and fatigue management practices
the potential for REOC Welfare/Well-being subgroups to be included as part of the wider efforts to community needs during emergencies.

NSW Health commenced a whole of system review of its COVID-19 response in May 2022. At the time of writing, the completion due date for the debrief is 7 November 2022. This debrief is expected to explore:

governance
engagement
innovation and technology
community impact
workforce impact
system impact and performance.

NSW Health is also undertaking a parallel Intra-Action Review that is focused on the public health aspects of the response with finalisation estimated for the end of November 2022. At the time of completing this performance audit report, NSW Health had not finalised these reviews and, as a result, we cannot validate their findings against our own observations.

Recent inquiries are likely to impact the governance of emergency management in New South Wales

In March 2022, the NSW Government established an independent inquiry to examine and report on the causes of, preparedness for, response to and recovery from the 2022 floods. The Flood Inquiry report made 28 recommendations, which the NSW Government supported in full or in principle. Some of the recommendations relate directly to the governance and leadership of emergency management arrangements in New South Wales.

The State Emergency Management Committee (SEMC) will likely be involved in, and impacted by, the recommendations arising from the Flood Inquiry with potential changes to its membership and reshaping of functional areas and agencies. At the same time, the SEMC may have a role in overseeing the changes that emerge from the SEOC consolidated after-action reviews. This can also extend to ensuring local and regional bodies have incorporated the required actions. There is a risk that the recommendations from the pandemic-based after-action reviews may not be considered due to the priority of action resulting from the Flood Inquiry.

Furthermore, there is potential for the SEMC to work with NSW Health during its system-wide review. Such an approach is likely to improve preparedness for future events.

Appendix one – Response from agencies

Appendix two – Chronology 2020–2021

Appendix three – About the audit

Appendix four – Performance auditing

Copyright notice

Parliamentary reference - Report number #371 - released 20 December 2022

7 December 2022

Published

Health 2022

Health

Whole of Government

Asset valuation

Compliance

Cyber security

Financial reporting

Information technology

Infrastructure

Internal controls and governance

Management and administration

Procurement

Risk

Service delivery

Shared services and collaboration

Workforce and capability

What the report is about

Result of Health cluster (the cluster) agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for the financial statements for all Health cluster agencies.

The COVID-19 pandemic continued to increase the complexity and number of accounting matters faced by the cluster. The total gross value of corrected misstatements in 2021–22 was $353.3 million, of which $186.7 million related to an increase in the impairment provision for Rapid Antigen Tests (RATs).

A qualified audit opinion was issued on the Annual Prudential Compliance Statement related to five residential aged care facilities. There were 20 instances (19 in 2020–21) of non-compliance with the prudential responsibilities within the Aged Care Act 1997.

What the key issues were

The total number of matters we reported to management across the cluster decreased from 116 in 2020–21 to 67 in 2021–22. Of the 67 issues raised, four were high risk (three in 2020-21) and 37 were moderate risk (57 in 2020–21). Nearly half of all control deficiencies reported in 2021–22 were repeat issues.

Three unresolved high-risk issues were:

COVID-19 inventories impairment – we continued to identify issues relating to management’s impairment model which relies on anticipated future consumption patterns. RATs had not been assessed for impairment.
Asset capitalisation threshold – management has not reviewed the appropriateness of the asset capitalisation threshold since 2006.
Forced-finalisation of HealthRoster time records – we continued to observe unapproved rosters being finalised by system administrators so payroll can be processed on time. 2.6 million time records were processed in this way in 2021–22.

What we recommended

COVID-19 inventories impairment – ensure consumption patterns are supported by relevant data and plans.
Assets capitalisation threshold – undertake further review of the appropriateness of applying a $10,000 threshold before capitalising expenditure on property, plant and equipment.
Forced-finalisation of HealthRoster time records – develop a methodology to quantify the potential monetary value of unapproved rosters being finalised.

This report provides Parliament and other users of Health cluster (the cluster) agencies' financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Health cluster (the cluster) for 2022.

Section highlights

Unqualified audit opinions were issued for all cluster agencies required to prepare general purpose financial statements.
The total gross value of corrected monetary misstatements for 2021–22 was $353.3 million, of which, $186.7 million related to an increase in the impairment provision for Rapid Antigen Tests.
A qualified audit opinion was issued on the ministry's Annual Prudential Compliance Statements.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the cluster.

Section highlights

The total number of internal control deficiencies has decreased from 116 in 2020–21 to 67 in 2021–22. Of the 67 issues raised in 2021–22, four were high (2020–21: 3) and 37 were moderate (2020–21: 57); with nearly half of all control deficiencies reported in 2021–22 being repeat issues.
The following four issues were reported in 2021–22 as high risk:
- impairment of COVID-19 inventories
- inadequate review over the appropriateness of asset capitalisation threshold
- forced-finalisation of HealthRoster time records
- COVID-19 vaccination inventories – data quality issue at 31 March 2022.
Management of excessive leave balances and poor quality or lack of documentation supporting key agreements continued to be the key repeat issues observed in the 2021–22 financial reporting period.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

Copyright notice

7 December 2022

Published

New South Wales COVID-19 vaccine rollout

Health

Internal controls and governance

Management and administration

Project management

Risk

Service delivery

What the report is about

The Australian Government led and implemented the Australian COVID-19 vaccine rollout, with the support of state and territory governments. As part of the Australian Government's vaccine rollout, NSW Health launched its vaccination program on 22 February 2021, with responsibility for distributing and administering COVID-19 vaccine stock provided by the Australian Government.

This audit examined the period 1 January 2021 to 31 December 2021 and focused on NSW Health's contribution to the Australian Government led vaccine roll out in four Local Health Districts (LHDs), in particular the administration of two doses of vaccine to people aged 16 and over.

What we found

On 16 October 2021, NSW Health, in partnership with the Australian Government's vaccination program, achieved its first objective to fully vaccinate 80% of people in NSW aged 16 and over. Demand for the vaccine reduced in December 2021, and NSW Health did not reach its target of 95% fully vaccinated for people aged 16 and over until June 2022.

Despite challenges such as uncertain supply and changes to clinical advice affecting vaccine eligibility, NSW Health's overall delivery of vaccination services was effective and efficient.

During the audit period, NSW Health implemented effective strategies to allocate vaccines and reduce wastage to optimise the number of vaccines available.

NSW Health implemented its own booking system after it identified that the Australian Government's system would not manage bookings. There were problems with NSW Health's interim vaccine booking system, and NSW Health fully resolved these issues by September 2021.

As at 19 October 2022, vaccination rates for Aboriginal peoples and culturally and linguistically diverse people remained below the 95% target.

What we recommended

By June 2023, NSW Health should conduct a comprehensive review of the COVID-19 vaccine rollout and incorporate lessons learned into pandemic response plans.

The first three cases of COVID-19 in New South Wales were diagnosed in January 2020. By 30 June 2021, 128 people were being treated in hospital and one person was in intensive care. By the end of December 2021, 187,504 total cases and 663 deaths were reported in New South Wales. As at 27 October 2022, NSW Health reported more than three million total cases and 5,430 deaths.

The COVID-19 pandemic continues to have a significant impact on the people and the health sector of New South Wales. The Australian, state, territory, and local governments have directed significant resources towards health responses and economic recovery.

On 13 November 2020, National Cabinet (comprised of the Australian, state, and territory governments) endorsed the Australian COVID-19 Vaccination Policy. Australia's vaccination program was launched on 21 February 2021 with the goal of providing safe and effective vaccines to the people who most needed them as quickly as possible, to support the physical, mental and economic wellbeing of the nation.

The Australian Government led and implemented the Australian vaccine rollout, with the support of state and territory governments. As part of the Australian Government's vaccine rollout, NSW Health launched its vaccination program on 22 February 2021, with responsibility for distributing and administering COVID-19 vaccine stock provided by the Australian Government.

The overall objective of this audit was to assess the effectiveness and efficiency of NSW Health’s contribution to the Australian COVID-19 vaccine rollout. It is important to note that in New South Wales, primary care providers (GPs and pharmacies) and aged care providers administered the majority of vaccines. Primary care providers and aged care providers are the responsibility of the Australian Government.

The audit had a particular focus on whether NSW Health:

set clear vaccination targets underpinned and/or guided by evidence
managed the rollout of the vaccination program effectively and efficiently
managed demand of vaccines effectively and efficiently.

The audit examined the period 1 January 2021 to 31 December 2021 and focused on NSW Health's contribution to the Australian Government led vaccine rollout in four Local Health Districts (LHDs), in particular the administration of two doses of vaccine to people aged 16 and over. We did not audit the subsequent rollout for ages five to 15, or the booster rollout (third and fourth doses) as these activities mostly occurred outside the date of our review.

This audit also did not assess the Australian Government’s allocation of vaccine supplies to New South Wales because we do not audit the Australian Government's activities. On 17 August 2022, the Australian National Audit Office completed a performance audit which assessed the Australian Department of Health and Aged Care's effectiveness in the planning and implementation of Australia's COVID-19 vaccine rollout.

This audit is one of a series of audits that have been completed or are in progress regarding the New South Wales COVID-19 emergency response. This includes the planned performance audit ‘Coordination of the response to COVID-19 (June to November 2021)’, and financial audit assurance activities focusing on Local Health District processes and controls to manage the receipt, distribution and inventory management of vaccine stock. The Audit Office New South Wales '2022–25 Annual Work Program' details the ongoing focus our audits will have on providing assurance on the effectiveness of emergency responses.

Conclusion

By 12 December 2021, NSW Health had administered two doses of vaccines to one third of eligible people in New South Wales aged 16 and over – contributing significantly to the achievement of the NSW Government vaccination target of 80% fully vaccinated before 31 December 2021. Despite challenges such as uncertain supply and changes to clinical advice affecting vaccine eligibility, NSW Health's overall delivery of vaccination services was effective and efficient.

Vaccination levels in some vulnerable populations remain below the 95% double dose target currently in place. Access to quality data to regularly measure vaccination rates in some vulnerable populations remains an ongoing challenge for the NSW and Australian Governments. As a result, NSW Health is unable to fully ensure it has delivered on its shared responsibility with the Australian Government to vaccinate vulnerable people.

NSW Health managed challenges regarding the uncertain supply of vaccines from the Australian Government and filled gaps beyond its agreed responsibilities in the National Partnership on COVID-19 Response. During the Delta outbreak of the pandemic, NSW Health sought to achieve the best possible public health outcome from limited vaccine supply by opening up additional vaccination clinics in highly affected areas and redistributing vaccine supplies from areas with fewer cases to highly affected local government areas in south west Sydney.

During the audit period, NSW Health implemented effective strategies to allocate vaccines and reduce wastage to optimise the number of vaccines available. Our financial audit report, 'Health 2022', includes additional information on vaccine supply stock held by NSW Health.

NSW Health demonstrated agility by using a range of strategies to promote vaccination, including direct engagement with communities to develop culturally appropriate services such as pop-up clinics. NSW Heath recruited prominent community members, such as faith leaders, elders and sportspeople, to promote vaccination within their communities. However, at the date of this report, there are still vulnerable populations with vaccination rates lower than the current 95% double dose vaccination target. There is also a lack of regularly updated data for some cohorts which prevents NSW Health from accurately monitoring vaccination rates in some populations it has identified as vulnerable.

In March 2021, NSW Health identified that the booking system provided by the Australian Government was an online directory of vaccine clinics and would not manage bookings. To overcome this, NSW Health amended an internal-use system to be publicly facing. This solution was not user-friendly for staff or those seeking to make an appointment. Between June to September 2021, NSW Health progressively resolved booking system related issues, by developing and rolling out a new purpose-built booking solution for NSW Health vaccination clinics.

Appendix one – Response from agency

Appendix two – Australian audits on the vaccine rollouts

Appendix three – Committee members

Appendix four – About the audit

Appendix five – Performance auditing

Copyright notice

Parliamentary reference - Report number #369 - released 7 December 2022

30 June 2022

Published

Audit Insights 2018-2022

Community Services

Education

Environment

Finance

Health

Industry

Justice

Local Government

Premier and Cabinet

Planning

Transport

Treasury

Universities

Whole of Government

Asset valuation

Cross-agency collaboration

Compliance

Cyber security

Financial reporting

Fraud

Information technology

Infrastructure

Internal controls and governance

Management and administration

Procurement

Project management

Regulation

Risk

Service delivery

Shared services and collaboration

Workforce and capability

What the report is about

In this report, we have analysed the key findings and recommendations from our audit reports over the past four years.

This analysis includes financial audits, performance audits, and compliance audits of state and local government entities that were tabled in NSW Parliament between July 2018 and February 2022.

The report is framed by recognition that the past four years have seen significant challenges and emergency events.

The scale of government responses to these events has been wide-ranging, involving emergency response coordination, service delivery, governance and policy.

The report is a resource to support public sector agencies and local government to improve future programs and activities.

What we found

Our analysis of findings and recommendations is structured around six key themes:

Integrity and transparency
Performance and monitoring
Governance and oversight
Cyber security and data
System planning for disruption
Resource management.

The report draws from this analysis to present recommendations for elements of good practice that government agencies should consider in relation to these themes. It also includes relevant examples from recent audit reports.

In this report we particularly call out threats to the integrity of government systems, processes and governance arrangements.

The report highlights the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit.

A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.

Fast facts

72 audits included in the Audit Insights 2018–2022 analysis
4 years of audits tabled by the Auditor-General for New South Wales
6 key themes for Audit Insights 2018–2022.

picture of Margaret Crawford Auditor-General for New South Wales in black dress with city skyline as background I am pleased to present the Audit Insights 2018–2022 report. This report describes key findings, trends and lessons learned from the last four years of audit. It seeks to inform the New South Wales Parliament of key risks identified and to provide insights and suggestions to the agencies we audit to improve performance across the public sector.

The report is framed by a very clear recognition that governments have been responding to significant events, in number, character and scale, over recent years. Further, it acknowledges that public servants at both state and council levels generally bring their best selves to work and diligently strive to deliver great outcomes for citizens and communities. The role of audit in this context is to provide necessary assurance over government spending, programs and services, and make suggestions for continuous improvement.

However, in this report we particularly call out threats to the integrity of government systems, processes and governance arrangements. We highlight the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit. Arguably, these considerations are never more important than in an increasingly complex environment and in the face of significant emergency events and they will be key areas of focus in our future audit program.

While we have acknowledged the challenges of the last few years have required rapid responses to address the short-term impacts of emergency events, there is much to be learned to improve future programs. I trust that the insights developed in this report provide a helpful resource to public sector agencies and local government across New South Wales. I would be pleased to receive any feedback you may wish to offer.

Margaret Crawford
Auditor-General for New South Wales

Integrity and transparency	Performance and monitoring	Governance and oversight	Cyber security and data	System planning	Resource management
Insufficient documentation of decisions reduces the ability to identify, or rule out, misconduct or corruption.	Failure to apply lessons learned risks mistakes being repeated and undermines future decisions on the use of public funds.	The control environment should be risk-based and keep pace with changes in the quantum and diversity of agency work.	Building effective cyber resilience requires leadership and committed executive management, along with dedicated resourcing to build improvements in cyber security and culture.	Priorities to meet forecast demand should incorporate regular assessment of need and any emerging risks or trends. Absence of an overarching strategy to guide decision-making results in project-by-project decisions lacking coordination.	Governments must weigh up the cost of reliance on consultants at the expense of internal capability, and actively manage contracts and conflicts of interest.
Government entities should report to the public at both system and project level for transparency and accountability.	Government activities benefit from a clear statement of objectives and associated performance measures to support systematic monitoring and reporting on outcomes and impact.	Management of risk should include mechanisms to escalate risks, and action plans to mitigate risks with effective controls.	In implementing strategies to mitigate cyber risk, agencies must set target cyber maturity levels, and document their acceptance of cyber risks consistent with their risk appetite.	Service planning should establish future service offerings and service levels relative to current capacity, address risks to avoid or mitigate disruption of business and service delivery, and coordinate across other relevant plans and stakeholders.	Negotiations on outsourced services and major transactions must maintain focus on integrity and seeking value for public funds.
Entities must provide balanced advice to decision-makers on the benefits and risks of investments.	Benefits realisation should identify responsibility for benefits management, set baselines and targets for benefits, review during delivery, and evaluate costs and benefits post-delivery.	Active review of policies and procedures in line with current business activities supports more effective risk management.	Governments hold repositories of valuable data and data capabilities that should be leveraged and shared across government and non-government entities to improve strategic planning and forecasting.	Formal structures and systems to facilitate coordination between agencies is critical to more efficient allocation of resources and to facilitate a timely response to unexpected events.	Transformation programs can be improved by resourcing a program management office.
Clear guidelines and transparency of decisions are critical in distributing grant funding.	Quality assurance should underpin key inputs that support performance monitoring and accounting judgements.	Governance arrangements can enable input into key decisions from both government and non-government partners, and those with direct experience of complex issues.			Workforce planning should consider service continuity and ensure that specialist and targeted roles can be resourced and allocated to meet community need.
Governments must ensure timely and complete provision of information to support governance, integrity and audit processes.
Read more	Read more	Read more	Read more	Read more	Read more

This report brings together a summary of key findings arising from NSW Audit Office reports tabled in the New South Wales Parliament between July 2018 and February 2022. This includes analysis of financial audits, performance audits, and compliance audits tabled over this period.

Financial audits provide an independent opinion on the financial statements of NSW Government entities, universities and councils and identify whether they comply with accounting standards, relevant laws, regulations, and government directions.
Performance audits determine whether government entities carry out their activities effectively, are doing so economically and efficiently, and in accordance with relevant laws. The activities examined by a performance audit may include a selected program or service, all or part of an entity, or more than one government entity. Performance audits can consider issues which affect the whole state and/or the local government sectors.
Compliance audits and other assurance reviews are audits that assess whether specific legislation, directions, and regulations have been adhered to.

This report follows our earlier edition titled 'Performance Audit Insights: key findings from 2014–2018'. That report sought to highlight issues and themes emerging from performance audit findings, and to share lessons common across government. In this report, we have analysed the key findings and recommendations from our reports over the past four years. The full list of reports is included in Appendix 1. The analysis included findings and recommendations from 58 performance audits, as well as selected financial and compliance reports tabled between July 2018 and February 2022. The number of recommendations and key findings made across different areas of activity and the top issues are summarised at Exhibit 1.

The past four years have seen unprecedented challenges and several emergency events, and the scale of government responses to these events has been wide-ranging involving emergency response coordination, service delivery, governance and policy. While these emergencies are having a significant impact today, they are also likely to continue to have an impact into the future. There is much to learn from the response to those events that will help the government sector to prepare for and respond to future disruption. The following chapters bring together our recommendations for core elements of good practice across a number of areas of government activity, along with relevant examples from recent audit reports.

This 'Audit Insights 2018–2022' report does not make comparative analysis of trends in public sector performance since our 2018 Insights report, but instead highlights areas where government continues to face challenges, as well as new issues that our audits have identified since our 2018 report. We will continue to use the findings of our Insights analysis to shape our future audit priorities, in line with our purpose to help Parliament hold government accountable for its use of public resources in New South Wales.

Appendix one – Included reports, 2018–2022

Appendix two – About this report

Copyright notice

Audit progress

Sector

Year

Report type

Topic

Reports

What this report is about

Audit findings

What this report is about

Audit findings

Audit recommendations

What this report is about

The audit found

The key audit issues were

The audit recommended

Section highlights

Section highlights

What the report is about

What we found

We made recommendations about

About this Audit

Conclusion

There is no mechanism to ensure adequate radio coverage within new building infrastructure after the CCEP concludes, but the NSW Telco Authority and ESOs have agreed an approach to prioritise existing in-building sites for coverage for the duration of the CCEP.

There is a risk that radio interoperability between ESOs will not be maximised because the NSW Telco Authority has not settled with ESOs how encryption will be used across the enhanced PSN.

The capital cost to the NSW Telco Authority of the CCEP, originally estimated at $400 million in 2016, was not made public until the 2021–22 NSW Budget disclosed an estimate of $1.325 billon.

There has been no transparency about the whole-of-government cost of implementing the enhanced PSN through the CCEP.

The NSW Telco Authority established and tracked its own costs for the CCEP

Throughout the program, the NSW Government was informed of increasing costs being incurred by the NSW Telco Authority for the CCEP

There was no transparency to the Parliament and community about changes in the capital cost of the CCEP until the 2021–22 NSW Budget

The original business case for the CCEP included estimated ESO costs, though these costs were not tracked throughout the program

'Stay Safe and Keep Operational' costs incurred by ESOs will be significantly higher than originally estimated

A refresh of paging network used by ESOs and the decommissioning of redundant sites were both removed from the original 2016 scope of the CCEP

Paging

Decommissioning costs

The estimated minimum cost of building an enhanced PSN consistent with the original proposal is over $2 billion

What this report is about

What we found

Section highlights

Section highlights

What the report is about

What we found

What we recommended

About this audit

Conclusion

NSW Treasury and TfNSW had different objectives for TAHE

The Budget benefits of TAHE were claimed before the entity was legislated, committing the agencies to deliver, regardless of the complexities that subsequently arose

TAHE's financial structure requires circular government investment to work

The process of designing and implementing TAHE was not transparent to independent scrutiny

There was a lack of clarity around the roles and responsibilities of governance structures set up to oversee the design and implementation of TAHE

There was a heavy reliance on consulting firms throughout the process to establish TAHE, and the management of consultant engagements failed to ensure that agencies received independent advice to support objective decision-making

Copyright notice

What the report is about

What we found

What we recommended

Conclusion

NSW Health provided advice on the removal of restrictions based on up-to-date advice

Many agencies have undertaken reviews of their response to the Delta outbreak but a whole-of-government review has yet to be conducted

Recent inquiries are likely to impact the governance of emergency management in New South Wales

Copyright notice

What the report is about

What we found

What the key issues were

What we recommended

Section highlights

Section highlights

Copyright notice

What the report is about

What we found

What we recommended

Conclusion

Copyright notice

What the report is about

What we found

Fast facts

Copyright notice