Reports
Actions for Effectiveness of SafeWork NSW in exercising its compliance functions
Effectiveness of SafeWork NSW in exercising its compliance functions
What this report is about
This report assesses how effectively SafeWork NSW, a part of the Department of Customer Service (DCS), has performed its regulatory compliance functions for work health and safety in New South Wales.
The report includes a case study examining SafeWork NSW's management of a project to develop a realtime monitoring device for airborne silica in workplaces.
Findings
There is limited transparency about SafeWork NSW's effectiveness as a regulator. The limited performance information that is available is either subsumed within DCS reporting (or other sources) and is focused on activity, not outcomes.
As a work health and safety (WHS) regulator, SafeWork NSW lacks an effective strategic and data-driven approach to respond to emerging WHS risks.
It was slow to respond to the risk of respirable crystalline silica in manufactured stone.
SafeWork NSW is constrained by an information management system that is over 20 years old and has passed its effective useful life.
While it has invested effort into ensuring consistent regulatory decisions, SafeWork NSW needs to maintain a focus on this objective, including by ensuring that there is a comprehensive approach to quality assurance.
SafeWork NSW's engagement of a commercial partner to develop a real-time silica monitoring device did not comply with key procurement obligations.
There was ineffective governance and process to address important concerns about the accuracy of the real-time silica monitoring device.
As such, SafeWork NSW did not adequately manage potential WHS risks.
Recommendations
The report recommended that DCS should:
- ensure there is an independent investigation into the procurement of the research partner for the real-time silica detector
- embed a formal process to review and set its annual regulatory priorities
- publish a consolidated performance report
- set long-term priorities, including for workforce planning and technology uplift
- improve its use of data, and start work to replace its existing complaints handling system
- review its risk culture and its risk management framework
- review the quality assurance measures that support consistent regulatory decisions
Read the PDF report.
Parliamentary reference - Report number #390 - released 27 February 2024
Actions for Flood housing response
Flood housing response
What this report is about
Extreme rainfall across eastern Australia in 2021 and 2022 led to a series of major flood events in New South Wales.
This audit assessed how effectively the NSW Government provided emergency accommodation and temporary housing in response to the early 2022 Northern Rivers and late 2022 Central West flood events.
Responsible agencies included in this audit were the Department of Communities and Justice, NSW Reconstruction Authority, the former Department of Planning and Environment, the Department of Regional NSW and the Premier’s Department.
Findings
The Department of Communities and Justice rapidly provided emergency accommodation to displaced persons immediately following these flood events.
There was no plan in place to guide a temporary housing response and agencies did not have agency-level plans for implementing their responsibilities.
The NSW Government rapidly procured and constructed temporary housing villages. However, the amount of temporary housing provided did not meet the demand.
There is an extensive waitlist for temporary housing and the remaining demand in the Northern Rivers is unlikely to be met. The NSW Reconstruction Authority has not reviewed this list to confirm its accuracy.
Demobilisation plans for the temporary housing villages have been developed, but there are no long-term plans in place for the transition of tenants out of the temporary housing.
Agencies are in the process of evaluating the provision of emergency accommodation and temporary housing.
The findings from the 2022 State-wide lessons process largely relate to response activities.
Audit recommendations
The NSW Reconstruction Authority should:
- Develop a plan for the provision of temporary housing.
- Review the temporary housing waitlist.
- Determine a timeline for demobilising the temporary housing villages.
- Develop a strategy to manage the transition of people into long-term accommodation.
- Develop a process for state-wide recovery lessons learned.
All audited agencies should:
- Finalise evaluations of their role in the provision of emergency accommodation and temporary housing.
- Develop internal plans for implementing their roles under state-wide plans.
Read the PDF report
Parliamentary reference - Report number #389 - released 22 February 2024
Actions for Driver vehicle system
Driver vehicle system
What this report is about
Transport for NSW (TfNSW) uses the Driver vehicle System (DRIVES) to support its regulatory functions. The system covers over 6.2 million driver licences and over seven million vehicle registrations.
DRIVES first went live in 1991 and has been significantly extended and updated since, though is still based around the same core system. The system is at end of life but has become an important service for Service NSW and the NSW Police Force.
DRIVES now includes some services to other parts of government and non-government entities which have little or no connection to transport. There are 141 users of DRIVES in total, including commercial insurers, national regulators, and individual citizens.
This audit assessed whether TfNSW is effectively managing DRIVES and planning to transition it to a modernised system.
Audit findings
TfNSW has not effectively planned the replacement of DRIVES.
It is now working on its third business case for a replacement system but has failed to learn lessons from its past attempts.
In the meantime, TfNSW has not taken a strategic approach to managing DRIVES’ growth.
TfNSW has been slow to reduce the risk of misuse of personal information held in DRIVES. With its delivery partner Service NSW, TfNSW has also been slow to develop and implement automatic monitoring of access.
TfNSW uses recognised processes for managing most aspects of DRIVES, but has not kept the system consistently available for users. TfNSW has lacked accurate service availability information since June 2022, when it changed its technology support provider.
TfNSW needs to significantly prioritise cyber security improvements to DRIVES. TfNSW is seeking to lift DRIVES’ cyber defences, but it will not achieve its stated target safeguard level until December 2025.
Even then, one of the target safeguards will not be achieved in full until DRIVES is modernised.
Audit recommendations
TfNSW should:
- implement a service management framework including insight into the views of DRIVES users, and ensuring users can influence the service
- ensure it can accurately and cost effectively calculate when DRIVES is unavailable due to unplanned downtime
- ensure implementation of a capability to automatically detect anomalous patterns of access to DRIVES
- ensure that DRIVES has appropriate cyber security and resilience safeguards in place as a matter of priority
- develop a clear statement of the future role in whole of government service delivery for the system
- resolve key issues currently faced by the DRIVES replacement program including by:
- clearly setting out a strategy and design for the replacement
- preparing a specific business case for replacement.
Read the PDF report
Parliamentary reference - Report number #388 - released 20 February 2024
Actions for Regional road safety
Regional road safety
What this report is about
Around one-third of the state’s population lives in regional NSW, but deaths on regional roads make up around two-thirds of the state’s road toll.
Transport for NSW (TfNSW) is responsible for managing road safety outcomes across the NSW road network. This audit assessed the effectiveness of TfNSW’s delivery of road safety strategies, plans and policies in regional areas.
The NSW Road Safety Action Plan 2022–2026 has the stated goal of ‘no death or serious injury occurring on the road transport network’ by 2050.
What we found
There is a disproportionate amount of trauma on regional roads, but there are no specific road safety plans or trauma reduction targets for regional NSW.
TfNSW advises that the setting of state-wide road safety targets is consistent with other jurisdictions and international best practice. However, the proportion of road fatalities and serious injuries in regional NSW is almost the same as ten years ago.
There is no regional implementation plan to assist TfNSW to target the Road Safety Action Plan 2026 to regional areas.
TfNSW considers that local road safety outcomes should be managed by councils, but only 52% of regional councils participated in its Local Government Road Safety Program (LGRSP) in 2022–23. This program has not been updated since 2014, despite commitments to do so in 2021 and 2022.
TfNSW has not undertaken a systematic and integrated analysis of the combined impact of its road safety strategies and plans in regional NSW since 2012.
TfNSW reports against the Community Road Safety Fund (CRSF) annually but there is no consolidated, public reporting on total road safety funding allocated to regional NSW. The Fund underspend increased from 12% in 2019–20 to 20% in 2022–23.
What we recommended
We recommended TfNSW:
- develop a regional implementation plan to support the NSW Road Safety Action Plan, including a framework to annually measure, analyse and publicly report on progress
- develop a plan to measure and mitigate risks causing underspend in the CRSF
- expedite the review of the LGRSP including recommendations to increase involvement of regional councils.
Disclosure of confidential information
Under the Government Sector Audit Act 1983 (the Act), the Auditor-General may disclose confidential information if, in the Auditor-General’s opinion, the disclosure is in the public interest, and that disclosure is necessary for the exercise of the Auditor-General’s functions.
Confidential information in the Act means Cabinet information or information subject to legal privilege. This performance audit report contained confidential information.
The NSW Premier has certified that in his opinion the disclosure of the confidential information was not in the public interest.
The confidential information has been redacted from this report.
Under section 36A(2) of the Government Sector Audit Act 1983, the Auditor-General may authorise the disclosure of confidential information if, in the Auditor-General’s opinion, the disclosure is in the public interest and necessary for the exercise of the Auditor-General’s functions. Confidential information under the Government Sector Audit Act 1983 means Cabinet information, or information that could be subject to a claim of privilege by the State or a public official in a court of law. This performance audit report contained confidential information which, in the opinion of the Auditor-General, is in the public interest to disclose and that disclosure is necessary for the exercise of the Auditor-General’s functions.
On 26 October 2023, pursuant to section 36A(2)(b) of the Government Sector Audit Act 1983, the Auditor-General notified the NSW Premier of the intention to include this information in the published report, having formed the opinion that its disclosure is in the public interest and is necessary for the exercise of the Auditor-General’s functions.
On 23 November 2023, pursuant to section 36A(2)(c) of the Government Sector Audit Act 1983, the NSW Premier certified that, in his opinion, the proposed disclosure of the confidential information contained in this report was not in the public interest. The Premier’s certificate follows. Section 36A(4) states that a certificate of the Premier that it is not in the public interest to disclose confidential information is conclusive evidence of that fact.
The issuance of the certificate by the NSW Premier prevents the publication of this information. The relevant sections of the report containing confidential information have been redacted.
One-third of the New South Wales population resides in regional areas, but two-thirds of the state’s road crash fatalities take place on regional roads.
Between 2017 and 2021, the average number of fatalities for every 100,000 of the population living in regional New South Wales was 8.33 — approximately four times higher than the equivalent measure for Greater Sydney. Similarly, the average number of serious injuries in regional New South Wales over the same period was 75.24 per 100,000 of the population, compared with 50.53 in Greater Sydney. Further, more than 70% of people who lose their lives in accidents on regional roads are residents of regional areas.
Residents of regional areas face particular transport challenges. They often need to travel longer distances for work, health care, or recreation purposes, yet their public transport options are more limited than metropolitan residents. Vehicle safety is also an issue. According to the NSW Road Safety Progress Report 2021, of the light vehicles registered in New South Wales that were manufactured in or after 2000, 48.4% of light vehicles in regional areas had a five-star Australasian New Car Assessment Program (ANCAP) rating, compared to 54.8% in metropolitan areas. Road conditions in regional areas can also be more challenging for drivers.
Regional New South Wales covers 98.5% of the total area of the state. The road network in New South Wales is vast — spanning approximately 200,000 kilometres.
The road network includes major highways, state roads and local roads. Speed limits range from 10 km/hr in high pedestrian shared zones, up to 110 km/hr on high volume and critical road corridors. Eighty per cent of the network has a 100 km/h speed limit, which is mostly applied as a default speed limit, regardless of the presence of safety features and treatments.
Speed is the primary causal factor in more crashes in New South Wales than any other factor, and car crashes in regional areas are more likely to be fatal because of the higher average speeds involved.
The responsibility for managing road safety outcomes across the entire New South Wales road network lies with Transport for NSW (TfNSW), pursuant to Schedule 1 of the Transport Administration Act 1988.
While its safety responsibilities are state-wide, TfNSW does not own or directly manage all of the road network in regional New South Wales, which spans approximately 200,000 kilometres. Approximately 80% of the roads are classified as Local Roads and are administered and managed by local councils. Local councils also maintain Regional Roads that run through their local government areas. TfNSW is responsible for managing State Roads (approximately 20% of roads), which are major arterial roads. It also provides funding for councils to manage over 18,000 km (approximately 10%) of state-significant Regional Roads.
According to TfNSW, between 2016 and 2020, there were 9,776 people killed or seriously injured on roads in regional New South Wales. Adding to the tragic loss of life, according to TfNSW, the estimated cost to the community between 2016 and 2020 resulting from regional road trauma and fatalities was around $13.7 billion.
TfNSW also noted that the ‘risk of road trauma is pervasive, and a combination of effective road safety measures is required to systematically reduce this risk’.
TfNSW released its first long-term road-safety strategy in December 2012, which introduced the goal of ‘Vision Zero’ — a long-term goal of zero deaths or serious injuries on NSW roads. The terminology was changed to ‘Towards Zero’ in the 2021 Road Safety Plan and has been retained in the NSW Road Safety Action Plan 2022–2026. Towards Zero has the stated goal of ‘no death or serious injury occurring on the road transport network’ by 2050.
The objective of this audit is to assess the effectiveness of TfNSW’s delivery of ‘Towards Zero’ in regional areas.
In making this assessment, the audit examined whether TfNSW:
- is effectively reducing the number of fatalities and serious injuries on regional roads
- has an effective framework, including governance arrangements, for designing and refreshing the NSW Road Safety Strategy 2012–2021 and the NSW Road Safety Action Plan 2022–2026
- effectively makes use of whole-of-government and other relevant sources of data to support decision-making, and to evaluate progress and outcomes
- effectively manages accountabilities, including roles and responsibilities, with respect to road safety outcomes and the use of data.
This audit focused on the policies and strategies used by TfNSW for managing road safety outcomes in regional areas. We did not evaluate individual road safety projects, programs and initiatives as part of this audit.
Whilst Regional Roads and Local Roads (as defined by the Road Network Classifications) are owned and maintained by local councils, we included these roads in this audit as TfNSW may advise and assist councils to promote and improve road safety, as well as manage grant programs that focus on improving road safety outcomes on these roads. Hereafter, unless otherwise stated, references to ‘regional roads’ refer to all classifications of roads in the state which are in regional New South Wales, irrespective of their ownership.
Local councils in regional areas are key stakeholders for the purposes of this audit, and we interviewed eight as part of the audit process (noting that this was not intended to be a representative sample). Road asset management by local councils is also out of scope for this audit as it is the focus of a subsequent performance audit by the Audit Office of New South Wales.b
The Audit Office of New South Wales has undertaken several performance audits relating to road safety since 2009 and these have been referenced while undertaking this audit. They include:
- Condition of State Roads (August 2006)
- Improving Road Safety: Heavy Vehicles (May 2009)
- Improving Road Safety: School Zones (March 2010)
- Improving Road Safety: Speed Cameras (July 2011)
- Regional Assistance Programs (May 2018)
- Mobile speed cameras (October 2018)
- Rail freight and Greater Sydney (October 2021).
Conclusion
TfNSW has acknowledged that there is a disproportionate amount of road trauma on regional roads in the NSW Road Safety Strategy 2012–2021, the NSW Road Safety Plan 2021, and the NSW Road Safety Action Plan 2022–2026. However, TfNSW has not articulated or evaluated a strategy for implementing road safety policy in regional New South Wales to assist in guiding targeted activities to address regional road trauma. There is also no transparency about the total amount of funding invested in improving road safety outcomes for regional New South Wales.
People living in regional New South Wales make up one-third of the state’s population, but deaths on regional roads make up around two-thirds of the state’s total road toll. This statistic is almost the same in 2023 as it was ten years ago when TfNSW released its first long-term road safety strategy.
More than 70% of people who died on roads between 2012 and 2022 in regional New South Wales were residents of regional areas. Speed is the greatest contributing factor to road fatalities and serious injuries across the entire state. However, it is responsible for more fatalities on regional roads (43%) than in Greater Sydney (34%).
TfNSW’s road safety strategies and plans acknowledge that most road fatalities occur in regional New South Wales but none of its existing strategies or plans show evidence of tailoring measures to suit particular regional settings or ‘hot spots’. There are infrastructure initiatives (such as Saving Lives on Country Roads) and behavioural programs targeting regional areas (such as Driver Reviver). However, these activities are not aligned to a regional-specific strategy or plan that addresses issues specific to regional areas.
TfNSW has state-wide responsibility for managing road safety outcomes. TfNSW advised the audit that a regional plan and regional trauma reduction targets are not needed as the state-wide plan and targets apply equally for all areas of New South Wales, and local road safety factors are best managed by local councils. TfNSW partners with local councils. However, only 52% of councils in regional New South Wales participate in TfNSW’s Local Government Road Safety Program, compared to 84% of councils in metropolitan areas. TfNSW has not undertaken any evaluations to determine whether projects completed under the Local Government Road Safety Program have reduced road trauma at the local level.
Notwithstanding the above points, TfNSW works with local councils (who are road authorities for local roads in their respective areas under the Roads Act 1993) and other key stakeholders such as the NSW Police Force to achieve the NSW Government’s road safety policy objectives.
TfNSW advised that ‘the setting of state-wide road safety targets is consistent with other jurisdictions and international best practice. Importantly, delivery of road safety countermeasures is tailored and applied with a focus on road user groups across all geographic locations to maximise trauma reductions’. There may be legitimate reasons for the existing approach, as articulated by TfNSW. However, the proportion of road fatalities in regional New South Wales roads has not reduced since 2012 – despite a long-term reduction in the overall number of deaths on the state’s roads between 2012–2021. The audit report has recommended that a regionally focused implementation plan could address this issue. TfNSW has accepted this report’s recommendation that such a plan be developed.
Specific road safety initiatives targeted to regional areas have not been implemented or expanded
Text removed pursuant to section 36A of the Government Sector Audit Act 1983 (NSW), in compliance with the issuance of a Premier’s certificate preventing the publication of this information. |
TfNSW increased the use of other forms of automated enforcement (such as tripling enforcement hours in mobile speed cameras).
However, the use of automated enforcement has a strong metropolitan focus with most red light and fixed speed cameras being in metropolitan areas. Average speed cameras are the only camera type overwhelmingly located in regional areas but these apply only to heavy vehicles and are positioned on major freight routes.
There is no consolidated, public reporting of what proportion of total road safety funding is directed to regional New South Wales each year. The main source of funding for road safety in New South Wales, the Community Road Safety Fund, has been underspent since 2019.
Fines from camera-detected speeding, red-light and mobile phone use offences are required to be used solely for road safety purposes through the Community Road Safety Fund (CRSF), as set out in the Transport Administration Amendment (Community Road Safety Fund) Act 2012.
The CRSF has been underspent every year since 2019–20. The underspend has increased from 12% in 2019–20 to 20% in 2022–23 where the full year underspend was forecasted to be $104 million. Of this underspend, $13.5 million was dedicated for regional road infrastructure projects. TfNSW advised the audit that much of the underspend is the result of delays to infrastructure projects due to COVID-19, bushfires, and floods, as well as skills shortages. However, TfNSW has not provided any evidence that it had a plan to mitigate these risks – meaning the level of underspend could continue to grow. TfNSW also advised ‘there is no reason to expect budget management and controls will not return to pre-COVID circumstances’.
In total, TfNSW received $700 million in funding for road safety in 2021–22 (including federal contributions and the Community Road Safety Fund). Of this, $411 million (or ~59%) was directed to regional New South Wales. This is the most recent comprehensive financial data that was provided by TfNSW to the audit team. The 2022–23 NSW Budget allocated $880 million for road safety in 2022–23, with a forecasted total allocation for road safety of $1.6 billion in recurrent expenses and $0.8 billion in capital expenditure over the period 2022–23 to 2025–26.
Appendix one – Response from Transport for NSW
Appendix two – The Safe Systems framework and NSW road safety strategies and plans
Appendix three – About the audit
Appendix four – Performance auditing
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #386 - released 30 November 2023
Actions for Management of the Critical Communications Enhancement Program
Management of the Critical Communications Enhancement Program
What the report is about
Effective radio communications are crucial to NSW's emergency services organisations.
The Critical Communications Enhancement Program (CCEP) aims to deliver an enhanced public safety radio network to serve the five emergency services organisations (ESOs), as well as a range of other users.
This report assesses whether the NSW Telco Authority is effectively managing the CCEP.
What we found
Where it has already been delivered (about 50% of the state), the enhanced network meets most of the requirements of ESOs.
The CCEP will provide additional infrastructure for public safety radio coverage in existing buildings agreed to with ESOs. However, radio coverage inside buildings constructed after the CCEP concludes will be at risk because building and fire regulations do not address the need for in-building public safety radio coverage.
Around 98% of radios connected to the network can be authenticated to protect against cloning, though only 42% are.
The NSW Telco Authority has not settled with ESOs on how call encryption will be used across the network. This creates the risk that radio interoperability between ESOs will not be maximised.
When completed, the public safety radio network will be the only mission critical radio network for ESOs. It is unclear whether governance for the ongoing running of the network will allow ESOs to participate in future network operational decisions.
The current estimated capital cost for the NSW Telco Authority to complete the CCEP is $1.293 billion. This is up from an estimated cost of $400 million in 2016. The estimated capital cost was not publicly disclosed until $1.325 billion was shown in the 2021–22 NSW Budget Papers.
We estimate that the full cost to government, including costs to the ESOs, of implementing the enhanced network is likely to exceed $2 billion.
We made recommendations about
- The governance of the enhanced Public Safety Network (PSN) to support agency relationships.
- The need to finalise a Traffic Mitigation Plan for when the network is congested.
- The need to provide advice to the NSW Government about the regulatory gap for ensuring adequate network reach in future buildings.
- The need to clarify how encryption and interoperability will work on the enhanced network.
- The need for the NSW Telco Authority to comply with its policy on Infrastructure Capacity Reservation.
- Expediting measures to protect against the risk of cloning by unauthenticated radios.
Public safety radio networks are critical for operational communications among Emergency Services Organisations (ESOs), which in New South Wales include:
- NSW Ambulance
- Fire and Rescue NSW
- NSW Police Force
- NSW Rural Fire Service
- NSW State Emergency Service.1
Since 1993, these five ESOs have had access to a NSW Government owned and operated radio communications network, the Public Safety Network (PSN), to support their operational communications. Around 60 to 70 other entities also have access to this network, including other NSW government entities, Commonwealth government entities, local councils, community organisations, and utility companies.
Pursuant to the Government Telecommunications Act 2018 ('the Act'), the New South Wales Government Telecommunications Authority ('NSW Telco Authority') is responsible for the establishment, control, management, maintenance and operation of the PSN.2
Separate to the PSN, all ESOs and other government entities have historically maintained their own radio communication capabilities and networks. Accordingly, the PSN has been a supplementary source of operational radio communications for these entities.
These other radio networks maintained by ESOs and other entities are of varying size and capability, with many ageing and nearing their end-of-life. There was generally little or no interoperability between networks, infrastructure was often co-located and duplicative, and there were large gaps in geographic coverage.
In 2016, the NSW Telco Authority received dedicated NSW Government funding to commence the Critical Communications Enhancement Program (CCEP).
According to NSW Telco Authority's 2021–22 annual report, the CCEP is a transformation program for operational communications for NSW government agencies. The CCEP '…aims to deliver greater access to public safety standard radio communications for the State’s first responders and essential service agencies'. The objective of CCEP is to consolidate the large number of separate radio networks that are owned and operated by various NSW government entities and to enhance the state’s existing shared PSN. The program also aims to deliver increased PSN coverage throughout New South Wales.
The former NSW Government intended that as the enhanced PSN was progressively rolled-out across NSW, ESOs would migrate their radio communications to the enhanced network, before closing and decommissioning their own networks.
About this Audit
This audit assessed whether the CCEP is being effectively managed by the NSW Telco Authority to deliver an enhanced PSN that meets ESOs' requirements for operational communications.
We addressed the audit objective by answering the following two questions:
- Have agreed ESO user requirements for the enhanced PSN been met under day-to-day and emergency operational conditions?
- Has there been adequate transparency to the NSW Government and other stakeholders regarding whole-of-government costs related to the CCEP?
In answering the first question, we also considered how the agreed user requirements were determined. This included whether they were supported by evidence, whether they were sufficient to meet the intent of the CCEP (including in considering any role for new or alternative technologies), and whether they met any relevant technical standards and compliance obligations (including for cyber security resilience).
While other NSW government agencies and entities use the PSN, we focused on the experience of the five primary ESOs because these will be the largest users of the enhanced PSN.
Both the cost and time required to complete the CCEP roll-out have increased since 2016. While it was originally intended to be completed in 2020, this is now forecast to be 2027. Infrastructure NSW has previously assessed the reasons for the increases in time and cost. A summary of the findings made by Infrastructure NSW is presented in Chapter 1 of this report. Accordingly, as these matters had already been assessed, we did not re-examine them in this performance audit.
The auditee for this performance audit is the NSW Telco Authority, which is a statutory authority within the Department of Customer Service portfolio.
In addition to being responsible for the operation of the PSN, section 5 of the Act also prescribes that the NSW Telco Authority is:
- to identify, develop and deliver upgrades and enhancements to the government telecommunications network to improve operational communications for government sector agencies
- to develop policies, standards and guidelines for operational communications using telecommunications networks.
The NSW Telco Authority Advisory Board is established under section 10 of the Act. The role of the board is to advise the NSW Telco Authority and the minister on any matter relating to the telecommunications requirements of government sector agencies and on any other matter relating to the functions of the Authority. As of 2 June 2023, the responsible minister is the Minister for Customer Service and Digital Government.
The five identified ESOs are critical stakeholders of the CCEP and therefore they were consulted during this audit. However, the ESOs were not auditees for this performance audit.
ConclusionIn areas of New South Wales where the enhanced Public Safety Network has been implemented under the Critical Communications Enhancement Program, the NSW Telco Authority has delivered a radio network that meets most of the agreed requirements of Emergency Services Organisations for routine and emergency operations.In April 2023, the enhanced Public Safety Network (PSN) was approximately 50% completed. In areas where it is used by Emergency Services Organisations (ESOs), the PSN generally meets agreed user requirements. This is demonstrated through extensive performance monitoring and reporting, which shows that agreed performance standards are generally achieved. Reviews by the NSW Government and the NSW Telco Authority found that the PSN performed effectively during major flood events in 2021 and 2022.Where it is completed, PSN coverage is generally equal to or better than each ESO's individual pre-existing coverage. The NSW Telco Authority has a dedicated work program to address localised coverage gaps (or 'blackspots') in those areas where coverage has otherwise been substantively delivered. Available call capacity on the network far exceeds demand in everyday use. Any operational issues that may occur with the PSN are transparent to ESOs in real time. The NSW Telco Authority consulted extensively with ESOs on requirements for the enhanced PSN, with relatively few ESO requirements not being included in the specifications for the enhanced PSN. Lessons from previous events, including the 2019–20 summer bushfires, have informed the design and implementation of the enhanced PSN (such as the need to ensure adequate backup power supply to inaccessible sites). The network is based on the Project 25 technical standards for mission-critical radio communications, which is widely-accepted in the public safety radio community throughout Australia and internationally. There is no mechanism to ensure adequate radio coverage within new building infrastructure after the CCEP concludes, but the NSW Telco Authority and ESOs have agreed an approach to prioritise existing in-building sites for coverage for the duration of the CCEP.The extent to which the PSN works within buildings and other built structures (such as railway tunnels) is of crucial importance to ESOs, especially the NSW Police Force, NSW Ambulance, and Fire and Rescue NSW. This is because a large proportion of their operational communications occurs within buildings.There is no mechanism to ensure the adequacy of future in-building coverage for the PSN in new or refurbished buildings after the CCEP concludes. Planning, building, and fire regulations are silent on this issue. We note there are examples in the United States of how in-building coverage for public safety radio networks can be incorporated into building or fire safety codes. In regard to existing buildings, it is not possible to know whether a building requires its own in-building PSN infrastructure until nearby outside radio sites, including towers and antennae, have been commissioned into the network. Only then can it be determined whether their radio transmissions are capable of penetrating inside nearby buildings. Accordingly, much of this work for in-building coverage cannot be done until outside radio sites are finished and operating. In March 2023, the NSW Telco Authority and ESOs agreed on a list of 906 mandatory and 7,086 non-mandatory sites for in-building PSN coverage. Most of these sites will likely be able to receive radio coverage via external antennae and towers, however this cannot be confirmed until those nearby external PSN sites are completed. The parties also agreed on an approach to prioritising those sites where coverage is needed but not provided by antennae and towers. Available funding will likely only extend to ensuring coverage in sites deemed mandatory, which is nonetheless expected to meet the overall benchmark of achieving 'same or better' coverage than what ESOs had previously. There is a risk that radio interoperability between ESOs will not be maximised because the NSW Telco Authority has not settled with ESOs how encryption will be used across the enhanced PSN.End-to-end encryption of radio transmissions is a security feature that prevents radio transmissions being intercepted or listened to by people who are not meant to. The ability of the PSN to provide end-to-end encryption of operational communications is of critical importance to the two largest prospective users of the PSN: the NSW Police Force and NSW Ambulance. Given that encryption excludes other parties that do not have the requisite encryption keys, its use creates an obstacle to achieving a key intended benefit of the CCEP, that is a more interoperable PSN, where first responders are better able to communicate with other ESOs.Further planning and collaboration between PSN participants are necessary to consider how these dual benefits can be achieved, including in what operational circumstances encrypted interoperability is necessary or appropriate. The capital cost to the NSW Telco Authority of the CCEP, originally estimated at $400 million in 2016, was not made public until the 2021–22 NSW Budget disclosed an estimate of $1.325 billon.The estimated capital cost to complete all stages of the CCEP increased over time. This increasing cost was progressively disclosed to the NSW Government through Cabinet processes between 2015–16 and 2021–22.In 2016, the full capital cost to the NSW Telco Authority of completing the CCEP was estimated to be $400 million. This estimated cost was not publicly disclosed, nor were subsequent increases, until the cost of $1.325 billion was publicly disclosed in the 2021–22 NSW Budget (revised down in the 2022–23 NSW Budget to $1.293 billion). There has been no transparency about the whole-of-government cost of implementing the enhanced PSN through the CCEP.In addition to the capital costs incurred directly by the NSW Telco Authority for the CCEP, ESOs have incurred costs to maintain their own networks due to the delay in implementing the CCEP. The ESOs will continue to incur these costs until they are able to fully migrate to the enhanced PSN, which is expected to be in 2027. These costs have not been tracked or reported as part of transparently accounting for the whole-of-government cost of the enhanced PSN. This is despite Infrastructure NSW in 2019 recommending to the NSW Telco Authority that it conduct a stocktake of such costs so that a whole-of-government cost impact is available to the NSW Government. |
1 The definition of 'emergency services organisation' is set out in the State Emergency and Rescue Management Act 1989 (NSW). In addition to the five ESOs discussed in this report, the definition also includes: Surf Life Saving New South Wales; New South Wales Volunteer Rescue Association Inc; Volunteer Marine Rescue NSW; an agency that manages or controls an accredited rescue unit; and a non-government agency that is prescribed by the regulations for the purposes of this definition.
2 Section 15(1) of the Government Telecommunications Act 2018 (NSW).
The NSW Telco Authority established and tracked its own costs for the CCEP
Over the course of the program from 2016, the NSW Telco Authority prepared a series of business cases and program reviews that estimated its cost of implementing the program in full, including those shown in Exhibit 6 below.
Source | Capital cost ($ million) | Operating cost ($ million) |
Completion date |
March 2016 business case | 400 | 37.3 | 2020 |
November 2017 internal review | 476.7 | 41.7 | 2022 |
March 2020 business case | 950–1,050 | -- | 2025 |
October 2020 business case | 1,263.1 | 56.1 | 2026 |
In response to the 2016 CCEP business case, the then NSW Government approved the NSW Telco Authority implementing the CCEP in full, with funding provided in stages. The NSW Telco Authority tracked its costs against approved funding, with monthly reports provided to the multi-agency Program Steering Committee
Throughout the program, the NSW Government was informed of increasing costs being incurred by the NSW Telco Authority for the CCEP
The various business cases, program updates, and program reviews prepared by the NSW Telco Authority were provided to the NSW Government through the required Cabinet process when seeking approval for the program proceeding and requests for both capital and operational funding. These provided clear indication of the changing overall cost of the CCEP to the NSW Telco Authority, as well as the delays that were being experienced.
There was no transparency to the Parliament and community about changes in the capital cost of the CCEP until the 2021–22 NSW Budget
As the business cases for the CCEP were not publicly available, the only sources of information about capital cost were NSW Budget papers and media releases. The information provided in the annual Budget papers prior to the 2021–22 NSW Budget provided no visibility of the estimated full capital cost to complete all stages of the CCEP. As shown in Exhibit 7 below, this information was fragmented and complex.
Media releases about the progress of the CCEP did not provide the estimated total cost to the NSW Telco Authority of $1.325 billion to complete all stages of the CCEP until June 2021. Prior to this date, media releases only provided funding for the initial stages of the program or for the stages subject to a funding announcement.
Even during the September 2019 and March 2020 Parliamentary Estimate Committee hearings where the costings and delays to the CCEP were raised, the estimated full cost of the CCEP was not revealed.
Financial year | Type of major work | Description of expenditure | Forecast estimate to complete ($ million) | Estimated duration |
2015–16 | New work | Infrastructure Rationalisation Program: Planning and Pilot | 18.3 | 2015–16 |
2016–17 | Work in progress | CCEP Planning and Pilot | 18.3 | 2015–17 |
New work | CCEP | 45 | 2016–17 | |
2017–18 | New work | CCEP | 190.75 | 2017–21 |
2018–19 | Work in progress | CCEP North Coast and State-wide Detailed Design | 190.75 | 2017–21 |
New work | CCEP Greater Metropolitan Area | 236 | 2018–22 | |
2019–20 | Work in progress | CCEP | 426.9 | 2018–22 |
2020–21 | Work in progress | CCEP | 664.8 | 2018–22 |
2021–22 | Work in progress | CCEP | 1,325 | 2018–26 |
2022–23 | Work in progress | CCEP | 1,292.8 | 2018–26 |
The original business case for the CCEP included estimated ESO costs, though these costs were not tracked throughout the program
Estimates for ESO costs for operating and maintaining their own radio networks over the four years from 2016–17 were included in the original March 2016 business case. They included $75.2 million for capital expenditure and $95 million for one-off operating costs. These costs, as well as costs incurred by ESOs due to the delay in the program, were not subsequently tracked by the NSW Telco Authority.
In January 2017, Infrastructure NSW reviewed the CCEP business case of March 2016. In this review, Infrastructure NSW recommended that the NSW Telco Authority identify combined and apportioned costs and cashflow for all ESOs over the CCEP funding period reflecting all associated costs to deliver the CCEP. These to include additional incidental capital costs accruing to ESOs, transition and migration to the new network and the cost (capital and operational) of maintaining existing networks. This recommendation was implemented in the November 2017 program review, with ESO capital costs estimated as $183 million.
In 2019, Infrastructure NSW conducted a Deep Dive Review on the progress of the CCEP. In this review, Infrastructure NSW made what it described as a 'critical recommendation' that the NSW Telco Authority:
…coordinate a stocktake of the costs of operational bridging solutions implemented by PSAs [ESOs] as a result of the 18-month delay, so that a whole-of-government cost impact is available to the NSW Government. |
It should be noted that the delay to CCEP completion now is seven years and that further ‘operational bridging solutions’ have been needed by the ESOs.
'Stay Safe and Keep Operational' costs incurred by ESOs will be significantly higher than originally estimated
Stay Safe and Keep Operational (SSKO) funding was established to provide funding to ESOs to maintain their legacy networks while the CCEP was refreshing and enhancing the PSN. This recognised that much of the network infrastructure relied on by ESOs had reached – or was reaching – obsolescence and would either require extensive maintenance or replacement before the PSN was available for ESOs to migrate to it. ESOs may apply to NSW Treasury for SSKO funding, with their specific proposals being reviewed (and endorsed, where appropriate) by the NSW Telco Authority. Accordingly, SSKO expenditure does not fall within the CCEP budget allocation.
As shown in the table below, extracted from the March 2016 CCEP business case, the total expected cost for SSKO purposes over the course of the CCEP was originally $40 million, assuming the enhanced PSN would be fully available by 2020.
Year | 2017 | 2018 | 2019 | 2020 | Total |
SSKO forecast ($ million) | 12.5 | 15 | 10 | 2.5 | 40 |
In October 2022, the expected completion date for the CCEP was re-baselined to August 2027. Accordingly, ESOs will be required to continue to maintain their radio networks using legacy equipment for seven years longer than the original 2020 forecast. This will likely become progressively more expensive and require additional SSKO funding. For example, NSW Telco Authority endorsed SSKO bids for 2022–23 exceeded $35 million for that year alone.
Compared to the original forecast made in the March 2016 CCEP business case of $40 million, we found ESOs had estimated SSKO spending to 2027 will be $292.5 million.
A refresh of paging network used by ESOs and the decommissioning of redundant sites were both removed from the original 2016 scope of the CCEP
Paging
A paging network is considered an important user requirement by the Fire and Rescue NSW, NSW Rural Fire Service, and NSW State Emergency Service. The 2016 CCEP business case included a paging network refresh within the program scope of works. This was reiterated in the November 2017 internal review of the program. These documents did not estimate a cost for this refresh. The March 2020 and October 2020 business cases excluded paging from the program scope. The audit is unable to identify when, why or by whom the decision was made to remove paging from the program scope, something that was also not well communicated to the affected ESOs.
In 2021, after representations from the affected ESOs, the NSW Telco Authority prepared a separate business case for a refresh of the paging network at an estimated capital cost of $60.31 million. This program was subsequently approved by the NSW Government and included in the 2022–23 NSW Budget.
In determining an estimated full whole-of-government cost of delivering the enhanced PSN, we have included the budgeted cost of the paging network refresh on the basis that:
- it was expressly included in the original approved March 2016 business case
- the capability is deemed essential to the needs of three ESOs.
Decommissioning costs
The 2016 CCEP business case included cost estimates for decommissioning surplus sites (whether ‘old’ GRN sites or sites belonging to ESOs’ own networks). These estimates were provided for both the NSW Telco Authority ($38 million) and for the ESOs ($55 million). However, while these estimates were described, they were not included as part of the NSW Telco Authority's estimated capital cost ($400 million) or (more relevantly) operating cost ($37.3 million) for the CCEP. This is despite decommissioning being included as one of eight planned activities for the rollout of the program.
In the October 2020 business case, an estimate of $201 million was included for decommissioning agency networks based on a model whereby:
- funding would be coordinated by the NSW Telco Authority
- scheduling and reporting through an inter-agency working group and
- where appropriate, agencies would be appointed as the most appropriate decommissioning party.
This estimated cost is not included in the CCEP budget.
In determining an estimated full whole-of-government cost of the enhanced PSN, we have included the estimated cost of decommissioning on the basis that:
- decommissioning was included in the 2016 CCEP business case as one of eight 'planned activities for the rollout of the program'
- effective decommissioning of surplus sites and equipment (including as described in the business case as incorporating asset decommissioning, asset re-use, and site make-good) is an inherent part of the program management for an enhanced PSN
- costs incurred in decommissioning are entirely a consequence of the CCEP program.
The estimated minimum cost of building an enhanced PSN consistent with the original proposal is over $2 billion
We have derived two estimated minimum whole-of-government costs for delivering an enhanced PSN. These are:
- $2.04 billion when calculated from NSW Telco Authority data – shown as estimate A in Exhibit 9 below.
- $2.26 billion when calculated from ESO supplied data – shown as estimate B in Exhibit 9.
Both totals include:
- budgeted amounts for both CCEP capital expenditure ($1,292.8 million) and operating expenditure ($139 million)
- the NSW Telco Authority's 2020 estimated cost for decommissioning ($201 million)
- the NSW Telco Authority's approved funding for paging refresh ($60.3 million).
The two estimated totals primarily vary around the capital expenditure of ESOs (particularly SSKO funding). To determine these costs, we used ESO provided actual SSKO costs to date, as well as their estimates for maintaining their legacy radio networks through to 2027.
The equivalent cost estimates from the NSW Telco Authority were sourced from the November 2017 internal review and the October 2020 business case for CCEP. It should be noted that the amounts for both estimates are not audited, or verified, but do provide an indication of how whole-of-government costs have grown over the course of the program.
The increase in and reasons for the increase in total CCEP costs (capital and one-off operating) incurred or forecast by the NSW Telco Authority (from $437.3 million in 2016 to $1,431.8 million in 2022) have been provided to the NSW Government through various business cases and reviews prepared by the NSW Telco Authority, as well as by reviews conducted by Infrastructure NSW as part of its project assurance responsibilities.
However, the growth in ESO costs and other consequential costs, such as paging and decommissioning, from around $263 million in the 2016 CCEP business case to between $600 million and $800 million, has to a large degree remained invisible and unexplained to the NSW Government and other stakeholders
Estimated whole-of-government cost, over time | |||||
Cost type | 20161 | 20172 | 20203 | 2023–Estimate A4 | 2023–Estimate B5 |
$ million | $ million | $ million | $ million | $ million | |
CCEP capital expenditure | 400a | 476.7b | 1,263.1c | 1,292.8d | 1,292.8d |
CCEP operating expenditure | 37.3a | 41.7b | 41.5e | 139d | 139d |
CCEP total | 437.3 | 518.4 | 1,304.6 | 1,431.8 | 1,431.8 |
ESO capital expenditure | 75.2a,f | 183b,e | 75.4e | 258.4g | 292.5 |
ESO one-off operating expenditure | 93a | n.a.l | 86.5e | 86.5h | 273 |
ESO total | 168.2 | 183 | 161.9 | 344.9 | 565.5 |
Paging | n.a.i | n.a.i | n.a.j | 60.3k | 60.3k |
Decommissioning | 93 | n.a.l | 201.0 | 201h | 201 |
Paging and decommissioning total | 93 | n.a. | 201 | 261.3 | 261.3 |
Whole-of-government total | 698.5 | 701.4 | 1,667.5 | 2,038 | 2,258.6 |
- Financial year 2016 to Financial year 2020.
- Financial year 2016 to Financial year 2021.
- Financial year 2016 to Financial year 2025.
- Financial year 2016 to Financial year 2026.
- Financial year 2022 to Financial year 2025.
- Stay Safe and Keep Operational (SSKO) costs plus terminals costs.
- November 2017 internal review and October 2020 Business case.
- October 2020 Business case.
- Included in CCEP capital expenditure at that time.
- By 2020, a refresh of the paging network had been removed from the CCEP scope.
- A separate business case for a refresh of the paging network was approved by government in 2022.
- Figure not included in the source document.
- March 2016 CCEP business case.
- November 2017 Internal Review conducted by the NSW Telco Authority.
- October 2020 CCEP business case.
- Derived from business cases, with ESO costs drawn from NSW Telco Authority data.
- Derived from business cases, with ESO costs based on data provided to the Audit Office of New South Wales by each of the five ESOs.
Appendix one – Response from agency
Appendix two – Trunked public safety radio networks
Appendix three – About the audit
Appendix four – Performance auditing
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #383 - released 23 June 2023
Actions for Regulation of public native forestry
Regulation of public native forestry
What this report is about
The Forestry Corporation of NSW (FCNSW) is a state-owned corporation that manages over two million hectares of public native forests and plantations supplying timber to sawmills across NSW.
The NSW Environment Protection Authority (EPA) is responsible for regulating the native forestry industry in NSW.
FCNSW must comply with Integrated Forestry Operations Approvals (IFOAs), which set out rules for how timber harvesting may occur.
Most harvesting is undertaken under the Coastal IFOA, which commenced in 2018.
This audit assessed how effectively Forestry Corporation of NSW manages its public native forestry activities to ensure compliance, and how effectively the Environment Protection Authority regulates these activities.
What we found
Forestry Corporation of NSW (FCNSW) clearly articulates its compliance obligations.
While FCNSW undertakes monitoring of its contractors, it does not do so consistently and does not target its monitoring activities on a risk basis.
FCNSW has largely fulfilled mandatory Coastal IFOA training requirements, but has not yet trained other staff who would also benefit from the training.
Contractor compliance appears to be improving, but there are gaps and inconsistencies in FCNSW's documentation of this.
FCNSW is not measuring its overall compliance to determine how it is tracking against its target.
The EPA undertakes proactive inspections of Coastal IFOA harvesting operations on a risk basis. However, it does not assess the risk at harvest sites covered by other IFOAs.
Most EPA compliance staff have received basic training, but few have received more advanced training required to effectively undertake forestry inspections.
Some EPA offices do not have the necessary equipment to undertake forestry inspections.
The EPA and FCNSW are not implementing all elements of a Memorandum of Understanding that aims to promote a cooperative relationship between the agencies.
What we recommended
The report made recommendations to FCNSW which aim to improve:
- staff training
- consistency of compliance reviews and data capture
- targeting of compliance activities
- measurement of performance.
The report made recommendations to the EPA which aim to improve:
- risk-assessments
- staff training
- staff equipment.
The report also recommended that FCNSW and EPA should fully implement their Memorandum of Understanding.
The Forestry Corporation of NSW (FCNSW) is a state-owned corporation that supplies timber to sawmills in New South Wales, including timber harvested from public native forests. FCNSW is responsible for the management of around two million hectares of public native forests and plantations. Around half the area of native forests is permanently set aside for conservation.
Public native forestry is regulated through the Forestry Act 2012, Biodiversity Conservation Act 2016, Protection of the Environment Operations Act 1997 and associated regulations. Under the Forestry Act 2012, the objectives of FCNSW include, where its activities affect the environment, to conduct its operations in compliance with the principles of ecologically sustainable development contained in section 6(2) of the Protection of the Environment Administration Act 1991. This involves the integration of social, economic and environmental considerations in decision-making processes.
In undertaking its native forestry operations, FCNSW must comply with Integrated Forestry Operations Approvals (IFOA), issued jointly by the Minister for the Environment and the Minister for Agriculture, which set out rules to protect species and ecosystems where timber harvesting is occurring, and aim to ensure forests are managed in an ecologically sustainable way. FCNSW must also ensure that its contractors undertake forestry operations in line with IFOAs. The Coastal IFOA, developed in 2018, consolidated the four IFOAs for the Eden, Southern, Upper and Lower North East coastal regions of New South Wales into a single IFOA. The other three current IFOAs are Brigalow Nandewar, South Western Cypress and Riverina Redgum (the Western IFOAs).
The NSW Environment Protection Authority (EPA) is responsible for regulating native forestry in New South Wales. Under the Protection of the Environment Administration Act 1991, one of the objectives of the EPA is to protect, restore and enhance the quality of the environment in New South Wales, having regard to the need to maintain ecologically sustainable development. This includes monitoring FCNSW’s compliance with IFOA conditions, including by maintaining and enforcing a compliance program.
The Coastal IFOA also introduced a new structure and regulatory approach for IFOAs, establishing outcomes, conditions and protocols. The conditions set mandatory actions and controls intended to protect threatened plants, animals, habitats, soils and water. The protocols, referenced in the conditions, set out additional enforceable actions and controls intended to support the effective implementation of the conditions.
Public native forestry is the largest component of hardwood supply in New South Wales. The 2019–20 bushfires had a major impact on regional communities, and large areas of native forest. This heightened environmental risks and challenges in public native forestry. Five million hectares of New South Wales was impacted, including more than 890,000 hectares of native State Forests. This is over 40% of the coastal and tablelands native State Forests in New South Wales.
In addition to effective compliance activities, the success of the regulatory approach to public native forestry operations depends on how wood supply yields are modelled, and ensuring that harvested volumes do not exceed these yields. This is of particular importance in areas where forests have been severely damaged by fire. This audit did not consider sustainable yields. Recent reviews of this include an independent review of the FCNSW sustainable yield model and a Natural Resources Commission review in 2021.
This audit assessed how effectively Forestry Corporation of NSW manages its public native forestry activities to ensure compliance, and how effectively the Environment Protection Authority regulates these activities.
Conclusion
|
Appendix one – Responses from agencies
Appendix two – About the audit
Appendix three – Performance auditing
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #382 - released 22 June 2023
Actions for Regulation and monitoring of local government
Regulation and monitoring of local government
What the report is about
The Office of Local Government (OLG) in the Department of Planning and Environment is responsible for strengthening the local government sector, including through its regulatory functions.
This audit assessed whether the OLG is effectively monitoring and regulating the sector under the Local Government Act 1993. The audit covered:
- the effectiveness of departmental arrangements for the OLG to undertake its regulatory functions
- whether the OLG has effective mechanisms to monitor and respond to risks and issues relating to council compliance and performance.
What we found
The OLG does not conduct effective, proactive monitoring to enable timely risk-based responses to council performance and compliance issues.
The OLG has not clearly defined and communicated its regulatory role to ensure that its priorities are well understood.
The OLG does not routinely review the results of its regulatory activities to improve its approaches.
The department lacks an adequate framework to define, measure and report on the OLG's performance, limiting transparency and its accountability.
The OLG's new strategic plan presents an opportunity for the OLG to better define, communicate, and deliver on its regulatory objectives.
What we recommended
The OLG should:
- publish a tool to support councils to self-assess risks and report on their performance and compliance
- ensure its council engagement strategy is consistent with its regulatory approach
- report each year on its regulatory activities and performance
- publish a calendar of its key sector support and monitoring activities
- enhance processes for internally tracking operational activities
- develop and maintain a data management framework
- review and update frameworks and procedures for regulatory responses.
The Local Government Act 1993 (the LG Act) provides the legal framework for the system of local government in New South Wales. The LG Act describes the functions of councils, county councils and joint organisations which should be exercised consistent with the guiding principles and requirements of the LG Act. Councils also have functions and responsibilities under other Acts.
There are 128 local councils, nine county councils and 13 joint organisations of councils in the New South Wales local government sector. Each council is unique in size and location, owns and manages assets, and delivers services for their communities. According to 2021–22 data provided by the Department of Planning and Environment (the department), local councils managed $175.2 billion in infrastructure, property plant and equipment, held $16.8 billion of cash and investments, collected $7.8 billion in rates and charges and entered into $3.7 billion of borrowings. Councils' decision-making responsibilities directly impact the communities they serve, including responsibilities relevant to financial management, economic development, environmental sustainability and community wellbeing.
Under the LG Act, each elected council is accountable to the community they serve. In addition to Auditor-General reports, issues relating to council performance and compliance have been identified in public inquiries commissioned by the Minister for Local Government and investigations by the Independent Commission Against Corruption, NSW Ombudsman and Office of Local Government (OLG). Challenges and opportunities related to the operations and sustainability of the local government sector have also been reported by the sector and identified in reports by NSW government agencies such as the Independent Pricing and Regulatory Tribunal.
The department is the primary state government agency with responsibility for policy, legislative, regulatory and program functions for local government matters. The Office of Local Government (OLG) is a business unit within the department that advises the Minister for Local Government and exercises delegated functions of the Secretary of the Department of Planning and Environment under the LG Act.
Key departmental planning documents state that the OLG is responsible for strengthening the sustainability, performance, integrity, transparency and accountability of the local government sector. As the state regulator of the local government sector, the OLG aims to promote voluntary compliance, build councils' capacity for high performance, and intervene only when 'warranted and appropriate'. Relevant regulatory activities include issuing guidelines, investigating councils and councillors, and supporting the Minister for Local Government's discretionary intervention powers. The OLG's other functions include developing policy, administering grants and programs, supporting local government election processes, and issuing certain approvals.
The objective of this audit was to assess whether the OLG is effectively monitoring and regulating the local government sector under the LG Act. The assessment included:
- the effectiveness of departmental arrangements for the OLG to undertake its regulatory functions
- whether the OLG has effective mechanisms to monitor and respond to risks and issues relating to council compliance and performance.
This report focuses on the OLG’s activities relevant to powers under Chapter 13 of the LG Act, and related regulatory activities, such as monitoring risks, issuing guidance and engaging with councils. It also examines strategic and operational planning for these activities in the context of the OLG's other activities, and departmental arrangements to oversee and enable the OLG's regulatory effectiveness.
Other OLG activities were not in scope of the audit but are commented on in this report where contextually relevant. This includes the OLG's responsibilities under the LG Act with respect to councillor misconduct, and the 2022 review of the councillor misconduct framework commissioned by the former Minister for Local Government.
ConclusionThe Office of Local Government (OLG) in the Department of Planning and Environment (the department) does not conduct effective, proactive monitoring to enable timely risk-based responses to council performance and compliance issues. Council performance and compliance varies and a range of issues continue across the local government sector – some significant – that can impact on councils' operations and sustainability. The department recognises that an effective and efficient sector is 'crucial to the economic and social wellbeing of communities across the State,' but the OLG does not routinely review the results of its regulatory activities to improve its approaches. The OLG has also not clearly defined and communicated its regulatory role to ensure that its priorities are well understood. Inadequate performance measurement and reporting on its regulatory activities is a significant transparency and accountability issue, and the OLG cannot demonstrate that it is effectively regulating the local government sector. The department lacks an adequate framework to define, measure and report on the OLG's performance as the state regulator of the sector under the Local Government Act 1993 (the LG Act). The OLG's various council engagement activities are not well structured and coordinated towards delivering on a clearly defined regulatory role and its regulatory priorities are not well understood. In 2022, the OLG identified, in its new strategic plan, that there is a need for it to define its role in the sector. It would be expected that a clearly defined role already underpins its aim to 'strike the right mix of monitoring, intervention, capability improvement and engagement activities'. The OLG collects various sources of information about council compliance and performance but its systems and processes do not enable structured, proactive sector monitoring to enable timely, risk-based responses. Ineffective sector monitoring is a particular issue in the context of compliance, financial management and governance risks that have been identified in inquiries and reviews by other government agencies including integrity bodies and reported by the sector. Audit Office data for 2021–22 shows that 62 councils did not have or regularly update key corporate governance policies, and 63 do not have basic controls to manage cyber security risks. Further, 31 councils or joint organisations did not meet the statutory requirement to have an audit, risk and improvement committee by 30 June 2022.1 Overall, the OLG has made limited progress on projects that have been identified since 2019 to improve its sector monitoring, such as updating its performance measurement framework for councils. These factors limit its capacity to identify and act on issues early. In early 2023, the OLG started to implement a new council risk assessment tool. The OLG's two main frameworks to guide its sector improvement and intervention activities were last updated in 2014 and 2017. The OLG considered relevant statutory criteria when advising the Minister on the use of powers to issue performance improvement and suspension orders under the LG Act. But the OLG lacks complete and approved procedures to guide staff when preparing advice and recommendations related to interventions, and other response options. This creates risks to the consistency and transparency of relevant processes. The department and the OLG have identified that resourcing issues present a risk to the OLG's regulatory functions. Projects since 2021 to review the OLG's budget did not progress. The OLG does not routinely review the costs or evaluate the effectiveness of its regulatory activities. The OLG's 2022–2026 strategic plan sets out a vision to be, 'A trusted regulator and capability builder enabling councils to better serve their communities'. Implementing the strategic plan presents an opportunity for the OLG to better define, communicate, and deliver on its regulatory objectives towards strengthening the sector. The OLG advises that a delivery plan and performance indicators for its new strategy are being developed, alongside work resulting from the 2022 review of the councillor misconduct framework. |
This chapter considers the effectiveness of departmental arrangements for the OLG to undertake its regulatory functions.
This chapter assesses whether the OLG has effective mechanisms to monitor and respond to risks and issues relating to council compliance and performance.
The OLG’s 2017 Improvement and Intervention Framework is intended to guide appropriate responses to council compliance or performance risks and issues. The publicly available framework states that generally, the OLG will encourage councils to meet their obligations before a more formal intervention will be considered. It also states that any intervention or improvement response will be proportionate to the circumstances.
Appendix one – Response from agency
Appendix two – Statutory powers relevant to council accountability under the Local Government Act
Appendix three – About the audit
Appendix four – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #380 - released 23 May 2023
Actions for Government's acquisition of private property: Sydney Metro project
Government's acquisition of private property: Sydney Metro project
What the report is about
Sydney Metro is Australia’s largest public transport project. It requires the acquisition of many private properties, including residential and business properties.
This audit assessed the effectiveness of the acquisition of private properties for the Sydney Metro project. The audited agencies were Sydney Metro, the Department of Planning and Environment (Valuer General NSW) and Transport for NSW (the Centre for Property Acquisition).
The audit assessed agencies against the framework for property acquisitions in New South Wales. It did not re-perform the valuations done for individual properties that were acquired by Sydney Metro.
What we found
Acquisitions of private property for the Sydney Metro project were mostly effective in the sample of acquisitions we assessed. We found Sydney Metro:
- complied with legislative and policy requirements for compensation and communication with people subject to property acquisitions
- kept accurate records of its acquisitions and applied probity controls consistently
- did not complete detailed plans or negotiation strategies for the high-risk and high-value acquisitions we reviewed
- did not comply with legislative timelines for most compulsory acquisitions because of delays in receiving the required information from the Valuer General in these cases.
The Centre for Property Acquisition has overseen the implementation of reforms to residential acquisition processes, but its assessment of the effectiveness of these reforms has not been comprehensive.
What we recommended
The audit made four recommendations to the audited agencies to improve:
- plans and strategies for the acquisition of high-risk and high-value properties
- timeliness of issuing compensation determinations for compulsory acquisitions
- data quality on the experience of people subject to property acquisitions.
The NSW Government has the power to acquire land that is owned or leased by individuals or businesses, if it is needed for a public purpose. The power arises from the Land Acquisition (Just Terms Compensation) Act 1991 (the Just Terms Act). Government agencies that have the power to compulsorily acquire private property are referred to as ‘acquiring authorities’. People who are subject to acquisitions are referred to as ‘affected parties’ and include property owners (business or residential), businesses with a commercial lease on a property, or individuals with residential tenancy leases. In recent years, the vast majority of acquisitions by the NSW Government have been for public transport or road projects.
Sydney Metro is a NSW Government agency with responsibility for building the Sydney Metro railway project. Sydney Metro is Australia’s largest public transport project. The project requires the acquisition of a large number of private properties. Sydney Metro has been one of the largest acquirers of private property in recent years, completing over 500 acquisitions between 2020 and mid-2022, with a total acquisition value of over $2 billion. Other agencies and statutory officers involved in the acquisition of property for the Sydney Metro project include:
- the Department of Planning and Environment (DPE), which supports the minister responsible for the Just Terms Act. DPE also provides staff to the Valuer General of NSW
- the Valuer General of NSW, an independent statutory officer that determines compensation in cases where the acquiring authority and the affected party cannot agree on compensation for property that has been acquired
- Transport for NSW, which includes the Centre for Property Acquisition (CPA). The CPA does not have a direct role in acquiring properties, but its responsibilities include developing guidance for acquiring agencies and monitoring and reporting on their activities.
About this audit
The objective of this audit was to assess the effectiveness of acquisitions of private properties for Sydney Metro projects. The audit assessed agencies against the legislative and policy requirements in place for government acquisitions of private property in New South Wales. In line with the Audit Office's legislative mandate, the audit does not comment on the merits of the policy objectives reflected in the Just Terms Act.
The audit examined a sample of 20 property acquisitions. This was not a statistically representative sample. While our report provides comments on Sydney Metro’s overall acquisition processes, it does not provide assurance regarding the acquisitions that were not examined for this audit.
The audit did not re-perform the valuations done for individual properties that were acquired by Sydney Metro. Affected parties who disagree with the valuation of their property have the right to seek independent assessment of this via the Valuer General and the Land and Environment Court.
Conclusion
Acquisitions of property for the Sydney Metro project were mostly effective in the sample of acquisitions we assessed. Sydney Metro followed requirements for communication with affected parties. Compensation processes were conducted in compliance with legislative requirements, but compensation determinations for compulsory acquisitions were not completed within legislated time frames due to delays in receiving these from the Valuer General. Governance and probity processes were followed consistently, with some relatively minor exceptions.
Sydney Metro has detailed guidelines for acquisitions that are based on relevant legislation and government policy. In the 20 acquisitions we assessed for this audit, these procedures were followed consistently. This included adhering to minimum timelines for negotiation periods, engaging independent valuers and other experts when needed, and complying with governance and probity processes.
Sydney Metro staff followed requirements for communication and support for residential acquisitions by assigning ‘personal managers’ and providing additional support to affected parties when needed. The Centre for Property Acquisition (CPA) has overseen reforms to the residential property acquisition process in recent years. These reforms include the introduction of the NSW Property Acquisition Standards and the use of personal managers, in addition to the existing acquisition managers, for residential acquisitions. However, the CPA has not assessed the impact of these changes on the experiences on people affected by property acquisitions.
Sydney Metro did not comply with the legislative requirement to provide a formal compensation notice to the affected party within 45 days of a compulsory acquisition starting in any of the eight relevant acquisitions in our sample. This was because Sydney Metro must wait for the Valuer General to complete a compensation determination before Sydney Metro can send the compensation notice, and the Valuer General did not do this within 45 days. We acknowledge that Sydney Metro does not have full control over this process, and that it has taken steps to mitigate the impact of delays on affected parties.
This chapter presents our findings on Sydney Metro's acquisition of industrial and commercial properties. Industrial properties include construction businesses and manufacturing facilities. Commercial properties were mostly properties such as shopping centres and office towers. Many of these acquisitions involve businesses and properties that are relatively complex and have high values. This means the valuation process can require multiple experts and can be lengthy and contested. Adherence to governance and probity requirements is important for these acquisitions in order to demonstrate that the acquiring authority has achieved value for money.
This chapter presents our findings on Sydney Metro's acquisition of residential properties, which include apartments and houses, and small business leases, which mostly affected businesses in small shopping centres or arcades. Most of these acquisitions were lower value compared to industrial and commercial property acquisitions and did not require as much expert advice on complex technical issues. However, residential property acquisitions can be personally distressing for the affected parties and require staff from the acquiring authority to provide support and show empathy while ensuring legislative compliance and value for money.
Appendix one – Responses from agencies
Appendix two – About the audit
Appendix three – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #375 - released 9 February 2023
Actions for Cyber Security NSW: governance, roles, and responsibilities
Cyber Security NSW: governance, roles, and responsibilities
What the report is about
Cyber Security NSW is part of the Department of Customer Service, and aims to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats.
This audit assessed the effectiveness of Cyber Security NSW's arrangements in contributing to the NSW Government's commitments under the NSW Cyber Security Strategy, in particular, increasing the NSW Government's cyber resiliency. The audit asked:
- Are internal planning and governance processes in place to support Cyber Security NSW meet its objectives?
- Are Cyber Security NSW's roles and responsibilities defined and understood across the public sector?
What we found
Cyber Security NSW has a clear purpose that is in line with wider government policy and objectives. However, it does not clearly and consistently communicate its key objectives, with too few reliable and meaningful ways of measuring progress toward those objectives.
Cyber Security NSW does not provide adequate assurance of the cyber security maturity self assessments performed by NSW Government agencies. Department heads are accountable for ensuring their agency's compliance with NSW government policy.
Cyber Security NSW has a remit to assist local government to improve cyber resilience. However, it cannot mandate action and does not have a strategic approach guiding its efforts.
What we recommended
By 30 June 2023 the Department of Customer Service should:
- implement an approach that provides reasonable assurance that NSW government agencies are assessing and reporting their compliance with the NSW Government Cyber Security Policy in a manner that is consistent and accurate
- ensure that Cyber Security NSW has a strategic plan that clearly demonstrates how the functions and services provided by Cyber Security NSW contribute to meeting its purpose and achieving NSW government outcomes
- ensure that Cyber Security NSW has a detailed, complete and accessible catalogue of services available to agencies and councils
- develop a comprehensive engagement strategy and plan for the local government sector, including councils, government bodies, and other relevant stakeholders.
The NSW Cyber Security Strategy details a vision for ‘…NSW to become a world leader in cyber security, protecting, growing, and advancing our digital economy’. Cyber Security NSW, located within the Department of Customer Service, has lead responsibility for one of the four commitments in the strategy: to increase the NSW Government’s cyber resilience.
Cyber Security NSW ‘aims to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats’. It does not provide broader consumer-focused services.
In August 2020, the NSW Government approved a business case to enhance the funding and remit of Cyber Security NSW to include a broader range of services and functions. As a result, Cyber Security NSW is receiving $60 million in funding from 2020–21 to 2022–23, an increase from its previous funding of around $5 million per year (which had been sourced from contributions from each NSW Government department).
The objective of this performance audit was to assess the effectiveness of Cyber Security NSW’s arrangements in contributing to the NSW Government’s commitments under the NSW Cyber Security Strategy, in particular, to increase the NSW Government’s cyber resilience.
We assessed this objective through two lines of inquiry:
- Are internal planning and governance processes in place to support Cyber Security NSW meet its objectives?
- Are Cyber Security NSW roles and responsibilities defined and understood across the public sector?
The Audit Office of New South Wales has reported on the topic of cyber security previously. Most recently, the Internal Controls and Governance 2022 report included findings and recommendations relating to cyber security internal controls and governance at 25 of the largest agencies in the NSW public sector. While that report is multi-agency and sought to assess the level of cyber security attained in selected agencies, this current performance audit report focuses specifically on Cyber Security NSW and how well-equipped it is to meet its whole-of-government cyber security leadership and coordination roles.
ConclusionCyber Security NSW has a clear purpose that is aligned with wider government policy and objectives, but it cannot effectively demonstrate its progress toward improving cyber resilience Cyber Security NSW's high-level purpose is to support the NSW Government’s delivery of digitised services that are protected, connected, and trusted. This purpose is consistent with broader NSW Government and Australian Government policy and builds on the purpose of the previous NSW Office of the Government Chief Information Security Officer, which was itself informed by external research and previous Audit Office of New South Wales recommendations. In delivering its purpose, Cyber Security NSW provides a wide range of services to NSW government agencies and the local government sector. The majority of agencies and councils consulted during this audit reported that the services they received contributed to improving their individual cyber security. However, Cyber Security NSW does not clearly and consistently communicate its key objectives to ensure that its efforts are effectively and efficiently targeted, prioritised, planned, and reported. This is despite it receiving enhanced funding to expand the scope of services it provides. It currently has many sets of objectives across a range of sources, including the Cyber Security Strategy, business plans, corporate material, and public communications. It has too few reliable and meaningful ways of measuring progress toward its objectives, and no overall workplan or roadmap to show how the objectives will be achieved. Without a clear and consistent program logic, it is difficult to determine whether the functions and services delivered by Cyber Security NSW are helping to achieve the level of cyber resilience required to meet the increasing cyber threats faced by the NSW public sector. Cyber Security NSW does not provide assurance of the cyber security maturity self-assessments performed by individual NSW Government agencies The NSW Government has a devolved model for cyber security assurance. Cyber Security NSW administers the whole-of-government policy settings, and agency heads are responsible for ensuring compliance with policy requirements. Cyber Security NSW has a remit to carry out audits of agencies’ self-assessments, but it has not carried out these audits and does not seek its own assurance of the results of these self-assessments. It is not sufficiently addressing previously identified inconsistencies and inaccuracies in how those self-assessments are performed and reported. This form of auditing would be an important assurance that self-assessment and reporting is reliable. This is important given that maturity reporting is the main source of knowledge about the cyber security maturity and resilience of NSW Government agencies to cyber threats. If these self-assessments are unreliable, then it creates the risk that knowledge of the potential resilience of the NSW public sector to cyber security incidents is similarly unreliable. There is no other body in NSW with the mandate to routinely provide this form of assurance. Cyber Security NSW has a remit to assist local government improve cyber resilience, however it cannot mandate action, and does not have a strategic approach guiding its efforts Consistent with the expectations that accompanied its 2020 funding enhancement, Cyber Security NSW has engaged with the local government sector, albeit with mixed results. While these mixed results are partly a consequence of it not being provided a formal mandate in the sector, it has also been impacted by the fact that Cyber Security NSW has not established an engagement plan or strategy to guide its engagement with the local government sector. |
Cyber security is an evolving landscape where the nature and scale of threats are increasing. The Australian Cyber Security Centre (ACSC), the Australian Government lead agency for cyber security, reported in its in 2020–21 annual report that it received over 67,500 cybercrime reports, equating to one report of a cyber attack every eight minutes, with no sector of the economy or type of government agency immune.
Citizens of NSW are increasingly accessing online government services in this context, providing different types of sensitive personal information. This reliance and transition to digital services has increased in recent times, particularly during the COVID-19 pandemic. The NSW Legislative Council’s Portfolio Committee (the Committee) noted in the March 2021 inquiry report into cyber security in NSW that ‘a failure to get cyber security right in New South Wales represents a significant risk to the State’s economy, business and community, and will affect public trust in government’.
The Committee noted that sound cyber security practices across NSW Government agencies, which Cyber Security NSW was established to drive, will enable the State and community to leverage opportunities from the digital world. Indeed, NSW aims to become a world leader in cyber security by protecting, growing and advancing the digital economy.
Establishment of Cyber Security NSW
Prior to the establishment of Cyber Security NSW, the Office of the Government Chief Information Security Officer was responsible for cyber security across the NSW government sector. This role was announced in March 2017 and was tasked with ‘identifying areas of high risk of attack, and working across NSW agencies to share intelligence, facilitate minimum security standards, and ultimately ensure that citizens can trust in the NSW Government’s delivery of digital transformation’. At the time of this appointment, the Minister for Customer Service and Digital Government stated that ‘cyber security and risk has emerged as one of the most high-profile, borderless and rapidly evolving risks facing government’.
The Office of the Government Chief Information Security Officer was renamed on 20 May 2019 to Cyber Security NSW. Governance updates at the time note that this was undertaken to ‘better reflect the leadership and coordination role required to uplift cyber security and decision-making across NSW Government’. The establishment of Cyber Security NSW was also partly in response to the Audit Office of New South Wales 2018 performance audit report on ‘Detecting and Responding to Cyber Security Incidents’. That audit found that there was no whole-of-government capability to detect and respond effectively to cyber security incidents. Cyber Security NSW is relatively new and is established as a branch within the Department of Customer Service (DCS).
The Office of the Government Chief Information Security Officer, and subsequently Cyber Security NSW, was initially funded through a levy imposed on clusters. Funding arrangements for Cyber Security NSW changed with the announcement in August 2020 of $240 million over three years for the stated purpose of bolstering the NSW Government’s cyber security capability and creating a world leading cyber industry. This funding included direct investment of $60 million from 2020–21 to 2022–23 for Cyber Security NSW to increase its capability and capacity, with the size of the team at the time expected to grow from 25 to 100 staff. In announcing this funding, the Minister for Customer Service and Digital Government stated that ‘…this is the biggest single cyber security investment in national history and will strengthen the government's capacity to detect and respond to the fast-moving cyber threat landscape’.
Cyber Security NSW is divided into two directorates, with one directorate having a focus on operations, and the other on policy and awareness. In turn, there are seven teams within the two directorates. As at March 2022, Cyber Security NSW had 76 ongoing positions filled, five contractors and 22 vacancies.
Cyber Security NSW states that its aim ‘…is to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats. By building a stronger cyber resilience across whole-of-government, Cyber Security NSW is able to support the economic growth prosperity and efficiency of NSW’.
NSW Government Cyber Security Strategy
The NSW Government Cyber Security Strategy was released in September 2018 to ‘…guide and inform the safe management of government’s growing cyber footprint’. The 2018 Cyber Security Strategy also set out an action plan with success criteria against each of the six themes of the NSW cyber security framework. Based on a framework from the US National Institute of Standards and Technology (NIST), these themes are:
- lead
- prepare
- prevent
- detect
- respond
- recover.
The Strategy was revised in 2021 and combined with the Cyber Security Industry Development Strategy. The aim of this current strategy is to ‘…outline the key strategic objectives, guiding principles, and high-level focus areas that the NSW Government will use to align existing and future programs of work’. The strategy includes four NSW Government commitments to:
- increase NSW Government cyber resiliency
- help NSW cyber security businesses grow
- enhance cyber security skills and workforce
- support cyber security research and innovation.
Cyber Security NSW has responsibility as ‘lead agency’ on the first commitment. This role requires it to set commitment objectives and focus areas for the strategy and provide central leadership and coordination of programs and initiatives.
NSW Government Cyber Security Policy
The NSW Government’s Cyber Security Policy was released in February 2019, replacing the former Digital Information Security Policy. All NSW Government agencies must comply with the Cyber Security Policy, and it was recommended for adoption by State Owned Corporations (SOC), local councils, and universities.
The current version of the Cyber Security Policy sets out a range of mandatory requirements for agencies, including:
- annual reporting of their self-assessed levels of maturity against all the mandatory requirements of the Policy and the Australian Cyber Security Centre’s ‘Essential Eight’ requirements
- that agencies must provide a list of their ‘crown jewels’ and high and extreme risks to their cluster Chief Information Security Officer (CISO).
The Policy sets out that Cyber Security NSW:
- may assist agencies with their implementation of the Policy with an FAQ document and guidelines on several cyber security topics
- will summarise the maturity reports provided by agencies and provide the results to the relevant governance bodies including the Cyber Security Steering Group, Secretaries’ Board, relevant committees of Cabinet, Cyber Security Senior Officers’ Group, and the ICT and Digital Leadership Group, as well as use these reports to identify common themes and areas for improvement across NSW Government.
As discussed further in Chapter 3, a mandatory guideline issued by the Secretary of the Department of Customer Service in 2020 established that departments and agencies will be subject to audits by Cyber Security NSW. This is to test compliance with the Cyber Security Policy and report these outcomes to the Secretaries’ Board.
This chapter considers whether the Department of Customer Service has a strategic plan for Cyber Security NSW that includes a consistent hierarchy of priorities, which are then reflected in workplans, and inform decisions about specific functions and activities. It also considers whether:
- there was a sound, evidence-based rationale for why Cyber Security NSW was established
- the specific services and functions Cyber Security NSW provides are adequately targeted to agency and council needs
- there is adequate performance assessment of how the services and functions performed by Cyber Security NSW contribute to uplifting cyber maturity and increasing cyber resilience.
This chapter considers the distribution of responsibility for cyber security in the NSW public sector, as well as whether the responsibilities and roles of Cyber Security NSW are clear and understood by agencies and councils. It also considers whether Cyber Security NSW has sufficient authority and mandate to fulfill its responsibilities for both NSW Government agencies and the local government sector.
Appendix one – Response from agency
Appendix two – About the audit
Appendix three – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #374 - released 8 February 2023
Actions for Bushfire recovery grants
Bushfire recovery grants
What the report is about
The Bushfire Local Economic Recovery (BLER) program was created after the 2019–20 bushfires, and commits $541.8 million to bushfire affected areas in New South Wales. It is co-funded by the Commonwealth and NSW governments.
This audit assessed how effectively the Department of Regional NSW (the department) and Resilience NSW administered rounds one and two of the BLER program. These rounds were:
- Round one: early co-funding, split between two streams:
- Fast-Tracked projects
- Sector Development Grants (SDG)
- Round two: open round.
What we found
The Department of Regional NSW did not effectively administer the Fast-Tracked stream of the BLER.
The administration process lacked integrity, given it did not have sufficiently detailed guidelines and the assessment process for projects lacked transparency and consistency.
At the request of the Deputy Premier's office, a $1 million threshold was applied, below which projects were not approved for funding. The department advises that some of the projects excluded were subsequently funded from other programs.
This threshold resulted in a number of shortlisted projects in areas highly impacted by the bushfires being excluded, including all shortlisted projects located in Labor Party-held electorates.
The department's administration of the SDG stream had a detailed and transparent assessment process. However, conflicts of interest were not effectively managed.
The department's administration of the open round included a clearly documented, detailed and transparent assessment framework. Some weaknesses in the approach to conflicts of interest remained.
What we recommended
The Department of Regional NSW should ensure that for all future grant programs it:
- establishes and follows guidelines that align with relevant good practice guidance
- ensures a communications plan is in place, including the communication of guidelines to potential applicants
- ensures staff declare conflicts of interest prior to the commencement of a grants stream, and that these conflicts of interest are recorded and managed
- ensures regular monitoring is in place as part of funding deeds
- documents all key decisions and approvals in line with record keeping obligations.
This audit assessed how effectively the Department of Regional NSW and Resilience NSW administered rounds one and two of the Bushfire Local Economic Recovery (BLER) program.
As noted in this report, Resilience NSW was involved in the set-up and ongoing administration and monitoring of the BLER program. During the audited period, Resilience NSW was tasked with working with the Department of Regional NSW to create program objectives, guidelines and criteria. Their role also involved liaising with the Commonwealth Government, which provided co-funding for the program. Resilience NSW also had an ongoing role in quality assurance and compliance to ensure agencies administering disaster assistance did so in accordance with relevant guidelines. On 16 December 2022, the NSW Government abolished Resilience NSW.
Our work for this performance audit was completed on 3 November 2022, when we issued the final report to the two audited agencies. The audit report does not make specific recommendations to Resilience NSW. On 24 November 2022, the then Commissioner of Resilience NSW provided a response to the final report, which we include as it is the formal response from the audited entity at the time the audit was conducted.
During the 2019–20 bushfire season, New South Wales experienced 11,774 fire incidents, burning 5.5 million hectares of the state. There were 26 fatalities and 2,476 homes destroyed. The agriculture sector was heavily impacted with 601,858 hectares of pasture damaged.
Due to the widespread impacts of these fires on the state, the NSW and Commonwealth governments committed $4.4 billion toward bushfire response, recovery, and preparedness. This included the establishment of the Bushfire Local Economic Recovery (BLER) program, with $541.8 million committed to support job retention and creation in areas impacted by bushfires. The program also aims to strengthen community resilience and reduce the impact of future natural disasters. The BLER program is co-funded, with the Commonwealth and NSW governments funding 50% each.
The BLER program is comprised of three funding rounds:
- round one early co-funding, split between
- Fast-Tracked projects
- Sector Development Grants (SDG)
- round two: open round
- round three: final projects and initiatives.
Resilience NSW was involved in setting up the BLER program and the Department of Regional NSW (the department) is responsible for administering it. The Commonwealth National Recovery and Resilience Agency must also endorse any projects proposed by the NSW Government for funding as part of the funding agreement between the State and Commonwealth governments.
Successful projects under the SDG stream were announced in September 2020 and projects funded through the Fast-Tracked stream were announced in October 2020. Round two (the open round) was administered after these two streams and successful projects were announced in June 2021.
The Department of Premier and Cabinet established the 'Good Practice Guide to Grants Administration' (the Good Practice Guide) in 2010 to assist the NSW Government in ensuring grants administration was performed consistently across all NSW Government grants programs. Compliance with the Good Practice Guide was not compulsory, but provided an outline of best practice covering the entire lifecycle of a grants program. This guide was in place at the time these grants were designed and administered.
The design and delivery of round one of the program occurred quickly, as part of the response to the 2019–20 bushfires, and was responding to a request from the Commonwealth Government for rapid project identification.
The objective of this audit was to assess how effectively the Department of Regional NSW and Resilience NSW administered rounds one and two of the BLER program. Round three was excluded from this audit because it had not been announced at the time of the audit.
We addressed this objective by examining whether the audited agencies:
- effectively planned administration of the BLER program and established appropriate guidelines
- implemented an effective assessment process for the BLER program
- are effectively monitoring implementation of projects and program outcomes.
ConclusionThe Department of Regional NSW did not effectively administer the Fast-Tracked stream of the Bushfire Local Economic Recovery program. The administration process lacked integrity, given it did not have sufficiently detailed guidelines, and the assessment process for projects lacked transparency and consistency. There were significant gaps in the documentation of decision-making throughout this funding stream. At the request of the Deputy Premier's office, a $1 million threshold was applied, below which projects were not approved for funding. This threshold was applied without a documented reason and was not part of the program guidelines. The department advises that some of the projects excluded through application of the threshold were subsequently funded from other programs. The department's administration of the Sector Development Grants stream had a detailed and transparent assessment process. That said, conflicts of interest were not effectively managed, and the department did not effectively engage with stakeholders during the grants process. The department's administration of the open round included a clearly documented, detailed and transparent assessment framework that it followed throughout. The department also implemented probity arrangements in the open round, although some weaknesses in the department's approach to conflicts of interest remained. Fast-Tracked streamFollowing requests from the Commonwealth Government in May and June 2020 to identify projects rapidly and as soon as practical, the department used an expedited process to identify relevant projects that had applied for other grants programs but had not received funding or which were identified as local priority projects. The department developed a set of guidelines for the Fast-Tracked stream based on draft Commonwealth funding criteria, but the department's guidelines lacked sufficient detail to ensure transparent and consistent decision-making. The guidelines also did not contain detailed information on how the assessment and approval processes would work. The department did not implement conflict of interest declarations for staff involved in the assessment process. The assessment process implemented for the Fast-Tracked stream deviated from the guidelines. For example, the guidelines did not set out a role for the then Deputy Premier or his office in the assessment process, but the Deputy Premier's office played a key role in project selection. At the direction of the Deputy Premier's office, a $1 million minimum threshold, not mentioned in the guidelines, was applied to projects, below which, projects would not be funded. This resulted in a number of shortlisted projects in areas highly impacted by the bushfires, including all shortlisted projects located in Labor Party-held electorates, being excluded without a rationale being documented at the time. The department advised that some of these projects were subsequently funded through other funding streams. The department's assessment process was inconsistent, poorly documented and lacked transparency. The department initially identified 445 potential projects through consultation with councils and through identifying projects that had been unsuccessful for other grant programs. The department only assessed 164 of these 445 projects for funding against the criteria in the guidelines. The department did not document the rationale for not assessing the remaining 281 projects against the criteria. The department also sought advice from Public Works Advisory (PWA) on whether projects could commence within six months, which was an eligibility criterion for the Fast-Tracked stream. PWA were only asked to assess 25 of the 445 projects, of which 19 were funded through the Fast-Tracked stream. The department also did not consistently follow PWA's advice and funded projects which PWA had advised were unable to commence within six months, which was not in line with the guidelines. The department monitors 21 of the 22 Fast-Tracked projects on a quarterly basis to ensure projects are on track. Resilience NSW is responsible for the remaining project and does not monitor this on a quarterly basis but has established a project control group that performs a similar function. The agencies advised that this project is being transitioned to the department's management. Sector Development Grants (SDG)The department designed and published guidelines for the SDG stream. The guidelines largely align with the Department of Premier and Cabinet's 'Good Practice Guide to Grants Administration', although they could have been strengthened by including more detail on the eligibility of projects and the role of cost benefit analyses in the assessment process. The guidelines included a detailed and transparent assessment process which the department largely followed. There were gaps in the administration of the SDG stream assessment process. The department did not effectively manage conflicts of interest as it did not ensure all required conflict of interest forms were completed and some forms were completed after the assessment process was finalised. The department also advised that the final version of the conflict of interest register, which contained the declarations for the SDG stream, was lost during a record management system change. The department did not develop guidance for communicating with stakeholders for the SDG stream. Feedback was received from industries which had been excluded from the SDG stream, relaying their concerns, and requesting a broader range of agribusiness sectors be considered for eligibility. A communications plan or strategy could have incorporated guidance on engaging agribusiness stakeholders during the planning stages of the stream, ensuring they were aware of the rationale for the eligible industries selected. The majority of SDG funding went to areas highly impacted by the bushfires, although some highly impacted areas received less funding than lower impacted areas, and there is no clear reason for this. The department does not monitor SDG projects on a quarterly basis to ensure that they remain on track but it ensures it has sufficient evidence that milestones have been completed before making funding payments. Open roundThe department designed and implemented a clearly documented and detailed assessment process for the open round. There were some areas where the process could have been improved, for example, the published guidelines did not set out the role of the former Deputy Premier or include reference to consultation with members of Parliament (MP) as part of the process, despite the fact that MPs were consulted as part of this round. The department improved its management of conflicts of interest compared to the Fast-Tracked and SDG streams by maintaining a conflict of interest register, though not all conflict of interest declarations were collected. The department also developed a communications plan which led to improvements in stakeholder engagement. One of the purposes of the open round was to distribute funding to local government areas (LGA) which did not receive funding through the Fast-Tracked stream. This intention was not outlined in the guidelines for this funding stream. The majority of funding from the open round went to LGAs which had been highly impacted by the bushfires. The department monitors the open round projects on a quarterly basis to ensure that they are on track. |
1. Recommendations
To promote integrity and transparency, the Department of Regional NSW should ensure that for all future grant programs it:
- establishes and follows guidelines that align with relevant good practice guidance including accountabilities, key assessment steps and clear assessment criteria
- ensures a communications plan is in place, including the communication of guidelines to potential applicants
- ensures staff declare conflicts of interest prior to the commencement of a grants stream, and that these conflicts of interest are recorded and managed
- ensures regular monitoring is in place as part of funding deeds
- documents all key decisions and approvals in line with record keeping obligations.
Stage one of the BLER program consisted of early co-funded projects valued at a total of $180 million. This included 22 Fast-Tracked priority projects valued at a total of $107.8 million. The purpose of these projects was to deliver immediate and significant economic impacts to high and moderate bushfire-impacted areas.
A timeline of key dates may be found at Exhibit 5.
Fifty-two projects worth a total of $73.2 million were funded through the SDG stream. One grantee withdrew their project from the stream in early 2021, leaving a total of 51 projects (of which 49 are co-funded with the Commonwealth Government).
A timeline of key dates may be found at Exhibit 9.
The department distributed $283 million to 195 successful projects as part of the open round of the BLER program.
A timeline of key dates may be found at Exhibit 11.
The department entered into funding deeds with successful applicants
The Good Practice Guide advises that the agency administering a grant should enter into a formal agreement with each grant recipient which sets out the arrangements under which a grant is provided, received, managed and acquitted. Across all three streams, the department sent out a letter of offer to successful project managers to let them know that they had been successful in receiving funding, and then entered into funding deeds with grantees. The one exception was the project that RNSW managed, discussed below.
The reviewed funding deeds were signed by department staff with the appropriate level of delegation. They contained an appropriate level of information and key clauses that would allow the department to monitor the progress of the grant to ensure its completion as agreed with the grantee. The reviewed funding deeds contained key information, including:
- total value of the grant
- key deliverables at each milestone
- expected completion date of both the overall project and each milestone
- reporting requirements, including provisions to allow the department to request relevant information
- variation procedures.
The department only makes payments after confirming that milestones have been reached
The department has provided payments to grantees only after they could demonstrate that they had completed the agreed milestone. To ensure each milestone has been completed, the department requires grantees to provide evidence that they have fulfilled the milestone. Types of evidence provided includes photographs and invoices. Where the grantee provides insufficient evidence to the department, the department follows-up with the grantee to ensure that enough information is provided to justify the milestone payment.
The department also plans to undertake site visits of projects at select milestones and at the completion of most projects. The department has undertaken a risk assessment of each SDG and open round project, and uses this risk assessment to determine the number of milestones for the project, as well as the number of site visits that the department will undertake. Fast-Tracked projects all had PWA providing either project management or assurance and as such oversight is being provided through that mechanism. The milestones and site visits at each level of risk can be seen in Exhibit 15 for SDG and Exhibit 16 for open round.
Risk rating | Milestones | Site visits |
Low | Two | Zero |
Medium | Three | One |
High | Four | Two |
Risk rating | Milestones | Site visits |
Low | Three | One |
Medium | Four | Two |
High | Five | Three |
The department does not monitor quarterly progress for SDG grants
As part of the LER framework, the department reports to the Commonwealth every quarter on the status and financials of each project, including whether there are any risks to project delivery and the mitigations in place for those risks. For projects funded through the Fast-Tracked stream and the open round, the department collects quarterly progress reports from the grantees. These progress reports allow the department to determine if there are project risks, which can then be reported to the Commonwealth. The progress reports also allow the department to determine if a milestone is likely to be met within the next quarter or whether a project variation may be needed.
While the department monitors projects funded through the Fast-Tracked stream and the open round on a quarterly basis, there is no quarterly monitoring of progress for projects funded through the SDG stream. The SDG funding deeds do not include a provision to require quarterly reporting to the department. The department only collects progress reports from grantees when the grantee reports that it has completed a milestone. Quarterly monitoring of the SDG stream would allow the department to determine if projects require corrective action.
Resilience NSW is not collecting quarterly reports for the Fast-Tracked grant it is responsible for administering
One of the projects funded through the Fast-Tracked stream was the rebuilding of three local halls across two LGAs, for a total value of $3 million. RNSW is responsible for managing this grant and entered into funding deeds with the relevant councils. It is not documented why RNSW is responsible for these funding deeds rather than the department, which is the signatory for all of the other Fast-Tracked stream funding deeds. RNSW advised it was due to the responsible RNSW Director having a strong working relationship with the relevant councils.
The funding deeds which RNSW signed with the relevant councils set out a requirement that the councils would report on this project to RNSW every quarter. The second milestone of each of these projects involved the submission of a quarterly report. However, RNSW was unable to provide evidence that it carried out this monitoring of the project. At the time of the audit, no second milestone payment had been made. Undertaking quarterly monitoring would provide RNSW with assurance that the money is being expended for the proper purpose and whether the projects will be completed by the target date.
RNSW and the relevant councils developed project control groups for each project, which allows it to monitor the implementation of the projects. PWA is also represented on these project control groups and provides an advisory role in the implementation of the projects.
RNSW and the department advised that responsibility for this project will be transitioned to the department and it will be monitored on a quarterly basis, in line with the other Fast-Tracked projects.
The department has a consistent approach to validating variations
The department's funding deeds with grantees allow for the variation of contracts at the department's discretion after the grantee has written to the department. It is important for the department to consider the impact of any project variation request on the overall program objectives, because a project which costs more than was originally planned or which takes additional time may put at risk the objectives of the BLER program. To ensure that requests for variation are handled consistently and appropriately, the department's Grants Management Office (GMO) has developed a process document which applies to variation requests across the BLER program.
For the grants reviewed as part of this audit, the GMO applied this variation process consistently and has documented the outcomes. Larger variations are reviewed at a higher level of delegation and sign-off. To determine whether a variation is accepted, the GMO considers the following factors:
- consistency with BLER program objectives
- delivery within the timeframes of the BLER program
- eligibility under the BLER program guidelines
- financial viability to deliver within the requested budget.
The department is preparing multiple evaluations, but it has delayed its process evaluation
When developing round one of the BLER program, the department developed an evaluation plan. A total of $1.1 million has been reserved for conducting process, outcome, and economic evaluations of the BLER program and two other bushfire recovery grant programs.
To assist with evaluating program outcomes and economic impact, the department is planning a post-completion survey in 2023–24. This timeline will allow most projects to be completed and enough time for project outcomes to be realised. The department advised that the data collected through this survey would allow the department to determine whether the BLER program has achieved its objectives, as it includes information such as the number of jobs created through each project.
The process evaluation was initially planned for March to June 2021. This would have aligned with the announcement of the open round funding and would have allowed for the learnings from rounds one and two of the BLER program to be applied to the development of round three. However, the department did not conduct this evaluation in a timely way. The department advised that this was because funding deed negotiations were still ongoing, and the department was waiting for 50% of funding deeds to be signed. Given this, the department was not in a position to commence its process evaluation. In December 2021, the department revised its evaluation plan and advised that it commenced its process evaluation in April 2022. It is unlikely that this will allow time for the department to apply learnings to round three, which is currently underway.
Appendix one – Responses from agencies
Appendix two – BLER program distribution
Appendix three – About the audit
Appendix four – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #373 - released 2 February 2023