Reports
Coordination of the response to COVID-19 (June to November 2021)
What the report is about
This audit assessed the effectiveness of NSW Government agencies’ coordination of the response to COVID-19, with a focus on the Delta variant outbreak in the Dubbo and Fairfield Local Government Areas (LGA) between June and November 2021. We audited five agencies - the Department of Premier and Cabinet, NSW Health, the NSW Police Force, Resilience NSW and the Department of Customer Service.
The audit also considered relevant planning and preparation activities that occurred prior to June 2021 to examine how emergency management and public health responses learned from previous events.
What we found
Prior to Delta, agencies developed capability to respond to COVID-19 related challenges.
However, lessons learned from prior reviews of emergency management arrangements, and from other jurisdictions, had not been implemented when Delta emerged in June 2021. As a result, agencies were not as fully prepared as they could have been to respond to the additional challenges presented by Delta.
Gaps in emergency management plans affected agencies' ability to support individuals, families and businesses impacted by restrictions to movement and gathering such as stay-at-home orders. In LGAs of concern, modest delays of a few days had a significant impact on people, especially those most vulnerable.
On 23 July 2021, the NSW Government established a cross-government coordinating approach, the Delta Microstrategy, which complemented existing emergency management arrangements, improved coordination between NSW Government agencies and led to more effective local responses.
Where possible, advice provided to government was supported by cross-government consultation, up-to-date evidence and insights. Public Health Orders were updated as the response to Delta intensified or to address unintended consequences of previous orders. The frequency of changes hampered agencies' ability to effectively communicate changes to frontline staff and the community in a rapidly evolving situation.
The NSW Government could provide greater transparency and accountability over decisions to apply Public Health Orders during a pandemic.
What we recommended
The audit made seven recommendations intended to improve transparency, accountability and preparedness for future emergency events.
This audit assessed the effectiveness of NSW Government agencies’ coordination (focused on the Department of Premier and Cabinet, NSW Health, the NSW Police Force, Resilience NSW and the Department of Customer Service) of the COVID-19 response in selected Local Government Areas (Fairfield City Council and Dubbo Regional Council) between June and November 2021.
As noted in this report, Resilience NSW was responsible for the coordination of welfare services as part of the emergency management arrangements. On 16 December 2022, the NSW Government abolished Resilience NSW.
During the audited period, Resilience NSW was tasked with supporting the needs of communities subject to stay-at-home orders or stricter restrictions and it provided secretariat support to the State Emergency Management Committee (SEMC). The SEMC was, and remains, responsible for the coordination and oversight of emergency management policy and preparedness.
Our work for this performance audit was completed on 15 November 2022, when we issued the final report to the five audited agencies. While the audit report does not make specific recommendations to Resilience NSW, it does include five recommendations to the State Emergency Management Committee. On 8 December 2022, the then Commissioner of Resilience NSW provided a response to the final report, which we include as it is the formal response from the audited entity at the time the audit was conducted.
The community of New South Wales has experienced significant emergency events during the past three years. COVID-19 first emerged in New South Wales after bushfire and flooding emergencies in 2019–20. The pandemic is now into its third year, and there have been further extreme weather and flooding events during 2021 and 2022.
Lessons taken from the experience of these events are important to informing future responses and reducing future risks to the community from emergencies.
This audit focuses on the NSW Government's response to the COVID-19 pandemic, and in particular, the Delta variant (Delta) that occurred between June and November 2021. The response to the Delta represents six months of heightened challenges for the NSW Government.
Government responses to emergencies are guided by legislation. The State Emergency and Rescue Management Act 1989 (SERM Act) establishes emergency management arrangements in New South Wales and covers:
- coordination at state, regional and local levels through emergency management committees
- emergency management plans, supporting plans and functional areas including the State Emergency Management Plan (EMPLAN)
- operations centres and controllers at state, regional and local levels.
This audit focuses on the activities of five agencies during the audit period:
- The NSW Police Force led the emergency management response and was responsible for coordinating agencies across government in providing the tactical and operational elements that supported and enhanced the health response to the pandemic. The NSW Police Force also led the compliance response which enforced Public Health Orders and included household checks on those required to isolate at home after testing positive to COVID-19. In some parts of NSW, they were supported by the Australian Defence Force in this role.
- NSW Health was responsible for leading the health response which coordinated all parts of the health system, initially to prevent, and then to manage, the pandemic.
- Resilience NSW coordinated welfare services as part of the emergency management arrangements and provided secretariat support to the State Emergency Management Committee (SEMC). The SEMC is responsible for the coordination and oversight of emergency management policy and preparedness. Resilience NSW was also tasked with supporting the needs of communities subject to stay-at-home orders or stricter restrictions.
- The Department of Customer Service (DCS) was responsible for the statewide strategic communications response.
- The Department of Premier and Cabinet (DPC) held a key role in providing policy and legal services, as well as supporting the coordination of activity across a range of functional areas and decision-making by our State’s leaders.
This audit assessed the effectiveness of NSW Government agencies’ coordination (focused on the Department of Premier and Cabinet, NSW Health, the NSW Police Force, Resilience NSW and the Department of Customer Service) of the COVID-19 response in selected Local Government Areas (LGA) (Fairfield City Council and Dubbo Regional Council) after June 2021.
The audit investigated whether:
- government decisions to apply LGA-specific Public Health Orders were supported by effective crisis management governance and planning frameworks
- agencies effectively coordinated in the communication (and enforcement) of Public Health Orders.
While focusing on the coordination of NSW Government agencies’ response to the Delta variant in June through to November 2021, the audit also considered relevant planning and preparation activities that occurred prior to June 2021 to examine how emergency management and public health responses learned from previous events.
This audit does not assess the effectiveness of other specific COVID-19 responses such as business support. It refers to the preparedness, planning and delivery of these activities in the context of supporting communities in selected LGAs. NSW Health's contribution to the Australian COVID-19 vaccine rollout was also subject to a separate audit titled 'New South Wales COVID-19 vaccine rollout' tabled in NSW Parliament on 7 December 2022.
This audit is part of a series of audits which have been completed, or are in progress, regarding the New South Wales COVID-19 emergency response. The Audit Office of New South Wales '2022–2025 Annual Work Program' details the ongoing focus our audits will have on providing assurance on the effectiveness of emergency responses.
In this document Aboriginal refers to the First Nations peoples of the land and waters now called Australia, and includes Aboriginal and Torres Strait Islander peoples.
Conclusion
Prior to June 2021, agencies worked effectively together to adapt and refine pre-existing emergency management arrangements to respond to COVID-19. However, lessons learned from prior reviews of emergency management arrangements, and from other jurisdictions, had not been implemented when Delta emerged in June 2021. As a result, agencies were not as fully prepared as they could have been to respond to the additional challenges presented by Delta.
In the period March 2020 to June 2021, the State's Emergency Management (EM) arrangements coordinated the New South Wales emergency response to COVID-19 with support from the Department of Premier and Cabinet (DPC) which led the cross-government COVID-19 Taskforce. NSW Government agencies enhanced the EM arrangements, which until then had typically been activated in response to natural disasters, to meet the specific circumstances of the pandemic.
However, the State Emergency Management Committee (SEMC), supported by Resilience NSW, did not address relevant recommendations arising from the 2020 Bushfires Inquiry before June 2021 and agencies did not always integrate lessons learned from other jurisdictions or scenario training exercises into emergency management plans or strategies before Delta. As a result, deficiencies in the EM arrangements, including representation of vulnerable communities on EM bodies, well-being support for multicultural communities in locked down environments and cross-agency information sharing, persisted when Delta emerged in June 2021.
It should be noted that for the purposes of this audit there is no benchmark, informed by precedent, that articulates what level of preparation would have been sufficient or proportionate. However, the steps required to address these gaps were reasonable and achievable, and the failure to do so meant that agencies were not as fully prepared as they could have been for the scale and escalation of Delta’s spread across the State.
The Delta Microstrategy complemented the EM arrangements to support greater coordination and agencies are working to improve their capability for future events
The Delta Microstrategy (the Microstrategy) led to innovations in information sharing and collaboration across the public service. Agencies involved in the response have completed, or are completing, reviews of their contribution to the response. That said, none of these reviews includes a focus on whole-of-government coordination.
On 23 July 2021, the NSW Government approved the establishment of the Microstrategy to respond to the additional challenges presented by Delta including the need to support communities most impacted by restrictions to movement and gathering in the LGAs of concern. An extensive range of government agencies were represented across eight Microstrategy workstreams, which coordinated with the existing EM arrangements to deliver targeted strategies to communities in high-risk locations and improve data and information sharing across government. This enhanced the public health, compliance, income and food support, communications and community engagement aspects of the response.
Agencies also leveraged learnings from early weeks of the Delta wave and were able to replicate those lessons in other locations. The use of pre-staging hubs in Fairfield to support food and personal hamper distribution was used a month later in Dubbo which acted as a central hub for more remote parts of the State.
Emergency management plans did not enable government to respond immediately to support vulnerable communities in high-risk LGAs or regional NSW
There are gaps in the emergency management plans relating to the support for individuals, families and businesses impacted by the stay-at-home orders and other restrictions to movement and gathering. These gaps affected agencies' ability to respond immediately when the need arose during Delta.
Emergency management plans and supporting instruments did not include provision for immediate relief for households, which meant arrangements for isolation income support and food security measures had to be designed in the early stages of Delta before it could be approved and deployed.
There were delays – sometimes only days, on occasion, weeks - in providing support to affected communities. In particular, there were delays to the provision of income support and in scaling up efforts to coordinate food and grocery hampers to households in isolation. In LGAs of concern, modest delays of a few days had a significant impact on people, especially those most vulnerable.
Although government issued stricter restrictions for workers in the Fairfield LGA on 14 July 2021, it only approved targeted income support for people in LGAs of concern on 16 August 2021.
Overall, agencies coordinated effectively to provide advice to government but there are opportunities to learn lessons to improve preparedness for future events
Agencies coordinated in providing advice to government. The advice was supported by timely public health information, although this was in the context of a pandemic, where data and information about the virus and its variants was changing regularly. However, agencies did not always consider the impact on key industries or supply chains when they provided advice to government, which meant that Public Health Orders would sometimes need to be corrected.
Public Health Orders were also updated as the response to Delta intensified or to address unintended consequences of previous orders. The frequency of changes hampered agencies' ability to effectively communicate changes to frontline staff and the community in a rapidly evolving situation.
The audit identified several occasions where there were delays, ranging from three to 21 days, between the provision of advice to government and subsequent decision-making (which we have not detailed due to the confidentiality of Cabinet deliberations). Agency officers advised of instances where they were not provided sufficient notice of changes to Public Health Orders to organise local infrastructure (such as traffic support for testing clinics) to support compliance with new requirements.
The COVID-19 pandemic arrived in Australia in late January 2020 as the bushfire and localised flooding emergencies were in their final stages. Between 2020 and mid-2021, agencies responded to the initial variants of COVID-19, managed a border closure with Victoria that lasted nearly four months and dealt with localised ‘flare-ups’ that required postcode-based restrictions on mobility in northern parts of Sydney and regional New South Wales. During this period, New South Wales had the opportunity to learn from events in Victoria which imposed strict restrictions on mobility across the State and the growing emergence of the Delta variant (Delta) across the Asia Pacific.
This section of the report assesses how emergency management and public health responses adapted to these lessons and determined preparedness for, and responses to, widespread community transmission of Delta in New South Wales.
The previous chapter discusses how agencies had refined the existing emergency management arrangements to suit the needs of a pandemic and describes some gaps that were not addressed. This chapter explores the first month of Delta (mid-June to mid-July 2021). It explores the areas where agencies were prepared and responses in place for the outbreak. It also discusses the impact of the gaps that were not addressed in the period prior to Delta and other issues that emerged.
NSW Health provided advice on the removal of restrictions based on up-to-date advice
The NSW Government discussed the gradual process for removing restrictions using the Doherty Institute modelling provided to National Cabinet on 10 August 2021. NSW Health highlighted the importance of maintaining a level of public health and safety measure bundles to further suppress case numbers. This was based on additional modelling from the Doherty Institute.
The Department of Regional NSW led discussion and planning around reopening with a range of proposal through August and September 2021. The Department of Premier and Cabinet and NSW Health jointly developed a paper to provide options on the restrictions when the State reached a level of 70% double dose vaccinations.
The roadmap to reopening was originally published on 9 September 2021. However, by 11 October 2021, the restrictions were relaxed when the 70% double dose threshold was reached to allow:
- up to ten fully vaccinated visitors to a home (increased from five)
- up to 30 fully vaccinated people attending outdoor gatherings (increased from 20)
- weddings and funerals limits increased to 100 people (from 50)
- the reopening of indoor pools for training, exercise and learning purposes only.
On the same day, the NSW Government announced further relaxation of restrictions once the 80% double dose threshold was reached. These restrictions were further relaxed on 8 November 2021. This included the removal of capacity restrictions to the number of visitors to a private residence, indoor pools to reopen for all purposes and density limits of one person for every two square metres, dancing allowed in nightclubs and 100% capacity in major stadia.
The NSW Government allowed workers in regional areas who received one vaccination dose to return to their workplace from 11 October 2021.
The Premier extended the date of easing of restrictions for unvaccinated people aged over 16 from 1 December to 15 December 2021.
Many agencies have undertaken reviews of their response to the Delta outbreak but a whole-of-government review has yet to be conducted
Various agencies and entities associated with the response to the Delta outbreak conducted after-action review processes. These processes assessed the achievements delivered, lessons learned and opportunities for improvement. However, a whole-of-government level review has not been conducted. This limits the New South Wales public service's ability to improve how it coordinates responses in future emergencies.
The agencies/entities that conducted reviews included:
- South West Metropolitan region, Western NSW region, Fairfield Local Emergency Management Committee (LEMC), Dubbo Local Emergency Operations Controller (LEOCON), which were collated centrally by the State Emergency Operations Centre (SEOC)
- Aboriginal Affairs NSW assessed representation and relevance of the emergency management arrangements for Aboriginal communities following the 2019 bushfires
- Resilience NSW developed case studies to capture improved practice with regard to food security and supply chains
- a community support and empowerment-focused after-action review undertaken by the Pillar 5 workstream of the Microstrategy.
Key lessons collated from the after-action reviews include:
- the impact of variation in capability across agencies on the management of key aspects of the response including welfare support and logistics
- issues with boundary differences between NSW Police Force regions, local government areas (LGA and local health districts (LHD) caused issues in delivering and coordinating services in an emergency situation
- the need to improve relationships between state and local Government outside of acute emergency responses to improve service delivery
- issues arising from impediments to information sharing between agencies and jurisdictions, such as:
- timeliness and accuracy of data used to direct compliance activities
- the impact of insufficient advance notice on changes to Public Health Orders
- timely access to data across public sector agencies and other jurisdictions to inform decision-making, analysis and communications
- gaps in data around ethnicity, geolocation of recent positive cases and infection/vaccination rates in Aboriginal communities.
- the lack of Aboriginal community representation on many LEMCs
- compared with the response to COVID-19 in 2020, improved coordination of communications with Culturally and Linguistically Diverse (CALD) populations with a reduction in overlapping messages and over-communication
- improved attendance from agency representatives in LEMCs, and regional emergency operations centres (REOC) to improve interagency communications, planning, capability development and community engagement issues
- deficiencies in succession planning and fatigue management practices
- the potential for REOC Welfare/Well-being subgroups to be included as part of the wider efforts to community needs during emergencies.
NSW Health commenced a whole of system review of its COVID-19 response in May 2022. At the time of writing, the completion due date for the debrief is 7 November 2022. This debrief is expected to explore:
- governance
- engagement
- innovation and technology
- community impact
- workforce impact
- system impact and performance.
NSW Health is also undertaking a parallel Intra-Action Review that is focused on the public health aspects of the response with finalisation estimated for the end of November 2022. At the time of completing this performance audit report, NSW Health had not finalised these reviews and, as a result, we cannot validate their findings against our own observations.
Recent inquiries are likely to impact the governance of emergency management in New South Wales
In March 2022, the NSW Government established an independent inquiry to examine and report on the causes of, preparedness for, response to and recovery from the 2022 floods. The Flood Inquiry report made 28 recommendations, which the NSW Government supported in full or in principle. Some of the recommendations relate directly to the governance and leadership of emergency management arrangements in New South Wales.
The State Emergency Management Committee (SEMC) will likely be involved in, and impacted by, the recommendations arising from the Flood Inquiry with potential changes to its membership and reshaping of functional areas and agencies. At the same time, the SEMC may have a role in overseeing the changes that emerge from the SEOC consolidated after-action reviews. This can also extend to ensuring local and regional bodies have incorporated the required actions. There is a risk that the recommendations from the pandemic-based after-action reviews may not be considered due to the priority of action resulting from the Flood Inquiry.
Furthermore, there is potential for the SEMC to work with NSW Health during its system-wide review. Such an approach is likely to improve preparedness for future events.
Appendix one – Response from agencies
Appendix two – Chronology 2020–2021
Appendix three – About the audit
Appendix four – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #371 - released 20 December 2022
Planning and Environment 2022
What the report is about
Result of the Planning and Environment cluster agencies' financial statements audits for the year ended 30 June 2022.
What we found
Unmodified audit opinions were issued for all completed 30 June 2022 financial statements audits of cluster agencies. Seven audits are ongoing.
Disclaimed audit opinions were issued for the 2010–11 to 2015–16 financial statements of the Water Administration Ministerial Corporation (WAMC), as management was unable to certify that the financial statements exhibit a true and fair view of WAMC's financial position and financial performance.
Qualified audit opinions were issued for WAMC's 2016–17 and 2017–18 financial statements due to insufficient evidence to support the completeness and valuation of water meters infrastructure assets, the impairment of water meters, and the completeness of buildings at Nimmie Caira.
Unqualified audit opinions were issued for WAMC's 2018–19 and 2019–20 financial statements.
The Department of Planning and Environment (the department) assessed 45 Category 2 Statutory Land Managers (SLM) did not meet the reporting exemption criteria and therefore were required to prepare 2021–22 financial statements. None of these 45 Category 2 SLMs prepared and submitted their 30 June 2022 financial statements by the statutory reporting deadline.
All 119 Commons Trusts have never submitted their financial statements for audit as required by the Government Sector Finance Act 2018 (GSF Act).
NSW Treasury has confirmed that the Catholic Metropolitan Cemeteries Trust (CMCT) is a controlled entity of the State. To date, CMCT has not met its obligations to prepare financial statements under the GSF Act and it has not submitted financial statements to the Auditor-General for audit.
What the key issues were
Since 2017, the Audit Office has recommended the department address the different practices across the local government sector in accounting for rural firefighting equipment. Despite repeated recommendations, the department did little to resolve this issue. At the time of writing, 32 of 118 completed council audits received qualified audit opinions on their 30 June 2022 financial statements.
There continues to be significant deficiencies in Crown land records. The department uses the Crown Land Information Database (CLID) to record key information relating to Crown land in New South Wales that is managed and controlled by the department and land managers. The CLID system was not designed to facilitate financial reporting, and the department is required to conduct extensive adjustments and reconciliations to produce accurate information for the financial statements.
The department implemented the CrownTracker system as a replacement for CLID. The project was finalised in June 2022, but it has not achieved the intended outcomes.
Nine high-risk issues were identified across the cluster related to the findings outlined above and weaknesses in IT general controls, financial reporting, governance processes and internal controls.
Recommendations were made to address these deficiencies.
This report provides Parliament and other users of the Planning and Environment cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment cluster (the cluster) for 2022.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Planning and Environment cluster.
Section highlights
|
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Appendix five – Councils received qualified audit opinions
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Stronger Communities 2022
What the report is about
Results of the Stronger Communities cluster agencies' financial statement audits for the year ended 30 June 2022.
What we found
Unqualified audit opinions were issued on all completed 30 June 2022 financial statement audits. One audit is ongoing.
All 13 cluster agencies that have accommodation arrangements with Property NSW derecognised right-of-use assets and lease liabilities of $917 million and $1 billion respectively. The agencies also collectively recorded a gain on derecognition of $136 million.
The Department of Communities and Justice (the department) assumed the responsibility for delivery of the Process and Technology Harmonisation program from the Department of Customer Service. In 2021–22, the department incurred costs of $42.8 million in relation to the project, which remains ongoing.
The number of monetary misstatements identified during the audits decreased from 50 in 2020–21 to 48 in 2021–22.
What the key issues were
Six of the 15 cluster agencies required to submit 2021–22 mandatory early close procedures did not meet the statutory deadlines. One agency did not complete all mandatory procedures.
Five high-risk findings were identified in 2021–22. They related to deficiencies in:
- user access administration at the department, NSW Rural Fire Service and New South Wales Aboriginal Land Council (NSWALC)
- segregation of duties at the NSW Trustee and Guardian and NSWALC.
Recommendations were made to those agencies to address these control deficiencies.
This report provides Parliament and other users of the Stronger Communities cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster (the cluster) for 2022.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.
Section highlights
|
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Development applications: assessment and determination stages
What the report is about
Local councils in New South Wales are responsible for assessing local and regional development applications.
Most development applications are assessed and determined by council staff under delegated authority. However, some development applications must be referred to independent local planning panels or Sydney and regional planning panels for determination.
Councils provide support to local planning panels. The Department of Planning and Environment provides support to Sydney and regional planning panels.
This audit assessed whether Byron Shire Council, Northern Beaches Council and The Hills Shire Council had effectively assessed and determined development applications in compliance with legislative and other requirements.
It also assessed whether The Hills Shire Council, Northern Beaches Council and the Department of Planning and Environment had provided effective support to relevant independent planning panels.
What we found
All councils had established clear roles, responsibilities and delegations for assessment and determination of development applications and had also established processes to ensure quality of assessment reports.
Northern Beaches Council and The Hills Shire Council have established comprehensive approaches to considering and managing risks related to development assessment.
Northern Beaches Council's approach to publishing its assessment reports promotes transparency.
Across a sample of development applications assessed and determined between 2020–22:
- Northern Beaches Council and The Hills Shire Council had assessed and determined applications in compliance with legislative and other requirements. However, The Hills Shire Council could do more to transparently document any conflicts of interest within assessment reports.
- Byron Shire Council had assessed most applications in compliance with legislative and other requirements. However, we found opportunities for the Council to:
- ensure determinations were made in line with delegations
- strengthen its approach to transparent management of conflicts of interest and quality review of assessments.
The Hills Shire Council and Northern Beaches Council had effectively supported their respective local planning panels.
The Department of Planning and Environment had processes that meet requirements for supporting regional planning panels but could do more to promote consistency in approach, share information across panels and measure the effectiveness of its support.
What we recommended
We made recommendations to Byron Shire Council, The Hills Shire Council and the Department of Planning and Environment to address the gaps identified and improve the transparency of processes.
Local councils in New South Wales are responsible for assessing local and regional development applications under the Environmental Planning and Assessment Act 1979 (EP&A Act).
In assessing development applications, councils consider:
- whether the proposed development application is compliant with legislation and environmental planning instruments
- whether the proposed development meets local planning controls and objectives
- any environmental, social and economic impacts
- any submissions from impacted properties, neighbours and interested parties
- the public interest.
Once assessed, a development application will be determined by council staff under delegated authority, the elected council, or an independent planning panel.1
The involvement of a particular independent planning panel is established under legislative and policy instruments, and depends on the type and value of the proposed development. Most development applications are assessed and determined by council staff under delegated authority.
In determining development applications, independent planning panels must manage any potential, real or perceived conflicts of interest of panel members for a given development application, meet and vote on development applications, and publish their decisions and reasons.
Under the EP&A Act, and as required by statutory instruments and procedures, councils and the Department of Planning and Environment (DPE) must provide secretariat and other support functions to independent planning panels.
Previous reviews and inquiries have identified several significant risks that are present within the processes involved in the assessment and determination of development applications. These risks include possible non-compliance with complex legal and policy requirements, potential improper influence from developers and other stakeholders, and a perceived lack of transparency within the planning system and planning outcomes.
There are several planning pathways for development in New South Wales. This audit focuses on local and regional development that requires assessment and determination by a local council and/or an independent local planning panel or Sydney or regional planning panel in three Local Government Areas (LGAs): Byron Shire Council, Northern Beaches Council, The Hills Shire Council.
Audited councils were selected from a range of criteria, including:
- the number, value and types of development applications determined in 2018–19
- average determination timeframes
- appeals against determinations and Land and Environment Court outcomes
- LGA demographics.
The audit also avoided councils that had previously been subject to a performance audit.
The objective of this audit was to assess whether:
- selected councils have effectively assessed and determined development applications in compliance with relevant legislation, regulations and government guidance
- selected councils and DPE effectively support independent planning panels to determine development applications in compliance with relevant legislation, regulations and government guidance.
Conclusion – Byron Shire Council
Byron Shire Council has established clear roles, responsibilities and delegations for assessment and determination of development applications. However, the effectiveness of the Council's approach is limited by gaps in governance, risk management and internal controls.
Byron Shire Council has established clear roles, responsibilities and delegations for assessment and determination of development applications. However, the Council does not have a consolidated policy and procedure for development assessment, has not adequately followed up on the outcomes of internal reviews that identified opportunities to strengthen its assessment and determination procedures and approach, and has not demonstrated that it has managed relevant risks effectively.
The Council has not ensured that delegations have been consistently followed in the assessment of development applications.
Byron Shire Council's approach to managing conflicts of interest in development assessments does not provide transparency over potential conflicts of interest.
Byron Shire Council manages the risk of conflicts of interest for development assessment under its Code of Conduct. The Council has also implemented a separate policy that details additional requirements for managing conflicts of interest relevant to the development assessment process, but has not regularly updated this policy and requirements between it and the Code of Conduct have not been aligned. This creates a risk that planning staff may be following inconsistent or outdated advice in managing conflicts of interest.
Across the period of review, the Council did not require staff to provide a disclosure of interest for individual development applications to be contained within assessment reports. Including these disclosures would increase transparency and ensure that staff are sufficiently considering any conflicts of interest relevant to each separate assessment process.
Byron Shire Council has processes that promote compliance with legislation, regulation and government policy, but can improve how it undertakes some aspects of these that would ensure transparency, quality and consistency.
Our review of a sample of completed development applications from the Council indicated that most assessments were completed in compliance with relevant legislation, regulations and government guidance, but that there were some opportunities to improve elements of the assessment process, including: transparency of any conflicts of interest involved in the assessment process, ensuring compliance with delegated authority limits, and consideration of modification application provisions.
The Council has established templates to guide planners through relevant assessment considerations required by legislation, regulations and other guidance. However, it could do more to strengthen its approach to peer or manager review, monitoring legislative changes, and how it monitors the completion of relevant training by planning staff.
Conclusion – Northern Beaches Council
Northern Beaches Council has established processes to support compliant and effective assessment and determination of development applications.
The Council has a clear governance and risk management framework for development assessment that sets out roles, responsibilities and delegations.
Northern Beaches Council has established clear roles, responsibilities and delegations for development application assessment and determination. The Council has identified development assessment related risks, and has put in place controls and mitigating actions to manage the risks to within risk tolerances.
Northern Beaches Council's approach to managing conflicts of interest promotes transparency.
Northern Beaches Council manages the risk of conflicts of interest for development assessment under its Code of Conduct. The Council has implemented an additional framework for planning staff to respond to the risk of conflicts of interest in development assessment processes. This framework requires its staff to disclose any conflicts of interest as a formal step in assessing development applications and includes declarations of any interests within assessment reports or planning panel minutes.
Our review of a sample of completed development applications indicated that the assessment reports had been compliant with the Council's approach to transparently documenting conflicts of interest.
Northern Beaches Council has established processes to deliver consistent, quality assessment of development applications.
Northern Beaches Council staff use an electronic development assessment tool that provides guidance, links to legislative and policy instruments and other applications that support assessment and drive consistency in approach. The Council applies a peer review process in which a manager or team member in a more senior position reviews an assessment report prior to determination to ensure that expected standards of quality and consistency have been met.
Our review of a sample of completed development applications indicated that assessments were undertaken in compliance with relevant legislation, regulations and government guidance.
Northern Beaches Council transparently documents assessment reports, supporting information and determination outcomes.
Northern Beaches Council has implemented a transparent approach to how it assesses and determines development applications. The Council publishes assessment reports, supporting technical reports, plans and submissions for all development applications. Notices of determination and final plans are also published alongside the assessment reports, allowing for greater transparency to the public.
Northern Beaches Council has established processes to effectively support the Northern Beaches Local Planning Panel.
Northern Beaches Council has established processes to support the Northern Beaches Local Planning Panel as required under legislative and policy instruments. The Council has processes to ensure that development applications required to be referred to a planning panel are identified and monitored, supports identification and documentation of any conflicts of interest, and transparently documents decisions of the panel.
Our review of a sample of meeting records held across the audit period of review indicated that these requirements were met and were transparently documented.
Conclusion – The Hills Shire Council
The Hills Shire Council has established processes to support compliant and effective assessment and determination of development applications.
The Council has established a comprehensive governance and risk management framework for development assessment that sets out clear roles, responsibilities and delegations.
The Hills Shire Council has established a comprehensive framework for managing risks related to development assessment. Such risks are clearly identified and associated controls are in place to reduce or mitigate the risks. The Council has undertaken regular internal audits of development assessments, including reviewing completed applications to ensure compliance with relevant legislative and policy requirements.
The Council has established clear roles, responsibilities and delegations, and its staff assessing and determining development applications are supported by a standard set of policies and procedures for undertaking assessment and determination of applications.
The Hills Shire Council is managing conflicts of interest in line with Code of Conduct requirements but could more transparently document these.
The Hills Shire Council manages conflicts of interest for those involved in development application processes through provisions under its Code of Conduct. Under this Code of Conduct, staff must declare any conflicts of interest to their manager. However, the Council does not require staff to disclose any conflicts of interest in development application assessment reports which limits transparency to reviewing managers or any other determination bodies.
The Hills Shire Council has established processes to deliver consistent, quality assessment of development applications.
The Hills Shire Council has established templates to guide planners through relevant development assessment and determination considerations required by legislation, regulations and other guidance. The Council requires a peer review to occur prior to any determination which ensures a check on the compliance and quality of the assessment report prepared.
Our review of a sample of completed development applications from the Council indicated that assessments were performed in compliance with relevant legislation, regulations and government guidance.
The Hills Shire Council has established processes to effectively support The Hills Shire Local Planning Panel.
The Hills Shire Council has met requirements to provide secretariat and other support to The Hills Shire Local Planning Panel as required under legislative and policy instruments. It has processes to ensure that development applications required to be referred to a planning panel are identified and monitored, supports identification and documentation of any conflicts of interest, and transparently documents decisions of the panel.
Our review of a sample of meeting records held across the audit period of review indicated that these requirements were met and were transparently documented.
Conclusion – Department of Planning and Environment
The Department of Planning and Environment (DPE) has established processes that meet its statutory and policy requirements to support Sydney and regional planning panels.
DPE has established processes to provide secretariat and other support to planning panels. It has met requirements to provide administrative support to the panels through its planning panels secretariat including undertaking administrative functions, supporting recruitment of panel members, and addressing complaints about the panel processes.
DPE has not ensured collection of annual pecuniary interest declarations for all panel members for the three Sydney and regional planning panels in scope for this audit. DPE could not provide annual pecuniary interest declarations for part of the audit period for three of the 47 members of these panels, as is required by DPE's Code of Conduct for Regional Planning Panels.
DPE does not formally measure its effectiveness in providing support to panels, but panel chairs consulted as part of this audit advised that they had no concerns with the level of secretariat support provided by DPE.
DPE could do more to facilitate information sharing between panels and could formalise how it provides comparative information to panels to improve consistency and standardisation in approach and share good practice. DPE has identified these gaps in reviews of its services and functions and has a plan in place to address them.
DPE has effectively documented planning panel decisions and made them available to all stakeholders. It also effectively documented interests declared as part of consideration of development applications for in-scope panels.
This audit continues a series of audits examining the development assessment process in NSW local councils and is focused on the assessment and determination stages.
The Audit Office of New South Wales previously considered local government development assessments in our 2019 performance audit: 'Development assessment: pre-lodgement and lodgement in Camden Council and Randwick City Council'.
Appendix one – Response from agencies
Appendix two – Council profile: Byron Shire Council
Appendix three – Council profile: Northern Beaches Council
Appendix four – Council profile: The Hills Shire Council
Appendix five – About the audit
Appendix six – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #370 - released 12 December 2022
Regional NSW 2022
What the report is about
Result of the Regional NSW cluster agencies' financial statement audits for the year ended 30 June 2022.
What we found
Unmodified audit opinions were issued for Regional NSW cluster agencies. Two audits are ongoing.
What the key issues were
The Department of Regional NSW (the department) and Local Land Services (LLS) accepted changes to their office leasing arrangements managed by Property NSW.
These changes resulted in the collective derecognition of $100.6 million of rights-of-use-assets and $110.4 million of lease liabilities.
In 2021–22, the cluster agencies continued to assist communities in their recovery from recent weather emergencies, including significant flooding in New South Wales.
The Northern Rivers Reconstruction Corporation was established in May 2022 to rebuild communities in the Lismore and Northern Rivers region impacted by floods.
The number of matters reported to management decreased from 36 in 2020–21 to 14 in 2021–22.
Five moderate risk issues were identified and 14% of reported issues were repeat issues.
One moderate risk issue was a repeat issue related to Local Land Services' annual fair value assessment of the asset improvements on land reserves used for moving stock.
This report provides Parliament and other users of the Regional NSW cluster financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Regional NSW cluster (the cluster) for 2022.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Regional NSW cluster.
Section highlights
|
Effectiveness of the Biodiversity Offsets Scheme
What the report is about
This audit examined whether the Department of Planning and Environment (DPE) and the Biodiversity Conservation Trust (BCT) have effectively designed and implemented the Biodiversity Offsets Scheme (‘the Scheme’) to compensate for the loss of biodiversity due to development.
Under the Biodiversity Conservation Act 2016, the Scheme enables landholders to establish in-perpetuity Biodiversity Stewardship Agreements on sites to generate credits for the unique biodiversity on that land. These credits can be sold to offset the negative impact of development on biodiversity.
What we found
DPE has not effectively designed core elements of the Scheme. DPE did not establish a clear strategic plan to guide the implementation of the Scheme.
The BCT has various roles in the Scheme but lacked safeguards against potential conflicts, creating risks to credit supply.
The effectiveness of its implementation has also been limited. Key concerns around the Scheme’s transparency, sustainability and integrity are yet to be fully resolved.
A market-based approach to biodiversity offsetting is central to the Scheme's operation but credit supply is lacking and poorly matched to growing demand. DPE has not established a clear, resourced plan to manage the shortage in credit supply. Data about the market, published by the DPE and the BCT, does not provide an adequate picture of credit supply, demand and price to readily support market participation.
These factors create a risk that biodiversity gains made through the Scheme will not be sufficient to offset losses resulting from development, and that the DPE will not be able to assess the Scheme’s overall effectiveness.
DPE is leading work with the BCT to improve the Scheme, but this is not yet guided by a long-term strategy with clear goals.
What we recommended
The audit made 11 recommendations to DPE and the BCT, focusing on:
- a long-term strategic plan for the Scheme
- improvements to the operation and transparency of the market and credit supply
- frameworks to ensure the financial and ecological sustainability of biodiversity stewardship sites
- enhanced public reporting and data management
- resolving issues in conflicting governance and oversight.
Fast facts
- 96% – proportion of developer demand for species credits not met by current supply
- 97% – proportion of species credits that have never been traded on the biodiversity market
- 60% – proportion of the 226 Biodiversity Stewardship sites under active land management
- $90m – value of developers’ obligations paid directly into the Biodiversity Conservation Fund
- 20% – proportion of developer obligations transferred to the BCT that have been acquitted.
The NSW Government's Biodiversity Outlook Report 2020 estimates that, without effective management, only 50% of species and 59% of ecological communities that are listed as threatened in New South Wales will still exist in 100 years. The NSW State of the Environment 2021 report identifies habitat destruction and native vegetation clearing as presenting the single greatest threat to biodiversity in the State.
According to the Organisation for Economic Co-operation and Development (OECD), biodiversity offsets are 'measurable conservation outcomes that result from actions designed to compensate for significant, residual biodiversity loss from development projects'. The OECD states that a feature of such schemes is that biodiversity offsets are intended to be implemented as the 'final step of a mitigation hierarchy' whereby reasonable first steps are taken to avoid and minimise the negative impacts.
The NSW Biodiversity Offsets Scheme was established in 2017 under the Biodiversity Conservation Act 2016 (the Act). The purpose of the Act is to 'maintain a healthy, productive and resilient environment for the greatest well-being of the community, now and into the future, consistent with the principles of ecologically sustainable development'.
The Department of Planning and Environment (DPE) designed and manages this Scheme. Under the Act, a feature of the Scheme is a 'market-based conservation mechanism through which the impacts to biodiversity can be offset.' The Scheme enables landholders to establish in-perpetuity Biodiversity Stewardship Agreements (BSAs) on sites to generate biodiversity credits, which can be sold to offset the negative impact of development on biodiversity. BSA sites are intended to be managed over the long term to generate the biodiversity gains required to offset the impact.
The Biodiversity Conservation Trust (BCT) monitors and supports landholders to manage BSA sites under the Scheme. This includes making payments to landholders from funds held in the Biodiversity Stewardship Payments Fund for undertaking the required biodiversity management actions.
This Scheme was preceded by several other offsetting schemes in New South Wales, including the BioBanking scheme that started in 2008. DPE has arrangements to transition sites, credits, and offset obligations from this and other previous schemes.
The current biodiversity credit market in New South Wales consists of 1394 different types of ecosystem credits, which are approved to be traded in 364 different offset trading groups, and 867 different species credits. Trading rules, set out in the Biodiversity Conservation Regulation 2017 (the Regulation), prioritise offsetting the obligations of a development with like-for-like ecosystem or species credits.
The Scheme is implemented through the planning system in New South Wales. Proposed development that involves the clearing of native vegetation, and meets certain thresholds, is required to undertake a Biodiversity Development Assessment Report. These reports determine an offset obligation, in biodiversity credits, to compensate for the biodiversity loss proposed. These reports are considered by consent authorities (such as a council, for local development, or by the Minister for Planning for major projects). An offset obligation is then included in the conditions of development approval.
In addition to establishing a market for trading between developers, with offset obligations, and landholders, who sell credits from their BSA sites, the Scheme allows developers to pay into the Biodiversity Conservation Fund and transfer their obligations to the BCT. This allows the developer to proceed with their project. The BCT must then meet these acquired obligations by buying the required credits, or by undertaking other approved activities set out in the Regulation. The BCT has more options than developers on how and when it acquits its obligations.
This audit examined whether DPE and the BCT have effectively designed and implemented the Biodiversity Offsets Scheme to compensate for the loss of biodiversity due to development.
Conclusion
The Department of Planning and Environment (DPE) has not effectively designed core elements of the NSW Biodiversity Offsets Scheme. DPE did not establish a clear strategy to develop the biodiversity credit market or determine whether the Scheme’s operation and outcomes are consistent with the purposes of the Biodiversity Conservation Act 2016.
The effectiveness of the Scheme's implementation by DPE and the BCT has been limited. A market-based approach to biodiversity offsetting is central to the Scheme's operation but credit supply is lacking and poorly matched to growing demand: this includes a potential undersupply of in-demand credits for numerous endangered species. Key concerns around the Scheme’s integrity, transparency, and sustainability are also yet to be fully resolved. As such, there is a risk that biodiversity gains made through the Scheme will not be sufficient to offset losses resulting from the impacts of development, and that DPE will not be able to assess the Scheme’s overall effectiveness.
DPE developed the Scheme following a 2014 review of the State's biodiversity legislation and building on previous offsetting arrangements in New South Wales. At the time the Scheme commenced in 2017, DPE lacked a strategic plan to guide its implementation, set clear outcomes and performance measures, and respond effectively to risks. DPE did establish a detailed scientific method for assessing biodiversity impacts under the Scheme and a system for accrediting assessors to undertake this technical work. These are important foundations for the robustness of the Scheme.
The Scheme has been in place for five years, but the biodiversity credit market is not well developed. Most credit types have never been traded. Also, according to DPE data, around 90% of demand cannot be matched to credit supply – and there is likely to be a substantial credit undersupply for at least seven endangered flora species, three endangered fauna species, and eight threatened ecological communities. Credit demand is projected to grow – especially in relation to the NSW Government’s $112.7 billion four-year infrastructure pipeline.
As with any market, potential participants need information about demand and price in order to understand risks and opportunities. But information about the biodiversity credit market, published by DPE and the BCT, does not provide an adequate picture of credit supply, demand and price to support market participation. This can create uncertainty for landholders who may be weighing the costs and benefits of establishing Biodiversity Stewardship Agreement (BSA) sites, and for development proponents who need to know whether they can purchase sufficient credits and at what price. Development proponents who lack market information are being incentivised to meet their offset obligations by paying into the Biodiversity Conservation Fund, which is managed by the BCT. This option provides developers with more certainty that enables them to progress their projects, but does not result in the development being offset until the BCT later acquits the obligation.
The BCT has multiple roles in the Scheme. These include setting-up and administering BSAs which generate credits, acquiring offset obligations from developers who pay into the Biodiversity Conservation Fund, and purchasing credits to meet its acquired obligations. There have been inadequate safeguards to mitigate the potential for conflicts between these roles. As the BCT directs its efforts towards facilitating BSA sites and purchasing credits to meet its obligations, there is a risk that government is insufficiently focused on supporting overall credit supply.
DPE has begun developing a credit supply strategy. Its absence, and a lack of clarity around responsibility for credit supply under the Scheme, has contributed to the significant risk of insufficient and poorly matched credits to meet the growing demand. The BCT's acquired obligations from developers have been increasing year-on-year, and are likely to continue to grow.
There is a risk that the BCT will not have sufficient funds to acquit its growing obligations with like-for-like credits, which could result in sub-optimal biodiversity outcomes. The Scheme rules allow the BCT to acquit its obligations with measures other than like-for-like credits. DPE has not provided clear guidance to the BCT on when or how to do so, or how this would fulfil the 'no net loss' of biodiversity standard.
There are transparency and integrity risks to the Scheme. DPE does not maintain a public register of biodiversity credits with complete information, including credits' transaction histories, consistent with the legislative intent for a single register. DPE also does not have ready access to information to check that developments have been acquitted with the required credits.
Risks to the sustainability of the Scheme and its outcomes remain. DPE and the BCT have not yet implemented a decision-making and intervention framework to ensure adequate initial and ongoing funding for the long-term management of new and existing BSA sites. DPE also did not collect ecological data from sites under previous schemes before they were transitioned, and BCT only introduced ecological monitoring requirements for new BSA sites in March 2021. The lack of monitoring requirements creates a risk that the biodiversity gains, which BSA sites are required to generate to offset biodiversity losses, will not be measured and achieved under the Scheme.
This section presents an overview of the status of the biodiversity credit market in New South Wales. It describes development of the market under the Scheme in the context of transitional arrangements from previous schemes, and the extent of market participation and transactions to date. It also presents information about emerging trends in credit demand and supply.
Background
A purpose of the Biodiversity Conservation Act 2016 (the Act) is to establish a market-based conservation mechanism through which impacts on biodiversity can be offset. Sufficient credits of appropriate types, which are well matched to demand, are necessary for enough transactions to inform prices and enable efficient like-for-like offsetting. For transactions to occur efficiently in the market, participants require reliable and easy-to-access information about supply, demand and price.
The Scheme was established in 2017 with an existing credit supply and offset obligations (credit demand) as regulations had been introduced to preserve and transition credits and obligations from previous schemes including the BioBanking Scheme, which started in 2008.
Credits under the BioBanking scheme are referred to as 'BBAM credits', and credits under the current Scheme are referred to as 'BAM credits'. BBAM credits are still available, and the transitional arrangements enable DPE to determine the 'reasonable equivalence' of these to the current Scheme's credit numbers and classes. DPE has stated that reasonable equivalence of credits is based on ecological not financial equivalence.
This section assesses the clarity and alignment of the goals of the Scheme to key features of its design and operations. It also examines structural elements of the Scheme that aim to maintain integrity within administering agencies, and the status of actions to address risks or issues.
Background
The Biodiversity Conservation Act 2016 (the Act) sets out the legal framework for the Scheme. Given the complexities, financial interests, and range of stakeholders associated with the Scheme, it requires strong safeguards. Transparency and assurances around the Scheme's integrity are also relevant to participants' confidence in it, which in turn is important for market development.
Core components of the Scheme, identified in section 1.3 of the Act, are to be consistent with the ‘principles of ecologically sustainable development’.
The Act and other administrative arrangements of government allocate responsibility to DPE and the Minister for Environment and Heritage for the Scheme’s design and elements of its implementation. This includes responsibility for the Scheme’s policy, legislative and regulatory framework.
Responsibility is allocated to the BCT for implementing and operating certain elements of the Scheme. This includes administering Biodiversity Stewardship Agreements (which generate credits) and securing offsets on behalf of development proponents who pay into the Biodiversity Conservation Fund to meet their offset obligations.
This broad legislative framework is not intended to detail responsibilities for the full range of roles and activities that agencies need to take to implement and regulate the Scheme effectively, and ensure its good governance. Agencies should do this as part of sound and transparent public administration.
This section assesses how effectively components of the Scheme have been designed and are being implemented to provide assurance that the impacts of development are being avoided and minimised such that only ‘unavoidable’ impacts remain to be offset. The section also assesses whether the Scheme and its market embeds the necessary controls to ensure that obligations are offset as required.
Background
The Biodiversity Assessment Method, and the quality of its application by DPE-Accredited Assessors, is critical to the robustness the Scheme. The method is designed to be applied to avoid and minimise impacts at proposed development sites before identifying offset obligations. The effectiveness of Scheme outcomes requires that obligations are offset with the retirement of the necessary and appropriate credits.
The Biodiversity Conservation Act 2016 (the Act) requires the relevant Minister (the current Minister for Environment and Heritage) to establish a method for the purpose of assessing the impacts of actions on threatened species and ecological communities.
The Act also specifies that this method must be applied by an accredited person. DPE is responsible for the design and implementation of this accreditation system, arrangements for which are set out in an instrument under the Act.
A Biodiversity Development Assessment Report is a report by a DPE-Accredited Assessor using the Biodiversity Assessment Method. These reports assess the biodiversity impacts of the proposed development and establish offset obligations as part of the development approval process. It is important that local councils and other development consent authorities understand and can assess the quality of these reports.
DPE manages the process of ‘retiring’ credits against the identified offset obligations. Once a credit is retired it cannot be reused to acquit another obligation, which is critical to Scheme outcomes. DPE is also responsible for maintaining records of credit transactions, which results in a legally binding transfer of credit ownership from seller to buyer.
This section assesses how effectively the supply of biodiversity credits has been supported by encouraging and enabling landholders to participate in the Scheme. It also assesses whether sufficient action is underway to address issues and risks to the establishment of BSA sites, especially in the context of known credit supply issues (section 2).
Background
Credit supply is generated when a landholder establishes a Biodiversity Stewardship Agreement (BSA) on their land. Establishing a BSA site requires landholders agree to an in-perpetuity management plan, so it is important that they have sufficient support and access to relevant information about risks and opportunities when deciding to do so. Ensuring adequate credits supply underpins the Scheme's ability to deliver the intended biodiversity outcomes.
A landholder establishes an offset site through a BSA, which is a legal agreement with the Minister of Environment and Heritage (delegated to the Biodiversity Conservation Trust). The BSA is registered on the title of the land.
DPE-Accredited Assessors develop Biodiversity Stewardship Site Assessment Reports, which are submitted by landholders to the BCT as part of the BSA application. These reports apply the Biodiversity Assessment Method to detail the number and types of credits that a BSA site is expected to generate by implementing a 20-year management plan. The BCT issues credits to landholders on registration of the BSA.
Ensuring an adequate and appropriate supply of credits is important so that like-for-like matches between credits and obligations can be efficiently secured in a timely way. This minimises the use of offset variation rules, and can avoid potential delays in developers securing appropriate offsets to meet their offset obligations. It also makes it easier for the BCT to locate the necessary credits to acquit the obligations it acquires from developers.
This section assesses how effectively BSA sites, which need to be managed by landholders to generate the biodiversity gains represented by credits, are regulated and supported by the Biodiversity Conservation Trust. It also assesses whether actions have been taken to address identified risks to the suitability of funds required to ensure long-term BSA site management.
Background
For Biodiversity Stewardship Agreement (BSA) sites to achieve the expected biodiversity gains to offset losses from development impact, they need sufficient funding for the required management actions, and to be effectively regulated and supported over the long-term. Funding for these sites is generated through the returns on landholders' initial investment (Total Fund Deposit). The BCT is required to monitor landholders' compliance with BSAs and should also ensure ecological outcomes on sites are measured.
DPE and the BCT are responsible for developing and implementing a system of oversight to ensure the implementation of management actions at BSA sites is delivering the intended outcomes in a financially and environmentally sustainable way. The agencies' key mechanisms for delivering this are:
- calculating the costs of the required land management actions in perpetuity
- annual reporting systems for monitoring compliance with land management requirements
- reporting systems for monitoring ecological outcomes arising from land management actions.
Landholders are required to pay the required Total Fund Deposit amount for their BSA accounts into the Biodiversity Stewardship Payments Fund, which is held in trust and managed by the BCT. A costing tool is used by landholders to calculate the value of the deposit, based on the required management payments (in perpetuity), administrative fees, and the discount rate applied.
The Total Fund Deposit can be paid upfront but is usually paid from the proceeds of the sale of credits. Once this occurs the BSA site becomes 'active' and management payments commence to enable the landholder to undertake the required management actions. BSA sites that have not yet sold enough credits to make the deposit are 'passive' sites that do not require active land management.
Sites in passive management for an extended duration present risks to biodiversity outcomes, and potentially to Scheme integrity, if the quality of credits is undermined due to an absence of active site management.
Appendix one – Response from agencies
Appendix two – Like-for-like, variation and ancillary rules
Appendix three – Detail on progress of the IIAP
Appendix four – About the audit
Appendix five – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #367 - released 30 August 2022
Audit Insights 2018-2022
What the report is about
In this report, we have analysed the key findings and recommendations from our audit reports over the past four years.
This analysis includes financial audits, performance audits, and compliance audits of state and local government entities that were tabled in NSW Parliament between July 2018 and February 2022.
The report is framed by recognition that the past four years have seen significant challenges and emergency events.
The scale of government responses to these events has been wide-ranging, involving emergency response coordination, service delivery, governance and policy.
The report is a resource to support public sector agencies and local government to improve future programs and activities.
What we found
Our analysis of findings and recommendations is structured around six key themes:
- Integrity and transparency
- Performance and monitoring
- Governance and oversight
- Cyber security and data
- System planning for disruption
- Resource management.
The report draws from this analysis to present recommendations for elements of good practice that government agencies should consider in relation to these themes. It also includes relevant examples from recent audit reports.
In this report we particularly call out threats to the integrity of government systems, processes and governance arrangements.
The report highlights the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit.
A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.
Fast facts
- 72 audits included in the Audit Insights 2018–2022 analysis
- 4 years of audits tabled by the Auditor-General for New South Wales
- 6 key themes for Audit Insights 2018–2022.
I am pleased to present the Audit Insights 2018–2022 report. This report describes key findings, trends and lessons learned from the last four years of audit. It seeks to inform the New South Wales Parliament of key risks identified and to provide insights and suggestions to the agencies we audit to improve performance across the public sector.
The report is framed by a very clear recognition that governments have been responding to significant events, in number, character and scale, over recent years. Further, it acknowledges that public servants at both state and council levels generally bring their best selves to work and diligently strive to deliver great outcomes for citizens and communities. The role of audit in this context is to provide necessary assurance over government spending, programs and services, and make suggestions for continuous improvement.
A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.
However, in this report we particularly call out threats to the integrity of government systems, processes and governance arrangements. We highlight the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit. Arguably, these considerations are never more important than in an increasingly complex environment and in the face of significant emergency events and they will be key areas of focus in our future audit program.
While we have acknowledged the challenges of the last few years have required rapid responses to address the short-term impacts of emergency events, there is much to be learned to improve future programs. I trust that the insights developed in this report provide a helpful resource to public sector agencies and local government across New South Wales. I would be pleased to receive any feedback you may wish to offer.
Margaret Crawford
Auditor-General for New South Wales
| Integrity and transparency | Performance and monitoring | Governance and oversight | Cyber security and data | System planning | Resource management |
| Insufficient documentation of decisions reduces the ability to identify, or rule out, misconduct or corruption. | Failure to apply lessons learned risks mistakes being repeated and undermines future decisions on the use of public funds. | The control environment should be risk-based and keep pace with changes in the quantum and diversity of agency work. | Building effective cyber resilience requires leadership and committed executive management, along with dedicated resourcing to build improvements in cyber security and culture. | Priorities to meet forecast demand should incorporate regular assessment of need and any emerging risks or trends. Absence of an overarching strategy to guide decision-making results in project-by-project decisions lacking coordination. | Governments must weigh up the cost of reliance on consultants at the expense of internal capability, and actively manage contracts and conflicts of interest. |
| Government entities should report to the public at both system and project level for transparency and accountability. | Government activities benefit from a clear statement of objectives and associated performance measures to support systematic monitoring and reporting on outcomes and impact. | Management of risk should include mechanisms to escalate risks, and action plans to mitigate risks with effective controls. | In implementing strategies to mitigate cyber risk, agencies must set target cyber maturity levels, and document their acceptance of cyber risks consistent with their risk appetite. | Service planning should establish future service offerings and service levels relative to current capacity, address risks to avoid or mitigate disruption of business and service delivery, and coordinate across other relevant plans and stakeholders. | Negotiations on outsourced services and major transactions must maintain focus on integrity and seeking value for public funds. |
| Entities must provide balanced advice to decision-makers on the benefits and risks of investments. | Benefits realisation should identify responsibility for benefits management, set baselines and targets for benefits, review during delivery, and evaluate costs and benefits post-delivery. | Active review of policies and procedures in line with current business activities supports more effective risk management. | Governments hold repositories of valuable data and data capabilities that should be leveraged and shared across government and non-government entities to improve strategic planning and forecasting. | Formal structures and systems to facilitate coordination between agencies is critical to more efficient allocation of resources and to facilitate a timely response to unexpected events. | Transformation programs can be improved by resourcing a program management office. |
| Clear guidelines and transparency of decisions are critical in distributing grant funding. | Quality assurance should underpin key inputs that support performance monitoring and accounting judgements. | Governance arrangements can enable input into key decisions from both government and non-government partners, and those with direct experience of complex issues. | Workforce planning should consider service continuity and ensure that specialist and targeted roles can be resourced and allocated to meet community need. | ||
| Governments must ensure timely and complete provision of information to support governance, integrity and audit processes. | |||||
| Read more | Read more | Read more | Read more | Read more | Read more |
This report brings together a summary of key findings arising from NSW Audit Office reports tabled in the New South Wales Parliament between July 2018 and February 2022. This includes analysis of financial audits, performance audits, and compliance audits tabled over this period.
- Financial audits provide an independent opinion on the financial statements of NSW Government entities, universities and councils and identify whether they comply with accounting standards, relevant laws, regulations, and government directions.
- Performance audits determine whether government entities carry out their activities effectively, are doing so economically and efficiently, and in accordance with relevant laws. The activities examined by a performance audit may include a selected program or service, all or part of an entity, or more than one government entity. Performance audits can consider issues which affect the whole state and/or the local government sectors.
- Compliance audits and other assurance reviews are audits that assess whether specific legislation, directions, and regulations have been adhered to.
This report follows our earlier edition titled 'Performance Audit Insights: key findings from 2014–2018'. That report sought to highlight issues and themes emerging from performance audit findings, and to share lessons common across government. In this report, we have analysed the key findings and recommendations from our reports over the past four years. The full list of reports is included in Appendix 1. The analysis included findings and recommendations from 58 performance audits, as well as selected financial and compliance reports tabled between July 2018 and February 2022. The number of recommendations and key findings made across different areas of activity and the top issues are summarised at Exhibit 1.
The past four years have seen unprecedented challenges and several emergency events, and the scale of government responses to these events has been wide-ranging involving emergency response coordination, service delivery, governance and policy. While these emergencies are having a significant impact today, they are also likely to continue to have an impact into the future. There is much to learn from the response to those events that will help the government sector to prepare for and respond to future disruption. The following chapters bring together our recommendations for core elements of good practice across a number of areas of government activity, along with relevant examples from recent audit reports.
This 'Audit Insights 2018–2022' report does not make comparative analysis of trends in public sector performance since our 2018 Insights report, but instead highlights areas where government continues to face challenges, as well as new issues that our audits have identified since our 2018 report. We will continue to use the findings of our Insights analysis to shape our future audit priorities, in line with our purpose to help Parliament hold government accountable for its use of public resources in New South Wales.
Appendix one – Included reports, 2018–2022
Appendix two – About this report
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Universities 2021
What the report is about
Results of the financial statement audits of the public universities in NSW for the year ended 31 December 2021.
What we found
Financial reporting
Unmodified audit opinions were issued for all ten universities.
The University of Wollongong reported the retrospective correction of a prior period error relating to a $169 million contract termination liability.
All universities reported positive net results in 2021 (four in 2020) and each showed improvement from 2020. This was mainly due to expenditure decreasing by a combined $644 million (5.8%) from 2020. Universities implemented redundancy programs in response to the COVID-19 pandemic, which resulted in a decrease of nearly 2,300 full-time equivalent staff in 2021.
All universities held an investment in Education Australia Limited, which paid to its shareholders a fully franked dividend comprising cash and shares in IDP Education Limited. This increased the combined investment revenues of the universities by $515 million in 2021. However, it affected each university's net result differently depending on elections made in their historical accounting treatment.
Government grants increased by $442 million from 2020, of which $297 million related to the Commonwealth's 2021 additional Research Support Program funding to the NSW universities which was a COVID-19 support measure to the sector.
Over 43% of universities' course fees revenue comes from three countries (39% in 2020). Students from China now represent over half of all overseas student enrolments. A high level of reliance on student revenue from a single country poses a concentration risk for universities.
Internal controls
We reported 105 findings to universities on internal control deficiencies (110 in 2020).
Four high-risk findings were identified (three in 2020), relating to:
- the status of one university's work in assessing its liability for underpayment of staff
- IT control deficiencies over privileged user access
- control deficiencies that resulted in non-recognition of a liability in one university's prior year's financial statements
- a detailed review of payroll compliance for casual staff, which remains outstanding at one university.
There were 45 repeat findings of control deficiencies in 2021 (45 in 2020).
All universities have drafted or implemented a cybersecurity policy and established a governance committee accountable for cybersecurity. However, improvements could be made in:
- recording and monitoring of attempted cyber incidents
- assessing cyber risks relating to IT vendors
- implementation of cybersecurity control measures for key systems.
Four out of 13 entities experienced a significant cyber incident during 2021.
What we recommended
- Universities should prioritise actions to address repeat findings on internal control deficiencies, particularly where the issue has been repeated for a number of years.
- Universities and controlled entities should prioritise improvements to their cybersecurity and resilience.
Fast facts
There are ten public universities in NSW, with 52 controlled entities in Australia and 22 overseas controlled entities.
- $12b total combined adjusted revenue in 2021, an increase of $1.1 billion (10.5%) from 2020
- $10.4b total combined expenditure in 2021, a decrease of $644 million (5.8%) from 2020
- 79,134 overseas student enrolments in 2021, a decrease of 3,138 students (3.8%) from 2020
- 209,018 domestic student enrolments in 2021, an increase of 1,622 students (0.8%) from 2020
- 4 high-risk management letter findings were identified (3 in 2020)
- 43% of reported issues were repeat issues.
This report provides Parliament with the results of our financial audits of universities in New South Wales and their controlled entities in 2021, including our analysis, observations and recommendations in the following areas:
- financial reporting
- internal controls and governance
- teaching and research.
Financial reporting is an important element of governance. Confidence and transparency in university sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations on the financial reporting of universities in NSW for 2021.
Section highlights
|
Appropriate and robust internal controls help produce reliable financial reports and reduce risks associated with managing finances, compliance and administration of universities.
This chapter outlines the internal controls related observations and insights across universities in NSW for 2021, including overall trends in findings, level of risk and implications.
Our audits do not review all aspects of internal controls and governance every year. The more significant issues and risks are included in this chapter. These along with the less significant matters are reported to universities for management to address.
Section highlights
|
Universities' primary objectives are teaching and research. They invest most of their resources aiming to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and their standing in international and Australian rankings.
This chapter outlines teaching and research outcomes for universities in NSW for 2021.
Section highlights
|
Appendix one – List of 2021 recommendations
Appendix two – Status of 2020 recommendations
Appendix three – Universities' controlled entities
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Local Government 2021
What the report is about
Results of the local government sector council financial statement audits for the year ended 30 June 2021.
What we found
Unqualified audit opinions were issued for 126 councils, 13 joint organisation audits and nine county councils in 2020–21.
A qualified audit opinion was issued for Central Coast Council who was unable to provide evidence to support the carrying value of $5.5 billion of roads, bridges, footpaths, bulk earthworks, stormwater drainage, water supply and sewerage network assets.
The audit of Kiama Municipal Council is still in progress as at the date of this report due to significant accounting issues not resolved resulting in corrections to the financial statements and prior period errors.
Forty-one councils and joint organisations (2020: 16) received extensions to submit audited financial statements to the Office of Local Government (OLG).
Councils were impacted by recent emergency events, including bushfires, floods and the COVID-19 pandemic. The financial implications from these events varied across councils. Councils adapted systems, processes and controls to enable staff to work flexibly.
What the key issues were
There were 1,277 audit findings reported to councils in audit management letters.
Ninety-two high-risk matters were identified across the sector:
- 69 high-risk matters relating to asset management (see page 30)
- six high-risk matters relating to information technology (see page 39)
- six high-risk matters relating to financial reporting (see page 26)
- six high-risk matters to council governance procedures (see page 22)
- five high-risk matters relating to financial accounting (see page 28).
More needs to be done to reduce the number of errors identified in financial reports. Twenty-nine councils required material adjustments to correct errors in previous audited financial statements.
Rural firefighting equipment
Sixty-eight councils did not record rural firefighting equipment estimated to be $145 million in their financial statements.
The financial statements of the NSW Total State Sector and the NSW Rural Fire Service do not include these assets, as the State is of the view that rural firefighting equipment that has been vested to councils under the Rural Fires Act 1997 is not controlled by the State. In reaching this conclusion, the State argued that on balance it would appear the councils control rural firefighting equipment that has been vested to them.
The continued non-recording of rural firefighting equipment in financial management systems of some councils increases the risk that these assets are not properly maintained and managed.
What we recommended
Councils should perform a full asset stocktake of rural firefighting equipment, including a condition assessment for 30 June 2022 financial reporting purposes and recognise this equipment as assets in their financial statements.
Consistent with OLG’s role to assess council’s compliance with legislative responsibilities, standards or guidelines, OLG should intervene where councils do not recognise rural firefighting equipment.
Fast facts
- 150 councils and joint organisations in the sector
- 99% unqualified audit opinions issued for the 30 June 2021 financial statements
- 489 monetary misstatements reported in 2020–21
- 54 prior period errors reported
- 92 high-risk management letter findings identified
- 53% of reported issues were repeat issues.
Early financial reporting procedures
Fifty-nine per cent of councils performed some early financial reporting procedures, less than the prior year.
What we recommended
OLG should require early financial reporting procedures across the local government sector by April 2023. Policy requirements should be discussed with key stakeholders to ensure benefits of the procedures are realised.
Asset valuations
Audit management letters reported 288 findings relating to asset management. Fifty-eight councils had deficiencies in their processes to revalue infrastructure assets.
Thirty-five councils corrected errors relating to revaluations amounting to $1 billion and 13 councils had prior period errors relating to asset revaluations that amounted to $253 million.
What we recommended
Councils should have all asset revaluations completed by April of the financial year subject to audit.
Integrity/completeness of asset records
Sixty-seven councils had weak processes over maintenance, completeness and security of fixed asset registers.
Thirty-five councils corrected errors to the financial statements relating to poor record keeping of asset data that amounted to $102.1 million. Nineteen councils had 27 prior period financial statement errors that amounted to $417.1 million relating to the quality of asset records such as found and duplicate assets.
What we recommended
Councils need to improve controls and processes to ensure integrity and completeness of asset source records.
Cybersecurity
Our audits found that cybersecurity frameworks and related controls were not in place at 65 councils.
These councils have yet to implement basic governance and internal controls to manage cybersecurity such as having a cybersecurity framework, policy and procedure, register of cyber incidents, system penetrations testing and training.
What we recommended
OLG needs to develop a cybersecurity policy to be applied by councils as a matter of high priority in order to ensure cybersecurity risks over key data and IT assets are appropriately managed across councils and key data is safeguarded.
Councils should monitor the implementation of recommendations
Fifty-three per cent of total findings reported in 2020–21 audit management letters were repeat or partial repeat findings from prior years.
What we recommended
Councils and those charged with governance should track the progress of implementing recommendations from financial audits, performance audits and public inquiries.
Key financial information
In 2020–21, councils:
- collected $7.6b in rates and annual charges
- received $5.1b in grants and contributions
- incurred $4.8b of employee benefits and on costs
- held $15.3b of cash and investments
- managed $161.7b of infrastructure, property, plant and equipment
- entered into $3.4b of borrowings.
Pursuant to the Local Government Act 1993 I present my report Local Government 2021. My report provides the results of the 2020–21 financial audits of 127 councils, 13 joint organisations and nine county councils.
Unqualified audit opinions were issued for 126 councils, 13 joint organisation and nine county councils in 2020–21. My independent auditor’s opinion was qualified for Central Coast Council who was unable to provide evidence to support the carrying value of $5.5 billion of roads, bridges, footpaths, bulk earthworks, stormwater drainage, water supply and sewerage network assets.
The 2020–21 year was challenging from many perspectives, not least being the continuing impact of and response to the recent emergency events, including bushfires, floods and the COVID-19 pandemic. We appreciate the efforts of council staff and management right across local government and they must be congratulated for their responsiveness and resilience in meeting their financial reporting obligations in such challenging circumstances.
This report makes a number of recommendations to councils and to the regulator, the Office of Local Government within the Department of Planning and Environment. These are intended to support councils to further improve the timeliness, accuracy and strength of financial reporting and their governance arrangements. Arguably, when faced with challenges, it is even more important to prioritise and invest in systems and processes to protect the integrity of councils' operations and promote accurate and transparent reporting.
I look forward to continuing engagement and constructive dialogue with councils in 2022–23 and beyond.
Margaret Crawford
Auditor-General for New South Wales
Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines audit observations related to the financial reporting of councils and joint organisations.
Highlights
|
A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations, and support ethical government.
This chapter outlines the overall trends in governance and internal control findings across councils, county councils and joint organisations in 2020–21.
Financial audits focus on key governance matters and internal controls supporting the preparation of councils' financial statements. Audit findings are reported to management and those charged with governance through audit management letters.
Highlights
|
Total number of findings reported in audit management letters decreased
In 2020–21, 1,277 audit findings were reported in audit management letters (2019–20: 1,435 findings). No extreme audit risk findings were identified this year. The extreme risk relating to Central Coast Council's use of externally restricted funds in 2019–20 was partially addressed by management and has been rated as a high-risk for 2020–21. The total number of high-risk findings increased to 92 (2019–20: 53 high-risk findings).
Findings are classified as new, repeat or ongoing, based on:
- new findings were first reported in 2020–21 audits
- repeat findings were first reported in prior year audits, but remain unresolved in 2020–21
- ongoing findings were first reported in prior year audits, but the action due dates to address the findings are after 2020–21.
Findings are categorised as governance, financial reporting, financial accounting, asset management, purchases and payables, payroll, cash and banking, revenue and receivables, or information technology. The high-risk and common audit findings across these areas are explored further in this chapter.
Audit Office’s annual work program for 2021–22 onwards
Focus on integrity of systems, good governance and good advice
We have a fundamental role in helping the Parliament hold government accountable for the use of public resources. In doing so, we examine whether councils' systems and processes are effective in supporting integrity, accountability and transparency. Key aspects of integrity that we expect to through conduct of our financial and performance audits over the next three years include the integrity of systems, good governance and good advice. These focus areas have arisen from the collation of key findings and recommendations from our past reports.
Focus on local councils' continued response to recent emergencies
The COVID-19 pandemic continues to have a significant impact on the people and the public sector of New South Wales. Local councils are continuing to assist communities in their recovery from the 2019–20 bushfires and subsequent and recent flooding. The full extent of some of these events remain unclear and will likely continue to have an impact into the future.
The Office of Local Government within the Department of Planning and Environment continues to work with other state agencies to assist local councils and their communities to recover from these unprecedented events.
The increasing and changing risk environment presented by these events has meant that we have recalibrated and focused our efforts on providing assurance on how effectively aspects of responses to these emergencies have been delivered.
This includes financial and governance risks arising from the scale and complexity of government responses to these events.
We will take a phased approach to ensure our financial and performance audits address the following elements of the emergencies and the Local Government's responses:
- local councils' planning and preparedness for emergencies
- local councils' initial responses to support people and communities impacted by COVID-19 and the 2019–20 bushfires and recent floods
- governance and oversight risks that arise from the need for quick decision-making and responsiveness to emergencies
- effectiveness and robustness of processes to direct resources toward recovery efforts and ensure good governance and transparency in doing so
- the mid to long-term impact of government responses to the natural disasters and COVID-19
- whether government investment has achieved desired outcomes.
Focus on the effectiveness of cybersecurity in local government
The increasing global interconnectivity between computer networks has dramatically increased the risk of cybersecurity incidents. Such incidents can harm local government service delivery and may include theft of information, denial of access to critical technology, or even hijacking of systems for profit or malicious intent.
Outdated IT systems and capability present risks to government cybersecurity. Local councils need to be alert to the need to update and replace legacy systems, and regularly train and upskill staff in their use. To add to this, cybersecurity risks have been exacerbated by recent emergencies, which have resulted in greater and more diverse use of digital technology.
Our approach to auditing cybersecurity across in the sector involves:
- considering how local councils are responding to the risks associated with cybersecurity across our financial audits
- examining the effectiveness of cybersecurity planning and governance arrangements within local councils
- conducting deep-dive performance audits of the effectiveness of cybersecurity measures in selected councils.
Local government elections
Local government elections took place in 2021–22
The local government elections were deferred for one year due to the COVID-19 pandemic and were held on 4 December 2021.
As part of our audits, we will consider the impact of any significant change on key decisions and activities for councils, county councils and joint organisations following the local government elections.
New rate peg methodology to support growing councils
The Independent Pricing and Regulatory Tribunal (IPART) has completed its review of the local government rate peg methodology to include population growth.
On 10 September 2021, IPART provided the final report on this review to the Minister for Local Government.
The minister has endorsed the new rate peg methodology and has asked IPART to give effect to it in setting the rate peg from the 2022–23 financial year.
As part of our audits, we will consider the impact of these changes on the financial statements and on key decisions and activities for councils, county councils and joint organisations.
Appendix two – Status of previous recommendations
Appendix three – Status of audits
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Local government business and service continuity arrangements for natural disasters
What the report is about
Natural disaster events, including bushfires and floods, have directly impacted some local councils in New South Wales over recent years. It is important for local councils to effectively plan so that they can continue operations through natural disasters and other disruptions.
This audit assessed the effectiveness of Bega Valley Shire Council and Snowy Valleys Council’s approaches to business and service continuity arrangements for natural disasters.
What we found
Bega Valley Shire Council has a documented approach to planning for business and service continuity that provides for clear decision making processes and accountability.
Bega Valley Shire Council has prepared for identified natural disaster risks to business and service continuity but can do more to monitor how it has implemented controls responding to these risks.
Bega Valley Shire Council did not follow all aspects of its business continuity plan in responding to the 2019–20 bushfires.
Bega Valley Shire Council can do more to ensure its business continuity management approach is regularly reviewed and updated, and that staff are regularly trained in its implementation.
Snowy Valleys Council did not have a finalised approach to ensure business and service continuity until October 2020. Now in place, this approach identifies governance, assigns roles and responsibilities, and includes procedures to retain or resume services. That said, the Council has not adequately documented key elements of its business continuity management approach.
Snowy Valleys Council's strategic risk register identifies that natural disasters may impact its ability to deliver services, but the Council has not identified controls to respond to these risks.
During the 2019–20 bushfires, in the absence of a business continuity plan, Snowy Valleys Council relied on the local knowledge of its staff to manage service continuity in line with directions from the Local Emergency Operations Controller and the combat agency (the Rural Fire Service).
Both councils advised that, during the 2019–20 bushfires, services were maintained, sometimes with adaptation and sometimes with support from other councils, NSW Government and Australian Government agencies.
What we recommended
Bega Valley Shire Council should update and regularly review its business continuity plans, provide business continuity training, and improve its monitoring of risk controls and actions, including for natural disaster impacts.
Snowy Valleys Council should document and monitor all disruption-related risks and controls, regularly review and update its business continuity plans, and progress planned actions to increase staff awareness of business continuity plans.
Across both councils, we recommended that recordkeeping relating to service delivery during natural disasters should be adequate to inform post incident reviews and future updates to business continuity.
Fast facts
- Multiple natural disasters affected the audited councils in 2019–20:
- bushfires in 2019–20
- storms and floods in January 2020
- storms and floods in July and August 2020
- storms and floods in October 2020.
- 6,279km2 Size of Bega Valley Shire Council (area)
- 2,203km2 Area burnt within Bega Valley Shire Council in 2019–20 bushfires
- 8,959km2 Size of Snowy Valleys Council (area)
- 3,339km2 Area burnt within Snowy Valleys Council in 2019–20 bushfires.
Natural disaster events, including bushfires and floods, have directly impacted some local councils in New South Wales over recent years. Given their important role in delivering essential services to their communities, it is important for local councils to effectively plan so that they can continue operations through natural disasters and other disruptions.
Business continuity plans are a widespread mechanism used by governments and private sector organisations to ensure they are prepared to respond effectively to disruptions. In New South Wales, business continuity plans are widely used by local councils to help ensure continuity of service delivery, safety and availability of staff, availability of information technology systems and other systems, financial management and governance. There are no current sector-wide requirements or policies for business continuity management issued by the Department of Planning and Environment (DPE)1 for NSW councils. As such, councils can develop their own business continuity management frameworks.
Our 'Report on Local Government 2020' considered the financial and governance impacts from recent natural disaster events on local councils in New South Wales. It also considered sector-wide trends in business continuity planning, including how many councils enacted or updated their business continuity plans in 2019–20.
The report found that all councils were impacted by emergency events, and that some councils changed their governance, policies, systems, and processes to respond to the emergency events. Sixty-five per cent of councils updated their business continuity plan as a response to recent emergency events, and 43 per cent of councils updated their disaster recovery plan.
This audit follows on from the 'Report on Local Government 2020' with a detailed examination of the effectiveness of business and service continuity arrangements for natural disasters in two councils.
The selected councils for this audit were Bega Valley Shire Council and Snowy Valleys Council. They were selected because they had been heavily impacted by the 2019–20 bushfires and other natural disaster events, such as storms and floods between December 2018 to December 2020.
The objective of this performance audit was to assess the effectiveness of the councils' approaches to business and service continuity arrangements for natural disasters. In making this assessment, we considered whether the selected councils:
- had documented approaches for identifying, mitigating, and responding to disaster-related risks to business and service continuity
- effectively implemented strategies to prepare for identified disaster-related impacts
- responses during selected disasters were effective in managing business and service continuity.
Conclusion - Bega Valley Shire Council
Bega Valley Shire Council has a documented approach to planning for business and service continuity that provides for clear decision-making processes and accountability.
Since 2018, the council has prepared for identified natural disaster risks to business and service continuity, but can do more to monitor how it has implemented controls responding to these risks.
Bega Valley Shire Council did not follow all aspects of its business continuity plan in responding to the 2019–20 bushfires.
The council can do more to ensure its business continuity management approach is regularly reviewed and updated, and that staff are regularly trained in its implementation.
Bega Valley Shire Council has a documented approach to business continuity management that is integrated with its broader approach to enterprise risk management and is supported by clear decision-making processes and accountability. This includes a business continuity plan (BCP), BCP subplans, and a business impact analysis (BIA). The council made changes to its BIA in 2019 following the 2018 Tathra bushfires within its local government area (LGA), but its BCP and BCP subplans have not been updated since 2016 and key information is out of date.
Bega Valley Shire Council has identified high-level controls and strategies to mitigate disaster-related risks and undertakes post incident reviews to capture lessons following a disaster, but many high-risk actions resulting from those reviews remain outstanding.
Bega Valley Shire Council identified risks, controls, and actions to prepare for natural disaster impacts between 2018 to 2020. However, the council has not effectively monitored implementation of the identified controls. Bega Valley Shire Council has only partially implemented the actions and recommendations from internal reviews that identified gaps in its business continuity management approach.
Bega Valley Shire Council did not follow all aspects of its business continuity plan in responding to the 2019–20 bushfires, instead relying on the local knowledge of its staff. The council has not provided BCP scenario training since 2015 and has not monitored completion rates of its online business continuity management training for staff.
Bega Valley Shire Council did not keep records of its decision of whether to enact its BCP during the 2019–20 bushfires, but advised its ability to follow the BCP was not possible due to the scale and impact of the bushfires surpassing the expectations included in its BCP and BCP subplans.
The council advised that essential council-led services were largely maintained during the disaster, sometimes with adaptation of services, and sometimes with support from other councils, NSW Government and Australian Government agencies.
As Bega Valley Shire Council did not maintain formal records of service disruptions for most services, did not follow all aspects of its BCP during the 2019–20 bushfires, and because it requested and received support from other agencies, we are unable to assess the impact of its planning and preparation activities on the continuity of services.
Bega Valley Shire Council took actions during the 2019–20 bushfires to communicate key service changes to staff, residents, and stakeholders, and regularly sought feedback on residents' experiences.
Bega Valley Shire Council could improve the effectiveness of its business continuity management approach by undertaking regular staff training (including scenario training) and ensuring that its business continuity management framework is routinely updated to reflect current practice and current staff.
Conclusion - Snowy Valleys Council
Snowy Valleys Council did not have a finalised approach to ensure business and service continuity until October 2020. Now in place, this approach identifies governance, assigns roles and responsibilities and includes procedures to retain or resume services. That said, the council has not adequately documented key elements of its business continuity management approach.
Snowy Valleys Council's risk register identifies that natural disasters may impact its ability to deliver services, but the council has not identified controls to respond to these risks.
During the 2019–20 bushfires, in the absence of a business continuity plan (BCP) or BCP subplans, the council relied on the local knowledge of its staff to manage service continuity in line with directions from the Local Emergency Operations Controller and the combat agency (the Rural Fire Service).
Snowy Valleys Council did not have a finalised BCP, BCP subplans, or BIA until after the 2019–20 bushfires. The council finalised most of its business continuity management framework in late 2020 and this framework now establishes governance, including assigning roles and responsibilities, and identifies contingencies and procedures to retain or resume critical services.
There are gaps in how Snowy Valleys Council has documented key elements of its business continuity management approach. The council advised it has completed a BIA, but has not retained the completed version of this document as it was not managed under Snowy Valleys Council's record management procedures. Some of the council's BCP subplans have gaps in process information and contact details which means BCP subplan owners and other potential users may not have access to accurate, up to date information when responding to a disruption event.
The council advised it provided BCP scenario training in 2016, 2018, and 2021, but was unable to provide any evidence of the 2018 training. As the current BCP and BCP subplans were only finalised in 2021, the 2016 and 2018 training were based on the previous BCP framework, developed under the former Tumut Shire Council. Additionally, the council advised it has developed BCP awareness training for staff as part of induction training, but has not provided a clear timeframe for implementing this training.
The council undertakes post incident reviews after most service disruption events, but has not undertaken a post incident review of the 2019–20 bushfires, despite its significant impact within the Snowy Valleys Council LGA.
Snowy Valleys Council advised that it identifies and mitigates or controls for disaster related risks within broader enterprise-wide risk assessments. Snowy Valleys Council’s strategic risk register identifies the risk of natural disasters to service delivery, but does not identify preventative controls or resilience strategies to mitigate these risks. The council monitors and improves the resilience of some assets as part of its regular operations of maintaining assets but does not clearly link such actions to how they contribute to reducing the risk of natural disaster related impacts. Snowy Valleys Council advises it works with other agencies, such as the Rural Fire Service and the local Bush Fire Management Committee, to plan for bushfire risks.
In the absence of a BCP or BCP subplans, Snowy Valleys Council relied on individual team members to manage service continuity during the 2019–20 bushfires based on directions by the local Emergency Operations Controller, and the Rural Fire Service. The council advised that the delivery of essential council-led services was largely maintained during the 2019–20 bushfires, sometimes with adaptation and support from other NSW Government and Australian Government agencies. Snowy Valleys Council took actions during the 2019–20 bushfires to communicate key service changes to staff, residents, and stakeholders, and regularly sought feedback on residents' experiences.
As Snowy Valleys Council did not maintain formal records of any service disruptions and did not have a finalised business continuity management approach in place to guide its response during the 2019–20 bushfires, we are unable to assess the impact of its planning and preparation activities on the continuity of services.
Appendix one – Responses from councils and the Department of Planning and Environment
Appendix two – Emergency management arrangements for local councils
Appendix three – About the audit
Appendix four – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #362 - released 17 February 2022.
