Reports
Central Agencies 2019
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the results of the financial audits of NSW Government central agencies, namely the Premier and Cabinet, Treasury and Customer Service clusters. There are 191 agencies in these clusters, including government financial, superannuation and insurance entities.
Unqualified audit opinions were issued on the financial statements for all agencies in the clusters. There were two high risk and 99 moderate risk audit findings on internal controls. Of these, 31 percent were repeat issues, and most related to weaknesses in information technology access controls.
The report notes a number of audit observations including:
- a qualified opinion on information technology internal controls at an outsourced service provider
- self-insurance losses of $1.4 billion partly due to unfavourable movements in the risk free discount rate, and increases in workers compensation claims, including psychological injury claims
- a shortfall (unfunded liability) of $637 million at 30 June 2019 in the Home Building Compensation Fund, due to premiums not being sufficient to meet costs of the scheme
- agencies self-assessed against the Australian Cyber Security Centre’s ‘Essential 8’ cyber risk mitigation strategies for the first time in 2018-19. Based on their own self assessments, more work needs to be done to improve cyber security resilience.
This report analyses the results of our financial statement audits of the Treasury, Premier and Cabinet and Customer Service clusters for the year ended 30 June 2019. Our key observations are summarised below.
This report provides parliament and other users of the NSW Government's central agencies and their cluster agencies financial statements with the results of our audits, observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- government financial services.
Central agency clusters were significantly impacted by Machinery of Government changes which took effect on 1 July 2019. This report is focussed on agencies now in the Treasury, Premier and Cabinet and Customer Service clusters. Some of these agencies may have been in another cluster during 2018–19. Please refer to the section on Machinery of Government changes for more details.
Central agencies and their key responsibilities are set out below.
Machinery of Government (MoG) refers to how the government organises the structures and functions of the public service. MoG changes are where the government reorganises these structures and functions and they are given effect by Administrative orders.
The MoG changes announced following the NSW State election on 23 March 2019 significantly impacted Central Agencies’ clusters through Administrative Changes Orders issued on 2 April 2019 and 1 May 2019. These orders took effect on 1 July 2019.
Section highlights
Significant impacts of the 2019 MoG changes included:
- abolishing the former Department of Finance, Services and Innovation, and creating the Department of Customer Service as the principal agency within the newly established Customer Service cluster
- transferring Jobs for NSW, Destination NSW and the Western City and Aerotropolis Authority into the Treasury cluster
- transferring Arts and Culture entities and Aboriginal Affairs NSW into the Premier and Cabinet cluster
- new responsibilities, risks and challenges for each cluster
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations on the 2019 financial reporting of agencies in the Treasury, Premier and Cabinet, and Customer Service clusters.
Section highlights
- Unqualified audit opinions were issued on the 30 June 2019 financial statements of all agencies within the three clusters, and the Legislature.
- The NSW Self Insurance Corporation (Corporation) 2018–19 financial statements did not include an estimate of the liability for unreported incidents of abuse that have occurred within NSW Government institutions. This is because the Corporation’s financial exposure could not be reliably measured at 30 June 2019. The exposure was instead disclosed as an unquantified contingent liability in the financial statement notes. This liability may be material to the Corporation and the Total State Sector financial statements.
- We recommend management and those charged with governance review instructions provided to management experts each year, along with other significant accounting judgements.
- Agencies will be implementing the requirements of new accounting standards shortly. These could significantly impact their financial positions and operating results. We noted instances where agencies need to do more work on their impact assessments to minimise the risk of errors in the 2019–20 financial statements.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Treasury, Premier and Cabinet and Customer Service clusters.
Section highlights
- The 2018–19 audits found two high risk and 99 moderate risk issues across the agencies. Of these, 31 per cent were repeat issues. The most common repeat issue related to weaknesses in controls over information technology user access administration.
- NSW Government agency self-assessment results show that the NSW Public Sector's cyber security resilience needs urgent attention.
- GovConnect received a qualified opinion from the auditor of their service provider, Unisys, over weaknesses in information technology controls.
- Crown revenues from taxes, fines and fees continued to increase, but this was offset by decreases in stamp duty on property sales.
- The CTP reform resulted in green slip refunds of $198 million to vehicle owners. Unclaimed refunds are to be returned to motorists through a reduction in green slip premiums.
Background
This chapter outlines our audit observations, conclusions and recommendations specific to NSW Government agencies providing financial services.
Section highlights
- Last year's Auditor-General's Report to Parliament recommended Treasury consult with STC Pooled Fund and PCS Fund Trustees to prescribe prudential standards and requirements. Treasury has not taken specific action to address this recommendation.
We recommend Treasury formally assess the merits of implementing prudential standards and supervision arrangements, after considering the risks, benefits and costs to scheme members. - The NSW Self Insurance Corporation did not include an estimate of the liability for unreported incidents of abuse that have occurred within NSW Government institutions because it could not be reliably measured at 30 June 2019. The amounts involved could be material to the Corporation's and Total State Sector's financial statements.
- Insurance scheme liabilities were significantly impacted by unfavourable movements in economic assumptions, including a decrease in the risk free discount rate, and adverse changes in non-economic assumptions, such as higher medical costs.
Appendix one – Timeliness of financial reporting by agency
Appendix two – Management letter findings by agency
Appendix three – Status of 2018 recommendations
Appendix four – Cluster agencies
Appendix five – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Planning, Industry and Environment 2019
This report outlines the results of audits of the financial statements of agencies now grouped in the NSW Planning, Industry and Environment cluster.
Unqualified audit opinions were issued for 56 of the 66 cluster agencies’ 30 June 2019 financial statements. Ten audits remain incomplete. The cluster agencies need to improve the timeliness of financial reporting.
The Audit Office continued to identify issues regarding unprocessed Aboriginal land claims and the recognition of Crown land. ‘Auditor-General’s reports to parliament have recommended action to reduce the level of unprocessed land claims since 2007. However, the number of unprocessed claims continued to increase’, Margaret Crawford said.
One in five internal control findings were repeat issues. Key themes included information technology, asset management and improvements required to expense and payroll controls.
The report makes several recommendations including:
- Property NSW should urgently address the deficiencies in the lease data used to calculate the impact of the new leasing standard effective from 1 July 2019
- the Department of Planning, Industry and Environment should prioritise action to reduce unprocessed Aboriginal land claims
- the Department of Planning, Industry and Environment should ensure the Crown land database is complete and accurate so state agencies and local government councils are better informed about the Crown land they control.
This report analyses the results of our audits of financial statements of the Planning, Industry and Environment cluster agencies for the year ended 30 June 2019. The table below summarises our key observations.
1. Machinery of Government changes
| Creation of the Planning, Industry and Environment cluster |
The Machinery of Government (MoG) changes abolished the former Planning and Environment cluster and former Industry cluster, and created the Planning, Industry and Environment cluster on 1 July 2019. The Department of Planning and Environment (DPE), the Department of Industry (DOI), the Office of Environment and Heritage, and the Office of Local Government were abolished and the majority of their functions were transferred to the new Department of Planning, Industry and Environment (DPIE). |
| The Department of Planning, Industry and Environment is still in the process of implementing changes |
The MoG changes bring risks and challenges to the cluster. A MoG Steering Committee, with the support of various project control groups and working groups, identified and developed responses to key risks arising from the changes. However, the DPIE will take some time to fully integrate the policies, systems and processes of the abolished Departments and agencies. |
2. Financial reporting
| Audit opinions | Unqualified audit opinions were issued for 56 of the 66 cluster agencies' 30 June 2019 financial statements audits. Ten financial statements audits are still ongoing. |
| Timeliness of financial reporting |
Fifty-five of the 57 agencies subject to statutory deadlines submitted their financial statements on time. Due to issues identified during the audit, 13 financial statements audits were not completed and audit opinions issued by the statutory deadline. Agencies prepared and submitted their early close procedures in accordance with the mandatory timeframe set by NSW Treasury. However, 17 of the 49 agencies where we reviewed early close procedures were assessed as either partially addressing or not addressing one or more of the mandatory requirements. The cluster agencies could benefit from an increased focus on early close procedures. |
| Introduction of AASB 16 'Leases' |
We noted errors in the lease data used in Property NSW's AASB 16 impact calculations, which affect both Property NSW and other government agencies. These errors were significant enough to present a risk of material misstatements to the financial statements of Property NSW and other government agencies in future reporting periods. We had similar findings in our recent performance audit on 'Property Asset Utilisation', which highlighted issues with the quality of Property NSW's records. Recommendation: Property NSW should urgently address the deficiencies in the lease data used to calculate the impact of the new leasing standard effective from 1 July 2019. |
| Unprocessed Aboriginal land claims have continued to increase |
Despite an increase in the number of claims resolved, the number of unprocessed Aboriginal land claims increased by 7.2 per cent from the prior year to 35,855 at 30 June 2019. Claims can be made over Crown land assets of the DPIE or other government agencies. Until claims are resolved, there is an uncertainty over who is entitled to the land and the uses and activities that can be carried out on the land. We first recommended action to address unprocessed claims in 2007. Recommendation (repeat issue): The DPIE should prioritise action to reduce unprocessed Aboriginal land claims. |
3. Audit observations
| Internal controls |
One in five internal control issues identified and reported to management in 2018–19 were repeat issues. The lack of user access review was the most common IT general control issue in the cluster. |
| Drought relief |
The NSW Government announced an emergency drought relief package of $500 million in 2018, in addition to other financial assistance measures already in place. Limited documentation and written agreements between relevant delivery agencies resulted in a $31.0 million misstatement relating to grant revenue. |
| Recognition of Crown land |
Crown land is an important asset of the state. Management and recognition of Crown land assets is weakened when there is confusion over who is responsible for a particular Crown land parcel. Last year we recommended the DOI should ensure the database of Crown land is complete and accurate. While the DOI has commenced actions to improve the database, this continued to be an issue in 2018–19. Recommendation (repeat issue): The DPIE should ensure the Crown land database is complete and accurate so state agencies and local government councils are better informed about the Crown land they control. |
| Developer contributions | The former DPE continued to accumulate more developer contributions revenues than it spent on infrastructure projects. Total unspent funds increased to $274 million at 30 June 2019. |
This report provides parliament and other users of the Planning, Industry and Environment cluster agencies financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
This cluster was created by the Machinery of Government changes on 1 July 2019. This report is focused on agencies in the Planning, Industry and Environment cluster from 1 July 2019. However, these agencies were all in other clusters during 2018–19. Please refer to the section on Machinery of Government changes for more details.
Machinery of Government (MoG) refers to how the government organises the structures and functions of the public service. MoG changes are where the government reorganises these structures and functions that are given effect by Administrative orders.
The MoG changes, announced following the NSW State election on 23 March 2019, created the Planning, Industry and Environment (PIE) cluster. The Administrative Changes Orders issued on 2 April 2019, 1 May 2019 and 28 June 2019 gave effect to these changes. These orders became effective on 1 July 2019.
Section highlights
The 2019 MoG changes significantly impacted the former Planning and Environment, and Industry clusters and agencies.
- The PIE cluster combines most of the functions and agencies of the former Planning and Environment and Industry clusters from 1 July 2019.
- The Department of Planning, Industry and Environment is the principal agency in the PIE cluster.
- The MoG changes bring risks and challenges to the PIE cluster.
- A MoG Steering Committee was established to oversee the transitional processes.
- The full integration of the systems and processes will not be completed in the near future.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Planning, Industry and Environment (PIE) cluster for 2019. In this chapter, the Department of Planning, Industry and Environment is referred to as DPIE, the former Department of Planning and Environment as DPE, and the former Department of Industry as DOI.
Section highlights
- Unqualified audit opinions were issued for all completed 30 June 2019 financial statements audits. However, some cluster agencies can further enhance the quality of financial reporting.
- Timeliness of financial reporting remains an issue for 13 agencies.
- Deficiencies were identified in the data used to calculate the impact of AASB 16 ‘Leases’ effective from 1 July 2019. Property NSW should urgently address these deficiencies.
- Unprocessed Aboriginal land claims continue to increase. DPIE should prioritise action to reduce unprocessed Aboriginal land claims.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our audit observations and insights from our financial statement audits of agencies in the Planning, Industry and Environment (PIE) cluster for 2019. In this chapter, the Department of Planning, Industry and Environment is referred to as DPIE, the former Department of Planning and Environment as DPE, and the former Department of Industry as DOI.
Section highlights
- One in five issues identified and reported to management in 2018–19 were repeat issues.
- The lack of user access review was the most common IT general control issue in the PIE cluster.
- The PIE cluster provided significant financial assistance for drought relief.
- There continues to be significant deficiencies in Crown land records. The DPIE should ensure the Crown land database is complete and accurate.
- Unspent developer contributions funds continued to build up in 2018–19.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – Cluster agencies
Appendix four – Financial data
Appendix five – Management letter findings
Appendix six – Timeliness of financial reporting
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Internal Controls and Governance 2019
This report covers the findings and recommendations from the 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector. The 40 agencies selected for this report constitute around 84 per cent of total expenditure for all NSW public sector agencies.
The report provides insights into the effectiveness of controls and governance processes across the NSW public sector. It evaluates how agencies identify, mitigate and manage risks related to:
- financial controls
- information technology controls
- gifts and benefits
- internal audit
- contingent labour
- sensitive data.
The Auditor-General recommended that agencies do more to prioritise and address vulnerabilities in their internal controls and governance. The Auditor-General also recommended agencies increase the transparency of their management of gifts and benefits by publishing their registers on their websites.
This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2019.
1. Internal control trends
| New, repeat and high risk findings |
There was an increase in internal control deficiencies of 12 per cent compared to last year. The increase is predominately due to a 100 per cent increase in repeat financial and IT control deficiencies. Some agencies attributed the delay in actioning repeat findings to the diversion of staff from their regular activities to implement and operationalise the recent Machinery of Government changes. As a result, actions to address audit recommendations have been deferred or re prioritised, as the changes are implemented. Agencies need to ensure they are actively managing the risks associated with having these vulnerabilities in internal control systems unaddressed for extended periods of time. |
| Common findings |
A number of findings were common to multiple agencies. These findings often related to areas that are fundamental to good internal control environments and effective organisational governance, such as:
|
2. Information technology controls
| IT general controls |
We examined information security controls over key financial systems that support the preparation of agency financial statements. We found:
We also found 20 per cent of agencies had deficient IT program change controls, mainly related to segregation of duties in approval and authorisation processes, and user acceptance testing of program changes prior to deployment into production environments. User acceptance testing helps identify potential issues with software incompatibility, operational workflows, absent controls and software issues, as well as areas where training or user support may be required. |
3. Gifts and benefits
| Gifts and benefits registers |
All agencies had a gifts and benefits policy and 90 per cent of agencies maintain a gifts and benefits register. However, 51 per cent of the gifts and benefits registers we examined contained incomplete declarations, such as missing details for the approving officer, value of the gift and/or benefit offered and reasons supporting the decision. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate, compliant with policy and were not direct or indirect inducements to the recipients to favour suppliers or service providers. Agencies should ensure their gifts and benefits register includes all key fields specified in the Public Service Commission's minimum standards for gifts and benefits. Agencies should also perform regular reviews of the register to ensure completeness and ensure any gift or benefit accepted by a staff member meets the public's expectations for ethical behaviour. |
| Managing gifts and benefits |
We found opportunities to improve gifts and benefits processes and enhance transparency. For example, only three per cent of agencies publish their gifts and benefits registers on their websites. Agencies can improve management of gifts and benefits by:
|
| Reporting and monitoring |
Only 35 per cent of agencies reported trends in the number and nature of gifts and benefits recorded in their registers to the agency's senior executive management and/or a governance committee. Agencies should regularly report to the agency executive or other governance committee on trends in the offer and acceptance of gifts and benefits. |
4. Internal audit
| Obtaining value from the internal audit function |
Agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value. For example, only 73 per cent of CAEs regularly attend meetings of the agency board or executive management committee. Internal audit functions can add greater value by involving the CAE more extensively in executive forums as an observer. Internal audit functions should also consider producing an annual report on internal audit. An annual report allows the internal audit function to report on their performance and add value by drawing to the attention of audit and risk committees and senior management strategic issues, thematic trends and emerging risks. |
| Role of the Chief Audit Executive |
Forty-five per cent of agencies assigned responsibilities to the Chief Audit Executive (CAE) that were broader than internal audit, but 17 per cent of these had not documented safeguards to protect the independence of the CAE. The reporting lines and status of the CAE at some agencies also needs review. At two agencies, the CAE reported to the CFO. Agencies should ensure:
|
| Quality assurance and improvement program |
Thirty-five per cent of agencies did not have a documented quality assurance and improvement program for its internal audit function. The policy and the International Standards for the Professional Practice of Internal Auditing require agencies to have a documented quality assurance and improvement program. The results of this program should be reported annually. Agencies should ensure there is a documented and operational Quality Assurance and Improvement Program for the internal audit function that covers both internal and external assessments. |
5. Managing contingent labour
| Obtaining value for money from contingent labour |
According to NSW Procurement data, spend on contingent labour has increased by 75 per cent over the last five years, to $1.5 billion in 2018–19. Improvements in internal processes and a renewed focus on agency monitoring and oversight of contingent labour can help ensure agencies get the best value for money from their contingent workforces. Agencies can improve their management of contingent labour by:
We also found 57 per cent of the 23 agencies we examined with contingent labour spend of more than $5 million in 2018–19 have implemented the government's vendor management system and service provider 'Contractor Central'. |
6. Managing sensitive data
| Identifying and assessing sensitive data |
Sixty-eight per cent of agencies maintain an inventory of their sensitive data and where it resides. However, these inventories are not always complete and risks may be overlooked. Agencies can improve processes to manage sensitive data by:
|
| Managing data breaches |
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents. Agencies should maintain a data breach register to effectively manage the actions undertaken to contain, evaluate and remediate each data breach. |
This report covers the findings and recommendations from our 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies (refer to Appendix three) in the NSW public sector. The 40 agencies selected for this volume constitute around 84 per cent of total expenditure for all NSW public sector agencies.
Although the report includes several agencies that have changed as a result of the Machinery of Government changes that were effective from 1 July 2019, its focus on sector wide issues and insights means that its findings remain relevant to NSW public sector agencies, including newly formed agencies that have assumed the functions of abolished agencies.
This report offers insights into internal controls and governance in the NSW public sector
This is the third report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. For example, if they do not have strong information technology controls, sensitive information may be at risk of unauthorised access and misuse.
Areas of specific focus of the report have changed since last year
Last year's report topics included transparency and performance reporting, management of purchasing cards and taxi use, and fraud and corruption control. We are reporting on new topics this year and re-visiting agency management of gifts and benefits, which we first covered in our 2017 report. Re-visiting topics from prior years provides a baseline to show the NSW public sectors’ progress implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures and report on those that present heightened risks for agencies to mitigate. This year the report focusses on:
- internal control trends
- information technology controls, including access to agency systems
- protecting sensitive information held within agencies
- managing large and diverse workforces (controls around employing and managing contingent workers)
- maintaining an ethical culture (management of gifts and benefits)
- effectiveness of internal audit function and its oversight by Audit and Risk Committees.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, internal controls and audit observations are included in the individual 2019 cluster financial audit reports, which will be tabled in parliament from November to December 2019.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.
Key conclusions and sector wide learnings
- out of date policies or an absence of policies to guide appropriate decisions
- poor record keeping and document retention
- incomplete or inaccurate centralised registers or gaps in these registers.
Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage gifts and benefits.
Key conclusions and sector wide learnings
We found most agencies have implemented the Public Service Commission's minimum standards for gifts and benefits. All agencies had a gifts and benefits policy and 90 per cent of agencies maintained a gifts and benefits register and provided some form of training to employees on the treatment of gifts and benefits.
Based on our analysis of agency registers, we found some areas where opportunities existed to make processes more effective. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate and compliant with policy. Fifty-one per cent of the gifts and benefits registers reviewed contained declarations where not all fields of information had been completed. Seventy-seven per cent of agencies that maintained a gifts and benefits register did not include all key fields suggested by the minimum standards.
Areas where agencies can improve their management of gifts and benefits include:
- ensuring agency policies comprehensively cover the elements necessary to make it effective in an operational environment, such as identifying risks specific to the agency and actions that will be taken in the event of a policy breach
- establishing and publishing a statement of business ethics on the agency's website to clearly communicate expected behaviours to clients, customers,suppliers and contractors
- updating gifts and benefits registers to include all key fields suggested by the minimum standards, as well as performing regular reviews of the register to ensure completeness
- providing on-going training, awareness activities and support to employees, not just at induction
- regularly reporting gifts and benefits to executive management and/or a governance committee such as the audit and risk committee, focussing on trends in the number and types of gifts and benefits offered to and accepted by agency staff
- publishing their gifts and benefits registers on their websites to demonstrate a commitment to a transparently ethical environment.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency internal audit functions.
Key conclusions and sector wide learnings
We found agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems as required by TPP15-03 'Internal Audit and Risk Management Policy for the NSW Public Sector'. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value, including:
- documenting and implementing safeguards to address conflicting roles performed by the Chief Audit Executive (CAE)
- ensuring the reporting lines for the CAE comply with the NSW Treasury policy, and the CAE reports neither functionally or administratively to the finance function or other significant recipients of internal audit services
- involving the CAE more extensively in executive forums as an observer
- documenting a Quality Assurance and Improvement Program for the internal audit function and performing both internal and external performance assessments to identify opportunities for continuous improvement
- reporting against key performance indicators or a balanced scorecard and producing an annual report on internal audit to bring to the attention of the audit and risk committee and senior management strategic issues, thematic trends and emerging risks that may require further attention or resources.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to on-board, manage and off-board contingent labour.
Key conclusions and sector wide learnings
Agencies have implemented controls to manage contingent labour and most agencies have some level of reporting and oversight of contingent labour at an executive level. However, the increasing trend in spend on contingent labour warrants a renewed focus on agency monitoring and oversight of their use of contingent labour. Over the last five years spend on contingent labour has increased by 75 per cent, to $1.5 billion in 2018–19.
There are also some key gaps that limit the ability of agencies to effectively manage contingent labour. Key areas where agencies can improve their management of contingent labour include:
- preparing workforce plans to inform their resourcing strategy, and confirm prior to engaging contingent labour, that this solution aligns with the strategy and best meets business needs
- involving agency human resources units in decisions about engaging contingent labour
- regularly reporting on contingent labour use to agency executive teams, particularly in terms of trends in agency spend, tenure and compliance with policies and procedures
- strengthening on-boarding and off-boarding processes, including establishing checklists to on-board and off-board contingent labour, making provisions for knowledge transfer, and assessing, documenting and capturing performance information.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of governance and processes in relation to the management of sensitive data.
Key conclusions and sector wide learnings
Information technology risks are rapidly increasing. More interfaces between agencies and greater connectivity means the amounts of data agencies generate, access, store and share continue to increase. Some of this information is sensitive information, which is protected by the Privacy Act 1988.
It is important that agencies understand what sensitive data they hold, the risks associated with the inadvertent release of this information and how they are mitigating those risks. We found that agencies need to continue to identify and record their sensitive data, as well as expand the methods they use to identify sensitive data. This includes data held in unstructured repositories, such as network shared drives and by agency service providers.
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents.
Key areas where agencies can improve their management of sensitive data include:
- identifying sensitive data, based on a comprehensive and structured process and maintaining an inventory of the data
- assessing the criticality and sensitivity of the data so that the protection of high risk data can be prioritised
- developing comprehensive data breach management policies to ensure data breaches are appropriately managed
- maintaining a data breach incident register to record key information in relation to identified data breaches incidents, including the estimated cost of the breach
- providing on-going training and awareness activities to employees in relation to sensitive data and managing data breaches.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – In-scope agencies
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Biosecurity risk management
The report focuses on the Department of Primary Industries’ (DPI) as the lead agency for biosecurity in New South Wales. It examines how well the department responds to biosecurity emergencies and manages compliance activities. DPI’s state partners include NSW Health, the NSW Environment Protection Authority, Local Land Services, and Local Control Authorities to manage biosecurity risks in New South Wales.
Biosecurity is the protection of the economy, environment, and community from the negative impacts of pests, diseases, weeds, and contaminants.
National and State governments have defined roles and responsibilities for biosecurity in Australia, reflecting the allocation of powers in the Australian Constitution. The Australian Government has direct responsibility for biosecurity (quarantine) at the international border, and works jointly with the states and territories to set the legislative framework and policy direction for managing biosecurity nationally. It also works with state and territory governments to ensure there is a national approach to biosecurity. State governments manage their biosecurity activities within the national framework.
The Department of Primary Industries (DPI), within the Department of Industry, is the lead agency for biosecurity in NSW. This audit was conducted with the Department of Industry as the auditee. On 2 April 2019 the NSW Government announced it will abolish the Department of Industry. From 1 July 2019 the Department of Planning, Industry and Environment, will have responsibility for biosecurity activities described in this report.
The NSW Biosecurity Strategy 2013–2021 (the Strategy) articulates the NSW Government’s responsibilities for biosecurity within the national legislative framework. Achieving the outcomes of the strategy relies on DPI fulfilling two key responsibilities. Firstly, undertaking direct actions, such as implementing strong regulatory compliance and licensing activities, and managing biosecurity emergency responses. Secondly, leading the response to biosecurity risks by fostering effective collaboration with stakeholders across government, industry, and the wider community.
In NSW, 11 regional Local Land Services (LLS) are the key partners for DPI in meeting its biosecurity responsibilities. Each LLS develops and implements strategies to manage invasive pests and diseases within their regions. They also investigate new reports of pests or diseases in their regions and staff local emergency control centres when an emergency response is triggered.
Local Control Authorities (LCAs) also have a role in biosecurity management. LCAs include local councils and a small number of specialist regional agencies. Their role focuses on strategies to manage weeds within their local areas.
This audit assessed the effectiveness and economy of DPI’s biosecurity emergency response and prevention activities. It looks at DPI’s emergency response practice and its compliance program as a key prevention activity for which DPI has primary responsibility. DPI sets policy and procedural compliance standards for management of biosecurity risks in NSW and also conducts an annual program of property inspections and investigations that ensure that its compliance policies and procedures are being applied effectively.
Appendix one - Response from agency
Appendix two - Location of selected biosecurity emergency responses
Appendix three - About the audit
Appendix four - Performance auditing
Parliamentary Reference: Report number #321 - released 18 June 2019
Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Banner image: ‘Yellow crazy ant’, supplied and permitted for use by NSW Department of Primary Industries under Creative Commons Attribution-ShareAlike 3.0 Unported Licence. Full terms.
Internal Controls and Governance 2017
Agencies need to do more to address risks posed by information technology (IT).
Effective internal controls and governance systems help agencies to operate efficiently and effectively and comply with relevant laws, standards and policies. We assessed how well agencies are implementing these systems, and highlighted opportunities for improvement.
1. Overall trends
|
New and repeat findings |
The number of reported financial and IT control deficiencies has fallen, but many previously reported findings remain unresolved. |
|
High risk findings |
Poor systems implementations contributed to the seven high risk internal control deficiencies that could affect agencies. |
|
Common findings |
Poor IT controls are the most commonly reported deficiency across agencies, followed by governance issues relating to cyber security, capital projects, continuous disclosure, shared services, ethics and risk management maturity. |
2. Information Technology
|
IT security |
Only two-thirds of agencies are complying with their own policies on IT security. Agencies need to tighten user access and password controls. |
|
Cyber security |
Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
|
Other IT systems |
Agencies can improve their disaster recovery plans and the change control processes they use when updating IT systems. |
3. Asset Management
|
Capital investment |
Agencies report delays delivering against the significant increase in their budgets for capital projects. |
|
Capital projects |
Agencies are underspending their capital budgets and some can improve capital project governance. |
|
Asset disposals |
Eleven per cent of agencies were required to sell their real property through Property NSW but didn’t. And eight per cent of agencies can improve their asset disposal processes. |
4. Governance
|
Governance arrangements |
Sixty-four per cent of agencies’ disclosure policies support communication of key performance information and prompt public reporting of significant issues. |
|
Shared services |
Fifty-nine per cent of agencies use shared services, yet 14 per cent do not have service level agreements in place and 20 per cent can strengthen the performance standards they set. |
5. Ethics and Conduct
|
Ethical framework |
Agencies can reinforce their ethical frameworks by updating code‑of‑conduct policies and publishing a Statement of Business Ethics. |
|
Conflicts of interest |
All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
6. Risk Management
|
Risk management maturity |
All agencies have implemented risk management frameworks, but with varying levels of maturity. |
|
Risk management elements |
Many agencies can improve risk registers and strengthen their risk culture, particularly in the way that they report risks to their lead agency. |
This report covers the findings and recommendations from our 2016–17 financial audits related to the internal controls and governance of the 39 largest agencies (refer to Appendix three) in the NSW public sector. These agencies represent about 95 per cent of total expenditure for all NSW agencies and were considered to be a large enough group to identify common issues and insights.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2017 cluster financial audit reports tabled in Parliament from October to December 2017.
This new report offers strategic insight on the public sector as a whole
In previous years, we have commented on internal control and governance issues in the volumes we published on each ‘cluster’ or agency sector, generally between October and December. To add further value, we then commented more broadly about the issues identified for the public sector as a whole at the start of the following year.
This year, we have created this report dedicated to internal controls and governance. This will help Parliament to understand broad issues affecting the public sector, and help agencies to compare their own performance against that of their peers.
Without strong control measures and governance systems, agencies face increased risks in their financial management and service delivery. If they do not, for example, properly authorise payments or manage conflicts of interest, they are at greater risk of fraud. If they do not have strong information technology (IT) systems, sensitive and trusted information may be at risk of unauthorised access and misuse.
These problems can in turn reduce the efficiency of agency operations, increase their costs and reduce the quality of the services they deliver.
Our audits do not review every control or governance measure every year. We select a range of measures, and report on those that present the most significant risks that agencies should mitigate. This report divides these into the following six areas:
- Overall trends
- Information technology
- Asset management
- Governance
- Ethics and conduct
- Risk management.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume then illustrates this year’s controls and governance findings in more detail.
|
Issues |
Recommendations |
|
1.1 New and repeat findings |
|
|
The number of internal control deficiencies reduced over the past three years, but new higher-risk information technology (IT) control deficiencies were reported in 2016–17. Deficiencies repeated from previous years still make up a sizeable proportion of all internal control deficiencies. |
Recommendation Agencies should focus on emerging IT risks, but also manage new IT risks, reduce existing IT control deficiencies, and address repeat internal control deficiencies on a more timely basis. |
|
1.2 High risk findings |
|
|
We found seven high risk internal control deficiencies, which might significantly affect agencies. |
Recommendation Agencies should rectify high risk internal control deficiencies as a priority |
|
1.3 Common findings |
|
|
The most common internal control deficiencies related to poor or absent IT controls. We found some common governance deficiencies across multiple agencies. |
Recommendation Agencies should coordinate actions and resources to help rectify common IT control and governance deficiencies. |
Information technology (IT) has become increasingly important for government agencies’ financial reporting and to deliver their services efficiently and effectively. Our audits reviewed whether agencies have effective controls in place over their IT systems. We found that IT security remains the source of many control weakness in agencies.
| Issues | Recommendations |
2.1 IT security |
|
|
User access administration While 95 per cent of agencies have policies about user access, about two-thirds were compliant with these policies. Agencies can improve how they grant, change and end user access to their systems. |
Recommendation Agencies should strengthen user access administration to prevent inappropriate access to sensitive systems. Agencies should:
|
|
Privileged access Sixty-eight per cent of agencies do not adequately manage who can access their information systems, and many do not sufficiently monitor or restrict privileged access. |
Recommendation Agencies should tighten privileged user access to protect their information systems and reduce the risks of data misuse and fraud. Agencies should ensure they:
|
|
Password controls Forty-one per cent of agencies did not meet either their own standards or minimum standards for password controls. |
Recommendation Agencies should review and enforce password controls to strengthen security over sensitive systems. As a minimum, password parameters should include:
|
2.2 Cyber Security |
|
|
Cyber security framework Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
Recommendation The Department of Finance, Services and Innovation should revisit its existing framework to develop a shared cyber security terminology and strengthen the current reporting requirements for cyber incidents. |
|
Cyber security strategies While 82 per cent of agencies have dedicated resources to address cyber security, they can strengthen their strategies, expertise and staff awareness. |
Recommendations The Department of Finance, Services and Innovation should:
Agencies should ensure they adequately resource staff dedicated to cyber security. |
2.3 Other IT systems |
|
|
Change control processes Some agencies need to improve change control processes to avoid unauthorised or inaccurate system changes. |
Recommendation Agencies should consistently perform user acceptance testing before system upgrades and changes. They should also properly approve and document changes to IT systems. |
|
Disaster recovery planning Agencies can do more to adequately assess critical business systems to enforce effective disaster recovery plans. This includes reviewing and testing their plans on a timely basis. |
Recommendation Agencies should complete business impact analyses to strengthen disaster recovery plans, then regularly test and update their plans. |
Agency service delivery relies on developing and renewing infrastructure assets such as schools, hospitals, roads, or public housing. Agencies are currently investing significantly in new assets. Agencies need to manage the scale and volume of current capital projects in order to deliver new infrastructure on time, on budget and realise the intended benefits. We found agencies can improve how they:
- manage their major capital projects
- dispose of existing assets.
| Issues | Recommendations or conclusions |
3.1 Capital investment |
|
|
Capital asset investment ratios Most agencies report high capital investment ratios, but one-third of agencies’ capital investment ratios are less than one. |
Recommendation Agencies with high capital asset investment ratios should ensure their project management and delivery functions have the capacity to deliver their current and forward work programs. |
|
Volume of capital spending Most agencies have significant forward spending commitments for capital projects. However, agencies’ actual capital expenditure has been below budget for the last three years. |
Conclusion The significant increase in capital budget underspends warrant investigation, particularly where this has resulted from slower than expected delivery of projects from previous years. |
3.2 Capital projects |
|
|
Major capital projects Agencies’ major capital projects were underspent by 13 percent against their budgets. |
Conclusion The causes of agency budget underspends warrant investigation to ensure the NSW Government’s infrastructure commitment is delivered on time. |
|
Capital project governance Agencies do not consistently prepare business cases or use project steering committees to oversee major capital projects. |
Conclusion Agencies that have project management processes that include robust business cases and regular updates to their steering committees (or equivalent) are better able to provide those projects with strategic direction and oversight. |
3.3. Asset disposals |
|
|
Asset disposal procedures Agencies need to strengthen their asset disposal procedures. |
Recommendations Agencies should have formal processes for disposing of surplus properties. Agencies should use Property NSW to manage real property sales unless, as in the case for State owned corporations, they have been granted an exemption. |
Governance refers to the high-level frameworks, processes and behaviours that help an organisation to achieve its objectives, comply with legal and other requirements, and meet a high standard of probity, accountability and transparency.
This chapter sets out the governance lighthouse model the Audit Office developed to help agencies reach best practice. It then focuses on two key areas: continuous disclosure and shared services arrangements. The following two chapters look at findings related to ethics and risk management.
| Issues | Recommendations or conclusions |
4.1 Governance arrangements |
|
|
Continuous disclosure Continuous disclosure promotes improved performance and public trust and aides better decision-making. Continuous disclosure is only mandatory for NSW Government Businesses such as State owned corporations. |
Conclusion Some agencies promote transparency and accountability by publishing on their websites a continuous disclosure policy that provides for, and encourages:
|
4.2 Shared services |
|
|
Service level agreements Some agencies do not have service level agreements for their shared service arrangements. Many of the agreements that do exist do not adequately specify controls, performance or reporting requirements. This reduces the effectiveness of shared services arrangements. |
Conclusion Agencies are better able to manage the quality and timeliness of shared service arrangements where they have a service level agreement in place. Ideally, the terms of service should be agreed before services are transferred to the service provider and:
|
|
Shared service performance Some agencies do not set performance standards for their shared service providers or regularly review performance results. |
Conclusion Agencies can achieve better results from shared service arrangements when they regularly monitor the performance of shared service providers using key measures for the benefits realised, costs saved and quality of services received. Before agencies extend or renegotiate a contract, they should comprehensively assess the services received and test the market to maximise value for money. |
All government sector employees must demonstrate the highest levels of ethical conduct, in line with standards set by The Code of Ethics and Conduct for NSW government sector employees.
This chapter looks at how well agencies are managing these requirements, and where they can improve their policies and processes.
We found that agencies mostly have the appropriate codes, frameworks and policies in place. But we have highlighted opportunities to improve the way they manage those systems to reduce the risks of unethical conduct.
| Issues | Recommendations or conclusions |
5.1 Ethical framework |
|
|
Code of conduct All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
Recommendation Agencies should regularly review their code-of-conduct policies and ensure they keep their codes of conduct up-to-date. |
|
Statement of business ethics Most agencies maintain an ethical framework, but some can enhance their related processes, particularly when dealing with external clients, customers, suppliers and contractors. |
Conclusion Agencies can enhance their ethical frameworks by publishing a Statement of Business Ethics, which communicates their values and culture. |
5.2 Potential conflicts of interest |
|
|
Conflicts of interest All agencies have a conflicts-of-interest policy, but most can improve how they identify, manage and avoid conflicts of interest. |
Recommendation Agencies should improve the way they manage conflicts of interest, particularly by:
|
|
Gifts and benefits While all agencies already have a formal gifts-and-benefits policy, we found gaps in the management of gifts and benefits by some that increase the risk of unethical conduct. |
Recommendation Agencies should improve the way they manage gifts and benefits by promptly updating registers and providing annual training to staff. |
Risk management is an integral part of effective corporate governance. It helps agencies to identify, assess and prioritise the risks they face and in turn minimise, monitor and control the impact of unforeseen events. It also means agencies can respond to opportunities that may emerge and improve their services and activities.
This year we looked at the overall maturity of the risk management frameworks that agencies use, along with two important risk management elements: risk culture and risk registers.
| Issues | Recommendations or conclusions |
6.1 Risk management maturity |
|
|
All agencies have implemented risk management frameworks, but with varying levels of maturity in their application. Agencies’ averaged a score of 3.1 out of five across five critical assessment criteria for risk management. While strategy and governance fared best, the areas that most need to improve are risk culture, and systems and intelligence. |
Conclusion Agencies have introduced risk management frameworks and practices as required by the Treasury’s:
However, more can be done to progress risk management maturity and embed risk management in agency culture. |
6.2 Risk management elements |
|
|
Risk culture Most agencies have started to embed risk management into the culture of their organisation. But only some have successfully done so, and most agencies can improve their risk culture.
|
Conclusion Agencies can improve their risk culture by:
|
|
Risk registers and reporting Some agencies do not report their significant risks to their lead agency, which may impair the way resources are allocated in their cluster. Some agencies do not integrate risk registers at a divisional and whole-of-enterprise level. |
Conclusion Agencies not reporting significant risks at the cluster level increases the likelihood that significant risks are not being mitigated appropriately. |
Effective risk management can improve agency decision-making, protect reputations and lead to significant efficiencies and cost savings. By embedding risk management directly into their operations, agencies can also derive extra value for their activities and services.
Industry 2017
The following report highlights the results of the financial audits of NSW Government entities in the Industry cluster. The report focuses on key observations and findings from the most recent audits of these entities.
The report notes that TAFE NSW will continue to incur extra costs each year to produce reliable financial information due to deficiencies in its student administration system. TAFE NSW plans to replace its Student Administration and Learning Management system in 2018-19 at an estimated cost of $89 million.
1. Financial reporting and controls
|
Financial reporting |
Unqualified audit opinions were issued for 44 out of 48 financial statement audits with four audits incomplete. Early close procedures continue to promote earlier and better quality financial reporting. |
| Financial performance | The cluster recorded a net deficit of $107 million in 2016–17 ($78.0 million in 2015–16). Contributing to the overall cluster net deficit was the Department's $226 million net deficit offset by net surpluses at Water NSW and the Forestry Corporation of New South Wales. |
| TAFE NSW continues to experience system issues | TAFE NSW incurs extra costs each year to produce reliable financial information due to deficiencies in its student administration system. TAFE NSW plans to replace its Student Administration and Learning Management system in 2018–19 at an estimated cost of $89 million. |
| Internal controls |
We identified 180 internal control issues, including 61 repeat issues across the cluster. We rated four of these issues as 'high' risk, 98 as ‘moderate’ risk and 78 as ‘low’ risk. Of the 180 issues raised, 37 related to financial reporting and 52 related to controls over processes such as procurement and fixed assets. Some internal control issues and recommendations identified in previous years, have been repeated and should be addressed promptly to reduce risks and improve processes. |
| Deficient user administration access | Agencies need to strengthen user access administration to critical financial systems. |
2. Service delivery
| Premier and State Priorities |
Australian Bureau of Statistics data shows the Premier's priority for job creation has been achieved. While performance has declined for the State priority to increase the proportion of people completing apprenticeships and traineeships, the Department advises it has initiatives in place to achieve this State priority, and the State priority for New South Wales to lead Australia in business confidence. |
| Crown land | The Department is working to respond to the recommendations from a Parliamentary Inquiry into Crown Land and to implement the revised framework contained in the Crown Land Management Act 2016. |
| Aboriginal land claims |
Despite a continued focus, the Department has been unsuccessful in reducing the number of unprocessed Aboriginal land claims. The Department should continue to implement measures to reduce the backlog of unprocessed Aboriginal land claims. |
This report focuses on agencies in the Industry cluster. The report focuses on audit results, observations, conclusions and recommendations for financial reporting and controls, and service delivery.
This cluster leads the State's promotion of New South Wales as the place to invest and produce goods and services. Significant cluster agencies deliver services in the following areas:
Confidence in public sector decision-making and transparency is enhanced when financial reporting is accurate and timely. Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies.
This chapter outlines audit observations, conclusions and recommendations for the financial reporting and controls of agencies in the cluster for 2016–17.
| Observation | Conclusion or recommendation |
| 2.1 Quality of financial reporting | |
| Unqualified audit opinions were issued for 44 out of 48 financial statement audits. Four audits are continuing. | Ongoing improvements in the preparation of financial statements helped identify and resolve material issues. |
| The number of misstatements within the cluster fell from 104 in 2015–16 to 70 in 2016–17. | The ‘early close procedures’ initiative introduced by the Treasury in 2011–12 has reduced the number of misstatements each year. |
| 2.2 Timeliness of financial reporting | |
| Most agencies complied with the Treasury’s early close procedures and the timetable for the preparation and audit of financial statements. | Greater focus on financial reporting and effective early close procedures has improved the timeliness of financial reporting, but further improvements are required. |
| 2.3 Key financial issues from cluster agencies | |
| The Department of Industry completed a revaluation of Crown land and continues work on improving the accounting for Crown land. | The value of Crown land recognised in the Department's financial statements at 30 June 2017 was $5.3 billion. The revaluation was carried out using a revised mass valuation approach which reduced complexity and subjectivity and improved transparency. |
| There is no process in place to ensure agencies recognise all the Crown land they manage and control. | Recommendation: The Department should confirm the completeness and accuracy of the Crown land database with other organisations that manage and control Crown land to improve the reliability of its records. |
| TAFE NSW incurred approximately $6 million of direct costs to deal with issues in its student administration system and establish the integrity of its financial data for 2016–17. | TAFE NSW will continue to incur extra costs each year to produce reliable financial information. TAFE NSW advises it intends to replace the Student Administration and Learning Management system it jointly implemented with the Department of Education three years ago at a cost $40.2 million. TAFE plans to implement the new system in 2018–19 at an estimated cost of $89 million. |
| 2.4 Key financial information | |
| The cluster recorded a net deficit of $107 million in 2016–17 ($78.0 million in 2015–16). | The overall cluster net deficit included the Department's $226 million net deficit which was partly offset by net surpluses in a number of other agencies, including Water NSW and the Forestry Corporation of New South Wales. Most agencies in the cluster, including the Department, but excluding the State owned corporations, are dependent on the NSW Government for the majority of their revenue. |
| 2.5 Financial performance and sustainability | |
| We assessed the performance of certain agencies against key financial sustainability indicators. This identified four agencies with adjusted net deficits and two agencies with liquidity ratios below one. | Overall, based on our analysis these agencies are not at high risk of sustainability concerns. |
| 2.6 Internal controls | |
| A significant number of repeat internal control issues were again raised with management for certain agencies in the cluster. |
Recommendation (repeat issue): Internal control issues and recommendations from previous years should be addressed promptly to reduce risks and improve processes. |
| User access administration over financial systems needs to be improved. 17 moderate risk issues related to user access administration across nine agencies were identified. |
Recommendation: Agencies should ensure administration of user access to critical systems
|
Government outcomes can be achieved by delivering services through a mix of the public, private or not-for-profit sectors. Service delivery reform is most successful if there is clear accountability for service delivery outcomes, decisions are aligned to the government's strategic direction, and performance and value for money are monitored and evaluated.
This chapter outlines our audit observations, conclusions and recommendations for the service delivery of agencies in the cluster for 2016–17.
| Issues | Conclusion or recommendation |
|
3.1 Measuring and reporting on performance |
|
| The Department is responsible for two State priorities (increasing apprenticeships and business confidence) and the Premier's priority of creating jobs. The Department also supports four state priorities. | Australian Bureau of Statistics data shows the Premier's priority for job creation continues to be achieved. The Department reported that the number of people completing apprenticeships and traineeships had declined to 59 per cent against a 2019 target of 65 per cent, while the State was ranked first or second on a range of business confidence indicators. |
|
3.2 Improvements required in the administration of Crown land |
|
| The Department faces many challenges in the administration of Crown land. These challenges range from inadequate systems and processes through to satisfying competing commercial, environmental, and community interests. |
The Department has implemented, or is implementing the recommendations from a performance audit on the Sale and Lease of Crown land and the Parliamentary Inquiry into Crown land. It is also implementing the revised framework for Crown land contained in the Crown Land Management Act 2016. |
|
3.3 Aboriginal land claims over Crown land |
|
| The number of unprocessed Aboriginal land claims continues to increase. Work on finalising Aboriginal Land Agreements, which may help address the claims backlog, is continuing. | Recommendation (repeat Issue): The Department should continue to implement measures to reduce the number of unprocessed Aboriginal land claims. |
|
3.4 Skills development |
|
| Eleven contracted Smart and Skilled service providers had their contracts cancelled for quality issues. There were 391 providers of Smart and Skilled qualifications as at October 2017. | The Department of Industry spent $1.4 billion on the provision of vocational education and training. The Department has controls in place to monitor the performance of contracted service providers to ensure quality delivery of training. |
Agency compliance with NSW Government travel policies
Overall, agencies materially complied with NSW Government travel policies.
However, the Auditor-General found some agencies:
- did not always book official travel through the approved supplier
- had weaknesses in their travel approval processes
- had travel policies that were inconsistent with the NSW Government policy
- did not adequately manage their travel records.
We asked the 15 participating agencies to complete a self assessment of the processes they have implemented to comply with the new policy. The key observations are summarised below.
Government Advertising: Campaigns for 2015–16 and 2016–17
The 'Stronger Councils, Stronger Communities' and the 'Dogs deserve better' government advertising campaigns complied with the Government Advertising Act and most elements of the Government Advertising Guidelines.
However, some advertisements were designed to build support for government policy and used subjective or emotive messages. This is inconsistent with the requirement in the Government Advertising Guidelines for 'objective presentation in a fair and accessible manner'.
Advertisements in the 'Stronger Councils, Stronger Communities' campaign used subjective statements such as 'the system is broken' and 'brighter future'. While advertisements in the 'Dogs deserve better' campaign used confronting imagery such as gun targets, blood smears and gravestones.
The Government Advertising Act 2011 (the Act) requires the Auditor-General to conduct a performance audit in relation to at least one government advertising campaign in each financial year. The performance audit assesses whether advertising campaigns were carried out effectively, economically and efficiently and in compliance with the Act, the regulations, other laws and the Government Advertising Guidelines (the Guidelines). In this audit, we examined two campaigns:
- the ‘Stronger Councils, Stronger Communities’ campaign run by the Office of Local Government and the Department of Premier and Cabinet
- the ‘Dogs deserve better’ campaign run by the Department of Justice.
Section 6 of the Act details the specific prohibitions on political advertising. Under this section, material that is part of a government advertising campaign must not contain the name, voice or image of a minister, member of parliament or a candidate nominated for election to parliament or the name, logo or any slogan of a political party. Further, a campaign must not be designed so as to influence (directly or indirectly) support for a political party.
The ‘Stronger Councils, Stronger Communities’ government advertising campaign was run by the Office of Local Government and the Department of Premier and Cabinet in four phases from August 2015 to May 2016. The total cost of the campaign was over $4.5 million. See Appendix 2 for more details on this campaign.
Two factors potentially compromised value for money for the campaign. The request for quotes for the design of the Phase 1 advertisement did not reflect the full scale of work to be undertaken, which was substantially greater than initially quoted. Further, the department did not meet all recommended timeframes to minimise media booking costs for all phases of the campaign.
The campaign did not comply with all administrative requirements in all phases. Advertising for Phase 1 commenced before the compliance certificate was signed. There was no evidence that a compliance certificate was signed for Phase 2 extension. The cost benefit analyses for Phase 2 and Phase 2 extension did not sufficiently consider alternatives to advertising, as is required by the Government Advertising Guidelines.
Advertisements adopted subjective messages designed to build public support for council mergers and directed audiences to websites for more detailed information. Campaign research identified statements that were most likely to reduce resistance to mergers. Some advertising content used subjective language, which we consider inconsistent with the requirement for ‘objective presentation’. Evaluations of advertising effectiveness also measured the success of the advertisements in increasing public support for council mergers.
No breach of specific prohibitions in the Act
Section 6 of the Act prohibits the use of government advertising for political advertising. A government advertising campaign must not:
- be designed to influence (directly or indirectly) support for a political party
- contain the name, voice or image of a minister, any other member of parliament or a candidate nominated for election to parliament
- contain the name, logo or any slogan of, or any other reference relating to, a political party.
We did not identify any breach of the specific prohibitions listed above in the advertising content of this campaign.
Request for quotes to design advertisement did not reflect the full scope required
The request for quotes for the design of the Phase 1 advertisement did not reflect the full scale of work that was to be undertaken, and this created a risk to achieving value for money. The Office of Local Government sought quotes for design of a television advertisement only. It did not request an estimate for radio, online advertisements, or translation for linguistically diverse audiences, which were ultimately required for the campaign.
A full and fair assessment of which supplier could provide the best value for money could not be made given that the quotes obtained did not reflect the full scope of work. The final amount paid for the design of Phase 1 was 2.7 times the original quote. It is possible that another supplier that provided a quote could have provided overall better value for money.
The Office of Local Government continued to use the Phase 1 supplier for Phase 2 and Phase 2 extension (Exhibit 4). Where there are other suppliers that could feasibly compete for a contract, direct negotiation increases the risk the agency has not obtained the best value for money. The department advised that it continued with the same agency to avoid costs involved in briefing a new agency on the campaign.
The ‘Dogs deserve better’ government advertising campaign was run by the Department of Justice from August 2016, after the government announced its decision to prohibit greyhound racing, and was terminated in October 2016 after a change of government policy. The campaign had a budget of $1.6 million, with an actual spend of $1.3 million. See Appendix 2 for more details on this campaign.
The Secretary of the department determined that urgent circumstances existed that required advertising to commence prior to completing a cost benefit analysis and peer review. There was a concern that industry participants may make impulse decisions to destroy greyhounds without further information on support services; there was also an identified need to promote public greyhound adoptions.
Phase 1 advertisements focused on explaining the reasons for the prohibition on greyhound racing with a reference to a website for further information. While industry participants were identified as the primary audience, media expenditure was not specifically targeted to this group. Phase 2 advertisements more effectively addressed the originally identified ‘urgent needs’ of providing information on support services for greyhound owners and information on how the public could adopt a greyhound.
The urgency to advertise potentially compromised value for money. The department did not use price competition when selecting a creative supplier due to a concern this would add to timeframes. Further, the department did not meet recommended timeframes to minimise media booking costs.
We identified three other areas in Phase 1 advertisements that were inconsistent with government advertising requirements. Advertisements used provocative language and confronting imagery, which we consider to be inconsistent with the requirement for ‘objective presentation’. Two statements presented as fact based on the Special Commission’s Inquiry report were inaccurate; one of these was due to a calculation error. Radio advertisements did not clearly identify that they were authorised by the New South Wales Government for the first few days of the campaign.
No breach of specific prohibitions in the Act
Section 6 of the Act prohibits the use of government advertising for political advertising. A government advertising campaign must not:
- be designed to influence (directly or indirectly) support for a political party
- contain the name, voice or image of a minister, any other member of parliament or a candidate nominated for election to parliament
- contain the name, logo or any slogan of, or any other reference relating to, a political party.
We did not identify any breach of the specific prohibitions listed above in the advertising content of this campaign.
Animal welfare concerns were identified as the reason for urgent advertising
A brief prepared by the department in July 2016 raised concerns about the welfare of greyhounds following the NSW Premier’s announcement that the government would prohibit greyhound racing. The brief raised the risk that industry members may make impulse decisions to destroy their greyhounds without information on support that was being offered.
The department used the provisions in Sections 7(4) and 8(3) of the Act to expedite the release of advertising due to ‘other urgent circumstances’. This provision allows advertising to commence prior to completing the peer review process and cost benefit analysis.
In introducing the Government Advertising Bill to parliament in 2011, the then Premier noted that exceptional circumstances would cover situations ‘such as a civil emergency or sudden health epidemic’. There is no other guidance on when it is appropriate to use this section. It is at the discretion of a government agency head to determine whether a campaign is urgent.
Phase 1 advertisements did not focus on the urgent needs
This advertising campaign had three overarching objectives:
- to increase public awareness of the animal welfare reasons for the closure of the greyhound racing industry
- to change the behaviour of dog owners from potentially harming their greyhounds to treating them humanely, by accessing the support options and packages available
- to promote greyhound adoptions by the public.
Alongside advertising, the department took other steps to engage with the greyhound racing industry. This included direct mail, face to face meetings around the State, setting up a call centre and community consultation through an online survey. Other government agencies and animal welfare agencies were also engaged to reach out to affected stakeholders.
Phase 1 advertising content focused on providing information about the reasons for the closure of the industry. The department’s radio and television advertisements did not refer to support packages or encourage the public to adopt a greyhound. While print advertisements did mention these things, this was only presented in fine print. In all advertisements, audiences were referred to a website for further information.
The focus of advertisements on the reasons for industry closure was not consistent with the identified needs to urgently commence advertising to influence the behaviour of dog owners and encourage the public to adopt a greyhound.
The content in Phase 2 advertisements, which began around four weeks after the first phase, was more explicit in highlighting the services and support for industry members such as offering business and retraining advice. These advertisements also referred audiences to a call centre number as well as the website.
Peer review process limited to influencing second phase of advertisements
In urgent circumstances, the Act allows for peer review to be completed after advertising has commenced. For this campaign, the peer review process was completed on 19 August 2016, two weeks after advertising had commenced. Where advertising commences before the peer review process is completed, the usefulness of peer reviewers’ recommendations is limited to informing subsequent phases of advertising and the post-campaign evaluation.
The peer review report found the messages in Phase 1 advertisements were not clearly defined, and the role of advertising was not clearly defined amongst other campaign activities. These recommendations informed the second phase of advertising, which ran from 27 August 2016 until the campaign was terminated in October 2016.
The department could not demonstrate value for money was achieved for creative work
The department provided a fixed budget for creative work when requesting quotes from creative agencies to develop advertising material. This is not consistent with the quotation requirements in the government’s Guidelines for Advertising and Digital Communication Services. This approach creates risks to achieving value for money as creative agencies are not required to compete on price for their services. The department advised that it had pre-set the creative costs based on a comparative government campaign of a similar size. This was done due to a concern that requiring agencies to compete on price would affect the short timeframe given to develop creative material.
Three creative agencies accepted the opportunity to present design ideas for the campaign. The department was unable to provide evidence of how it chose the preferred supplier out of these three agencies. Records are important for accountability and allow a procurement decision to be audited after an urgent decision.
Short notice did not allow for cost-efficient media booking for all phases
Placement of advertisements in various media channels was done through the State’s Media Agency Services contract. This contract achieves savings as the government can use its aggregated media spend to gain discounts from the media supplier.
The Department of Premier and Cabinet provides guidance to ensure cost efficient media booking. For example, media time for a television advertisement should be booked at least 6 to 12 weeks in advance. Radio advertisements should be booked at least 2 to 8 weeks in advance.
The peer review report noted that the department did not have adequate time to look for the most cost-efficient way to advertise. In its response to the peer reviewers, the department acknowledged this to be due to the urgency to start advertising. The media booking authority was signed by the department one day before the campaign commenced.
The department used a wide public campaign for a narrow target audience
The campaign identified greyhound industry participants as the primary target audience. In 201516 there were 1,342 greyhound trainers, 1,695 owner/trainers, 983 attendants and 1,247 breeders in New South Wales. The department’s advertising submission identified ‘concerns that industry members could make impulsive decisions, potentially jeopardising the welfare of a large number of dogs, prior to the shutdown of the industry’.
The submission’s evidence of advertising effectiveness focused on increasing the level of wider community support for the ban rather than stopping industry members from making impulse decisions. It used an early opinion poll to show that total support for the ban on greyhound racing rises by 17 points and opposition drops by four points following explanation of the findings of the Special Commission of Inquiry report.
The peer review report noted that the role of advertising was not clearly defined amongst the department’s range of other direct and targeted communications and consultations held with industry members.
No demonstrated basis for use of confronting imagery and provocative language
The Guidelines require ‘objective presentation in a fair and accessible manner’. Neither the Guidelines or Handbook further explain what objective presentation means. We have used an ordinary definition of this term as ‘not influenced by personal feelings or opinions in considering and representing facts’. This is synonymous with terms like ‘impartial’, ‘neutral’, and ‘dispassionate’ and opposite to ‘subjective’. We consider that to meet the current requirements in the Guidelines for objectivity, advertising content should contain accurate statements or facts, and avoid subjective language.
Phase 1 focussed on the ongoing consequences if no action was taken to close the industry. The advertisements used provocative language, for example ‘Up to 70 per cent of dogs are deemed wastage by their own industry. Wastage! Slaughtered just for being slow’. Advertisements used confronting imagery like gravestones, blood smears and gun targets.
Our literature review into this area highlighted mixed findings on the effectiveness of confrontational advertising materials. In some cases, shock campaigns may cause an audience to reject or ignore the message, and may even encourage people to do the opposite of the intended behaviour. In other cases, such as in road safety campaigns, this style of advertising can be successful. This shows the importance of conducting pre-campaign research before adopting a confrontational or emotive approach in advertising.
The Government Advertising Handbook recommends that an agency explain the rationale and the evidence for their chosen advertising approach. There was no evidence that the department researched the effectiveness of its advertising approach with its target audience. The department had planned to undertake creative concept testing as part of a strategy to ensure the creative material was understood by its audience. The department advised that due to the urgency of the campaign, it did not have time to conduct this testing.
Not all Phase 1 radio advertisements clearly identified that they were authorised by the New South Wales Government
For the first few days on air, Phase 1 radio advertisements ended by referring the audience to a government website, instead of clearly identifying that it had been authorised by the New South Wales Government. Government authorisations and logos ensure the work and the programs of the NSW Government are easily identifiable by the community.
The department’s cost benefit analysis did not consider alternatives to advertising
For government advertising campaigns that cost over $1.0 million, the Act requires the advertising agency to carry out a cost benefit analysis and obtain approval from the Cabinet Standing Committee on Communications, prior to commencing the campaign.
The department engaged with audiences through direct mail, face to face forums, and a telephone helpline in addition to advertising. However, the department’s cost benefit analysis did not meet the requirements in the Guidelines to specify the extent to which expected benefits could be achieved without advertising, and to compare costs of options other than advertising that could be used to successfully implement the program (see Exhibit 6).
The cost benefit analysis made optimistic assumptions about the impact of the campaign on greyhound adoptions. It estimated that 2,360 greyhounds would be adopted if the campaign was run. This is significantly higher than the ‘most optimistic outcome’ of re-homing in the Special Commission Inquiry report (we calculated this to be 1,467 greyhounds). There was insufficient evidence to support the higher number of adoptions in the cost benefit analysis.
The sensitivity analysis shows that using the Special Commission’s ‘most optimistic outcome’ figure of re-homing would reduce the net present value of advertising to be negative. Further, the cost benefit analysis also assumed that increased government funding would be made available to animal welfare and rehoming organisations to support more adoptions, but did not estimate or include this cost when calculating the net present value of advertising.
There were two factual inaccuracies in key messages used for Phase 1 advertisements
Section 8(2) of the Act requires the head of a government agency to certify that the proposed campaign ‘contains accurate information’. The Secretary of the Department of Justice signed the compliance certificate on 29 July 2016, before advertisements commenced.
We examined the accuracy of factual claims in this advertising campaign, by comparing the key statements to the report of Special Commission of Inquiry into the Greyhound Racing Industry (the Commissioner report). The Commissioner report was quoted by the NSW Government as the basis for its policy to transition the greyhound racing industry to closure.
We identified that two of the key statements used in Phase 1 advertisements to support the animal welfare reasons for industry closure were inaccurate (Exhibit 7).
Appendix one - Responses from agencies
Appendix two - About the campaigns
Appendix three - About the Audit
Appendix four - Performance Auditing
Parliamentary reference - Report number #294 - released 2 November 2017
NorthConnex
The processes used to assess NorthConnex adequately considered value for money for taxpayers.This report also found that the impact of tolling concessions on road users and the motorway network was consistent with policy objectives described in the 2012 NSW Long Term Transport Master Plan.
Parliamentary reference - Report number #287 - released 8 June 2017
Contingent workforce - management and procurement
The Department of Industry, Transport for NSW and the Department of Education were not able to demonstrate that the use of contingent labour is the best resourcing strategy to meet their business needs or deliver value for money.
None of the three agencies we reviewed were able to demonstrate that contingent labour is the best resourcing strategy to meet their agencies’ business needs or delivers value for money. There are three reasons for this. First, agencies’ use of contingent labour was not informed by workforce planning at an agency level, with limited work undertaken in this area. Second, two of the three agencies have limited oversight of their contingent workforce. Information is not reliable or accurate, reports are onerous to produce, and there is limited reporting to the agency’s executive. Finally, none of the agencies routinely monitor and centrally document the performance of contingent workers to ensure services are delivered as planned. Together, these factors make it difficult for agencies to ensure contingent labour is engaged only when needed, at reasonable rates, and delivers quality services.
Some of these issues will be addressed by Contractor Central, which had only been introduced at Education at the time of our review. The new software program enables staff to easily obtain real-time reports on its contingent workforce. The recruitment broker also has the potential to improve value through better negotiation and benchmarking of pay rates. However, Contractor Central will only address some of the issues highlighted above. Better workforce planning and performance monitoring are needed to ensure an agencies’ workforce, including contingent workers, meets its business needs and represents value for money.
Download appendices for report on Contingent workforce
Parliamentary reference - Report number #282 - released 27 April 2017
