Reports
Central Agencies 2019
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the results of the financial audits of NSW Government central agencies, namely the Premier and Cabinet, Treasury and Customer Service clusters. There are 191 agencies in these clusters, including government financial, superannuation and insurance entities.
Unqualified audit opinions were issued on the financial statements for all agencies in the clusters. There were two high risk and 99 moderate risk audit findings on internal controls. Of these, 31 percent were repeat issues, and most related to weaknesses in information technology access controls.
The report notes a number of audit observations including:
- a qualified opinion on information technology internal controls at an outsourced service provider
- self-insurance losses of $1.4 billion partly due to unfavourable movements in the risk free discount rate, and increases in workers compensation claims, including psychological injury claims
- a shortfall (unfunded liability) of $637 million at 30 June 2019 in the Home Building Compensation Fund, due to premiums not being sufficient to meet costs of the scheme
- agencies self-assessed against the Australian Cyber Security Centre’s ‘Essential 8’ cyber risk mitigation strategies for the first time in 2018-19. Based on their own self assessments, more work needs to be done to improve cyber security resilience.
This report analyses the results of our financial statement audits of the Treasury, Premier and Cabinet and Customer Service clusters for the year ended 30 June 2019. Our key observations are summarised below.
This report provides parliament and other users of the NSW Government's central agencies and their cluster agencies financial statements with the results of our audits, observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- government financial services.
Central agency clusters were significantly impacted by Machinery of Government changes which took effect on 1 July 2019. This report is focussed on agencies now in the Treasury, Premier and Cabinet and Customer Service clusters. Some of these agencies may have been in another cluster during 2018–19. Please refer to the section on Machinery of Government changes for more details.
Central agencies and their key responsibilities are set out below.
Machinery of Government (MoG) refers to how the government organises the structures and functions of the public service. MoG changes are where the government reorganises these structures and functions and they are given effect by Administrative orders.
The MoG changes announced following the NSW State election on 23 March 2019 significantly impacted Central Agencies’ clusters through Administrative Changes Orders issued on 2 April 2019 and 1 May 2019. These orders took effect on 1 July 2019.
Section highlights
Significant impacts of the 2019 MoG changes included:
- abolishing the former Department of Finance, Services and Innovation, and creating the Department of Customer Service as the principal agency within the newly established Customer Service cluster
- transferring Jobs for NSW, Destination NSW and the Western City and Aerotropolis Authority into the Treasury cluster
- transferring Arts and Culture entities and Aboriginal Affairs NSW into the Premier and Cabinet cluster
- new responsibilities, risks and challenges for each cluster
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations on the 2019 financial reporting of agencies in the Treasury, Premier and Cabinet, and Customer Service clusters.
Section highlights
- Unqualified audit opinions were issued on the 30 June 2019 financial statements of all agencies within the three clusters, and the Legislature.
- The NSW Self Insurance Corporation (Corporation) 2018–19 financial statements did not include an estimate of the liability for unreported incidents of abuse that have occurred within NSW Government institutions. This is because the Corporation’s financial exposure could not be reliably measured at 30 June 2019. The exposure was instead disclosed as an unquantified contingent liability in the financial statement notes. This liability may be material to the Corporation and the Total State Sector financial statements.
- We recommend management and those charged with governance review instructions provided to management experts each year, along with other significant accounting judgements.
- Agencies will be implementing the requirements of new accounting standards shortly. These could significantly impact their financial positions and operating results. We noted instances where agencies need to do more work on their impact assessments to minimise the risk of errors in the 2019–20 financial statements.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Treasury, Premier and Cabinet and Customer Service clusters.
Section highlights
- The 2018–19 audits found two high risk and 99 moderate risk issues across the agencies. Of these, 31 per cent were repeat issues. The most common repeat issue related to weaknesses in controls over information technology user access administration.
- NSW Government agency self-assessment results show that the NSW Public Sector's cyber security resilience needs urgent attention.
- GovConnect received a qualified opinion from the auditor of their service provider, Unisys, over weaknesses in information technology controls.
- Crown revenues from taxes, fines and fees continued to increase, but this was offset by decreases in stamp duty on property sales.
- The CTP reform resulted in green slip refunds of $198 million to vehicle owners. Unclaimed refunds are to be returned to motorists through a reduction in green slip premiums.
Background
This chapter outlines our audit observations, conclusions and recommendations specific to NSW Government agencies providing financial services.
Section highlights
- Last year's Auditor-General's Report to Parliament recommended Treasury consult with STC Pooled Fund and PCS Fund Trustees to prescribe prudential standards and requirements. Treasury has not taken specific action to address this recommendation.
We recommend Treasury formally assess the merits of implementing prudential standards and supervision arrangements, after considering the risks, benefits and costs to scheme members. - The NSW Self Insurance Corporation did not include an estimate of the liability for unreported incidents of abuse that have occurred within NSW Government institutions because it could not be reliably measured at 30 June 2019. The amounts involved could be material to the Corporation's and Total State Sector's financial statements.
- Insurance scheme liabilities were significantly impacted by unfavourable movements in economic assumptions, including a decrease in the risk free discount rate, and adverse changes in non-economic assumptions, such as higher medical costs.
Appendix one – Timeliness of financial reporting by agency
Appendix two – Management letter findings by agency
Appendix three – Status of 2018 recommendations
Appendix four – Cluster agencies
Appendix five – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Planning, Industry and Environment 2019
This report outlines the results of audits of the financial statements of agencies now grouped in the NSW Planning, Industry and Environment cluster.
Unqualified audit opinions were issued for 56 of the 66 cluster agencies’ 30 June 2019 financial statements. Ten audits remain incomplete. The cluster agencies need to improve the timeliness of financial reporting.
The Audit Office continued to identify issues regarding unprocessed Aboriginal land claims and the recognition of Crown land. ‘Auditor-General’s reports to parliament have recommended action to reduce the level of unprocessed land claims since 2007. However, the number of unprocessed claims continued to increase’, Margaret Crawford said.
One in five internal control findings were repeat issues. Key themes included information technology, asset management and improvements required to expense and payroll controls.
The report makes several recommendations including:
- Property NSW should urgently address the deficiencies in the lease data used to calculate the impact of the new leasing standard effective from 1 July 2019
- the Department of Planning, Industry and Environment should prioritise action to reduce unprocessed Aboriginal land claims
- the Department of Planning, Industry and Environment should ensure the Crown land database is complete and accurate so state agencies and local government councils are better informed about the Crown land they control.
This report analyses the results of our audits of financial statements of the Planning, Industry and Environment cluster agencies for the year ended 30 June 2019. The table below summarises our key observations.
1. Machinery of Government changes
| Creation of the Planning, Industry and Environment cluster |
The Machinery of Government (MoG) changes abolished the former Planning and Environment cluster and former Industry cluster, and created the Planning, Industry and Environment cluster on 1 July 2019. The Department of Planning and Environment (DPE), the Department of Industry (DOI), the Office of Environment and Heritage, and the Office of Local Government were abolished and the majority of their functions were transferred to the new Department of Planning, Industry and Environment (DPIE). |
| The Department of Planning, Industry and Environment is still in the process of implementing changes |
The MoG changes bring risks and challenges to the cluster. A MoG Steering Committee, with the support of various project control groups and working groups, identified and developed responses to key risks arising from the changes. However, the DPIE will take some time to fully integrate the policies, systems and processes of the abolished Departments and agencies. |
2. Financial reporting
| Audit opinions | Unqualified audit opinions were issued for 56 of the 66 cluster agencies' 30 June 2019 financial statements audits. Ten financial statements audits are still ongoing. |
| Timeliness of financial reporting |
Fifty-five of the 57 agencies subject to statutory deadlines submitted their financial statements on time. Due to issues identified during the audit, 13 financial statements audits were not completed and audit opinions issued by the statutory deadline. Agencies prepared and submitted their early close procedures in accordance with the mandatory timeframe set by NSW Treasury. However, 17 of the 49 agencies where we reviewed early close procedures were assessed as either partially addressing or not addressing one or more of the mandatory requirements. The cluster agencies could benefit from an increased focus on early close procedures. |
| Introduction of AASB 16 'Leases' |
We noted errors in the lease data used in Property NSW's AASB 16 impact calculations, which affect both Property NSW and other government agencies. These errors were significant enough to present a risk of material misstatements to the financial statements of Property NSW and other government agencies in future reporting periods. We had similar findings in our recent performance audit on 'Property Asset Utilisation', which highlighted issues with the quality of Property NSW's records. Recommendation: Property NSW should urgently address the deficiencies in the lease data used to calculate the impact of the new leasing standard effective from 1 July 2019. |
| Unprocessed Aboriginal land claims have continued to increase |
Despite an increase in the number of claims resolved, the number of unprocessed Aboriginal land claims increased by 7.2 per cent from the prior year to 35,855 at 30 June 2019. Claims can be made over Crown land assets of the DPIE or other government agencies. Until claims are resolved, there is an uncertainty over who is entitled to the land and the uses and activities that can be carried out on the land. We first recommended action to address unprocessed claims in 2007. Recommendation (repeat issue): The DPIE should prioritise action to reduce unprocessed Aboriginal land claims. |
3. Audit observations
| Internal controls |
One in five internal control issues identified and reported to management in 2018–19 were repeat issues. The lack of user access review was the most common IT general control issue in the cluster. |
| Drought relief |
The NSW Government announced an emergency drought relief package of $500 million in 2018, in addition to other financial assistance measures already in place. Limited documentation and written agreements between relevant delivery agencies resulted in a $31.0 million misstatement relating to grant revenue. |
| Recognition of Crown land |
Crown land is an important asset of the state. Management and recognition of Crown land assets is weakened when there is confusion over who is responsible for a particular Crown land parcel. Last year we recommended the DOI should ensure the database of Crown land is complete and accurate. While the DOI has commenced actions to improve the database, this continued to be an issue in 2018–19. Recommendation (repeat issue): The DPIE should ensure the Crown land database is complete and accurate so state agencies and local government councils are better informed about the Crown land they control. |
| Developer contributions | The former DPE continued to accumulate more developer contributions revenues than it spent on infrastructure projects. Total unspent funds increased to $274 million at 30 June 2019. |
This report provides parliament and other users of the Planning, Industry and Environment cluster agencies financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
This cluster was created by the Machinery of Government changes on 1 July 2019. This report is focused on agencies in the Planning, Industry and Environment cluster from 1 July 2019. However, these agencies were all in other clusters during 2018–19. Please refer to the section on Machinery of Government changes for more details.
Machinery of Government (MoG) refers to how the government organises the structures and functions of the public service. MoG changes are where the government reorganises these structures and functions that are given effect by Administrative orders.
The MoG changes, announced following the NSW State election on 23 March 2019, created the Planning, Industry and Environment (PIE) cluster. The Administrative Changes Orders issued on 2 April 2019, 1 May 2019 and 28 June 2019 gave effect to these changes. These orders became effective on 1 July 2019.
Section highlights
The 2019 MoG changes significantly impacted the former Planning and Environment, and Industry clusters and agencies.
- The PIE cluster combines most of the functions and agencies of the former Planning and Environment and Industry clusters from 1 July 2019.
- The Department of Planning, Industry and Environment is the principal agency in the PIE cluster.
- The MoG changes bring risks and challenges to the PIE cluster.
- A MoG Steering Committee was established to oversee the transitional processes.
- The full integration of the systems and processes will not be completed in the near future.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Planning, Industry and Environment (PIE) cluster for 2019. In this chapter, the Department of Planning, Industry and Environment is referred to as DPIE, the former Department of Planning and Environment as DPE, and the former Department of Industry as DOI.
Section highlights
- Unqualified audit opinions were issued for all completed 30 June 2019 financial statements audits. However, some cluster agencies can further enhance the quality of financial reporting.
- Timeliness of financial reporting remains an issue for 13 agencies.
- Deficiencies were identified in the data used to calculate the impact of AASB 16 ‘Leases’ effective from 1 July 2019. Property NSW should urgently address these deficiencies.
- Unprocessed Aboriginal land claims continue to increase. DPIE should prioritise action to reduce unprocessed Aboriginal land claims.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our audit observations and insights from our financial statement audits of agencies in the Planning, Industry and Environment (PIE) cluster for 2019. In this chapter, the Department of Planning, Industry and Environment is referred to as DPIE, the former Department of Planning and Environment as DPE, and the former Department of Industry as DOI.
Section highlights
- One in five issues identified and reported to management in 2018–19 were repeat issues.
- The lack of user access review was the most common IT general control issue in the PIE cluster.
- The PIE cluster provided significant financial assistance for drought relief.
- There continues to be significant deficiencies in Crown land records. The DPIE should ensure the Crown land database is complete and accurate.
- Unspent developer contributions funds continued to build up in 2018–19.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – Cluster agencies
Appendix four – Financial data
Appendix five – Management letter findings
Appendix six – Timeliness of financial reporting
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Stronger Communities 2019
A report has been released on the NSW Stronger Communities cluster.
From 1 July 2019, the functions of the former Department of Justice, the former Department of Family and Community Services and many of the cluster agencies moved to the new Stronger Communities cluster. The Department of Communities and Justice is the principal agency in the new Stronger Communities cluster.
The report focuses on key observations and findings from the most recent financial audits of agencies in the Stronger Communities cluster.
Unqualified audit opinions were issued on the financial statements for all agencies in the cluster.
There were 157 audit findings on internal controls. Two of these were high risk and 59 were repeat findings from previous financial audits. ‘Cluster agencies should prioritise actions to address internal control weaknesses promptly with particular focus given to issues that are assessed as high risk’, the Auditor-General said.
The report notes that the NSW Government’s new workers' compensation legislation, which gave eligible firefighters presumptive rights to workers' compensation, cost emergency services agencies $180 million in 2018–19, mostly in increased premiums.
This report analyses the results of our audits of financial statements of the agencies comprising the Stronger Communities cluster for the year ended 30 June 2019. The table below summarises our key observations.
This report provides parliament and other users of the financial statements of agencies in the Stronger Communities cluster with the results of our audits, our observations, analyses, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
This cluster was significantly impacted by the Machinery of Government (MoG) changes on 1 July 2019. This report focuses on the agencies that from 1 July 2019, comprised the Stronger Communities cluster. The MoG changes moved some agencies from the clusters to which they belonged in 2018–19 to the Stronger Communities cluster. Conversely, the MoG also moved some agencies formerly in the Family and Community Services cluster and Justice cluster elsewhere. Please refer to the section on Machinery of Government changes for more details.
The Department of Communities and Justice is the principal agency of the cluster. The newly created department combines functions of the former Department of Justice and the Department of Family and Community Services.
Machinery of Government (MoG) refers to how the government organises the structures and functions of the public service. MoG changes occur when the government reorganises these structures and functions and those changes are given effect by Administrative Orders.
The MoG changes announced following the NSW State election on 23 March 2019 significantly impacted the Stronger Communities cluster through Administrative Changes Orders issued on 2 April 2019 and 1 May 2019. These orders took effect on 1 July 2019.
Section highlights
The 2019 MoG changes significantly impacted the former Justice and Family and Community Services (FACS) departments and clusters.
- The Stronger Communities cluster combines most of the functions and agencies of the former Justice and FACS clusters from 1 July 2019.
- The Department of Communities and Justice is now the principal agency in the new cluster.
- The MoG changes bring new responsibilities, risks and challenges to the cluster.
- A temporary office has been established by the Department of Communities and Justice to support the cluster in the planning, delivery and reporting associated with implementing the changes.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations relating to the financial reporting of agencies in the Stronger Communities cluster for 2019.
Section highlights
- Unqualified audit opinions were issued for all agencies' 30 June 2019 financial statements. However, further actions can be taken by some cluster agencies to enhance the quality of their financial reporting.
- In November 2018, the Department of Justice implemented a new Victims Support Services system called VS Connect. Significant data quality issues arising from the VS Connect system implementation impacted the Department's ability to reliably estimate its Victims Support Scheme claims liabilities at 30 June 2019.
We recommend the Department of Communities and Justice resolves the data quality issues in the new VS Connect System before 30 June 2020 and capture and apply lessons learned from recent project implementations, including LifeLink, Justice SAP and VS Connect, in any relevant future implementations. - Our audits found some cluster agencies needed to do more work on their impact assessments and preparedness to implement the new accounting standards, to minimise the risk of errors in their 2019–20 financial statements.
- Cluster agencies with annual leave balances exceeding the State's target should further review their approach to managing leave balances.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.
Section highlights
- Cluster agencies should action recommendations to address internal control weaknesses promptly. Particular focus should be given to prioritising high risk issues. The 2018–19 financial audits of cluster agencies identified 157 internal control issues. Of these, two were high risk and 37.6 per cent were repeat findings from previous audits.
- Data from the Department of Justice shows the inmate population reached a maximum of 13,798, compared to an operational capacity of 14,626 beds on 31 August 2019. This equates to an operational vacancy rate of 5.7 per cent, which is more than the recommended 5.0 per cent buffer. This is the first time the vacancy rate has exceeded the target over the last five years. Growth in the NSW prison population is being managed through the NSW Government's $3.8 billion Prison Bed Capacity Program.
- In September 2018, the NSW Government introduced new workers' compensation legislation, which gives eligible firefighters presumptive rights to workers' compensation when diagnosed with one of 12 prescribed cancers. The new legislation cost emergency services agencies $180 million in 2018–19, mainly through additional workers' compensation premiums.
Appendix one – Timeliness of financial reporting by agency
Appendix two – Management letter findings by agency
Appendix three – List of 2019 recommendations
Appendix four – Status of 2018 recommendations
Appendix five – Cluster agencies
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Internal Controls and Governance 2019
This report covers the findings and recommendations from the 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector. The 40 agencies selected for this report constitute around 84 per cent of total expenditure for all NSW public sector agencies.
The report provides insights into the effectiveness of controls and governance processes across the NSW public sector. It evaluates how agencies identify, mitigate and manage risks related to:
- financial controls
- information technology controls
- gifts and benefits
- internal audit
- contingent labour
- sensitive data.
The Auditor-General recommended that agencies do more to prioritise and address vulnerabilities in their internal controls and governance. The Auditor-General also recommended agencies increase the transparency of their management of gifts and benefits by publishing their registers on their websites.
This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2019.
1. Internal control trends
| New, repeat and high risk findings |
There was an increase in internal control deficiencies of 12 per cent compared to last year. The increase is predominately due to a 100 per cent increase in repeat financial and IT control deficiencies. Some agencies attributed the delay in actioning repeat findings to the diversion of staff from their regular activities to implement and operationalise the recent Machinery of Government changes. As a result, actions to address audit recommendations have been deferred or re prioritised, as the changes are implemented. Agencies need to ensure they are actively managing the risks associated with having these vulnerabilities in internal control systems unaddressed for extended periods of time. |
| Common findings |
A number of findings were common to multiple agencies. These findings often related to areas that are fundamental to good internal control environments and effective organisational governance, such as:
|
2. Information technology controls
| IT general controls |
We examined information security controls over key financial systems that support the preparation of agency financial statements. We found:
We also found 20 per cent of agencies had deficient IT program change controls, mainly related to segregation of duties in approval and authorisation processes, and user acceptance testing of program changes prior to deployment into production environments. User acceptance testing helps identify potential issues with software incompatibility, operational workflows, absent controls and software issues, as well as areas where training or user support may be required. |
3. Gifts and benefits
| Gifts and benefits registers |
All agencies had a gifts and benefits policy and 90 per cent of agencies maintain a gifts and benefits register. However, 51 per cent of the gifts and benefits registers we examined contained incomplete declarations, such as missing details for the approving officer, value of the gift and/or benefit offered and reasons supporting the decision. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate, compliant with policy and were not direct or indirect inducements to the recipients to favour suppliers or service providers. Agencies should ensure their gifts and benefits register includes all key fields specified in the Public Service Commission's minimum standards for gifts and benefits. Agencies should also perform regular reviews of the register to ensure completeness and ensure any gift or benefit accepted by a staff member meets the public's expectations for ethical behaviour. |
| Managing gifts and benefits |
We found opportunities to improve gifts and benefits processes and enhance transparency. For example, only three per cent of agencies publish their gifts and benefits registers on their websites. Agencies can improve management of gifts and benefits by:
|
| Reporting and monitoring |
Only 35 per cent of agencies reported trends in the number and nature of gifts and benefits recorded in their registers to the agency's senior executive management and/or a governance committee. Agencies should regularly report to the agency executive or other governance committee on trends in the offer and acceptance of gifts and benefits. |
4. Internal audit
| Obtaining value from the internal audit function |
Agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value. For example, only 73 per cent of CAEs regularly attend meetings of the agency board or executive management committee. Internal audit functions can add greater value by involving the CAE more extensively in executive forums as an observer. Internal audit functions should also consider producing an annual report on internal audit. An annual report allows the internal audit function to report on their performance and add value by drawing to the attention of audit and risk committees and senior management strategic issues, thematic trends and emerging risks. |
| Role of the Chief Audit Executive |
Forty-five per cent of agencies assigned responsibilities to the Chief Audit Executive (CAE) that were broader than internal audit, but 17 per cent of these had not documented safeguards to protect the independence of the CAE. The reporting lines and status of the CAE at some agencies also needs review. At two agencies, the CAE reported to the CFO. Agencies should ensure:
|
| Quality assurance and improvement program |
Thirty-five per cent of agencies did not have a documented quality assurance and improvement program for its internal audit function. The policy and the International Standards for the Professional Practice of Internal Auditing require agencies to have a documented quality assurance and improvement program. The results of this program should be reported annually. Agencies should ensure there is a documented and operational Quality Assurance and Improvement Program for the internal audit function that covers both internal and external assessments. |
5. Managing contingent labour
| Obtaining value for money from contingent labour |
According to NSW Procurement data, spend on contingent labour has increased by 75 per cent over the last five years, to $1.5 billion in 2018–19. Improvements in internal processes and a renewed focus on agency monitoring and oversight of contingent labour can help ensure agencies get the best value for money from their contingent workforces. Agencies can improve their management of contingent labour by:
We also found 57 per cent of the 23 agencies we examined with contingent labour spend of more than $5 million in 2018–19 have implemented the government's vendor management system and service provider 'Contractor Central'. |
6. Managing sensitive data
| Identifying and assessing sensitive data |
Sixty-eight per cent of agencies maintain an inventory of their sensitive data and where it resides. However, these inventories are not always complete and risks may be overlooked. Agencies can improve processes to manage sensitive data by:
|
| Managing data breaches |
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents. Agencies should maintain a data breach register to effectively manage the actions undertaken to contain, evaluate and remediate each data breach. |
This report covers the findings and recommendations from our 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies (refer to Appendix three) in the NSW public sector. The 40 agencies selected for this volume constitute around 84 per cent of total expenditure for all NSW public sector agencies.
Although the report includes several agencies that have changed as a result of the Machinery of Government changes that were effective from 1 July 2019, its focus on sector wide issues and insights means that its findings remain relevant to NSW public sector agencies, including newly formed agencies that have assumed the functions of abolished agencies.
This report offers insights into internal controls and governance in the NSW public sector
This is the third report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. For example, if they do not have strong information technology controls, sensitive information may be at risk of unauthorised access and misuse.
Areas of specific focus of the report have changed since last year
Last year's report topics included transparency and performance reporting, management of purchasing cards and taxi use, and fraud and corruption control. We are reporting on new topics this year and re-visiting agency management of gifts and benefits, which we first covered in our 2017 report. Re-visiting topics from prior years provides a baseline to show the NSW public sectors’ progress implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures and report on those that present heightened risks for agencies to mitigate. This year the report focusses on:
- internal control trends
- information technology controls, including access to agency systems
- protecting sensitive information held within agencies
- managing large and diverse workforces (controls around employing and managing contingent workers)
- maintaining an ethical culture (management of gifts and benefits)
- effectiveness of internal audit function and its oversight by Audit and Risk Committees.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, internal controls and audit observations are included in the individual 2019 cluster financial audit reports, which will be tabled in parliament from November to December 2019.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.
Key conclusions and sector wide learnings
- out of date policies or an absence of policies to guide appropriate decisions
- poor record keeping and document retention
- incomplete or inaccurate centralised registers or gaps in these registers.
Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage gifts and benefits.
Key conclusions and sector wide learnings
We found most agencies have implemented the Public Service Commission's minimum standards for gifts and benefits. All agencies had a gifts and benefits policy and 90 per cent of agencies maintained a gifts and benefits register and provided some form of training to employees on the treatment of gifts and benefits.
Based on our analysis of agency registers, we found some areas where opportunities existed to make processes more effective. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate and compliant with policy. Fifty-one per cent of the gifts and benefits registers reviewed contained declarations where not all fields of information had been completed. Seventy-seven per cent of agencies that maintained a gifts and benefits register did not include all key fields suggested by the minimum standards.
Areas where agencies can improve their management of gifts and benefits include:
- ensuring agency policies comprehensively cover the elements necessary to make it effective in an operational environment, such as identifying risks specific to the agency and actions that will be taken in the event of a policy breach
- establishing and publishing a statement of business ethics on the agency's website to clearly communicate expected behaviours to clients, customers,suppliers and contractors
- updating gifts and benefits registers to include all key fields suggested by the minimum standards, as well as performing regular reviews of the register to ensure completeness
- providing on-going training, awareness activities and support to employees, not just at induction
- regularly reporting gifts and benefits to executive management and/or a governance committee such as the audit and risk committee, focussing on trends in the number and types of gifts and benefits offered to and accepted by agency staff
- publishing their gifts and benefits registers on their websites to demonstrate a commitment to a transparently ethical environment.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency internal audit functions.
Key conclusions and sector wide learnings
We found agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems as required by TPP15-03 'Internal Audit and Risk Management Policy for the NSW Public Sector'. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value, including:
- documenting and implementing safeguards to address conflicting roles performed by the Chief Audit Executive (CAE)
- ensuring the reporting lines for the CAE comply with the NSW Treasury policy, and the CAE reports neither functionally or administratively to the finance function or other significant recipients of internal audit services
- involving the CAE more extensively in executive forums as an observer
- documenting a Quality Assurance and Improvement Program for the internal audit function and performing both internal and external performance assessments to identify opportunities for continuous improvement
- reporting against key performance indicators or a balanced scorecard and producing an annual report on internal audit to bring to the attention of the audit and risk committee and senior management strategic issues, thematic trends and emerging risks that may require further attention or resources.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to on-board, manage and off-board contingent labour.
Key conclusions and sector wide learnings
Agencies have implemented controls to manage contingent labour and most agencies have some level of reporting and oversight of contingent labour at an executive level. However, the increasing trend in spend on contingent labour warrants a renewed focus on agency monitoring and oversight of their use of contingent labour. Over the last five years spend on contingent labour has increased by 75 per cent, to $1.5 billion in 2018–19.
There are also some key gaps that limit the ability of agencies to effectively manage contingent labour. Key areas where agencies can improve their management of contingent labour include:
- preparing workforce plans to inform their resourcing strategy, and confirm prior to engaging contingent labour, that this solution aligns with the strategy and best meets business needs
- involving agency human resources units in decisions about engaging contingent labour
- regularly reporting on contingent labour use to agency executive teams, particularly in terms of trends in agency spend, tenure and compliance with policies and procedures
- strengthening on-boarding and off-boarding processes, including establishing checklists to on-board and off-board contingent labour, making provisions for knowledge transfer, and assessing, documenting and capturing performance information.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of governance and processes in relation to the management of sensitive data.
Key conclusions and sector wide learnings
Information technology risks are rapidly increasing. More interfaces between agencies and greater connectivity means the amounts of data agencies generate, access, store and share continue to increase. Some of this information is sensitive information, which is protected by the Privacy Act 1988.
It is important that agencies understand what sensitive data they hold, the risks associated with the inadvertent release of this information and how they are mitigating those risks. We found that agencies need to continue to identify and record their sensitive data, as well as expand the methods they use to identify sensitive data. This includes data held in unstructured repositories, such as network shared drives and by agency service providers.
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents.
Key areas where agencies can improve their management of sensitive data include:
- identifying sensitive data, based on a comprehensive and structured process and maintaining an inventory of the data
- assessing the criticality and sensitivity of the data so that the protection of high risk data can be prioritised
- developing comprehensive data breach management policies to ensure data breaches are appropriately managed
- maintaining a data breach incident register to record key information in relation to identified data breaches incidents, including the estimated cost of the breach
- providing on-going training and awareness activities to employees in relation to sensitive data and managing data breaches.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – In-scope agencies
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
State Finances 2019
The Auditor-General, Margaret Crawford, has released her report on the State Finances for the year ended 30 June 2019.
‘I am pleased to once again report that I issued an unmodified audit opinion on the State’s consolidated financial statements,’ the Auditor-General said.
The report acknowledges NSW Treasury and agency efforts to reduce the number and value of errors compared with the previous year. ‘Strong financial management and transparent reporting are key elements of our system of government. Treasury and agency finance teams need to be consulted on major business decisions at the time of their execution. This will ensure agencies assess the accounting implications earlier and support accurate financial statements being presented for audit on a timely basis,’ said the Auditor-General.
The report summarises the financial audit result of the Total State Sector Accounts. The Total State Sector comprises 304 entities controlled by the NSW Government with total assets of $468 billion and total liabilities of $218 billion.
The General Government sector comprises 212 entities that provide goods and services that are funded centrally by the State. General Government expenditure grew by 5.5 per cent in 2018-19, which was below the long-term revenue growth of 5.6 per cent target established by the Fiscal Responsibility Act 2012.
Pursuant to the Public Finance and Audit Act 1983, I present my Report on State Finances 2019.
Strong financial management and transparent reporting are key elements of our system of government.
I am pleased to once again report that I issued an unmodified audit opinion on the State’s consolidated financial statements.
The number of errors in agencies’ 2018–19 financial statements fell to six compared to the 23 recorded in 2017–18. This reflects Treasury’s focus on early close and the resolution of complex accounting matters before submission. Agency finance teams need to be consulted on major business decisions and commercial transactions to assess their accounting impacts at the time of their execution, rather than at the end of a financial year. This would improve the quality of financial reporting and avoid the need for extensions for agencies to submit their financial statements for audit.
To further increase transparency, a Key Audit Matters section was included in my Independent Auditor Report on the Total State Sector Accounts this year. This explains those matters considered most significant to the conduct of the audit and requiring significant management judgement.
Looking forward, certain factors have the potential to impact the accuracy and completeness of the Total State Sector Accounts in coming years. First, three new accounting standards are effective from 1 July 2019 and a fourth from 1 July 2020. Transitioning to new standards requires significant planning and resources to ensure the impacts are appropriately assessed and accounted for. Second, the Government Sector Finance Act 2018 will be implemented in stages over three years to 2020–21. This Act is intended to focus on performance, transparency, accountability, and efficiency of financial management in the government sector. I encourage agencies to build their awareness of this important reform and ensure their alignment with the principles of the Act.
I want to thank Treasury staff for the way they engaged with my staff in the conduct of the audit. Our partnership is critical to ensuring the quality of financial management and reporting.
Margaret Crawford
Auditor-General, 10 October 2019
Our audit opinion on the State’s 2018–19 financial statements was unmodified. There were fewer reported errors but earlier resolution of accounting matters is still required.
Our audit opinion on the State’s 2018–19 financial statements was unmodified.
This year, six errors exceeding $20 million were found in agencies’ 2018–19 financial statements that make up the State’s consolidated financial statements. The total value of these errors was $927 million compared to $3.8 billion in 2017–18. The errors identified in 2018–19 resulted from:
- incorrectly applying Australian Accounting Standards and Treasury Policies
- using inappropriate assumptions and inaccurate data
- incorrectly assessing the fair value of non-current physical assets.
The introduction of mandatory ‘early close procedures’ in 2011–12, saw the number of errors in agencies’ financial statements fall progressively, to a low of five in 2015–16.
In 2016–17, Treasury narrowed the scope of its mandatory early close procedures to focus on non-current physical asset valuations and pro-forma financial statements. Following this, the number of significant errors increased to 23 in 2017–18, the
highest number in six years and similar to the numbers identified before mandatory early close procedures were introduced.
In 2018–19, Treasury and agencies’ refocused their efforts around early close procedures and other year-end processes resulting in this year’s lower error total of six.
Errors in agency financial statements exceeding $20m (2015–2019)
Correction of prior year’s reported values
Correction of earthwork assets ($2.1 billion)
Some of the State’s earthworks were first valued in 2016–17. These included earth excavations and embankments for the Country Rail and Metropolitan Network created before the year 2000 and dating back to the early 1900s.
For many years, the State did not account for earthworks because it believed the value could not be reliably measured. In 2016–17, the State engaged an external valuer who identified a methodology showing the earthworks could be valued. That valuer performed a valuation using topography maps for the Country Rail Network (CRN) because information in this earthworks database was of poor quality and incomplete. The valuation resulted in the State recognising $7.5 billion of earthworks for the first time in 2016–17. This was disclosed as a prior period error.
Over the following years, the State improved the quality of the CRN earthworks database by engaging an engineering firm to perform more detailed earthworks surveys. The work involved the use of technology to survey most of the CRN lines.
In 2018–19, the State once again engaged an external valuer to assess the fair value of the CRN earthworks. The valuer determined that incorrect assumptions were used in the 2016–17 valuation. These primarily related to land elevations, which were corrected in the earthworks database and this resulted in a new fair value of $5.4 billion, $2.1 billion less than the previous valuation. The error reported in the 2017–18 value has been corrected in the 2018–2019 financial statements to reflect the revised value.
Previously reported value for earthworks reduced from $7.5 billion to $5.4 billion.
Correction of museum collection assets ($27 million)
The Australian Museum’s collection assets were restated by $27 million to $800 million in 2017–18.
After the 2017–18 financial statements were published, the Australian Museum identified additional collection assets that were not included in the original valuation. This resulted in a $27 million error relating to collection asset values. As last year’s valuation was based on an incomplete listing of collection assets, the 2017-18 value has been corrected in the 2018–19 financial statements to reflect the revised value.
Correction of lease liability ($46.2 million)
On 1 July 1995, the Department of Justice entered into a 25-year lease arrangement with an option to extend for a further 15 years.
The Department accounted for the arrangement as a finance lease by recognising a building asset and a corresponding finance lease liability for the period of 25 years. The Department depreciated the leased asset based on a useful life of 40 years.
As it was reasonably certain the Department would exercise the lease option at inception, it should have recognised a liability that reflected the entire 40 year lease period. To correct the prior year error and properly reflect the extended lease period, the Department of Justice increased the lease liability and decreased retained earnings by $46.2 million as at 1 July 2017.
Abuse Claims remain a significant contingent liability of the State
The State discloses a contingent liability in its financial statements when the possibility of settling the liability in the future is considered less than probable, but more likely than remote, or the amount of the obligation cannot be measured with sufficient reliability.
If the expected settlement subsequently becomes probable and reliably estimable, a provision is recognised.
The State has numerous contingent liabilities. Some are quantifiable while others are not. As contingent liabilities are potentially material future liabilities of the State, every effort should be made to quantify these as accurately as possible. They also need to be monitored closely to ensure that they are recognised and brought on balance sheet as they crystallise.
At 30 June 2019, NSW Self Insurance Corporation (SiCorp) could not reliably measure the claims liability arising from past incidences of abuse that occurred within NSW Government institutions which have not yet been reported. These are referred to as incurred but not reported claims (IBNR).
Since 1 July 2018, victims of child sexual abuse can opt to claim compensation through the National Redress Scheme, or to lodge a civil claim. Civil claims for incidents that occurred within NSW Government institutions may be covered by SiCorp. An estimate of an IBNR for child abuse claims within SiCorp will be impacted by the extent that victims claim compensation through redress as compared to civil claims.
Recent legislative changes have added further uncertainty to estimating the extent of IBNR claims. SiCorp requires more reliable data on the number of IBNR child abuse claims and the expected average size of the related payments. As such, the liabilities presented in the SiCorp and the State financial statements do not include an allowance for IBNR abuse claims.
As more information becomes available it may be possible for SiCorp to reasonably estimate the value of abuse claim liabilities. It is possible that such an estimate may be material to SiCorp and the State’s financial statements.
TAFE update
In prior years we reported on information system limitations at TAFE NSW, specifically relating to its student administration system. TAFE NSW continues to implement additional processes to verify the accuracy and completeness of revenue from student fees for the 2018–19 financial year.
In 2017–18 TAFE NSW started implementing a new student management system. Significant delays have occurred in implementing this system, mainly due to the complexity of integrating the vendor solution with the requirements of TAFE. TAFE will now bring the final commissioning and operation of the system in house. Final project delivery timeframes and estimated completion costs are being reviewed. Costs incurred to date amount to $67 million. The original budget for this new system is $89.4 million.
Light Rail settlement
The CBD and South East Light Rail is a new twelve kilometre light rail network for Sydney, currently under construction. Passenger trips are set to begin on the light rail by December between Circular Quay and Randwick. The second stage from Randwick to Kingsford is planned to open in March 2020. The original budget for construction work of $1.6 billion was revised to $2.1 billion in 2014.
The State Government has been in dispute with the firm responsible for delivering and operating the CBD and South East light rail project. In May 2019, the parties reached a Settlement Arrangement resulting in the State agreeing to pay a settlement amount of $576 million, which is in addition to the revised budget. Transport has advised a final cost is still to be determined following project completion.
The Audit Office has commenced a follow up audit on the CBD South East Light Rail. This audit will consider whether recommendations of our previous audit have been implemented. We will also review the current status and budget of this project.
Sydney Metro Northwest project commissioning
The Sydney Metro North West officially opened in May 2019.
In constructing the metro, some assets were built to facilitate its operation. These included pavements, roadworks, and electricity
and water connections.
When the project was completed, the assets and the responsibility for maintaining them transferred to third parties, primarily Councils and utility providers. In 2018–19, the State expensed (derecognised) the assets, valued at $306 million, because it no longer controlled them.
Financial Reporting by Crown Land Reserve Trusts
Approximately 700 reserve trusts, managed by Trust Boards, did not prepare the financial statements at 30 June 2019 as required by the
Public Finance and Audit Act 1983.
These Crown reserves contain showgrounds, cemeteries, racecourses, local parks, and other community facilities and public areas. Some of the Crown reserves have independent streams of revenue from user charges.
In 2016–17, Treasury determined that NSW cemetery trusts and a holiday park reserve trust were controlled entities of the State. As such, the Public Finance and Audit Act 1983 requires them to prepare financial statements and have these audited by the Auditor-General.
In 2017–18, three reserve trusts accepted NSW Treasury’s view, prepared financial statements and had them audited by the Auditor-General.
However, three cemetery reserve trusts continue to maintain they are not controlled by the State and therefore their financial statements are not audited by the Audit Office. These cemeteries shared their unaudited financial statements with Treasury so they could be incorporated into the State’s financial statements. At 30 June 2019, the value of their combined assets and liabilities, which are not audited by the Audit Office, was $564 million.
The State included an additional $319 million in assets that relate to Crown land values of approximately 700 reserve trusts that did not prepare or submit financial statements.
We performed additional audit procedures to obtain some assurance over the value of these crown lands. The nature and extent of the limitations to the scope of these procedures was not significant enough to impact our audit opinion. Treasury should ensure these trusts comply with the requirements of the Public Finance and Audit Act.
Derecognition of investment in City West Housing
In 2017–18, the State had an equity investment of $680 million in a community housing provider, City West Housing Pty Limited (CWH).
During 2018–19, CWH amended its constitution to ensure alignment with its charitable status. The unintended impact of this change was that on windup the net assets would not be distributed to the State. The accounting implications to the State’s investment was not considered by Treasury at the time of approving the amended constitution. Consequently, the State wrote off its $680 million investment in CWH in 2018–19.
It is important that accounting impacts of such changes are discussed and agreed upon early. At the time of approving the decision to change the constitution, all accounting implications should be made available and understood. Such information is relevant when approving decisions. The theme of what is relevant
information will be explored further in our Performance Audit of ‘Advice on Major Decisions’.
Machinery of government (MoG) changes refers to how the government reorganises agency structures and functions and realigns ministerial responsibilities.
Cluster changes
On 2 April 2019, the Government reorganised public sector agencies into eight clusters (ten in 2017–18) with effect from 1 July 2019.
Prior to 30 June 2019, two subsequent administrative arrangement orders were made to amend and finalise the MoG changes.
The key MoG changes included:
- abolishing the following five departments:
- Finance, Services and Innovation
- Industry
- Planning and Environment
- Family and Communities
- Justice
- transferring their functions into three new departments:
- Department of Customer Service
- Department of Planning, Industry and Environment
- Department of Communities and Justice
The State’s consolidated financial statements at 30 June 2019 were not impacted by the changes, as they were effective from 1 July 2019.
The chart below shows the cluster arrangements before and after the MoG changes to the General Government Sector. It compares total budgeted expenses presented in the 2018–19 and 2019–20 Budget Papers (1).
Each cluster’s share of the General Government Sector’s (GGS) total expenditure remains relatively unchanged after the MoG changes. Further details on other functions transferred between clusters are detailed in the 2019–20 Budget Papers.
Of the clusters, Education is affected most by the MoG changes from the perspective of increased expenditure in the 2019–20 budget. This is because the TAFE Commission transferred into this cluster from the former Department of Industry on 1 July 2019, resulting in a corresponding decrease in the new Planning, Industry and Environment cluster’s expenditure.
Cluster expenses
|
2018-19 |
2019-20 |
||
| Industry | 6% | Planning, Industry and Environment | 7% |
| Planning and Environment | 4% | ||
| Education | 18% | Education | 21% |
| Premier and Cabinet | 1% | Premier and Cabinet | 2% |
| Finance, Service and Innovation | 4% | Customer Service | 3% |
| Family and Community Services | 8% | Stronger Communities | 18% |
| Justice | 10% | ||
| Transport | 9% | Transport | 9% |
| Treasury | 14% | Treasury | 14% |
| Health | 26% | Health | 26% |
$1.2 billion surplus, $0.2 billion below 2018–19 budget of $1.4 billion
The Total State Sector comprises 304 entities controlled by the NSW Government.
The General Government Sector, which comprises 212 entities, generally provides goods and services funded centrally by the State.
The non-General Government Sector, which comprises 92 Government businesses, generally provides goods and services, such as water, electricity and financial services that consumers pay for directly.
A principal measure of a Government’s overall performance is its Net Operating Balance (Budget Result). This is the difference
between the cost of General Government service delivery and the revenue earned to fund these sectors.
What changed from 2018 to 2019?
The State maintained its AAA credit rating.
The object of the Fiscal Responsibility Act 2012 is to maintain the State’s AAA credit rating.
The Government manages NSW’s finances in accordance with the Fiscal Responsibility Act 2012 (the Act).
The Act establishes the framework for fiscal responsibility and the strategy to protect the State’s AAA credit rating and service delivery to the people of New South Wales.
The legislation sets out targets and principles for financial management to achieve this.
New South Wales has credit ratings of AAA/Stable from Standard & Poor’s and Aaa/Stable from Moody’s Investors Service.
The fiscal targets for achieving this objective are:
General Government annual expenditure growth is lower than long term average revenue growth.
General Government expenditure grew by 5.5 per cent in 2018–19 (5.1 per cent in 2017–18 based on restated balances). This was slightly below the long-term revenue growth rate of 5.6 per cent.
Eliminating unfunded superannuation liabilities by 2030.
The Act sets a target to eliminate unfunded superannuation liabilities by 2030.
The State’s funding plan is to contribute amounts escalated by five per cent each year so the schemes will be fully funded by 2030. In 2018–19, the State made employer contributions of $1.73 billion ($1.67 billion in 2017–18), an increase of $64 million or 3.8 per cent ($52 million or 3.2 per cent in 2017–18). This was under the five per cent target by $19.5 million.
For fiscal responsibility purposes, the State uses AASB 1056: Superannuation Entities. This accounting standard discounts superannuation liabilities using the expected return from the assets backing the liability.
Using this method, the State’s unfunded superannuation liability was $13.2 billion at 30 June 2019 ($14.0 billion).
Superannuation funding position since inception of the Act - AASB 1056 Valuation
State revenues fell $604 million to $86.1 billion in 2018–19
In the prior years, revenue growth was underpinned by cyclical increases in land tax, payroll tax and one-off large stamp duty receipts from the lease of the State’s electricity network assets. In 2018–19, the State’s revenue fell by $604 million to $86.1 billion ($86.7 million in 2017–18).
Taxation revenue remained relatively stable
Taxation revenue only grew slightly, mainly due to:
- a $517 million increase in payroll tax from NSW wages growth
- a $469 million increase in land tax from growth in land values
- offset by a $1.2 billion decrease in stamp duty due to lower than expected growth in the property market. This decrease would have been higher had the State not received $555 million in stamp duty from the new 51 per cent owner of WestConnex.
The gap between payroll tax and stamp duty reduced significantly in 2018–19. Stamp duty still remains the largest source of revenue for the State at $9.2 billion, only $42 million above payroll tax.
Australian Government grants and subsidies
The State received $31.8 billion in grants and subsidies from the Australian Government, $158 million less than the previous year. This was due to falls in other grants and subsidies of $98 million and GST revenues of $48 million.
GST revenues fell due to weaker growth in national consumption expenditure and a smaller GST pool. The GST pool represents funds made available by the Commonwealth for transfer to the States as untied financial assistance. The allocation of GST is determined by the Commonwealth, not the State.
A $392 million decrease in National Partnership Payments was offset by a $380 million increase in Specific Purpose Payments.
In 2018–19, sales of goods and services fell $395 million mainly due to the sale of WestConnex.
Other dividends and distributions fell by $122 million due to lower distributions from associates. This reflected weaker performance in the electricity sector (Ausgrid and Endeavour) resulting in lower distributions paid to the State following changes in the Electricity Network Service Providers regulatory environment and the sale of Snowy Hydro Pty Ltd in 2017–18.
Fines, regulatory fees and other revenues increased by $242 million largely from mineral royalties. The increase was attributed to strong demand across Asian markets for coal exports, which the State expects will continue to experience steady growth.
Expenses increased $4 billion to $87.9 billion in 2018–19
Overall, the State’s expenses increased 4.8 per cent in 2018–19 compared to 2017–18. Most of the increase was due to higher employee expenses, operating costs and grants and subsidies.
Employee expenses, including superannuation, increased by 3.9 per cent to $40.3 billion.
Salaries and wages increased to $40.3 billion in 2018–19 from $38.8 billion 2017–18. This was mainly due to salary and wage increases. The Government wages policy aims to limit growth in employee remuneration and other employee related costs to no more than 2.5 per cent per annum.
Operating expenses increased 6.1 per cent from 2017–18.
Within operating expenses, payments for supplies, services and other expenses increased due to:
- increased operating costs associated with the commencement of the new Sydney Metro
- higher operating activity levels experienced in the Health sector resulting in higher visiting medical officer costs, surgical supplies and information management costs
- higher school operating expenses in Education, mainly relating to teaching cloud tools and purchase of computer equipment.
Health costs remain the highest expense of the State.
The following clusters have the highest expenses as a percentage of total government expenses:
- Health - 25.8 per cent (24.6 per cent in 2017–18)
- Education - 20 per cent (18.5 per cent)
- Transport - 14.7 per cent (17.6 per cent).
Other, mainly relates to Economic Affairs, Housing and Community, Recreation and Culture functions of the State.
Transport expenses have decreased in 2018–19 mainly due to the sale of WestConnex. This is partially offset by costs associated with the new Sydney Metro, which commenced operations from 1 July 2018. The graph highlights annual expenditure by function in 2018–19 compared to 2017–18.
Grants and subsidies increased by $782 million to $11.7 billion.
This was mainly due to:
- the $239 million Emergency Drought Relief Package
- a $226 million increase in funding to the Human Services sector to deliver key election commitments, including 5,000 more nurses and midwives
- $123 million in funding for sporting facilities and creating NSW Centre's of Excellence.
Assets grew by $26.7 billion to $468 billion in 2018–19
Overall, the States total assets increased by $26.7 billion to $468 billion in 2018–19. This is a six per cent increase compared to 2017–18. Most of this was due to increases in carrying value of the State’s physical assets and investments.
Valuing the State's physical assets
The State’s physical assets were valued at $352 billion at 30 June 2019.
The State’s physical assets include land and buildings ($166 billion) and infrastructure ($168 billion). The value of the State’s physical assets at 30 June 2018 was restated from $339 billion to $337 billion. The restatement was required to correct errors in the fair value of earthworks previously reported at $7.5 billion and subsequently corrected to $5.4 billion.
Our audits assess the reasonableness and appropriateness of assumptions used to value physical assets. This includes
obtaining an understanding of the valuation methodologies used and judgements made. We also review the completeness of asset registers and the mathematical accuracy of valuation models.
Net movements between years include additions, disposals, depreciation and valuations. The State’s physical assets increased by $15.2 billion compared with 2017–18.
Movement in the State's physical assets
Liabilities increased $28.6 billion to $217.5 billion in 2018–19
The State relies on actuarial assessments to value its liabilities
Nearly half of the State’s liabilities relate to its employees. They include unfunded superannuation and employee benefits, such as long service and recreation leave.
Valuing these obligations involves complex estimation techniques and significant judgements. Small changes in assumptions can materially impact balances in the financial statements, such as a lower discount rate.
Superannuation obligations rose by $14.3 billion.
The State’s $70.7 billion unfunded superannuation liability represents obligations to past and present employees less the value of assets set aside to meet those obligations. The unfunded superannuation liability rose by $14.3 billion from $56.4 billion at 30 June 2018 to $70.7 billion at 30 June 2019. This was mainly due to a lower discount rate.
Borrowings totalled $79.9 billion at 30 June 2019.
The State’s borrowings of $79.9 billion at 30 June 2019 were $8.6 billion higher than they were at 30 June 2018.
TCorp issues bonds to raise funds for NSW Government agencies. These are actively traded in financial markets, which provides price transparency and liquidity to public sector borrowers and institutional investors. All TCorp bonds are guaranteed by the NSW Government.
The Government manages its debt liabilities through its balance sheet management strategy. The strategy extends to TCorp, which applies an active risk management strategy to the Government’s debt portfolio.
General Government Sector debt has been restructured by replacing shorter-term debt with longer-term debt. This lengthens the portfolio to match liabilities with the funding requirements for infrastructure assets.
Implementing the requirements of new accounting standards will be challenging
Risks to the quality and timeliness of financial reporting
The State and its agencies will be implementing the requirements of new accounting standards shortly. These are likely to have a major impact on the financial positions and operating results of agencies across the sector.
Accounting standards require agencies to assess and disclose where possible, the impact of the new standards in their 2018–19 financial statements.
Our review found agencies needed to do more work on their impact assessments to minimise the risk of errors in the financial statement disclosures. Some agencies disclosed that the new standards would not have a material impact on their reported financial position and performance, but had little evidence to support this.
Each agency is unique and implementing the new standards is not straight forward as many new principles apply. Management judgement is needed to interpret how the principles apply to each agency. As a result, agencies face the following risks and challenges:
- having the required technical skills in house
- having accurate data to assess the impacts
- correctly and consistently interpreting the new requirements
- adequately planning and preparing for their application
- implementing new systems to capture the information needed to meet the new reporting obligations.
To help agencies implement the new standards consistently across the sector, Treasury:
- issued guidance to agencies
- prepared position papers on proposed accounting treatments
- provided briefing sessions to agencies
- mandated which option in the new standards agencies had to adopt on transition.
Key dates
Section 45 of the Public Finance and Audit Act 1983 requires the Auditor-General to perform audits of the financial statements of entities prescribed for the purposes of that section.
The following were prescribed entities as at 30 June 2019:
| Entity/Fund | Latest financial statements audited | Type of audit opinion issued |
| Agricultural Scientific Collections Trust | 30 June 2019 | Unmodified |
| AustLII Foundation Limited | 31 December 2018 | Unmodified |
| Belgenny Farm Agricultural Heritage Centre Trust | 30 June 2019 | Unmodified |
| The Brett Whiteley Foundation | 30 June 2019 | Unmodified |
| Buroba Pty Ltd | 30 June 2018* | Unmodified |
| C. B. Alexander Foundation | 30 June 2018 | Unmodified |
| City West Housing Pty Ltd | 30 June 2019 | Unmodified |
| The Commissioner for Uniform Legal Services Regulation | 30 June 2019 | N/A (a) |
| Cowra Japanese Garden Maintenance Foundation Limited | 31 March 2019 | Unmodified |
| Cowra Japanese Garden Trust | 31 March 2019 | Unmodified |
| Crown Employees (NSW Fire Brigades Firefighting Staff Death and Disability) Superannuation Fund | 30 June 2019 | Unmodified |
| Eif Pty Limited | 30 June 2019 | Unmodified |
| Energy Investment Fund | 30 June 2019 | Unmodified |
| Central Coast Council Water Supply Authority (formerly Gosford City and Wyong City Council Water Supply Authorities) | 30 June 2018 | Unmodified |
| Home Building Compensation Fund | 30 June 2019 | Unmodified |
| The funds for the time being under the management of the New South Wales Treasury Corporation, as trustee | 30 June 2019 | Unmodified |
| The Illawarra Health and Medical Research Institute Limited | 30 June 2019 | Unmodified |
| The Legal Services Council | 30 June 2019 | Unmodified |
| Macquarie University Professorial Superannuation Scheme | 30 June 2019 | Unmodified |
| Planning Ministerial Corporation | 30 June 2019 | Unmodified |
| Corporation Sole 'Minister administering the Heritage Act 1977' (a corporation) | 30 June 2019 | Unmodified |
| National Art School | 31 December 2018 | Unmodified |
| NSW Fire Brigades Superannuation Pty Limited | 30 June 2019 | Unmodified |
| Parliamentary Contributory Superannuation Fund | 30 June 2019 | Unmodified |
| Sydney Education Broadcasting Limited | 31 December 2018 | Unmodified |
| The superannuation fund amalgamated under the Superannuation Administration Act 1991 and continued to be amalgamated under the Superannuation Administration | 30 June 2019 | Unmodified |
| Act 1996 (known as the SAS Trustee Corporation Pooled Fund) | 30 June 2019 | Unmodified |
| The trustees for the time being of each superannuation scheme established by a trust deed as referred to in section 127 of the Superannuation Administration Act 1996 | 30 June 2019 | Unmodified |
| The Art Gallery of New South Wales Foundation | 30 June 2019 | Unmodified |
| Trustee of the Home Purchase Assistance Fund | 30 June 2019 | Unmodified |
| Trustees of the Farrer Memorial Research Scholarship Fund | 31 December 2018 | Unmodified |
| United States Studies Centre | 31 December 2018 | Unmodified |
| Universities Admissions Centre (NSW and ACT) Pty Limited | 30 June 2018 | Unmodified |
| University of Sydney Professorial Superannuation System | 31 December 2018 | Unmodified |
| Valley Commerce Pty Ltd | 30 June 2018* | Unmodified |
|
(a) Included as part of the Legal Services Council.
aa*Entities exempt from preparing financial statements at 30 June 2019. |
||
Local Government 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the Local Government sector. The report focuses on key observations and findings from the 2017-18 financial audits of 135 councils in New South Wales and the 2016-17 audit of Bayside Council. The report also includes commentary on three performance audits published in 2018.
Unqualified audit opinions were issued on the 2017-18 financial statements of 135 councils. The audit opinion for Bayside Council’s 2016–17 financial statements was disclaimed as management were unable to confirm that the financial statements present fairly the performance and position of the Council. A further 24 councils required material adjustments to correct errors in previous audited financial statements. Three audits are still in progress and will be included in next year’s report.
This report analyses the results of our audits of financial statements of local councils for the year ended 30 June 2018. The table below summarises our key observations and recommendations.
Financial reporting is an important element of good governance. Confidence and transparency in Local Government decision making is enhanced when financial reporting is accurate and timely.
This chapter outlines our financial reporting audit observations across councils for 2018.
| Observation | Conclusions and recommendations |
|---|---|
| 2.1 Quality of financial reporting | |
|
Unqualified audit opinions were issued for 135 out of 138 council's financial statements. The audits of three councils are in progress. Three councils, with previously qualified audit opinions, resolved those issues during 2017–18. |
Sufficient audit evidence was obtained to conclude the financial statements for 135 councils were free of material misstatement. |
|
A disclaimed audit opinion was issued for Bayside Council’s 30 June 2017 financial statements as management were unable to confirm that the financial statements present fairly the performance and position of the Council. We were unable to obtain enough evidence to support the financial results reported. |
Bayside Council did not resolve all issues related to the former councils, resulting in a disclaimed audit opinion. |
|
The 30 June 2018 financial audits reported:
|
Our audits continue to identify opportunities to improve the quality of councils’ financial reporting. |
| We reported 95 instances in our management letters where councils could be better prepared for the upcoming changes to accounting standards. | To help councils implement the new standards, the Office of Local Government is running workshops, developing guidance and mandating options with the new standards for councils to adopt on transition. |
| 2.2 Timeliness of financial reporting | |
| One hundred and eleven councils lodged their 30 June 2018 audited financial statements to the Office of Local Government by the statutory deadline. | Eleven more councils submitted financial statements on-time compared with the prior year. |
| Almost half of councils performed early financial reporting procedures including valuing IPPE before 30 June 2018. | Councils performing early financial reporting procedures improved the timeliness of their financial reporting. |
Strong governance systems and internal controls reduce risks associated with managing finances, compliance and delivering services to ratepayers.
This chapter outlines the overall trends for council controls and governance issues, including the number of findings, level of risk and the most common deficiencies. Our audits do not review all aspects of internal controls and governance every year. We select a range of measures, and report on those that present heightened risks for councils to address.
| Observation | Conclusion or recommendation |
|---|---|
| 3.1 Internal controls | |
| The 30 June 2018 financial audits reported 83 high-risk findings. | Recommendation: Councils should reduce risk by addressing high-risk findings as a priority. |
| Thirty-nine of these high-risk findings related to information technology. See Chapter 4. | Control weaknesses in information systems may compromise the integrity and security of financial data used for decision making and financial reporting. |
| Several internal control findings were common across councils. | There may be opportunities for councils to work together to address common findings through Joint Organisations or other avenues. |
| 3.2 Governance | |
| Ninety-seven councils have an audit, risk and improvement committee (85 at 30 June 2017). | Proposed legislative changes will require councils to establish an audit, risk and improvement committee by March 2021. |
| Ninety-two councils have an internal audit function (86 at 30 June 2017). | It is envisaged that the Local Government Act 1993 will require the establishment of an internal audit function in each council to support the work of the audit, risk and improvement committee. |
| Eighty-three councils do not have a legislative compliance policy and 94 councils do not have a legislative compliance register. | Councils can improve their monitoring of compliance with key laws and regulations. |
| Eighteen councils do not have a risk management policy and 38 councils do not have a risk register. | Risk is better managed when there is a fit-for-purpose risk management framework, register and policy to outline how risks are identified and managed. |
| Most councils have a procurement policy, a manual, and are providing training to relevant staff. Only 34 per cent of councils have a contract management policy. | Councils with effective procurement and contract management reduce risks of error and fraud and achieve better outcomes for ratepayers. |
Councils increasingly rely on information technology (IT) to deliver services and manage information. While IT delivers considerable benefits, it also presents risks that council needs to address.
Our audits reviewed whether councils have effective governance and controls in place to manage key financial systems and IT service providers. This chapter summarises the following IT findings:
- governance
- IT general controls
- managing service providers.
| Observation | Conclusion or recommendation |
|---|---|
| 4.1 Governance | |
| Ninety-four councils have not formalised all policies which manage key information technology (IT) processes. Of those policies that are formalised, 78 are not reviewed to ensure they are up to date. | A lack of IT policies increases the risk of inappropriate and inconsistent practices. |
| Sixty-five councils do not register their IT risks and 44 councils do not regularly report IT risks to management and those charged with governance. | Risks that are not communicated to senior management and those charged with governance may not be assessed and managed appropriately. |
| 4.2 IT general controls | |
| Most internal control deficiencies related to information technology processes and control environment. | Control weaknesses in information systems may compromise the integrity and security of financial data used for decision making and financial reporting. |
| 4.3 Managing service providers | |
Seventy-two councils outsource at least one IT function to a third-party service provider. Of these:
|
Councils can more effectively manage IT service provider by:
|
Councils are responsible for planning and managing a significant range of assets on behalf of the community. This chapter outlines our asset management observations across councils for 2018.
| Observation | Conclusion and recommendation |
|---|---|
| 5.1 Asset management planning | |
| All but six councils have an asset management strategy, policy and plan. However, 11 councils have not reviewed their asset management strategy, policy and plan in the last five years. | Recommendation: Councils’ asset management policy, strategy and plan should comply with the requirements of the Local Government Act 1993 and the Integrated Planning and Reporting Guidelines issued by the Office of Local Government. |
| We found 86 instances where asset management strategies, policies and plans do not comply with the essential elements in the Integrated Planning and Reporting Guidelines released by the Office of Local Government. | |
| 5.2 Asset valuation process | |
Our audits found:
|
Deficiencies in the asset valuation process can result in significant errors to the financial statements. |
| The deficiencies in the asset valuation process resulted in errors in financial statements of $2.6 billion, including $1.9 billion of prior period errors. | |
We also identified:
|
Depreciation may not be accurately recorded in the financial statements. It may also impact key sustainability indicators reported by the council. |
| 5.3 Asset management systems | |
Our audits identified 64 instances where councils:
|
Weaknesses in asset management systems can impact the accuracy and completeness of asset data, resulting in errors to the financial statements. |
|
Our audits identified discrepancies between the Councils' Crown land asset records and the Crown Land Information Database (CLID) managed by the NSW Department of Industry. Five councils corrected $225 million of previously unrecorded Crown land assets. |
Councils should regularly reconcile asset registers to the CLID and investigate discrepancies to ensure Crown land under their care and control is captured. |
| 5.4 Rural fire-fighting equipment | |
|
Inconsistent practices remain across the Local Government sector in accounting for rural fire-fighting equipment. A number of councils do not record rural fire-fighting equipment, meaning that a significant portion of rural fire-fighting equipment continues to not be recorded in either State or council financial records. |
The Office of Local Government should continue to address the different practices across the Local Government sector in accounting for rural fire-fighting equipment. In doing so, the Office of Local Government should continue to work with NSW Treasury to ensure there is a whole of-government approach. |
Asset overview
Councils own and manage a diverse range of assets to deliver services to the community. As at 30 June 2018, the combined carrying value of NSW council assets was $140 billion.
Strong and sustainable financial performance provides the platform for councils to deliver services and respond to community needs.
This chapter outlines our audit observations on the performance of councils against the Office of Local Government's (OLG) performance indicators.
| Observation | Conclusions and recommendations |
|---|---|
| 6.1 Operating performance and revenue measures | |
Nineteen amalgamated councils received significant one-off grant funding in 2016–17. In 2017–18:
|
The overall operating performance and revenue measures in 2017–18 for amalgamated councils were impacted by lower operational grant income. |
| Thirty-five of the 56 rural councils did not meet the benchmark for own source revenue (41 in 2016–17). | The ability to generate own source revenue remains a challenge for rural councils. Rural councils have high-value infrastructure assets covering large areas, less ratepayers and less capacity to raise revenue from alternative sources compared with metropolitan councils. |
| 6.2 Liquidity and working capital performance measures | |
| Most councils met the liquidity and working capital performance measures over the last two years. | Most councils:
|
| Nineteen additional councils would not meet the cash expense cover ratio benchmark when externally restricted funds are excluded. | Councils with a higher proportion of restricted funds have less flexibility to pay operational expenses than the cash expense cover ratio suggests. |
Each local council has unique characteristics such as its size, location and services provided to their communities. These differences may affect the nature of each council's assets and liabilities, revenue and expenses,and in turn the financial performance measures against which it reports.
The Office of Local Government prescribes performance indicators for council reporting.
The analysis in this chapter is based on performance measures prescribed in OLG’s Code of Accounting Practice and Financial Reporting (the Code).
Council’s audited financial statements report performance against six financial sustainability measures.
Operating performance and revenue measures
| Operating performance |
Measures how well councils keep operating expenses within operating revenue |
| Own source operating revenue | Measures council’s fiscal flexibility and the degree to which it can generate own source revenue compared with the total revenue from all sources |
Liquidity and working capital measures
| Unrestricted current ratio | Measures a council’s ability to meet its short-term obligations as they fall due |
| Debt service cover ratio | Measures the operating cash to service debt including interest, principal and lease payments |
| Rates and annual charges outstanding percentage | Assesses how successful councils are in collecting rates and annual charges |
| Cash expense cover ratio | Estimates the number of months a council can continue paying its expenses without additional cash inflow |
| Building and infrastructure renewals ratio | Assesses the rate at which infrastructure assets are being renewed against the rate at which they are depreciating |
| Infrastructure backlog ratio | Shows the amount of infrastructure backlog expenditure relative to the total net book value of a council's infrastructure assets |
| Asset maintenance ratio | Compares a council’s actual asset maintenance expenditure to the amount planned in their asset management plans |
| Cost to bring assets to agreed service level | Compares the estimated cost to renew or rehabilitate existing infrastructure assets, that have reached the condition-based intervention level adopted by a council, to the gross replacement cost of all infrastructure assets |
Each audited measure and three of the four unaudited measures has a prescribed benchmark.
Appendix one - Response from the Office of Local Government
Appendix two - List of 2018 recommendations
Appendix three - Status of 2017 recommendations
Appendix four - Sources of information and council classifications
Appendix five - Financial data
Appendix six - Status of audits
Appendix seven - List of Joint Organisations and their member councils
Appendix nine - OLG’s performance indicators from the audited financial statement - Descriptions
Appendix ten - OLG’s performance indicators from the unaudited Special Schedule 7 - Descriptions
Auditor‑General’s Report to Parliament
Report on Local Government 2018
Executive Summary
The second point ‘Governance’ under point 3 ‘Governance and internal controls’ on page 2 should read:
There has been an increase in the number of councils with an audit, risk and improvement committee or an internal audit function compared with the prior year. Seventy per cent of councils have an audit, risk and improvement committee (62 per cent at 30 June 2017) and 67 per cent of councils have an internal audit function (62 per cent at 30 June 2017).
Chapter 3 Governance and Internal Controls
The two observations under 3.2 Governance on page 21 should read:
Ninety-seven councils have an audit, risk and improvement committee (85 at 30 June 2017).
Ninety-two councils have an internal audit function (86 at 30 June 2017).
Section 3.2 Governance on page 26 should read:
Twelve more councils established audit, risk and improvement committees during 2017–18 resulting in 97 councils having committees.
Six more councils established an internal audit function during 2017–18 resulting in 92 councils having an internal audit function.
Appendix three: Status of 2017 recommendations
Under the heading ‘Governance and internal controls’ on page 62, the two points in the right-hand column should read:
Twelve more councils established audit, risk and improvement committees during 2017–18 resulting in 97 councils having committees. Please refer to Section 5.2 for more details.
Six more councils established an internal audit function during 2017–18 resulting in 92 councils having an internal audit function.
The above changes are reflected on the Audit Office website, and should be considered the true and accurate version.
Planning and Environment 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the NSW Planning and Environment cluster. The report focuses on key observations and findings from the most recent financial audits of these agencies. Unqualified audit opinions were issued for all agencies' financial statements. However, some cultural institutions had challenges valuing collection assets in 2017–18. These issues were resolved before the financial statements were finalised.
This report analyses the results of our audits of financial statements of the Planning and Environment cluster for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the Planning and Environment cluster agencies' financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- service delivery.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making is enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment cluster for 2018.
| Observation | Conclusions and recommendations |
| 2.1 Quality of financial reporting | |
| Unqualified audit opinions were issued for all agencies' financial statements. | The quality of financial reporting remains high across the cluster. |
| 2.2 Key accounting issues | |
| There were errors in some cultural institutions' collection asset valuations. | Recommendation: Collection asset valuations could be improved by:
|
| 2.3 Timeliness of financial reporting | |
| Except for two agencies, the audits of cluster agencies’ financial statements were completed within the statutory timeframe. | Issues with asset revaluations delayed the finalisation of two environment and heritage agencies' financial statement audits. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Planning and Environment cluster for 2018
- the areas of focus identified in the Audit Office work program.
The Audit Office annual work program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
| Observation | Conclusions and recommendations |
| 3.1 Internal controls | |
| One in five internal control weaknesses reported in 2017–18 were repeat issues. | Delays in implementing audit recommendations can prolong the risk of fraud and error. Recommendation (repeat issue): Management letter recommendations to address internal control weaknesses should be actioned promptly, with a focus on addressing repeat issues. |
| One extreme risk was identified relating to the National Art School. The School does not have an occupancy agreement for the Darlinghurst campus. | Lack of formal agreement creates uncertainty over the School's continued occupancy of the Darlinghurst site. The School should continue to liaise with stakeholders to formalise the occupancy arrangement. |
| 3.2 Information technology controls | |
| The controls and governance arrangements when migrating payroll data from the Aurion system to SAP HR system were effective. | Data migration from the Aurion system to SAP HR system had no significant issues. |
| The Department can improve controls over user access to SAP system. | The Department needs to ensure the SAP user access controls are appropriate, including investigation of excess access rights and resolving segregation of duties issues. |
| 3.3 Annual work program | |
| Agencies used different benchmarks to monitor their maintenance expenditure. | The cluster agencies under review operate in different industries. As a result, they do not use the same benchmarks to assess the adequacy of their maintenance spend. |
This chapter outlines certain service delivery outcomes for 2017–18. The data on activity levels and performance is provided by cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited.
We report this information on service delivery to provide additional context to understand the operations of the Planning and Environment cluster, and to collate and present service information for different segments of the cluster in one report.
In our recent performance audit, ‘Progress and measurement of Premier's Priorities’, we identified 12 limitations of performance measurement and performance data. We recommended the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all relevant agency data sources.
Central Agencies 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the results of the financial audits of NSW Government central agencies. The report focuses on key observations and findings from the most recent financial statement audits of agencies in the Treasury, Premier and Cabinet, and Finance, Services and Innovation clusters. While clear audit opinions were issued on all agency financial statements, the report notes that some complex accounting requirements caused significant errors in agency financial statements submitted for audit, which were corrected before the financial statements were approved.
This report analyses the results of our audits of the Treasury, Premier and Cabinet and Finance, Services and Innovation cluster agencies for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the NSW Government's central agencies and their cluster agencies financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- liquidity risk management
- government financial services.
The central agencies and their key responsibilities are set out below.
| Central agencies | Key central agency responsibilities | Cluster responsibilities |
| The Treasury |
|
The cluster:
|
| Department of Premier and Cabinet |
|
The cluster:
|
| Department of Finance, Services and Innovation |
|
The cluster:
|
| Public Service Commission |
|
|
A full list of agencies that this report covers by relevant cluster is included in Appendix three.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Treasury, Premier and Cabinet and Finance, Services and Innovation clusters for 2018.
| Observation | Conclusions and recommendations |
| 2.1 Quality of financial reporting | |
| Unqualified opinions were issued for all agencies' financial statements submitted to the Audit Office. Complex accounting requirements caused significant errors in some agency financial statements, which were corrected before the financial statements were approved. |
Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement. Recommendation: Agencies should respond to key accounting issues when they are identified by preparing accounting papers and engaging with Treasury, the Audit Office and their Audit and Risk Committee when these matters are identified. |
| 2.2 Timeliness of financial reporting | |
| Most agencies complied with the statutory timeframe for completion of early close procedures, 48 agencies in the Treasury cluster did not comply with the statutory requirement to prepare financial statements, and the audits of nine agencies in the Treasury cluster were not completed within the statutory timeframe. All financial statement information of the 48 agencies that did not prepare financial statements has been captured in the consolidated financial statements of their parent entity, which was subject to audit. |
Early close procedures allow financial reporting issues and risks to be addressed early in the audit process. The timeliness of financial reporting can be improved by performing more robust early close procedures. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Treasury, Premier and Cabinet and Finance, Services and Innovation cluster for 2018
- the areas of focus identified in the Audit Office work program.
The Audit Office work program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
| Observation | Conclusions and recommendations |
| 3.1 Internal controls | |
| The 2017–18 audits found one high risk issue and 83 moderate risk issues across the agencies. Nineteen per cent of all issues were repeat issues. | Agencies should focus on rectifying repeat issues. |
| The high risk issue at Service NSW related to several deficiencies in procurement and contract management processes. | Service NSW may not be achieving value-for-money from their procurement and contract management activities. The high risk issue should be rectified as a matter of priority. This includes updating and implementing its procurement, vendor and contract management frameworks and delivering training to key staff involved in procurement and contract management activities. |
| Property NSW has implemented several controls during the year to rectify the high risk issue identified last year related to its transition to a new property and facility management service provider. However, the service providers performance remains below expectations and there are further opportunities to improve oversight and lift performance. | Property NSW can better define roles and accountabilities with the service provider and formalise policies and processes associated with its monitoring and oversight of the service provider. Implementing relevant KPIs, receiving timely reports and providing timely review and feedback to the service provider may help to lift performance. |
| GovConnect received unqualified opinions from their service auditor on all business process controls, except for information technology controls provided by Unisys, where a qualified opinion was received from the service auditor. A qualified opinion was received because of several deficiencies in user access controls. | These internal control deficiencies increase the risk of unauthorised access to key business systems, and increase audit effort and costs associated with addressing the risks arising from the deficiencies. |
| 3.2 Audit Office annual work program | |
|
Remediation of the Barangaroo site is now estimated to cost the Barangaroo Delivery Authority in excess of net $400 million. |
Measuring the remaining costs to remediate requires the use of estimation techniques and judgements, making the actual outcome inherently uncertain. We reviewed evidence to support the provision for remediation, including future costs estimates and this evidence supported management’s estimate. |
| The State Insurance Regulatory Authority have administered the refund of $138 million in Green slip refunds to policy holders through Service NSW during 2017–18. At 30 June 2018, $112 million in refunds are yet to be claimed. We reviewed the systems and processes supporting the refund process. While we found that this supports the disbursement of refunds to policyholders there were some deficiencies in Service NSW’s project controls when the program was being developed. |
Service NSW should apply the lessons learnt from this program to other programs it is delivering or will be delivering for agencies. |
| Revenue NSW recorded $30.4 billion from taxes, fines and fees in 2017–18 ($30.0 billion in 2016–17) to support the State’s finances. |
Crown revenue has steadily increased over the last five years predominately driven by rises in payroll tax and land tax and responsibility for collection of the Emergency Services Levy transferring to Revenue NSW under the Emergency Services Levy Act 2017 effective from July 2017. |
| 3.3 Managing maintenance | |
| Place Management NSW manages significant commercial and retail leases and maintains public domain spaces and other assets around the harbour foreshore. It has consistently underspent its asset maintenance budget. In 2017–18, asset maintenance expenses were only 34 per cent of budgeted maintenance expense. Currently, Place Management NSW does not use any ratios or benchmarks to determine the adequacy of its maintenance spend or to monitor whether it is achieving its budgeted maintenance program. |
This may be contributing to a high proportion of unplanned maintenance, which Place Management NSW reports was 38 per cent of total maintenance expense in 2017–18. Place Management NSW is outsourcing its property and facilities management function from 1 December 2018 to an external service provider. |
This chapter outlines our audit observations, conclusions and recommendations specific to NSW Government agencies providing financial services.
| Observation | Conclusions and recommendation |
| 5.1 Superannuation funds | |
| The SAS Trustee Corporation (STC) Pooled Fund and the Parliamentary Contributory Superannuation (PCS) Fund are not required to comply with the prudential and reporting standards issued by the Australian Prudential Regulation Authority (APRA). However, legislation allows the responsible Minister to prescribe prudential standards, reporting and audit requirements. |
Structured and comprehensive prudential oversight of these Funds is important as they operate in a volatile financial sector, have 103,000 members and manage investments of $43.3 billion. Recommendation: Treasury should consult with the Trustees of the STC Pooled Fund and PCS Fund to prescribe appropriate prudential standards and requirements, including oversight arrangements. |
| 5.2 Insurance and compensation | |
| Nominal Insurer and NSW Self Insurance Corporation investment performance marginally exceeded benchmark over the past five years. | Investment returns can impact on the premiums required to maintain an adequate funding ratio in addition to other factors such as claims experience and discount rates. |
| The Workers Compensation Nominal Insurer (Nominal Insurer) and NSW Self Insurance Corporation's net collected premiums and contributions decreased over the past five years. | The insurance schemes' investment performance and stable claim payments have enabled less reliance on net collected premiums and contributions as a source of funding, over the past five years. |
| Reforms were introduced to manage the Home Warranty Scheme's financial sustainability risks. | The Home Warranty Scheme has not collected sufficient premiums to fund expected claims costs, since commencing operations in 2011. In 2017–18, the Crown contributed $181 million for historical shortfalls. New reforms started on 1 January 2018 enabling the Scheme to price premiums based on risk. |
Justice 2018
The Auditor-General, Margaret Crawford released her report today on NSW Justice cluster agencies. The report focuses on key observations and findings from the most recent financial audits of law and order and emergency services agencies. We are pleased to report that unqualified audit opinions were issued for all Justice agencies’ financial statements.
This report analyses the results of the financial statement audits of the Justice cluster for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the Justice cluster agencies' financial statements with the results of our audits, including our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- service delivery.
The Justice cluster delivers legal, law enforcement and emergency services across the state and plays the lead role in commemorating the legacy of servicemen and women.
The commentary in this report covers the following cluster agencies.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making is enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations, conclusions and recommendations related to the financial reporting of agencies in the Justice cluster for 2018.
| Observation | Conclusions and recommendations |
| 2.1 Quality of financial reporting | |
| Unqualified audit opinions were issued for all agencies' 30 June 2018 financial statements. | Unqualified audit opinions were issued for all agencies' 30 June 2018 financial statements. However, further actions can be taken by some cluster agencies to enhance quality financial reporting. |
| 2.2 Timeliness of financial reporting | |
| Mandatory early close procedures were largely completed and all financial statements were submitted and audited within statutory timeframes. | Early close procedures continue to facilitate the timely preparation of financial statements and completion of audits. Agencies can improve the effectiveness of early close procedures by completing revaluations earlier. |
| 2.3 Death and disability schemes | |
| The cost of the NSW Police Blue Ribbon Insurance Scheme decreased to 5.3 per cent of total NSW Police Officers’ remuneration in 2017–18, but remains above the statutory target of 4.6 per cent. | Recommendation: NSW Police should estimate the cost of its Blue Ribbon Insurance Scheme for future years, to understand when the statutory target of 4.6 per cent of total NSW Police Officers’ remuneration, will be met. |
| The Fire and Rescue NSW Death and Disability Scheme liability has doubled over the past six years. | The Scheme’s liability was $184 million at 30 June 2018, double the $92 million recorded at 30 June 2013. Fire and Rescue NSW projections show the liability could increase to $257 million by 30 June 2022. |
| 2.5 Financial sustainability | |
| Funding in the criminal and civil justice system is determined in advance through the annual appropriation process. This does not always reflect required expenditure, which is driven by the level of activity. | Various agencies from across the cluster in conjunction with NSW Treasury have commenced work on a new demand funding model for the criminal and civil justice systems. |
| 2.6 Human resources | |
|
More than a third of Justice cluster employees continue to have annual leave balances above the state's target. Almost 4,700 employees took little or no annual leave during 2017–18 compared to 4,394 in the prior year. |
Recommendation (repeat issue):
Focus should be given to employees who have taken little or no leave in the last 12 months. |
| 2.7 Workplace Health and Safety | |
| Lost hours due to workplace injuries in NSW Police continue to increase. | NSW Police data shows frontline staff recorded average workplace injury leave of 71.3 hours per full time employee in 2017–18, an increase of 17.6 hours over the last four years. NSW Police attribute the rising injury leave to an ageing workforce. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Justice cluster for 2018
- the areas of focus identified in the Audit Office annual work program.
The Audit Office annual work program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
| Observation | Conclusions and recommendations |
| 3.1 Internal controls and governance | |
| The number of internal controls or governance related issues reported increased to 116 (94 in 2016–17). One in three were repeat issues. |
Delays in implementing audit recommendations can prolong the risk of fraud and error. Recommendation: Audit Office management letter recommendations to address internal control and governance weaknesses should be actioned promptly, with a focus on addressing repeat issues.. |
| 3.2 Audit Office annual work program | |
| The Department continues to resolve IT, payroll and general finance related issues resulting from the implementation of the interrelated Justice SAP and Business Support Centre projects in 2016–17. | During the year, the Department continued to make progress in stabilising its internal control environment, however more effort is required to ensure controls are operating as intended. Internal control issues continue to collectively pose a high risk to the Department’s overall control environment. However, individually they are rated as low or moderate risk. The Department provides financial, human resources and IT services to other independently governed agencies within the cluster. The internal control environment at these agencies is similarly impacted by the Department's Justice SAP and BSC issues. |
| The Department received an exemption from NSW Treasury from completing its asset revaluation as part of early close. The revaluation results were not robustly reviewed before their inclusion in the financial statements. |
While all revaluation matters were resolved and corrected, completing the revaluation process earlier would enable more timely review, identification and resolution of matters. Recommendation: Revaluations should be performed early and completed by the early close procedures deadline. The Department should quality review the revaluation results before including them in the financial statements. |
| Capital projects at the Department and NSW Police were underspent against their budgets. | The Department spent $671 million on capital projects in 2017–18, which was $905 million or 57.4 per cent less than budget. Similarly, NSW Police spent $69.0 million or 28.3 per cent less than planned on capital projects. Eleven projects experienced delays in completion ranging from one to six years. |
| 3.3 Managing maintenance | |
| Total backlog maintenance in the Justice cluster is unknown because some agencies assess backlog maintenance, while others do not. | When the backlog maintenance is unknown it is difficult for agencies to develop an accurate and effective maintenance plan that focuses on areas of highest need. It also means agencies' maintenance plans are reactive rather than preventative. Recommendation: Cluster agencies should complete a condition based assessment of their assets to identify any maintenance backlog. This will help the cluster provide more reliable and consistent information on assets and their condition. |
|
Justice cluster agencies we reviewed do not benchmark the adequacy of their maintenance spend. |
Recommendation: Cluster agencies should consider establishing benchmarks to help assess the adequacy of their maintenance spend. |
Government outcomes can be achieved through effective delivery of the right mix of services, whether from the public, private or not for profit sectors. Service delivery reform will be most successful if there is clear accountability for service delivery outcomes, decisions are aligned to strategic direction and performance is monitored and evaluated.
The Justice cluster is an integrated cluster with key service delivery inter-dependencies. Achieving state priorities and ensuring communities are safe requires both upstream and downstream agencies to be appropriately resourced. This is a delicate balance. Increases in frontline policing can subsequently impact the court system as more offences are identified. More convictions can in turn increase prison overcrowding and limit the opportunities for inmate rehabilitation.
Failure to successfully rehabilitate prisoners and prevent reoffending could impact future police resourcing.
This chapter outlines certain service delivery outcomes for 2017–18. The data on activity levels and performance is provided by Cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited.
We report this information on service delivery to provide additional context to understand the operations of the Justice cluster and to collate and present service information on law and order and emergency services agencies in one report.
In our recent performance audit, Progress and measurement of the Premier's Priorities, we identified 12 limitations of performance measurement and performance data. We recommended the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all agency data sources.
Internal Controls and Governance 2018
The Auditor-General for New South Wales Margaret Crawford found that as NSW state government agencies’ digital footprint increases they need to do more to address new and emerging information technology (IT) risks. This is one of the key findings to emerge from the second stand-alone report on internal controls and governance of the 40 largest NSW state government agencies.
This report analyses the internal controls and governance of the 40 largest agencies in the NSW public sector for the year ended 30 June 2018.
This report covers the findings and recommendations from our 2017–18 financial audits that relate to internal controls and governance at the 40 largest agencies (refer to Appendix three) in the NSW public sector.
This report offers insights into internal controls and governance in the NSW public sector
This is our second report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. The way agencies deliver services increasingly relies on contracts and partnerships with the private sector. Many of these arrangements deliver front line services, but others provide less visible back office support. For example, an agency may rely on an IT service provider to manage a key system used to provide services to the community. The contract and service level agreements are only truly effective where they are actively managed to reduce risks to continuous quality service delivery, such as interruptions caused by system outages, cyber security attacks and data security breaches.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures, and report on those that present heightened risks for agencies to mitigate. This report divides these into the following five areas:
- Internal control trends
- Information technology (IT), including IT vendor management
- Transparency and performance reporting
- Management of purchasing cards and taxis
- Fraud and corruption control.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2018 cluster financial audit reports, which will be tabled in Parliament from November to December 2018.
The focus of the report has changed since last year
Last year's report topics included asset management, ethics and conduct, and risk management. We are reporting on new topics this year. We plan to introduce new topics and re-visit our previous topics in subsequent reports on a cyclical basis. This will provide a baseline against which to measure the NSW public sectors’ progress in implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Agencies selected for the volume account for 95 per cent of the state's expenditure
While we have covered only 40 agencies in this report, those selected are a large enough group to identify common issues and insights. They represent about 95 per cent of total expenditure for all NSW public sector agencies.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume presents this year’s controls and governance findings in more detail.
| Observation | Conclusions and recommendations |
|---|---|
| 2.1 High risk findings | |
| We found six high risk findings (seven in 2016–17), one of which was repeated from both last year and 2015–16. | Recommendation: Agencies should reduce risk by addressing high risk internal control deficiencies as a priority. |
| 2.2 Common findings | |
| We found several internal controls and governance findings common to multiple agencies. | Conclusion: Central agencies or the lead agency in a cluster can play a lead role in helping ensure agency responses to common findings are consistent, timely, efficient and effective. |
| 2.3 New and repeat findings | |
| Although internal control deficiencies decreased over the last four years, this year has seen a 42 per cent increase in internal control deficiencies. | The increase in new IT control deficiencies and repeat IT control deficiencies signifies an emerging risk for agencies. |
| IT control deficiencies feature in this increase, having risen by 63 per cent since last year. The number of repeat IT control deficiencies has doubled and is driven by the increasing digital footprint left by agencies as government prioritises on-line interfaces with citizens, and the number of transactions conducted through digital channels increases |
Recommendation: Agencies should reduce IT risks by:
|
Government agencies’ financial reporting is now heavily reliant on information technology (IT). IT is also increasingly important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our audits reviewed whether agencies have effective controls in place to manage both key financial systems and IT service contracts.
| Observation | Conclusions and recommendations |
|---|---|
| 3.1 Management of IT vendors | |
| Contract management framework Although 87 per cent of agencies have a contract management policy to manage IT vendors, one fifth require review. |
Conclusion: Agencies can more effectively manage IT vendor contracts by developing policies and procedures to ensure vendor management frameworks are kept up to date, plans are in place to manage vendor performance and risk, and compliance with the framework is monitored by:
|
| Contract risk management Forty-one per cent of agencies are not using contract management plans and do not assess contract risks. Half of the agencies that did assess contract risks, had not updated the risk assessments since the commencement of the contract. |
Conclusion: Instead of applying a 'set and forget' approach in relation to management of contract risks, agencies should assess risk regularly and develop a plan to actively manage identified risks throughout the contract lifecycle - from negotiation and commencement, to termination. |
|
Performance management Only 24 per cent of agencies sought assurance about the accuracy of vendor reporting against KPIs, yet sixty-seven per cent of the IT contracts allow agencies to determine performance based payments and/or penalise underperformance. |
Conclusion: Agencies are monitoring IT vendor performance, but could improve outcomes and more effectively manage under-performance by:
|
|
Transitioning services Where IT vendor contracts do make provision for transitioning-out, only 28 per cent of agencies have developed a transitioning-out plan with their IT vendor. |
Conclusion: Contract transition/phase out clauses and plans can mitigate risks to service disruption, ensure internal controls remain in place, avoid unnecessary costs and reduce the risk of 'vendor lock-in'. |
| Contract Registers Eleven out of forty agencies did not have a contract register, or have registers that are not accurate and/or complete. |
Conclusion: A contract register helps to manage an agency’s compliance obligations under the Government Information (Public Access) Act 2009 (the GIPA Act). However, it also helps agencies more effectively manage IT vendors by:
Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations. |
| 3.2 IT general controls | |
| Governance Ninety-five per cent of agencies have established policies to manage key IT processes and functions within the agency, with ten per cent of those due for review. |
Conclusion: Regular review of IT policies ensures risks are considered and appropriate strategies and procedures are implemented to manage these risks on a consistent basis. An absence of policies can lead to ad-hoc responses to risks, and failure to consider emerging IT risks and changes to agency IT environments. |
|
User access administration
|
Recommendation: Agencies should strengthen the administration of user access to prevent inappropriate access to key systems. |
| Privileged access Forty per cent of agencies do not periodically review logs of the activities of privileged users to identify suspicious or unauthorised activities. |
Recommendation: Agencies should:
|
| Password controls Twenty-three per cent of agencies did not comply with their own policy on password parameters. |
Recommendation: Agencies should ensure IT password settings comply with their password policies. |
| Program changes Fifteen per cent of agencies had deficient IT program change controls mainly related to segregation of duties and authorisation and testing of IT program changes prior to deployment. |
Recommendation: Agencies should maintain appropriate segregation of duties in their IT functions and test system changes before they are deployed. |
This chapter outlines our audit observations, conclusions and recommendations from our review of how agencies reported their performance in their 2016–17 annual reports. The Annual Reports (Statutory Bodies) Regulation 2015 and Annual Reports (Departments) Regulation 2015 (annual reports regulation) currently prescribes the minimum requirements for agency annual reports.
| Observation | Conclusion or recommendation |
| 4.1 Reporting on performance | |
|
Only 57 per cent of agencies linked reporting on performance to their strategic objectives. The use of targets and reporting performance over time was limited and applied inconsistently. |
Conclusion: There is significant disparity in the quality and consistency of how agencies report on their performance in their annual reports. This limits the reliability and transparency of reported performance information. Agencies could improve performance reporting by clearly linking strategic objectives to reported outcomes, and reporting on performance against targets over time. NSW Treasury may need to provide more guidance to agencies to support consistent and high-quality performance reporting in annual reports. |
|
There is no independent assurance that the performance metrics agencies report in their annual reports are accurate. Prior performance audits have noted issues related to the collection of performance information. For example, our 2016 Report on Red Tape Reduction highlighted inaccuracies in how the dollar-value of red tape reduction had been reported. |
Conclusion: The ability of Parliament and the public to rely on reported information as a relevant and accurate reflection of an agency's performance is limited. The relevance and accuracy of performance information is enhanced when:
|
| 4.2 Reporting on reports | |
|
Agency reporting on major projects does not meet the requirements of the annual reports regulation. Forty-seven per cent of agencies did not report on costs to date and estimated completion dates for major works in progress. Of the 47 per cent of agencies that reported on major works, only one agency reported detail about significant cost overruns, delays, amendments, deferments or cancellations. |
NSW Treasury produce an annual report checklist to help agencies comply with their annual report obligations. Recommendation: Agencies should comply with the annual reports regulation and report on all mandatory fields, including significant cost overruns and delays, for their major works in progress. |
|
The information the annual reports regulation requires agencies to report deals only with major works in progress. There is no requirement to report on completed works. Sixteen of 30 agencies reported some information on completed major works. |
Conclusion: Agencies could improve their transparency if they reported, or were required to report:
|
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency preventative and detective controls over purchasing card and taxi use for 2017–18.
| Observation | Conclusion or recommendation |
| 5.1 Management of purchasing cards | |
| Volume of credit card spend Purchasing card expenditure has increased by 76 per cent over the last four years in response to a government review into the cost savings possible from using purchasing cards for low value, high volume procurement. |
Conclusion: The increasing use of purchasing cards highlights the importance of an effective framework for the use and management of purchasing cards. |
| Policy framework We found all agencies that held purchasing cards had a policy in place, but 26 per cent of agencies have not reviewed their purchasing card policy by the scheduled date, or do not have a scheduled revision date stated within their policy. |
Recommendation: Agencies should mitigate the risks associated with increased purchasing card use by ensuring policies and purchasing card frameworks remain current and compliant with the core requirements of TPP 17–09 'Use and Management of NSW Government Purchasing Cards'. |
| Preventative controls We found that:
|
Agencies have designed and implemented preventative controls aimed at deterring the potential misuse of purchasing cards. Conclusion: Further opportunities exist for agencies to better control the use of purchasing cards, such as:
|
|
Detective controls Major reviews, such as data analytics (29 per cent of agencies) and independent spot checks (49 per cent of agencies) are not widely used. |
Agencies have designed and implemented detective controls aimed at identifying potential misuse of purchasing cards. Conclusion: More effective monitoring using purchasing card data can provide better visibility over spending activity and can be used to:
|
| 5.2 Management of taxis | |
| Policy framework Thirteen per cent of agencies have not developed and implemented a policy to manage taxi use. In addition:
|
Conclusion: Agencies can promote savings and provide more options to staff where their taxi use policies:
|
| Detective controls All agencies approve taxi expenditure by expense reimbursement, purchasing card and Cabcharge, and have implemented controls around this approval process. However, beyond this there is minimal monitoring and review activity, such as data monitoring, independent spot checks or internal audit reviews. |
Conclusion: Taxi spend at agencies is not significant in terms of its dollar value, but it is significant from a probity perspective. Agencies can better address the probity risk by incorporating taxi use into a broader purchasing card or fraud monitoring program. |
Fraud and corruption control is one of the 17 key elements of our governance lighthouse. Recent reports from ICAC into state agencies and local government councils highlight the need for effective fraud control and ethical frameworks. Effective frameworks can help protect an agency from events that risk serious reputational damage and financial loss.
Our 2016 Fraud Survey found the NSW Government agencies we surveyed reported 1,077 frauds over the three year period to 30 June 2015. For those frauds where an estimate of losses was made, the reported value exceeded $10.0 million. The report also highlighted that the full extent of fraud in the NSW public sector could be higher than reported because:
- unreported frauds in organisations can be almost three times the number of reported frauds
- our 2015 survey did not include all NSW public sector agencies, nor did it include any NSW universities or local councils
- fraud committed by citizens such as fare evasion and fraudulent state tax self-assessments was not within the scope of our 2015 survey
- agencies did not estimate a value for 599 of the 1,077 (56 per cent) reported frauds.
Commissioning and outsourcing of services to the private sector and the advancement of digital technology are changing the fraud and corruption risks agencies face. Fraud risk assessments should be updated regularly and in particular where there are changes in agency business models. NSW Treasury Circular TC18-02 NSW Fraud and Corruption Control Policy now requires agencies develop, implement and maintain a fraud and corruption control framework, effective from 1 July 2018.
Our Fraud Control Improvement Kit provides guidance and practical advice to help organisations implement an effective fraud control framework. The kit is divided into ten attributes. Three key attributes have been assessed below; prevention, detection and notification systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency fraud and corruption controls for 2017–18.
| Observation | Conclusion or recommendation |
| 6.1 Prevention systems | |
|
Prevention systems Only 54 per cent of agencies have an employment screening policy and all agencies have IT security policies, but gaps in IT security controls could undermine their policies. |
Conclusion: Most agencies have implemented fraud prevention systems to reduce the risk of fraud. However poor IT security along with other gaps in agency prevention systems, such as employment screening practices heightens the risk of fraud and inappropriate use of data. Agencies can improve their fraud prevention systems by:
|
| Twenty-three per cent of agencies were not performing fraud risk assessments and some agency fraud risk assessments may not be as robust as they could be. | Conclusion: Agencies' systems of internal controls may be less effective where new and emerging fraud risks have been overlooked, or known weaknesses have not been rectified. |
| 6.2 Detection systems | |
| Detection systems Several agencies reported they were developing a data monitoring program, but only 38 per cent of agencies had already implemented a program. |
Studies have shown data monitoring, whereby entire populations of transactional data are analysed for indicators of fraudulent activity, is one of the most effective methods of early detection. Early detection decreases the duration a fraud remains undetected thereby limiting the extent of losses. Conclusion: Data monitoring is an effective tool for early detection of fraud and is more effective when informed by a comprehensive fraud risk assessment. |
| 6.3 Notification systems | |
| Notification system All agencies have notification systems for reporting actual or suspected fraud and corruption. Most agencies provide multiple reporting lines, provide training and publicise options for staff to report actual or suspected fraud and corruption. |
Conclusion: Training staff about their obligations and the use of fraud notification systems promotes a fraud-aware culture |
