Reports
Actions for Supporting the District Criminal Court
Supporting the District Criminal Court
The Auditor-General for New South Wales, Margaret Crawford, released a report today on whether the Department of Communities and Justice (the department) effectively supports the efficient operation of the District Criminal Court system.
The audit found that in the provision of data and technology services, the department is not effectively supporting the efficient operation of the District Criminal Court system. The department has insufficient controls in place to ensure that data in the system is always accurate.
The department is also using outdated technology and could improve its delivery of technical support to courts.
The audit also assessed the implementation of the Early Appropriate Guilty Pleas reform. This reform aims to improve court efficiency by having more cases resolved earlier with a guilty plea in the Local Court. The audit found that the department effectively governed the implementation of the reform but is not measuring achievement of expected benefits, placing the objectives of the reform at risk.
The Auditor-General made seven recommendations to the department, aimed at improving the controls around courts data, reporting on key performance indicators, improving regional technical support and measuring the success of the Early Appropriate Guilty Pleas reform.
The District Court is the intermediate court in the New South Wales court system. It hears most serious criminal matters, except murder, treason and piracy. The Department of Communities and Justice (the Department) provides support to the District Court in a variety of ways. For example, it provides security services, library services and front-desk services. This audit examined three forms of support that the Department provides to the District Court:
- data collection, reporting and analysis - the Department collects data from cases in its case management system, JusticeLink, based on the orders Judges make in court and court papers
- technology - the Department provides technology to courts across New South Wales, as well as technical support for this technology
- policy - the Department is responsible for proposing and implementing policy reforms.
Recent years have seen a worsening of District Court efficiency, as measured in the Productivity Commission's Report on Government Services (RoGS). Efficiency in the court system is typically measured through timeliness of case completion. There is evidence that timeliness has worsened. For example, the median time from arrest to finalisation of a case in the District Court increased from 420 days in 2012–13 to 541 days in 2017–18.
As a result, the government has announced a range of measures to improve court performance, particularly in the District Court. These measures included the Early Appropriate Guilty Pleas (EAGP) reform. One of the objectives of EAGP is to improve court efficiency, which would be achieved by having more cases resolve with a guilty plea in the Local Court.
This audit assessed whether the Department of Communities and Justice effectively supports the efficient operation of the District Criminal Court system. We assessed this with the following lines of inquiry:
- Does the Department effectively collect, analyse and report performance information relevant to court efficiency?
- Does the Department effectively provide technology to support the efficient working of the courts?
- Does the Department have effective plans, governance and monitoring for the Early Appropriate Guilty Pleas reform?
The audit did not consider other support functions provided by the Department. Further information on the audit, including detailed audit criteria, may be found in Appendix two.
The Department is responsible for providing technology to the courts, which can improve the efficiency of court operations by making them faster and cheaper. The Department is also responsible for providing technical support to courtrooms and registries. It is important that technical support is provided in a timely manner because some technical incidents can delay court sittings and thus impact on court efficiency. A 2013 Organisation for Economic Co‑operation and Development report emphasised the importance of technology and digitisation for reducing trial length.
While the Department may provide technology to the courts, they are not responsible for deciding when, how or if the technology is used in the courtroom.
The Department is using a significant amount of outdated technology, risking court delays
As of April 2019, the whole court system had 2,389 laptops or desktop computers out of warranty, 56.0 per cent of the court system's fleet. The court system also had 786 printing devices out of their normal warranty period, 75.1 per cent of all printers in use. The Department also advised that many of its court audio transcription machines are out of date. These machines must be running for the court to sit and thus it is critical that they are maintained to a high degree. The then Department of Justice estimated the cost of aligning its hardware across the whole Department with desired levels at $14.0 million per year for three years. Figures for the court system were not calculated but they are likely to be a significant portion of this figure.
Using outdated technology poses a risk to the court system as older equipment may be more likely to break down, potentially delaying courts or slowing down court services. In the court system throughout 2018, hardware made up 30.8 per cent of all critical incidents reported to technical support and 41.9 per cent of all high priority incidents. In addition, 16.2 per cent of all reported issues related to printing devices or printing.
From 2017 to 2018, technical support incidents from courts or court services increased. There were 4,379 technical support incidents in 2017, which increased significantly to 9,186 in 2018. The Department advised that some outside factors may have contributed to this increase. The Department was rolling out its new incident recording system throughout 2017, meaning that there would be an under‑reporting of incidents in that year. The Department also advised that throughout 2018 there was a greater focus on ensuring that every issue was logged, which had not previously been the case. Despite these factors, the use of outdated technology has likely increased the risk of technology breakages and may have contributed to the increase in requests for technical support.
Refreshing technology on a regular basis would reduce the risk of hardware failures and ensure that equipment is covered by warranty.
The Department did not meet all court technical support targets in 2017 and 2018
The Digital and Technology Services branch (DTS) was responsible for providing technical support to the courts and the Courts and Tribunal Services branch prior to July 2019. DTS provided technical support in line with a Service Level Agreement (SLA) with the Department. In 2017, DTS did not provide this support in a timely manner. Performance improved in 2018, though DTS fell short of its targets for critical and moderate priority incidents. Exhibit 7 outlines DTS' targets under the SLA.
Priority | Target resolution time | Target percentage in time (%) |
1. Critical | 4 hours | 80 |
2. High | 1 day | 80 |
3. Moderate | 3 days | 85 |
4. Low | 5 days | 85 |
Source: Department of Communities and Justice, 2019.
|
Critical incidents are particularly important for the Department to deal with in a timely manner because these include incidents which may delay a court sitting until resolved or incidents which impact on large numbers of staff. Some of the critical incidents raised with DTS specifically stated that they were delaying a court sitting, often due to transcription machines not working. High priority incidents include those where there is some impact on the functions of the business, which may in turn affect the efficiency of the court system. High priority incidents also include those directly impacting on members of the Judiciary.
This audit examined DTS' performance against its SLA in the 2017 and 2018 calendar years across the whole court system, not just the District Court. The total number of incidents, as well as critical and high priority incidents, can be seen in Exhibit 8.
Priority | 2017 | 2018 |
All | 4,379 | 9,186 |
1. Critical | 48 | 91 |
2. High | 128 | 315 |
Source: Audit Office of NSW analysis of Department of Communities and Justice data, 2019.
|
The Department's results against its SLA in 2017 and 2018 are shown in Exhibit 9.
The Early Appropriate Guilty Pleas (EAGP) reform consists of five main elements:
- early disclosure of evidence from NSW Police Force to the prosecution and defence
- early certification of what the accused is going to be charged with to minimise changes
- mandatory criminal case conferencing between the prosecutor and accused's representation
- changes to Local Court case management
- more structured sentence discounts.
More detailed descriptions of each of these changes can be found in the Introduction. These reform elements are anticipated to have three key effects:
- accelerate the timing of guilty pleas
- increase the overall proportion of guilty pleas
- decrease the average length of contested trials.
Improving District Court efficiency is one of the stated aims of EAGP, which would be achieved by having more cases resolve in the Local Court and having fewer defendants plead guilty on the day of their trial in the District Court. The reform commenced in April 2018 and it is too early to state the impact of this reform on District Court efficiency.
The Department is responsible for delivering EAGP in conjunction with other justice sector agencies. They participated in the Steering Committee and the Working Groups, as well as providing the Project Management Office (PMO).
The Department is not measuring the economic benefits stated in the EAGP business case
The business case for EAGP listed nine quantifiable benefits which were expected to be derived from the achievement of the three key effects listed above. The Department is not measuring one of these benefits and is not measuring the economic benefits for five more, as shown in Exhibit 12.
Benefit | Economic benefit (over ten years) | Being measured? |
Accelerated timing of guilty pleas | $54.6m | |
Increased guilty plea rate | $90.7m | |
Decreased average trial length | $27.5m | |
A reduction in the delay of indictable matters proceeding to trial | N/A | |
Increase the number of finalised matters per annum | N/A | |
Reduction of the current backlog of criminal trials in the District Court | N/A | |
Reduction in bed pressure on the correction system due to reduced average time in custody |
$13.7m | |
Productivity improvements due to reduction in wasted effort | $53.3m | |
Bankable cost savings due to jury empanelment avoided | $2.5m |
Key | Measuring | Not measuring economic benefit | Not measuring |
While it is too early to comment on the overall impact of EAGP, better practice in benefits realisation involves an ongoing effort to monitor benefits to ensure that the reform is on target and determine whether any corrective action is needed.
The Department is measuring the number of finalised matters per annum and while the Department is not measuring the reduction in the backlog as part of this program, this measure is reported as part of the Department's internal reporting framework. The Department is not monitoring the reduction in delay of indictable matters proceeding to trial directly as part of this reform, but this does form part of the monthly Operational Performance Report which the Department sends to the EAGP Steering Committee.
The Department is not monitoring any of the economic benefits stated in the business case. These economic benefits are a mixture of bankable savings and productivity improvements. This amounts to a total of $242.3 million over ten years which was listed in the business case as potential economic benefits from the implementation of this reform against the total cost of $206.9 million over ten years. The Department is collecting proxy indicators which would assist in these calculations for several indicators, but it is not actively monitoring these savings. For example, the Department is monitoring average trial length, but is not using this information to calculate economic benefits derived from changes in trial length.
The Department is also not collecting information related to the average length of custody as part of this program. This means that it is unable to determine if EAGP is putting less pressure on the correctives system and it is not possible for the Department to calculate the savings from this particular benefit.
While stakeholders are optimistic about the impact of EAGP, not measuring the expected benefits stated in the business case means that the Department does not know if the reform is achieving what it was designed to achieve. Further, the Department does not know if it must take corrective action to ensure that the program achieves the stated benefits. These two things put the overall program benefits at risk.
The Department has not assigned responsibility for the realisation of each benefit stated in the business case. The Department holds the Steering Committee responsible for the realisation of all benefits. Benefits realisation is the process which ensures that the agency reaches benefits as stated in the business case. Assigning responsibility for benefits realisation to the Steering Committee rather than individuals is not in line with good practice.
Good practice benefits realisation involves assigning responsibility for the realisation of each benefit to an individual at the business unit level. This ensures there is a single point of accountability for each part of the program with knowledge of the benefit and the ability to take corrective action if it looks like that benefit will not be realised. This responsibility should sit at the operational level where detailed action can most easily be undertaken. The role of a Steering Committee in benefits realisation is to ensure that responsible parties are monitoring their benefits and taking appropriate corrective action.
The Department advised that it believes the Steering Committee should have responsibility for the realisation of benefits due to the difficulty of attributing the achievement of each benefit to one part of the reform alone. Given the Steering Committee meets only quarterly, it is not well placed to take action in response to variances in performance.
BOCSAR are planning to undertake an overall evaluation of EAGP which is planned for release in 2021. Undertaking this evaluation will require high quality data to gain an understanding of the drivers of the reform. However, data captured throughout the first year of EAGP has proven unreliable, which may reduce the usefulness of BOCSAR's evaluation. These data issues were discussed in Exhibit 5 in Chapter 2, above. Access to accurate data is vital for conducting any program evaluation and inaccurate data raises the risk that the BOCSAR evaluation will not be able to provide an accurate evaluation of the impact of EAGP.
In addition to the BOCSAR evaluation, the Department had plans for a series of 'snapshot' evaluations for some of the key elements of the reform to ensure that they were operating effectively. These were initially delayed due to an efficiency dividend which affected EAGP. In August 2019, the Department commissioned a review of the implementation of several key success factors for EAGP.
The implementation stage of EAGP had clear governance, lines of authority and communication. The Steering Committee, each Working Group and each agency had clear roles and responsibilities, and these were organised through a Project Management Office (PMO) provided by the former Department of Justice. The governance structure throughout the implementation phase can be seen at Exhibit 13.
The Steering Committee was established in December 2016 and met regularly from March 2017. It comprised senior members of key government agencies, as well as the Chief Judge and the Chief Magistrate for most of the duration of the implementation period. The Steering Committee met at least monthly throughout the life of the program. The Steering Committee was responsible for overseeing the delivery of EAGP and making key decisions relating to implementation, including spending decisions. The Chief Judge and the Chief Magistrate abstained from financial decisions. The Steering Committee updated the governance and membership of the Steering Committee as appropriate throughout the life of the reform.
Appendix one – Response from agency
Appendix two – About the audit
Appendix three – Performance auditing
Copyright Notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary Reference: Report number #329 - released 18 December 2019
Actions for Stronger Communities 2019
Stronger Communities 2019
A report has been released on the NSW Stronger Communities cluster.
From 1 July 2019, the functions of the former Department of Justice, the former Department of Family and Community Services and many of the cluster agencies moved to the new Stronger Communities cluster. The Department of Communities and Justice is the principal agency in the new Stronger Communities cluster.
The report focuses on key observations and findings from the most recent financial audits of agencies in the Stronger Communities cluster.
Unqualified audit opinions were issued on the financial statements for all agencies in the cluster.
There were 157 audit findings on internal controls. Two of these were high risk and 59 were repeat findings from previous financial audits. ‘Cluster agencies should prioritise actions to address internal control weaknesses promptly with particular focus given to issues that are assessed as high risk’, the Auditor-General said.
The report notes that the NSW Government’s new workers' compensation legislation, which gave eligible firefighters presumptive rights to workers' compensation, cost emergency services agencies $180 million in 2018–19, mostly in increased premiums.
This report analyses the results of our audits of financial statements of the agencies comprising the Stronger Communities cluster for the year ended 30 June 2019. The table below summarises our key observations.
This report provides parliament and other users of the financial statements of agencies in the Stronger Communities cluster with the results of our audits, our observations, analyses, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
This cluster was significantly impacted by the Machinery of Government (MoG) changes on 1 July 2019. This report focuses on the agencies that from 1 July 2019, comprised the Stronger Communities cluster. The MoG changes moved some agencies from the clusters to which they belonged in 2018–19 to the Stronger Communities cluster. Conversely, the MoG also moved some agencies formerly in the Family and Community Services cluster and Justice cluster elsewhere. Please refer to the section on Machinery of Government changes for more details.
The Department of Communities and Justice is the principal agency of the cluster. The newly created department combines functions of the former Department of Justice and the Department of Family and Community Services.
Machinery of Government (MoG) refers to how the government organises the structures and functions of the public service. MoG changes occur when the government reorganises these structures and functions and those changes are given effect by Administrative Orders.
The MoG changes announced following the NSW State election on 23 March 2019 significantly impacted the Stronger Communities cluster through Administrative Changes Orders issued on 2 April 2019 and 1 May 2019. These orders took effect on 1 July 2019.
Section highlights
The 2019 MoG changes significantly impacted the former Justice and Family and Community Services (FACS) departments and clusters.
- The Stronger Communities cluster combines most of the functions and agencies of the former Justice and FACS clusters from 1 July 2019.
- The Department of Communities and Justice is now the principal agency in the new cluster.
- The MoG changes bring new responsibilities, risks and challenges to the cluster.
- A temporary office has been established by the Department of Communities and Justice to support the cluster in the planning, delivery and reporting associated with implementing the changes.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations relating to the financial reporting of agencies in the Stronger Communities cluster for 2019.
Section highlights
- Unqualified audit opinions were issued for all agencies' 30 June 2019 financial statements. However, further actions can be taken by some cluster agencies to enhance the quality of their financial reporting.
- In November 2018, the Department of Justice implemented a new Victims Support Services system called VS Connect. Significant data quality issues arising from the VS Connect system implementation impacted the Department's ability to reliably estimate its Victims Support Scheme claims liabilities at 30 June 2019.
We recommend the Department of Communities and Justice resolves the data quality issues in the new VS Connect System before 30 June 2020 and capture and apply lessons learned from recent project implementations, including LifeLink, Justice SAP and VS Connect, in any relevant future implementations. - Our audits found some cluster agencies needed to do more work on their impact assessments and preparedness to implement the new accounting standards, to minimise the risk of errors in their 2019–20 financial statements.
- Cluster agencies with annual leave balances exceeding the State's target should further review their approach to managing leave balances.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.
Section highlights
- Cluster agencies should action recommendations to address internal control weaknesses promptly. Particular focus should be given to prioritising high risk issues. The 2018–19 financial audits of cluster agencies identified 157 internal control issues. Of these, two were high risk and 37.6 per cent were repeat findings from previous audits.
- Data from the Department of Justice shows the inmate population reached a maximum of 13,798, compared to an operational capacity of 14,626 beds on 31 August 2019. This equates to an operational vacancy rate of 5.7 per cent, which is more than the recommended 5.0 per cent buffer. This is the first time the vacancy rate has exceeded the target over the last five years. Growth in the NSW prison population is being managed through the NSW Government's $3.8 billion Prison Bed Capacity Program.
- In September 2018, the NSW Government introduced new workers' compensation legislation, which gives eligible firefighters presumptive rights to workers' compensation when diagnosed with one of 12 prescribed cancers. The new legislation cost emergency services agencies $180 million in 2018–19, mainly through additional workers' compensation premiums.
Appendix one – Timeliness of financial reporting by agency
Appendix two – Management letter findings by agency
Appendix three – List of 2019 recommendations
Appendix four – Status of 2018 recommendations
Appendix five – Cluster agencies
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Internal Controls and Governance 2019
Internal Controls and Governance 2019
This report covers the findings and recommendations from the 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector. The 40 agencies selected for this report constitute around 84 per cent of total expenditure for all NSW public sector agencies.
The report provides insights into the effectiveness of controls and governance processes across the NSW public sector. It evaluates how agencies identify, mitigate and manage risks related to:
- financial controls
- information technology controls
- gifts and benefits
- internal audit
- contingent labour
- sensitive data.
The Auditor-General recommended that agencies do more to prioritise and address vulnerabilities in their internal controls and governance. The Auditor-General also recommended agencies increase the transparency of their management of gifts and benefits by publishing their registers on their websites.
This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2019.
1. Internal control trends
New, repeat and high risk findings |
There was an increase in internal control deficiencies of 12 per cent compared to last year. The increase is predominately due to a 100 per cent increase in repeat financial and IT control deficiencies. Some agencies attributed the delay in actioning repeat findings to the diversion of staff from their regular activities to implement and operationalise the recent Machinery of Government changes. As a result, actions to address audit recommendations have been deferred or re prioritised, as the changes are implemented. Agencies need to ensure they are actively managing the risks associated with having these vulnerabilities in internal control systems unaddressed for extended periods of time. |
Common findings |
A number of findings were common to multiple agencies. These findings often related to areas that are fundamental to good internal control environments and effective organisational governance, such as:
|
2. Information technology controls
IT general controls |
We examined information security controls over key financial systems that support the preparation of agency financial statements. We found:
We also found 20 per cent of agencies had deficient IT program change controls, mainly related to segregation of duties in approval and authorisation processes, and user acceptance testing of program changes prior to deployment into production environments. User acceptance testing helps identify potential issues with software incompatibility, operational workflows, absent controls and software issues, as well as areas where training or user support may be required. |
3. Gifts and benefits
Gifts and benefits registers |
All agencies had a gifts and benefits policy and 90 per cent of agencies maintain a gifts and benefits register. However, 51 per cent of the gifts and benefits registers we examined contained incomplete declarations, such as missing details for the approving officer, value of the gift and/or benefit offered and reasons supporting the decision. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate, compliant with policy and were not direct or indirect inducements to the recipients to favour suppliers or service providers. Agencies should ensure their gifts and benefits register includes all key fields specified in the Public Service Commission's minimum standards for gifts and benefits. Agencies should also perform regular reviews of the register to ensure completeness and ensure any gift or benefit accepted by a staff member meets the public's expectations for ethical behaviour. |
Managing gifts and benefits |
We found opportunities to improve gifts and benefits processes and enhance transparency. For example, only three per cent of agencies publish their gifts and benefits registers on their websites. Agencies can improve management of gifts and benefits by:
|
Reporting and monitoring |
Only 35 per cent of agencies reported trends in the number and nature of gifts and benefits recorded in their registers to the agency's senior executive management and/or a governance committee. Agencies should regularly report to the agency executive or other governance committee on trends in the offer and acceptance of gifts and benefits. |
4. Internal audit
Obtaining value from the internal audit function |
Agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value. For example, only 73 per cent of CAEs regularly attend meetings of the agency board or executive management committee. Internal audit functions can add greater value by involving the CAE more extensively in executive forums as an observer. Internal audit functions should also consider producing an annual report on internal audit. An annual report allows the internal audit function to report on their performance and add value by drawing to the attention of audit and risk committees and senior management strategic issues, thematic trends and emerging risks. |
Role of the Chief Audit Executive |
Forty-five per cent of agencies assigned responsibilities to the Chief Audit Executive (CAE) that were broader than internal audit, but 17 per cent of these had not documented safeguards to protect the independence of the CAE. The reporting lines and status of the CAE at some agencies also needs review. At two agencies, the CAE reported to the CFO. Agencies should ensure:
|
Quality assurance and improvement program |
Thirty-five per cent of agencies did not have a documented quality assurance and improvement program for its internal audit function. The policy and the International Standards for the Professional Practice of Internal Auditing require agencies to have a documented quality assurance and improvement program. The results of this program should be reported annually. Agencies should ensure there is a documented and operational Quality Assurance and Improvement Program for the internal audit function that covers both internal and external assessments. |
5. Managing contingent labour
Obtaining value for money from contingent labour |
According to NSW Procurement data, spend on contingent labour has increased by 75 per cent over the last five years, to $1.5 billion in 2018–19. Improvements in internal processes and a renewed focus on agency monitoring and oversight of contingent labour can help ensure agencies get the best value for money from their contingent workforces. Agencies can improve their management of contingent labour by:
We also found 57 per cent of the 23 agencies we examined with contingent labour spend of more than $5 million in 2018–19 have implemented the government's vendor management system and service provider 'Contractor Central'. |
6. Managing sensitive data
Identifying and assessing sensitive data |
Sixty-eight per cent of agencies maintain an inventory of their sensitive data and where it resides. However, these inventories are not always complete and risks may be overlooked. Agencies can improve processes to manage sensitive data by:
|
Managing data breaches |
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents. Agencies should maintain a data breach register to effectively manage the actions undertaken to contain, evaluate and remediate each data breach. |
This report covers the findings and recommendations from our 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies (refer to Appendix three) in the NSW public sector. The 40 agencies selected for this volume constitute around 84 per cent of total expenditure for all NSW public sector agencies.
Although the report includes several agencies that have changed as a result of the Machinery of Government changes that were effective from 1 July 2019, its focus on sector wide issues and insights means that its findings remain relevant to NSW public sector agencies, including newly formed agencies that have assumed the functions of abolished agencies.
This report offers insights into internal controls and governance in the NSW public sector
This is the third report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. For example, if they do not have strong information technology controls, sensitive information may be at risk of unauthorised access and misuse.
Areas of specific focus of the report have changed since last year
Last year's report topics included transparency and performance reporting, management of purchasing cards and taxi use, and fraud and corruption control. We are reporting on new topics this year and re-visiting agency management of gifts and benefits, which we first covered in our 2017 report. Re-visiting topics from prior years provides a baseline to show the NSW public sectors’ progress implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures and report on those that present heightened risks for agencies to mitigate. This year the report focusses on:
- internal control trends
- information technology controls, including access to agency systems
- protecting sensitive information held within agencies
- managing large and diverse workforces (controls around employing and managing contingent workers)
- maintaining an ethical culture (management of gifts and benefits)
- effectiveness of internal audit function and its oversight by Audit and Risk Committees.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, internal controls and audit observations are included in the individual 2019 cluster financial audit reports, which will be tabled in parliament from November to December 2019.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.
Key conclusions and sector wide learnings
- out of date policies or an absence of policies to guide appropriate decisions
- poor record keeping and document retention
- incomplete or inaccurate centralised registers or gaps in these registers.
Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage gifts and benefits.
Key conclusions and sector wide learnings
We found most agencies have implemented the Public Service Commission's minimum standards for gifts and benefits. All agencies had a gifts and benefits policy and 90 per cent of agencies maintained a gifts and benefits register and provided some form of training to employees on the treatment of gifts and benefits.
Based on our analysis of agency registers, we found some areas where opportunities existed to make processes more effective. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate and compliant with policy. Fifty-one per cent of the gifts and benefits registers reviewed contained declarations where not all fields of information had been completed. Seventy-seven per cent of agencies that maintained a gifts and benefits register did not include all key fields suggested by the minimum standards.
Areas where agencies can improve their management of gifts and benefits include:
- ensuring agency policies comprehensively cover the elements necessary to make it effective in an operational environment, such as identifying risks specific to the agency and actions that will be taken in the event of a policy breach
- establishing and publishing a statement of business ethics on the agency's website to clearly communicate expected behaviours to clients, customers,suppliers and contractors
- updating gifts and benefits registers to include all key fields suggested by the minimum standards, as well as performing regular reviews of the register to ensure completeness
- providing on-going training, awareness activities and support to employees, not just at induction
- regularly reporting gifts and benefits to executive management and/or a governance committee such as the audit and risk committee, focussing on trends in the number and types of gifts and benefits offered to and accepted by agency staff
- publishing their gifts and benefits registers on their websites to demonstrate a commitment to a transparently ethical environment.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency internal audit functions.
Key conclusions and sector wide learnings
We found agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems as required by TPP15-03 'Internal Audit and Risk Management Policy for the NSW Public Sector'. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value, including:
- documenting and implementing safeguards to address conflicting roles performed by the Chief Audit Executive (CAE)
- ensuring the reporting lines for the CAE comply with the NSW Treasury policy, and the CAE reports neither functionally or administratively to the finance function or other significant recipients of internal audit services
- involving the CAE more extensively in executive forums as an observer
- documenting a Quality Assurance and Improvement Program for the internal audit function and performing both internal and external performance assessments to identify opportunities for continuous improvement
- reporting against key performance indicators or a balanced scorecard and producing an annual report on internal audit to bring to the attention of the audit and risk committee and senior management strategic issues, thematic trends and emerging risks that may require further attention or resources.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to on-board, manage and off-board contingent labour.
Key conclusions and sector wide learnings
Agencies have implemented controls to manage contingent labour and most agencies have some level of reporting and oversight of contingent labour at an executive level. However, the increasing trend in spend on contingent labour warrants a renewed focus on agency monitoring and oversight of their use of contingent labour. Over the last five years spend on contingent labour has increased by 75 per cent, to $1.5 billion in 2018–19.
There are also some key gaps that limit the ability of agencies to effectively manage contingent labour. Key areas where agencies can improve their management of contingent labour include:
- preparing workforce plans to inform their resourcing strategy, and confirm prior to engaging contingent labour, that this solution aligns with the strategy and best meets business needs
- involving agency human resources units in decisions about engaging contingent labour
- regularly reporting on contingent labour use to agency executive teams, particularly in terms of trends in agency spend, tenure and compliance with policies and procedures
- strengthening on-boarding and off-boarding processes, including establishing checklists to on-board and off-board contingent labour, making provisions for knowledge transfer, and assessing, documenting and capturing performance information.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of governance and processes in relation to the management of sensitive data.
Key conclusions and sector wide learnings
Information technology risks are rapidly increasing. More interfaces between agencies and greater connectivity means the amounts of data agencies generate, access, store and share continue to increase. Some of this information is sensitive information, which is protected by the Privacy Act 1988.
It is important that agencies understand what sensitive data they hold, the risks associated with the inadvertent release of this information and how they are mitigating those risks. We found that agencies need to continue to identify and record their sensitive data, as well as expand the methods they use to identify sensitive data. This includes data held in unstructured repositories, such as network shared drives and by agency service providers.
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents.
Key areas where agencies can improve their management of sensitive data include:
- identifying sensitive data, based on a comprehensive and structured process and maintaining an inventory of the data
- assessing the criticality and sensitivity of the data so that the protection of high risk data can be prioritised
- developing comprehensive data breach management policies to ensure data breaches are appropriately managed
- maintaining a data breach incident register to record key information in relation to identified data breaches incidents, including the estimated cost of the breach
- providing on-going training and awareness activities to employees in relation to sensitive data and managing data breaches.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – In-scope agencies
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Managing growth in the NSW prison population
Managing growth in the NSW prison population
The Department of Justice has relied heavily on temporary responses to accommodate growing prisoner numbers according to a report released today by the Acting Auditor-General for New South Wales, Ian Goodwin.
At the time of this audit, the NSW Department of Justice (DOJ) was responsible for delivering custodial corrections services in New South Wales through its Corrective Services NSW division (Corrective Services NSW). From 1 July 2019, the Department of Family and Community Services and Justice will be responsible for these functions.
Within DOJ, Corrective Services NSW is responsible for administering sentences and legal orders through custodial and community-based management of adult offenders. Its key priorities are:
- providing safe, secure and humane management of prisoners
- reducing reoffending
- improving community safety and confidence in the justice system.
The prison population in New South Wales grew by around 40 per cent between 2012 to 2018, from 9,602 to 13,630 inmates. This rate of growth was higher than experienced prior to 2012. DOJ forecasts growth to continue over the short and longer-term.
DOJ has responded to inmate population growth by doubling-up and tripling-up the number of prison beds in cells, reactivating previously closed prisons, and a $3.8 billion program of new prison capacity. DOJ has also developed a long-term prison infrastructure strategy that projects long-term needs and recommended investments to meet these needs.
This audit assessed how efficiently and effectively DOJ is responding to growth in the NSW prison population. In this report, we have not analysed the sources of demand or recommended ways that custody may be avoided. These are largely government policy issues.
The Productivity Commission’s Report on Government Services outlines the performance indicator framework for corrective services in Australia (Appendix three). We have used measures from this framework to assess the efficiency and effectiveness of DOJ’s responses to prison bed capacity needs.
In this section, we analyse system-wide indicators as DOJ has not consistently published or reported data for individual correctional centres over the period of review.
Appendix one - Response from agency
Appendix two - Managing women in custody
Appendix three - Corrective services performance indicator framework
Appendix four - About the audit
Appendix five – Performance auditing
Parliamentary Reference: Report number #319 - released 24 May 2019
Actions for Internal Controls and Governance 2017
Internal Controls and Governance 2017
Agencies need to do more to address risks posed by information technology (IT).
Effective internal controls and governance systems help agencies to operate efficiently and effectively and comply with relevant laws, standards and policies. We assessed how well agencies are implementing these systems, and highlighted opportunities for improvement.
1. Overall trends
New and repeat findings |
The number of reported financial and IT control deficiencies has fallen, but many previously reported findings remain unresolved. |
High risk findings |
Poor systems implementations contributed to the seven high risk internal control deficiencies that could affect agencies. |
Common findings |
Poor IT controls are the most commonly reported deficiency across agencies, followed by governance issues relating to cyber security, capital projects, continuous disclosure, shared services, ethics and risk management maturity. |
2. Information Technology
IT security |
Only two-thirds of agencies are complying with their own policies on IT security. Agencies need to tighten user access and password controls. |
Cyber security |
Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
Other IT systems |
Agencies can improve their disaster recovery plans and the change control processes they use when updating IT systems. |
3. Asset Management
Capital investment |
Agencies report delays delivering against the significant increase in their budgets for capital projects. |
Capital projects |
Agencies are underspending their capital budgets and some can improve capital project governance. |
Asset disposals |
Eleven per cent of agencies were required to sell their real property through Property NSW but didn’t. And eight per cent of agencies can improve their asset disposal processes. |
4. Governance
Governance arrangements |
Sixty-four per cent of agencies’ disclosure policies support communication of key performance information and prompt public reporting of significant issues. |
Shared services |
Fifty-nine per cent of agencies use shared services, yet 14 per cent do not have service level agreements in place and 20 per cent can strengthen the performance standards they set. |
5. Ethics and Conduct
Ethical framework |
Agencies can reinforce their ethical frameworks by updating code‑of‑conduct policies and publishing a Statement of Business Ethics. |
Conflicts of interest |
All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
6. Risk Management
Risk management maturity |
All agencies have implemented risk management frameworks, but with varying levels of maturity. |
Risk management elements |
Many agencies can improve risk registers and strengthen their risk culture, particularly in the way that they report risks to their lead agency. |
This report covers the findings and recommendations from our 2016–17 financial audits related to the internal controls and governance of the 39 largest agencies (refer to Appendix three) in the NSW public sector. These agencies represent about 95 per cent of total expenditure for all NSW agencies and were considered to be a large enough group to identify common issues and insights.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2017 cluster financial audit reports tabled in Parliament from October to December 2017.
This new report offers strategic insight on the public sector as a whole
In previous years, we have commented on internal control and governance issues in the volumes we published on each ‘cluster’ or agency sector, generally between October and December. To add further value, we then commented more broadly about the issues identified for the public sector as a whole at the start of the following year.
This year, we have created this report dedicated to internal controls and governance. This will help Parliament to understand broad issues affecting the public sector, and help agencies to compare their own performance against that of their peers.
Without strong control measures and governance systems, agencies face increased risks in their financial management and service delivery. If they do not, for example, properly authorise payments or manage conflicts of interest, they are at greater risk of fraud. If they do not have strong information technology (IT) systems, sensitive and trusted information may be at risk of unauthorised access and misuse.
These problems can in turn reduce the efficiency of agency operations, increase their costs and reduce the quality of the services they deliver.
Our audits do not review every control or governance measure every year. We select a range of measures, and report on those that present the most significant risks that agencies should mitigate. This report divides these into the following six areas:
- Overall trends
- Information technology
- Asset management
- Governance
- Ethics and conduct
- Risk management.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume then illustrates this year’s controls and governance findings in more detail.
Issues |
Recommendations |
1.1 New and repeat findings |
|
The number of internal control deficiencies reduced over the past three years, but new higher-risk information technology (IT) control deficiencies were reported in 2016–17. Deficiencies repeated from previous years still make up a sizeable proportion of all internal control deficiencies. |
Recommendation Agencies should focus on emerging IT risks, but also manage new IT risks, reduce existing IT control deficiencies, and address repeat internal control deficiencies on a more timely basis. |
1.2 High risk findings |
|
We found seven high risk internal control deficiencies, which might significantly affect agencies. |
Recommendation Agencies should rectify high risk internal control deficiencies as a priority |
1.3 Common findings |
|
The most common internal control deficiencies related to poor or absent IT controls. We found some common governance deficiencies across multiple agencies. |
Recommendation Agencies should coordinate actions and resources to help rectify common IT control and governance deficiencies. |
Information technology (IT) has become increasingly important for government agencies’ financial reporting and to deliver their services efficiently and effectively. Our audits reviewed whether agencies have effective controls in place over their IT systems. We found that IT security remains the source of many control weakness in agencies.
Issues | Recommendations |
2.1 IT security |
|
User access administration While 95 per cent of agencies have policies about user access, about two-thirds were compliant with these policies. Agencies can improve how they grant, change and end user access to their systems. |
Recommendation Agencies should strengthen user access administration to prevent inappropriate access to sensitive systems. Agencies should:
|
Privileged access Sixty-eight per cent of agencies do not adequately manage who can access their information systems, and many do not sufficiently monitor or restrict privileged access. |
Recommendation Agencies should tighten privileged user access to protect their information systems and reduce the risks of data misuse and fraud. Agencies should ensure they:
|
Password controls Forty-one per cent of agencies did not meet either their own standards or minimum standards for password controls. |
Recommendation Agencies should review and enforce password controls to strengthen security over sensitive systems. As a minimum, password parameters should include:
|
2.2 Cyber Security |
|
Cyber security framework Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
Recommendation The Department of Finance, Services and Innovation should revisit its existing framework to develop a shared cyber security terminology and strengthen the current reporting requirements for cyber incidents. |
Cyber security strategies While 82 per cent of agencies have dedicated resources to address cyber security, they can strengthen their strategies, expertise and staff awareness. |
Recommendations The Department of Finance, Services and Innovation should:
Agencies should ensure they adequately resource staff dedicated to cyber security. |
2.3 Other IT systems |
|
Change control processes Some agencies need to improve change control processes to avoid unauthorised or inaccurate system changes. |
Recommendation Agencies should consistently perform user acceptance testing before system upgrades and changes. They should also properly approve and document changes to IT systems. |
Disaster recovery planning Agencies can do more to adequately assess critical business systems to enforce effective disaster recovery plans. This includes reviewing and testing their plans on a timely basis. |
Recommendation Agencies should complete business impact analyses to strengthen disaster recovery plans, then regularly test and update their plans. |
Agency service delivery relies on developing and renewing infrastructure assets such as schools, hospitals, roads, or public housing. Agencies are currently investing significantly in new assets. Agencies need to manage the scale and volume of current capital projects in order to deliver new infrastructure on time, on budget and realise the intended benefits. We found agencies can improve how they:
- manage their major capital projects
- dispose of existing assets.
Issues | Recommendations or conclusions |
3.1 Capital investment |
|
Capital asset investment ratios Most agencies report high capital investment ratios, but one-third of agencies’ capital investment ratios are less than one. |
Recommendation Agencies with high capital asset investment ratios should ensure their project management and delivery functions have the capacity to deliver their current and forward work programs. |
Volume of capital spending Most agencies have significant forward spending commitments for capital projects. However, agencies’ actual capital expenditure has been below budget for the last three years. |
Conclusion The significant increase in capital budget underspends warrant investigation, particularly where this has resulted from slower than expected delivery of projects from previous years. |
3.2 Capital projects |
|
Major capital projects Agencies’ major capital projects were underspent by 13 percent against their budgets. |
Conclusion The causes of agency budget underspends warrant investigation to ensure the NSW Government’s infrastructure commitment is delivered on time. |
Capital project governance Agencies do not consistently prepare business cases or use project steering committees to oversee major capital projects. |
Conclusion Agencies that have project management processes that include robust business cases and regular updates to their steering committees (or equivalent) are better able to provide those projects with strategic direction and oversight. |
3.3. Asset disposals |
|
Asset disposal procedures Agencies need to strengthen their asset disposal procedures. |
Recommendations Agencies should have formal processes for disposing of surplus properties. Agencies should use Property NSW to manage real property sales unless, as in the case for State owned corporations, they have been granted an exemption. |
Governance refers to the high-level frameworks, processes and behaviours that help an organisation to achieve its objectives, comply with legal and other requirements, and meet a high standard of probity, accountability and transparency.
This chapter sets out the governance lighthouse model the Audit Office developed to help agencies reach best practice. It then focuses on two key areas: continuous disclosure and shared services arrangements. The following two chapters look at findings related to ethics and risk management.
Issues | Recommendations or conclusions |
4.1 Governance arrangements |
|
Continuous disclosure Continuous disclosure promotes improved performance and public trust and aides better decision-making. Continuous disclosure is only mandatory for NSW Government Businesses such as State owned corporations. |
Conclusion Some agencies promote transparency and accountability by publishing on their websites a continuous disclosure policy that provides for, and encourages:
|
4.2 Shared services |
|
Service level agreements Some agencies do not have service level agreements for their shared service arrangements. Many of the agreements that do exist do not adequately specify controls, performance or reporting requirements. This reduces the effectiveness of shared services arrangements. |
Conclusion Agencies are better able to manage the quality and timeliness of shared service arrangements where they have a service level agreement in place. Ideally, the terms of service should be agreed before services are transferred to the service provider and:
|
Shared service performance Some agencies do not set performance standards for their shared service providers or regularly review performance results. |
Conclusion Agencies can achieve better results from shared service arrangements when they regularly monitor the performance of shared service providers using key measures for the benefits realised, costs saved and quality of services received. Before agencies extend or renegotiate a contract, they should comprehensively assess the services received and test the market to maximise value for money. |
All government sector employees must demonstrate the highest levels of ethical conduct, in line with standards set by The Code of Ethics and Conduct for NSW government sector employees.
This chapter looks at how well agencies are managing these requirements, and where they can improve their policies and processes.
We found that agencies mostly have the appropriate codes, frameworks and policies in place. But we have highlighted opportunities to improve the way they manage those systems to reduce the risks of unethical conduct.
Issues | Recommendations or conclusions |
5.1 Ethical framework |
|
Code of conduct All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
Recommendation Agencies should regularly review their code-of-conduct policies and ensure they keep their codes of conduct up-to-date. |
Statement of business ethics Most agencies maintain an ethical framework, but some can enhance their related processes, particularly when dealing with external clients, customers, suppliers and contractors. |
Conclusion Agencies can enhance their ethical frameworks by publishing a Statement of Business Ethics, which communicates their values and culture. |
5.2 Potential conflicts of interest |
|
Conflicts of interest All agencies have a conflicts-of-interest policy, but most can improve how they identify, manage and avoid conflicts of interest. |
Recommendation Agencies should improve the way they manage conflicts of interest, particularly by:
|
Gifts and benefits While all agencies already have a formal gifts-and-benefits policy, we found gaps in the management of gifts and benefits by some that increase the risk of unethical conduct. |
Recommendation Agencies should improve the way they manage gifts and benefits by promptly updating registers and providing annual training to staff. |
Risk management is an integral part of effective corporate governance. It helps agencies to identify, assess and prioritise the risks they face and in turn minimise, monitor and control the impact of unforeseen events. It also means agencies can respond to opportunities that may emerge and improve their services and activities.
This year we looked at the overall maturity of the risk management frameworks that agencies use, along with two important risk management elements: risk culture and risk registers.
Issues | Recommendations or conclusions |
6.1 Risk management maturity |
|
All agencies have implemented risk management frameworks, but with varying levels of maturity in their application. Agencies’ averaged a score of 3.1 out of five across five critical assessment criteria for risk management. While strategy and governance fared best, the areas that most need to improve are risk culture, and systems and intelligence. |
Conclusion Agencies have introduced risk management frameworks and practices as required by the Treasury’s:
However, more can be done to progress risk management maturity and embed risk management in agency culture. |
6.2 Risk management elements |
|
Risk culture Most agencies have started to embed risk management into the culture of their organisation. But only some have successfully done so, and most agencies can improve their risk culture.
|
Conclusion Agencies can improve their risk culture by:
|
Risk registers and reporting Some agencies do not report their significant risks to their lead agency, which may impair the way resources are allocated in their cluster. Some agencies do not integrate risk registers at a divisional and whole-of-enterprise level. |
Conclusion Agencies not reporting significant risks at the cluster level increases the likelihood that significant risks are not being mitigated appropriately. |
Effective risk management can improve agency decision-making, protect reputations and lead to significant efficiencies and cost savings. By embedding risk management directly into their operations, agencies can also derive extra value for their activities and services.
Actions for Central Agencies 2017
Central Agencies 2017
This report highlights the results of the financial audits of NSW Government central agencies. The report focuses on key observations and findings from the most recent financial statement audits of agencies in the Treasury, Premier and Cabinet, and Finance, Services and Innovation clusters.
The report includes a range of findings in respect to service delivery. One repeat finding is that while the Government regularly reports on the 12 Premier's priorities, there is no comprehensive reporting on the 18 State priorities.
1. Financial reporting and controls
Audit Opinions | Unqualified audit opinions were issued for all agencies' 30 June 2017 financial statements. |
Early close | Early close procedures continue to facilitate the timely preparation of financial statements and completion of audits, but agencies can make further improvement. |
Deficient user administration access | User access administration over financial systems remains an area of weakness. Agencies need to strengthen user access administration to critical systems. |
Transitioning to outsourced service providers | Transitioning of services to outsourced service providers can be improved. Outsourcing services can lead to better outcomes, which may include lower transaction costs and improved services, but it also introduces new risks. |
2. Service delivery
Premier and State Priorities | A comprehensive report of performance against the 18 State Priorities is yet to be published. While some measures are publicly reported through agency annual reports or other sources, a comprehensive report of performance against the 18 State Priorities would ensure all State Priorities are publicly reported, provide a single and easily accessible source of reference and improve transparency. |
ICT and digital government | The Digital Government Strategy was released in May 2017. Targets will need to be set to assess and monitor progress against the Strategy. |
Digital information security | Not all agencies are complying with the NSW Government's information security policy. This increases the risk of noncompliance with legislation, information security breaches and difficulty restoring data or maintaining business continuity in the event of a disaster or disruption. |
Property and asset utilisation | Property NSW's performance reporting would be enhanced by developing and reporting on customer satisfaction, reporting against set targets and benchmarking cost of service to the private sector. |
3. Government financial services
Prudential oversight of NSW Government superannuation funds |
Prudential oversight of SAS Trustee Corporation Pooled Fund and Parliamentary Contributory Superannuation Fund has not been prescribed. Structured and comprehensive prudential oversight of these funds remains important as they operate in a specialised, complex and continuously changing investment market sector, have over 106,000 members and manage investments in excess of $42.4 billion. |
Green slip scheme affordability | Currently, Green Slips in NSW are the most expensive in Australia. However, CTP reforms are expected to reduce the cost of Green Slips. |
This report sets out the results of the 30 June 2017 financial statement audits of NSW Government's central agencies and their cluster agencies.
Central agencies play a key role in ensuring policy coordination, good administrative and people management practices and prudent fiscal management. The central agencies and their key responsibilities are set out below.
Confidence in public sector decision‑making and transparency is enhanced when financial reporting is accurate and timely. Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. This chapter outlines our audit observations, conclusions or recommendations related to financial reporting and controls of agencies for 2016–17.
Observation | Conclusion or recommendation |
2.1 Quality of financial reporting | |
Unqualified audit opinions were issued for all agency financial statements. | The quality of financial reporting continues to remain strong across the clusters. |
2.2 Timeliness of financial reporting | |
Most agencies complied with the statutory timeframes for completion of early close procedures and preparation and audit of financial statements. | Early close procedures continue to facilitate the timely preparation of financial statements and completion of audits, but agencies can make further improvement. |
2.3 Financial performance and sustainability | |
We assessed the performance of agencies listed in Appendix six against some key financial sustainability indicators. This highlighted two agencies with negative operating margins of more than ten per cent and one agency with a liquidity ratio of less than 0.5. | These agencies have strategies in place to remain financially sustainability and manage their liquidity. Our analysis found that, overall, the agencies are not at high risk of sustainability concerns. |
2.4 Internal Controls | |
User access administration over financial systems remains an area of weakness. Sixteen moderate risk and ten low risk issues related to user access administration across eight agencies were identified. |
Recommendation: Agencies should review user access administration to critical systems to ensure:
|
Transitioning of services to outsourced service providers can be improved. Our 2016–17 audits identified one high risk issue relating to Property NSW's outsourcing of property and facility management services to the private sector. While a high risk issue was identified in 2015–16 from the Department of Finance, Services and Innovation's outsourcing of transactional and information technology services to GovConnect there has been an improvement in GovConnect's internal control environment throughout |
Outsourcing services can lead to better outcomes, which may include lower transaction costs and improved services, but it also introduces new risks. The transition needs to be carefully managed and requires thorough planning and effective project governance. This should be supported by oversight and direction from senior management and independent project assurance. |
2.5 Human Resources | |
The percentage of full‑time equivalent staff with annual leave greater than 30 days in the Finance, Services and Innovation, Premier and Cabinet and the Treasury clusters is 7.9 per cent, 17.1 per cent and 18.4 per cent respectively. | Agencies have strategies in place to reduce annual leave balances that are greater than 30 days. The effectiveness of these strategies will need to be monitored to ensure they are helping to achieve the desired outcome. |
This chapter outlines our audit observations, conclusions and recommendations relating to service delivery for 2016–17.
Observation | Conclusion or recommendation |
3.1 Premier and State priorities | |
The Department of Premier and Cabinet monitors the achievement of targets and the implementation of initiatives to deliver the 12 Premier’s Priorities. Responsible ministers and agencies manage the 18 State Priorities. A comprehensive report of performance against the 18 State Priorities is yet to be published. |
While some measures are publicly reported through agency annual reports or other sources, a comprehensive report of performance against the 18 State Priorities would ensure all State Priorities are publicly reported, provide a single and easily accessible source of reference and improve transparency. Where possible, independent sources are used to measure performance, however without independent assurance there is an increased risk that the target measures are inaccurate, not relevant or do not fairly represent actual performance. |
Performance against the State Priority to make NSW the easiest state to start a business is not currently published. |
Initiatives, such as easy to do business and red tape reduction are in place to help achieve this priority. The regulatory policy framework is under review following an October 2016 performance audit on ‘Red tape reduction’ that found the regulatory burden of legislation had increased. |
3.2 Financial management | |
Revenue NSW earned record crown revenue of $30.0 billion in 2016–17 to support the state's finances. | Record crown revenue has been driven by the sustained increase in duties revenue, which has increased by 93.7 per cent over the last five years. This is a consequence of the continued strength in the property market over this time and large one off NSW Government business asset sales and leases. |
3.3 ICT and digital government | |
The Digital Government Strategy (the Strategy) was released in May 2017 to build on reforms set out in previous ICT strategies. | The Strategy’s priorities and enablers aim to support digital innovation. Targets and measures will need to be set to assess and monitor progress against the Strategy. |
The Digital Information Security Policy (DISP) is a key tool that helps ensure a minimum set of information security controls are implemented across NSW Government agencies. A review of 2016 annual reports found 15 agencies (13 in 2015) did not attest to compliance with the DISP and of the agencies that attested to compliance, 34 reported issues associated with their compliance. |
The Strategy’s priorities and enablers aim to support digital innovation. Targets and measures will need to be set to assess and monitor progress against the Strategy. |
3.4 Property and asset utilisation | |
Property NSW's performance reporting could be |
Property NSW's performance reporting would be enhanced by developing and reporting on customer satisfaction, reporting against set targets and benchmarking cost of service to the private sector. |
This chapter outlines our audit observations, conclusions and recommendations specific to NSW Government agencies providing financial services.
Observation | Conclusion or recommendation |
4.1 Key issues | |
The SAS Trustee Corporation (STC) Pooled Fund and the Parliamentary Contributory Superannuation (PCS) Fund are not required to comply with the prudential and reporting standards issued by the Australian Prudential Regulation Authority (APRA). Amendments to relevant legislation allows the Minister for Finance, Services and Property to prescribe applicable prudential standards and audit requirements. |
Structured and comprehensive prudential oversight of these funds remains important as they operate in a specialised, complex and continuously changing investment market sector, have over 106,000 members and manage investments of more than $42.4 billion. Recommendation: The Treasury should liaise with the respective Trustees to implement appropriate prudential standards and oversight arrangements for the exempt public sector superannuation funds. |
Currently, Green Slips in NSW are the most expensive in Australia. Average premiums for Sydney Metropolitan vehicles increased by 10.4 per cent between 1 January 2016 and 31 December 2016. |
CTP reforms are expected to reduce the cost of Green Slips. The State Insurance Regulatory Authority will need to ensure it has appropriate processes in place to track and report against the expected benefits. |
4.2 Financial performance and sustainability | |
Net unfunded superannuation liabilities were $15.0 billion at 30 June 2017. Under the Fiscal Responsibility Act 2012, the NSW Government’s target is to eliminate unfunded superannuation liabilities by 2030. |
The superannuation funds’ strategic asset allocation and investment strategies are monitored and adjusted to help achieve a fully funded position by 2030. |
The Home Warranty Scheme commenced in 2011. Over this time total premiums collected have not been sufficient to cover expected claim costs. | Funding arrangements introduced during 2016–17 allow the Home Building Compensation Fund to apply to the Crown for reimbursement of unfunded realised losses from under-pricing of premiums. Other reforms are planned to address the long term sustainability of the home building compensation scheme. |
4.3 Investment performance | |
The NSW Government’s main superannuation funds have maintained the management expense ratio (MER) at consistent levels over the past two years. The Parliamentary Contributory Superannuation (PCS) Fund does not set an MER target. | MER is an industry recognised ratio to measure the performance of funds and investment managers. Recommendation: The Fund Secretary for the PCS Fund, in conjunction with the Trustee, should consider establishing an appropriate management expense ratio target to measure performance. |
Actions for 2016 - An overview
2016 - An overview
This report focuses on key observations and findings from 2016 audits and highlights key areas of focus for financial and performance audits in 2017.
Financial reporting | |
Observation | Conclusion |
Only one qualified audit opinion was issued on the 2015–16 financial statements of NSW public sector agencies, compared to two in 2014–15. | The quality of financial reporting continued to improve across the NSW public sector. |
More 2015–16 financial statements and audit opinions were signed within three months of the year end. | Timely financial reporting was facilitated by more agencies resolving significant accounting issues early, completing asset valuations on time and compiling sufficient evidence to support financial statement balances. |
NSW Treasury’s early close procedures in 2015–16 were again successful in improving the quality and timeliness of financial reporting, largely facilitated by the early resolution of accounting issues. For 2016–17, NSW Treasury has narrowed the scope of mandatory early close procedures. |
The narrowed scope of mandatory early close procedures may diminish the good performance in ensuring the quality and timeliness of financial reporting achieved in recent years. To mitigate this risk, NSW Treasury has mandated that agencies perform non-financial asset valuations and prepare proforma financial statements in their early close procedures. It also encourages them to continue with the good practices embedded in recent years. |
Although most agencies complied with NSW Treasury’s early close asset revaluation procedures we identified areas where they can improve. | Asset revaluations need to commence early enough to ensure all assets are identified and the results are analysed, recorded and reflected accurately in the early close financial statements. |
Number of misstatements | |||||
Year ended 30 June | 2015-16 | 2014-15 | 2013-14 | 2012-13 | 2011-12 |
Total reported misstatements | 298 | 396 | 459 | 661 | 1,077 |
All material misstatements identified by agencies and audit teams were corrected before the financial statements and audit opinions were signed. A material misstatement relates to an incorrect amount, classification, presentation or disclosure in the financial statements that could reasonably be expected to influence the economic decisions of users.
Significant matters reported to the portfolio Minister, Treasurer and Agency Head
In 2015–16, we reported the following significant matters to the portfolio Minister, Treasurer and agency head in our Statutory Audit Reports:
Appropriate financial controls help ensure the efficient and effective use of resources and the implementation and administration of agency policies. They are essential for quality and timely decision making.
In 2015–16, our audit teams made the following key observations on the financial controls of NSW public sector agencies.
Financial controls | |
Observation | Conclusion |
More needs to be done to implement audit recommendations on a timely basis. We found 212 internal control issues identified in previous audits had not been adequately addressed by 30 June 2016. |
Delays in implementing audit recommendations can impact the quality of financial information and the effectiveness of decision making. Agencies need to ensure they have action plans, timeframes and assigned responsibilities to address recommendations in a timely manner. |
Agencies continue to face challenges managing information security. Most information technology issues we identified related to poor IT user administration in areas like password controls and inappropriate access. | Agencies should review the design and effectiveness of information security controls to ensure data is adequately protected. |
We found shared service provider agreements did not always adequately address information security requirements. |
Where agencies use shared service providers they should consider whether the service level arrangements adequately address information security. |
Thirteen of 108 agencies required to attest to having a minimum set of information security controls did not do so in their 2015 annual reports. | The 'NSW Government Digital Information Security Policy' recognises the growing need for effective information security. With cyber security threats continuing to increase as digital services expand we plan to look at cyber security as part of our 2017–18 performance audit program. |
We identified instances where service level agreements with shared service providers were outdated, signed too late or did not exist. | Corporate and shared service arrangements are more effective when service level arrangements are negotiated and signed in time, clearly detail rights and responsibilities and include meaningful KPIs, fee arrangements and dispute resolution processes. |
Internal controls at GovConnect, the private sector provider of transactional and information technology services to many NSW public sector agencies were ineffective in 2015–16. We found mitigating actions taken to manage transition risks from ServiceFirst to GovConnect were ineffective in ensuring effective control over client transactions and data. | The Department of Finance, Services and Innovation should ensure GovConnect addresses the control deficiencies. It should also examine the breakdowns in the transition of the shared service arrangements and apply the learnings to other services being transitioned to the private sector. |
Maintenance backlogs exist in several NSW public sector agencies, including Roads and Maritime Services, Sydney Trains, NSW Health, the Department of Education and the Department of Justice. | To address backlog maintenance it is important for agencies to have asset lifecycle planning strategies that ensure newly built and existing assets are funded and maintained to a desired service level. |
Actions for Volume Seven 2015 Part One Law and Order
Volume Seven 2015 Part One Law and Order
Many factors are contributing to the overcrowding of the NSW prison system. This is in turn putting pressure on operations in the courts, and could ultimately impact rates of reoffending.
The lack of capacity is impacting more than just the NSW prison system. Over the weekend of 31 October 2015 some inmates held by the NSW Police Force could not be brought before a court because of capacity shortages.
This was one of the findings reported in Volume Seven 2015 of the Auditor-General’s Report to Parliament, which covers law and order services provided by the NSW Police Force, Department of Justice, and NSW Trustee and Guardian.
Actions for Volume Seven 2015 Part Two Emergency Services
Volume Seven 2015 Part Two Emergency Services
Demand for emergency services increased by eight per cent, in response to 187,282 incidents during 2014-15. Total volunteer numbers have risen over the last three years by 2.4 per cent to 98,536, improving capacity to deal with such incidents. NSW Rural Fire Service had only five emergency declarations in 2014-15 compared to 48 the year before, resulting in natural disaster expenditure falling by $89.0 million.
Fire and Rescue NSW response time to incidents and NSW Rural Fire Service fire containment continue to improve.
These are some of the matters highlighted in Part 2 of Volume Seven 2015 of the Auditor-General’s Report to Parliament, which covers emergency services agencies.
Actions for Volume Five 2015 Premier and Cabinet
Volume Five 2015 Premier and Cabinet
Volume Five 2015 covered Premier and Cabinet agencies such as the Department of Premier and Cabinet, Office of Sport, Venues NSW, Barangaroo Delivery Authority and Infrastructure NSW.