Refine search Expand filter

Reports

Published

Actions for Cyber security in local government

Cyber security in local government

Local Government
Cyber security
Information technology
Internal controls and governance
Management and administration
Risk

What this report is about

NSW local councils provide a wide range of essential services and infrastructure to their communities and are increasingly reliant on digital technologies.

Councils need to manage cyber security risks to ensure their information, data and systems are appropriately safeguarded. Councils also need to be prepared to detect, respond and recover when a cyber security incident occurs.

The audit assessed how effectively three selected councils identified and managed cyber security risks.

The audit also included the Department of Planning, Housing and Infrastructure (Office of Local Government) and Department of Customer Service (Cyber Security NSW), due to their roles in providing guidance and support to local councils.

Audit findings

The audit found that the selected councils are not effectively identifying and managing cyber security risks. Each of the councils undertook activities to improve their cyber security during the audit period, but this audit found significant gaps in their cyber security risk management and cyber security processes.

Such gaps result in unmitigated risks to the security of information and assets which, if compromised, could impact their local communities, service delivery and public infrastructure.

Cyber Security NSW and the Office of Local Government recommend that councils adopt requirements in the Cyber Security Guidelines for Local Government, but could do more to monitor whether the Guidelines are enabling better cyber security risk management in the sector.

Audit recommendations

In summary, the councils should:

  • integrate assessment and monitoring of cyber security risks into corporate governance processes
  • self-assess their performance against Cyber Security NSW's guidelines for local government
  • develop and implement a risk-based cyber security improvement plan and program of activities
  • develop, implement and test a cyber incident response plan.

Cyber Security NSW and the Office of Local Government should regularly consult on cyber security risks facing local government, and review the effectiveness of guidelines and related resources for the sector.

While this report focuses on the performance of the selected councils, the findings and recommendations should be considered by all councils to better understand their risks and challenges relevant to managing cyber security risks.

 

Read the PDF report

Parliamentary reference - Report number #392- released 26 March 2024

Published

Actions for Local Government 2023

Local Government 2023

Local Government
Asset valuation
Cyber security
Financial reporting
Fraud
Information technology
Internal controls and governance

What this report is about

Results of the local government sector financial statement audits for the year ended 30 June 2023.

Findings

Unqualified audit opinions were issued for 85 councils, eight county councils and 12 joint organisations.

Qualified audit opinions were issued for 36 councils due to non-recognition of rural firefighting equipment vested under section 119(2) of the Rural Fires Act 1997.

The audits of seven councils, one county council and one joint organisation remain in progress at the date of this report due to significant accounting issues.

Fifty councils, county councils and joint organisations missed the statutory deadline of submitting their financial statements to the Office of Local Government, within the Department of Planning, Housing and Infrastructure, by 31 October.

Audit management letters included 1,131 findings with 40% being repeat findings and 91 findings being high-risk. Governance, asset management and information technology continue to represent 65% of the key areas for improvement.

Fifty councils do not have basic governance and internal controls to manage cyber security.

Recommendations

To improve quality and timeliness of financial reporting, councils should:

  • adopt early financial reporting procedures, including asset valuations
  • ensure integrity and completeness of asset source records
  • perform procedures to confirm completeness, accuracy and condition of vested rural firefighting equipment.

To improve internal controls, councils should:

  • track progress of implementing audit recommendations, and prioritise high-risk repeat issues
  • continue to focus on cyber security governance and controls.

 

Read the PDF report

Published

Actions for Regulation insights

Regulation insights

Environment
Finance
Health
Local Government
Planning
Whole of Government
Compliance
Cyber security
Internal controls and governance
Management and administration
Procurement
Regulation
Risk

What this report is about

In this report, we present findings and recommendations relevant to regulation from selected reports between 2018 and 2024.

This analysis includes performance audits, compliance audits and the outcomes of financial audits.

Effective regulation is necessary to ensure compliance with the law as well as to promote positive social and economic outcomes and minimise risks with certain activities.

The report is a resource for public sector leaders. It provides insights into the challenges and opportunities for more effective regulation.

Audit findings

The analysis of findings and recommendations is structured around four key themes related to effective regulation:

  • governance and accountability
  • processes and procedures
  • data and information management
  • support and guidance.

The report draws from this analysis to present insights for agencies to promote effective regulation. It also includes relevant examples from recent audit reports.

In this report, we also draw out insights for agencies that provide a public sector stewardship role.

The report highlights the need for agencies to communicate a clear regulatory approach. It also emphasises the need to have a consistent regulatory approach, supported by robust information about risks and accompanied with timely and proportionate responses.

The report highlights the need to provide relevant support to regulated parties to facilitate compliance and the importance of transparency through reporting of meaningful regulatory information.

 

Read the PDF report

Published

Actions for Flood housing response

Flood housing response

Planning
Whole of Government
Community Services
Premier and Cabinet
Internal controls and governance
Management and administration
Procurement
Project management
Risk
Service delivery
Shared services and collaboration

What this report is about

Extreme rainfall across eastern Australia in 2021 and 2022 led to a series of major flood events in New South Wales.

This audit assessed how effectively the NSW Government provided emergency accommodation and temporary housing in response to the early 2022 Northern Rivers and late 2022 Central West flood events.

Responsible agencies included in this audit were the Department of Communities and Justice, NSW Reconstruction Authority, the former Department of Planning and Environment, the Department of Regional NSW and the Premier’s Department.

Findings

The Department of Communities and Justice rapidly provided emergency accommodation to displaced persons immediately following these flood events.

There was no plan in place to guide a temporary housing response and agencies did not have agency-level plans for implementing their responsibilities.

The NSW Government rapidly procured and constructed temporary housing villages. However, the amount of temporary housing provided did not meet the demand.

There is an extensive waitlist for temporary housing and the remaining demand in the Northern Rivers is unlikely to be met. The NSW Reconstruction Authority has not reviewed this list to confirm its accuracy.

Demobilisation plans for the temporary housing villages have been developed, but there are no long-term plans in place for the transition of tenants out of the temporary housing.

Agencies are in the process of evaluating the provision of emergency accommodation and temporary housing.

The findings from the 2022 State-wide lessons process largely relate to response activities.

Audit recommendations

The NSW Reconstruction Authority should:

  • Develop a plan for the provision of temporary housing.
  • Review the temporary housing waitlist.
  • Determine a timeline for demobilising the temporary housing villages.
  • Develop a strategy to manage the transition of people into long-term accommodation.
  • Develop a process for state-wide recovery lessons learned.

All audited agencies should:

  • Finalise evaluations of their role in the provision of emergency accommodation and temporary housing.
  • Develop internal plans for implementing their roles under state-wide plans.

Read the PDF report

Parliamentary reference - Report number #389 - released 22 February 2024

Published

Actions for Procurement of services for the Park'nPay app

Procurement of services for the Park'nPay app

Finance
Local Government
Information technology
Internal controls and governance
Procurement
Project management

What this report is about

The report assesses whether the Department of Customer Service (the department) complied with legislation and NSW government policy when it directly negotiated with Duncan Solutions to procure backend services relating to the Park'nPay app.

The Park'nPay app, developed by the department, enables users to locate and pay for parking remotely using their smart mobile device.

The audit found

The department failed to establish the grounds for entering a direct negotiation procurement strategy, without any competitive tendering, for services for the Park'nPay app. It rushed a decision to trial the app in The Rocks, without considering how this might affect its procurement obligations.

There is no evidence that the procurement achieved value for money. Despite being required by legislation, as well as mandatory NSW government policy, the department did not consider how it would ensure value for money, nor did it demonstrate an adequate understanding of what is meant by value for money on this occasion.

The department failed to implement key probity requirements. There was no effective management of conflicts of interest. Key decisions were not documented. There was a lack of clarity, transparency, and oversight of the relationship between the Minister's office and staff in the department.

The audit made recommendations about

  1. making and retaining complete and accurate records, particularly on decisions to commit or expend public money
  2. ensuring department staff understand how to exercise their financial delegations and procurement processes
  3. ensuring that only staff with appropriate delegations are committing or approving the spending of public money
  4. consistency with the contract extension provisions of the NSW Government Procurement Policy Framework, particularly regarding ensuring value for money
  5. protocols to guide the interactions between department staff and Minister and Minister's staff
  6. the need for proper management and oversight of contingent workers, such as contractors.

 

On 27 February 2019 the then Minister for Finance, Services and Property announced the commencement of a Park’nPay app trial in The Rocks precinct of Sydney.

The app was intended to enable users to locate and pay for parking remotely, using their smart mobile device such as a phone or tablet, rather than needing to physically be at a parking meter.

In July 2019, following a direct negotiation procurement conducted by the then Department of Finance, Services and Innovation, a contract was executed with Duncan Solutions for an estimated value of $1,260,600 over three-years, with three single-year options to extend. The contract required Duncan Solutions to provide development services to link the Park'nPay app to its Parking Enterprise Management System platform and to provide ongoing software support services.

This audit assessed whether the department complied with the procurement obligations that applied at the time it procured these services from Duncan Solutions.

This audit focussed on the department's processes and decision-making relating to:

  • the direct negotiation with Duncan Solutions at the exclusion of any other potential supplier
  • the negotiation, execution and management of the contract with Duncan Solutions.

As this audit focusses on the department's procurement and contract management processes, it does not comment on the activities of Duncan Solutions. The detailed audit objective, criteria and audit approach are in Appendix three.

The auditee is the Department of Customer Service. As a result of machinery of government changes, the Department of Finance, Services, and Innovation became the Department of Customer Service from 1 July 2019. To avoid confusion, this report simply uses ‘the department’ to refer to either. Where the report refers to the Minister, it relates to the former Minister in office at the time.

Conclusion

The department failed to establish the grounds for entering a direct negotiation procurement strategy for services for the Park'nPay app. It rushed a decision to trial the app in The Rocks, without considering how this might affect its procurement requirements.

As part of a direct negotiation process, the department was required to, but did not:

  • undertake a comprehensive analysis of the market and all relevant factors to demonstrate that a competitive process does not need to be conducted
  • conduct a risk assessment for the procurement approach
  • follow the internal delegation process, including obtaining approval of the department's delegate and endorsement of the Chief Procurement Officer.

There is no evidence that the procurement to support Park'nPay represented value for money. Despite it being required by legislation, as well as mandatory NSW Government policy, the department did not consider how to ensure value for money, nor demonstrate an adequate understanding of what is meant by value for money in this case.

The department issued no tender or expression of interest documents against which any proposal could be assessed, and it had no tender evaluation plan, committee, or criteria. Without any objective standards against which the supplier's proposal could be assessed, it was not possible for the department to determine if value for money was achieved, and no value for money has been demonstrated.

The department failed to implement key probity requirements. There was no effective management of conflicts of interest. Key decisions were not documented. There was a lack of clarity, transparency, and oversight of the relationship between the Minister's office and staff in the department.

No conflict of interest declarations were made by staff until almost one year after the direct negotiations commenced and even then they were not made by all members of the negotiation team and key decision-makers.

The department did not document the reasons for its decisions or minute key meetings, such as when, why and by whom the decision was made to transform the procurement from a 'trial' to a contract of up to six years duration. The department had no policies guiding the interactions between the Minister, the Minister's office and staff in the department (including contractors) in relation to this initiative, resulting in blurred and uncertain roles, responsibilities, and accountabilities.

The department initially sought to withhold information from the Audit Office pertaining to Park'nPay. When questions were raised through external scrutiny, there was little evidence of genuine inquiry or review into its practices to ensure improvement and compliance.

The department deliberately sought to withhold information from the Audit Office of NSW when initial inquiries were lawfully made about the Park'nPay project in the context of the audit of the department's financial statements in May 2021.

There is also limited evidence to demonstrate the department has reviewed the decisions and practices around the Park'nPay project, despite receiving internal legal advice at the time that questioned the characterisation of the procurement as a 'pilot', and external scrutiny via the NSW Parliament's Budget Estimates Committee hearings. This indicates a risk that opportunities to review and improve the department's procurement practices based on learnings from this process have been missed.

 

Appendix one – Response from auditee

Appendix two – Key requirements of the department's procurement manual 

Appendix three – About the audit 

Appendix four– Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #387 - released 14 December 2023

 

Published

Actions for Planning and Environment 2023

Planning and Environment 2023

Planning
Environment
Industry
Asset valuation
Compliance
Financial reporting
Information technology
Infrastructure
Internal controls and governance
Management and administration
Risk
Shared services and collaboration

What this report is about

Results of the Planning and Environment portfolio financial statement audits for the year ended 30 June 2023.

The audit found

Unqualified audit opinions were issued for all completed Planning and Environment portfolio agencies. Seven audits are ongoing.

The Catholic Metropolitan Cemeteries Trust (CMCT) did not comply with its obligations under the Government Sector Finance Act 2018 (GSF Act) to prepare and submit financial statements for audit.

The Department of Planning and Environment (the department) has not yet provided their assessment of the financial reporting requirements for the 579 Category 2 Statutory Land Managers (SLMs) for 2022–23.

One-hundred-and-nineteen Commons Trusts are non-compliant with the GSF Act as they have not submitted their financial statements for audit.

We issued unqualified opinions on the Water Administration Ministerial Corporation's 2020–21, 2021–22 and 2022–23 financial statements.

The number of monetary misstatements identified in our audits decreased from 59 in 2021–22 to 51 in 2022–23, however the gross value of misstatements increased.

The key audit issues were

The former Resilience NSW and NSW Reconstruction Authority (the Authority) re-assessed the accounting implications arising from contractual agreements relating to temporary housing assets associated with the Northern Rivers Temporary Homes Program. This resulted in adjustments to recognise the associated assets and liabilities.

We continue to identify significant deficiencies in NSW Crown land information records.

The department has not been effective in addressing the differing practices for the financial reporting of rural firefighting equipment vested to councils under section 119 (2) of the Rural Fires Act 1997.

The number of findings across the portfolio reported to management increased from 132 in 2021–22 to 140 in 2022–23. Thirty per cent of issues were repeated from the prior year.

Seven high-risk issues were identified. These related to the findings outlined above, deficiencies in quality reviews of asset valuations, internal control processes and IT general controls.

The audit recommended

Recommendations were made to the department and portfolio agencies to address these deficiencies.

This report provides Parliament and other users of the Planning and Environment portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting

  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment portfolio of agencies (the portfolio) for 2023.

Section highlights

  • Unqualified audit opinions were issued on all completed 30 June 2023 financial statements audits of portfolio agencies. Seven audits are ongoing.

  • We have been unable to commence audits of the Catholic Metropolitan Cemeteries Trust (CMCT). NSW Treasury's position remains that the Catholic CMCT is a controlled entity of the State for financial reporting purposes. This means CMCT is a Government Sector Finance (GSF) agency and is obliged under Section 7.6 of the Government Sector Finance Act 2018 (GSF Act) to prepare financial statements and submit them to the Auditor-General for audit. To date, CMCT has not met its statutory obligations under the GSF Act.

  • The Department of Planning and Environment has not yet provided their assessment against the reporting exemption requirements in the Government Sector Finance Regulation 2018 (GSF Regulation) for the estimated 579 Category 2 Statutory Land Managers (SLMs) or 119 Commons Trusts for 2022–23 and no Category 2 SLM or Commons Trust has submitted its 2022–23

    financial statements for audit. Consequently, the lack of compliance with reporting requirements by these 698 agencies presents a challenge to obtaining reliable financial data for these agencies for the purposes of consolidation to the Total State Sector Accounts.

  • The audits of the Water Administration Ministerial Corporation's (WAMC) financial statements for the years ended 30 June 2021 and 30 June 2022 were completed in June 2023 and unqualified audit opinions issued. The 30 June 2023 audit was completed and an unqualified audit opinion was issued on 12 October 2023.

  • The number of reported corrected misstatements decreased from 46 in 2021–22 to 36, however the gross value of misstatements increased from $73 million in 2021–22 to $491.8 million in 2022–23.

  • Portfolio agencies met the statutory deadline for submitting their 2022–23 early close financial statements and other mandatory procedures.

  • A change to the NSW paid parental leave scheme, effective October 2023, created a new legal obligation that needed to be recognised by impacted government agencies. Impact to the agencies' financial statements were not material.

 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the portfolio.

Section highlights 

  • The number of findings across the portfolio reported to management increased from 132 in 2021–22 to 140 in 2022–23 and 30% were repeat issues (34% in 2021–22).

  • The 2022–23 audits identified seven high-risk and 76 moderate risk issues across the portfolio. Four of the high-risk issues were repeat issues, one was a repeat issue with the risk rating reassessed to high-risk in the current year and two were new findings in 2022–23.

  • The former Resilience NSW and NSW Reconstruction Authority had previously assessed that they did not control the temporary housing assets associated with the administration of the Northern Rivers Temporary Homes Program, under relevant accounting standards. A re-assessment of the agreements was made subsequent to the submission of the Authority’s 2022–23 financial statements for audit, which determined that the Authority was the appropriate NSW Government agency to recognise these assets and associated liabilities not previously recognised by the Authority or the former Resilience NSW.

  • There continues to be significant deficiencies in Crown land records. The department should continue to implement their data strategy and action plan to ensure the Crown land database is complete and accurate.

  • Since 2017, the Audit Office has recommended that the department, through OLG should address the differing practices for the financial reporting of rural firefighting equipment vested to councils under section 119 (2) of the Rural Fires Act 1997. The department has not been effective in resolving this issue. In 2023, twenty-six of 108 completed audits of councils received qualified audit opinions on their 2023 financial statements (43 of 146 completed audits in 2022). Six councils had their qualifications for not recognising vested rural firefighting equipment removed in 2022–23.

 

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures 

Appendix three – Timeliness of financial reporting 

Appendix four – Financial data

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Actions for Regional NSW 2023

Regional NSW 2023

Industry
Environment
Planning
Whole of Government
Asset valuation
Compliance
Cyber security
Financial reporting
Fraud
Information technology
Infrastructure
Procurement
Regulation
Risk
Service delivery
Shared services and collaboration

What this report is about

Results of the Regional NSW financial statements audits for the year ended 30 June 2023.

What we found

Unqualified audit opinions were issued on all completed audits in the Regional NSW portfolio agencies.

The number of monetary misstatements identified in our audits increased from 28 in 2021–22 to 30 in 2022–23.

What the key issues were

Effective 1 July 2023, staff employed in the Northern Rivers Reconstruction Corporation Division of the Department of Regional NSW transferred to the NSW Reconstruction Authority Staff Agency.

The Regional NSW portfolio agencies were migrated into a new government wide enterprise resourcing planning system.

The total number of audit management letter findings across the portfolio of agencies decreased from 36 to 23.

A high risk matter was raised for the NSW Food Authority to improve the internal controls in the information technology environment including monitoring and managing privilege user access.

What we recommended

Local Land Services should prioritise completing all mandatory early close procedures.

Portfolio agencies should:

  • ensure any changes to employee entitlements are assessed for their potential financial statements impact under the relevant Australian Accounting Standards
  • prioritise and address internal control deficiencies identified in audit management letters.

This report provides Parliament and other users of the Regional NSW portfolio of agencies financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Regional NSW portfolio of agencies (the portfolio) for 2023.

Section highlights

  • Unqualified audit opinions were issued on all completed 30 June 2023 financial statements audits of the portfolio agencies. Two audits are ongoing.
  • The total number of errors (including corrected and uncorrected) in the financial statements increased compared to the prior year.
  • Portfolio agencies met the statutory deadline for submitting their 2022–23 early close financial statements and other mandatory procedures.
  • Portfolio agencies continue to provide financial assistance to communities affected by natural disasters.
  • A change to the NSW paid parental leave scheme, effective October 2023, created a new legal obligation that needed to be recognised by impacted government agencies. Impact to the agencies' financial statements were not material. 

 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Regional NSW portfolio.

Section highlights

  • The 2022–23 audits identified one high risk and nine moderate risk issues across the portfolio. Of these, one was a moderate risk repeat issue.
  • The total number of findings decreased from 36 to 23 which mainly related to deficiencies in internal controls.
  • The high risk matter relates to the monitoring and managing of privilege user access at NSW Food Authority. 

 

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Actions for State heritage assets

State heritage assets

Environment
Local Government
Planning
Compliance
Management and administration
Regulation
Risk

What the report is about

This audit assessed how effectively the Department of Planning and Environment (Heritage NSW) is overseeing and administering heritage assets of state significance.

Heritage that is rare, exceptional or outstanding to New South Wales may be listed on the State Heritage Register under the Heritage Act 1977. This provides assets with legal recognition and protection. Places, buildings, works, relics, objects and precincts can be listed, whether in public or private ownership.

Heritage NSW has administrative functions and regulatory powers, including under delegation from the Heritage Council of NSW, relevant to the listing, conservation and adaptive re-use of heritage assets of state significance.

In summary, the audit assessed whether Heritage NSW:

  • is effectively administering relevant advice and decisions
  • is effectively supporting and overseeing assets
  • has established clear strategic priorities and can demonstrate preparedness to implement these.

What we found

Heritage NSW does not have adequate oversight of state significant heritage assets, presenting risks to its ability to promote the objects of the Heritage Act.

Information gaps and weaknesses in quality assurance processes limit its capacity to effectively regulate activities affecting assets listed on the State Heritage Register.

Heritage NSW has adopted a focus on customer service and recently improved its timeliness in providing advice and making decisions about activities affecting listed assets. But Heritage NSW has not demonstrated how its customer-focused priorities will address known risks to its core regulatory responsibilities.

Listed assets owned by government entities are often of high heritage value. Heritage NSW could do more to promote effective heritage management among these entities.

What we recommended

The report made eight recommendations to Heritage NSW, focusing on:

  • improving quality assurance over advice and decisions
  • improving staff guidance and training
  • defining and maintaining data in the State Heritage Register
  • clarifying its regulatory intent and approach
  • sector engagement and interagency capability to support heritage outcomes.

The Heritage Act 1977 (the Heritage Act) and accompanying regulation provide the legal framework for the identification, conservation and adaptive re-use of heritage assets in New South Wales.

The Department of Planning and Environment (Heritage NSW) has responsibility for policy, legislative and program functions for state heritage matters, including supporting the Minister for Heritage to administer the Heritage Act.

Heritage assets that are rare, exceptional or outstanding beyond a local area or region may be listed on the State Heritage Register under the Heritage Act. These assets include places, buildings, works, relics, moveable objects and precincts, and assets that have significance to Aboriginal communities in New South Wales. Assets nominated for and listed on the State Heritage Register ('listed assets') may be owned privately or publicly, including by local councils and state government entities.

The Heritage Act establishes the Heritage Council of NSW (the Heritage Council) to undertake a range of functions in line with its objectives. Heritage NSW provides administrative support to the Heritage Council, for example providing advice on assets that have been nominated for listing on the State Heritage Register. Many of Heritage NSW’s core activities also relate to exercising functions and powers under delegation from the Heritage Council. These include making administrative decisions about works affecting listed assets, and exercising powers to regulate asset owners’ compliance with requirements under the Heritage Act.

Heritage NSW states that heritage:

…gives us a sense of our history and provides meaningful insights into how earlier generations lived and developed. It also enriches our lives and helps us to understand who we are.  

According to Heritage NSW, an effective heritage system will facilitate the community in harnessing the cultural and economic value of heritage.

The objective of this audit was to assess how effectively the Department of Planning and Environment (Heritage NSW) is overseeing and administering heritage assets of state significance.

For this audit, ‘heritage assets of state significance’ refers to items (including a place, building, work, relic, moveable object or precinct) listed on the State Heritage Register ('listed assets'), and those which have been nominated for listing.

Conclusion

The Department of Planning and Environment (Heritage NSW) does not have adequate oversight of state significant heritage assets. Information gaps and weaknesses in certain assurance processes limit its capacity to effectively regulate activities affecting assets listed on the State Heritage Register. These factors also constrain its ability to effectively support voluntary compliance and promote the objects of the Heritage Act, which include encouraging conservation and adaptive re-use.
Heritage NSW has adopted a focus on customer service and recently improved the timeliness of its advice and decisions on activities affecting listed assets. But Heritage NSW has not demonstrated how its customer service priorities will address known risks to its regulatory responsibilities. It could also do more to enable and promote effective heritage management among state government entities that own listed assets.

The information that Heritage NSW maintains about assets listed on the State Heritage Register ('listed assets') is insufficient for its regulatory and owner engagement purposes. Data quality and completeness issues have arisen since the register was established in 1999. But Heritage NSW's progress to address important gaps in the register, and its other information systems, has been limited in recent years. These gaps limit Heritage NSW’s capacity to detect compliance breaches early and implement risk-based regulatory responses, and to strategically target its owner engagement activities to promote conservation and re-use.

Heritage NSW makes decisions on applications for works on listed assets, requiring technical skills and professional judgement. But Heritage NSW does not provide its staff with adequate guidance to ensure that consistent approaches are used, and it lacks sufficient quality assurance processes. There are similar weaknesses in Heritage NSW's oversight of decisions on applications that are delegated to other government entities.

Heritage NSW has prioritised the implementation of customer service-focused activities, policies, and programs to reduce regulatory burdens on asset owners since 2017. For example, Heritage NSW has refreshed its website, introduced new information management systems, and implemented new regulation for the self-assessment of exemptions for minor works. However, Heritage NSW has not taken steps to mitigate oversight and quality risks introduced with the reduced regulatory burdens. Heritage NSW has made some, but to date insufficient, progress on a key project to update its publications. These documents (over 150 publications) are intended to play an important role in promoting voluntary compliance and supporting heritage outcomes. Heritage NSW started a new project to update relevant publications in April 2023.

Heritage NSW has recently implemented processes to improve its efficiency, such as screening new nominations for listing on the State Heritage Register. Heritage NSW has also reported improvements in the time it takes to decide on applications for works affecting listed assets. In the third quarter of 2022–23, 87% of decisions were made within the statutory timeframes. This compares to 48% in 2021–22. Heritage NSW has similarly improved how quickly it provides heritage advice on major projects, with 90% of advice reported as delivered on time in the third quarter of 2022–23, compared to 44% in 2020–21.

Assets owned by state government entities comprise a large proportion of State Heritage Register listings. These assets are often of high heritage value or situated within large and complex precincts or portfolios. But Heritage NSW does not implement targeted capability building activities to support good practice heritage management among state government entities and to promote compliance with their obligations under the Heritage Act.

The expected interaction between Heritage NSW's strategic plans and activities, and the priorities of the Heritage Council of NSW, is unclear. Actions to clarify the relevant governance arrangements have also been slow following a review in 2020 but this work re-commenced in late 2022.

Heritage NSW has been progressing work to draft reforms to the Heritage Act. This follows recommendations made in a 2021 Upper House Inquiry into the Heritage Act. To build preparedness for future reforms, Heritage NSW will need to do more to address the risks and opportunities identified in this audit report. In particular, it will need to ensure it has sufficient information and capacity to implement a risk-based regulatory approach; clear and effective governance arrangements with the Heritage Council of NSW; and enhanced engagement with government entities to promote the conservation and adaptive re-use of listed assets in public ownership.

This chapter assesses the effectiveness of Heritage NSW's oversight of state heritage assets, including its visibility of listed assets, and its oversight of regulatory decision-making. It also assesses Heritage NSW's activities to engage with owners to meet their obligations under the Heritage Act and to support heritage outcomes.

This chapter assesses the timeliness of Heritage NSW’s provision of advice, recommendations, and decisions on heritage issues to support heritage management outcomes with respect to listed assets.

This chapter assesses whether the Department of Planning and Environment (Heritage NSW) has established clear strategic priorities to effectively oversee and administer activities related to listed assets, and its preparedness to implement reforms. It also assesses the adequacy of planning activities and governance arrangements to support the achievement of strategic directions.

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #384 - released 27 June 2023

Published

Actions for Regulation of public native forestry

Regulation of public native forestry

Environment
Industry
Compliance
Management and administration
Regulation
Risk

What this report is about

The Forestry Corporation of NSW (FCNSW) is a state-owned corporation that manages over two million hectares of public native forests and plantations supplying timber to sawmills across NSW.

The NSW Environment Protection Authority (EPA) is responsible for regulating the native forestry industry in NSW.

FCNSW must comply with Integrated Forestry Operations Approvals (IFOAs), which set out rules for how timber harvesting may occur.

Most harvesting is undertaken under the Coastal IFOA, which commenced in 2018.

This audit assessed how effectively Forestry Corporation of NSW manages its public native forestry activities to ensure compliance, and how effectively the Environment Protection Authority regulates these activities.

What we found

Forestry Corporation of NSW (FCNSW) clearly articulates its compliance obligations.

While FCNSW undertakes monitoring of its contractors, it does not do so consistently and does not target its monitoring activities on a risk basis.

FCNSW has largely fulfilled mandatory Coastal IFOA training requirements, but has not yet trained other staff who would also benefit from the training.

Contractor compliance appears to be improving, but there are gaps and inconsistencies in FCNSW's documentation of this.

FCNSW is not measuring its overall compliance to determine how it is tracking against its target.

The EPA undertakes proactive inspections of Coastal IFOA harvesting operations on a risk basis. However, it does not assess the risk at harvest sites covered by other IFOAs.

Most EPA compliance staff have received basic training, but few have received more advanced training required to effectively undertake forestry inspections.

Some EPA offices do not have the necessary equipment to undertake forestry inspections.

The EPA and FCNSW are not implementing all elements of a Memorandum of Understanding that aims to promote a cooperative relationship between the agencies.

What we recommended

The report made recommendations to FCNSW which aim to improve:

  • staff training
  • consistency of compliance reviews and data capture
  • targeting of compliance activities
  • measurement of performance.

The report made recommendations to the EPA which aim to improve:

  • risk-assessments
  • staff training
  • staff equipment.

The report also recommended that FCNSW and EPA should fully implement their Memorandum of Understanding.

The Forestry Corporation of NSW (FCNSW) is a state-owned corporation that supplies timber to sawmills in New South Wales, including timber harvested from public native forests. FCNSW is responsible for the management of around two million hectares of public native forests and plantations. Around half the area of native forests is permanently set aside for conservation.

Public native forestry is regulated through the Forestry Act 2012, Biodiversity Conservation Act 2016, Protection of the Environment Operations Act 1997 and associated regulations. Under the Forestry Act 2012, the objectives of FCNSW include, where its activities affect the environment, to conduct its operations in compliance with the principles of ecologically sustainable development contained in section 6(2) of the Protection of the Environment Administration Act 1991. This involves the integration of social, economic and environmental considerations in decision-making processes.

In undertaking its native forestry operations, FCNSW must comply with Integrated Forestry Operations Approvals (IFOA), issued jointly by the Minister for the Environment and the Minister for Agriculture, which set out rules to protect species and ecosystems where timber harvesting is occurring, and aim to ensure forests are managed in an ecologically sustainable way. FCNSW must also ensure that its contractors undertake forestry operations in line with IFOAs. The Coastal IFOA, developed in 2018, consolidated the four IFOAs for the Eden, Southern, Upper and Lower North East coastal regions of New South Wales into a single IFOA. The other three current IFOAs are Brigalow Nandewar, South Western Cypress and Riverina Redgum (the Western IFOAs).

The NSW Environment Protection Authority (EPA) is responsible for regulating native forestry in New South Wales. Under the Protection of the Environment Administration Act 1991, one of the objectives of the EPA is to protect, restore and enhance the quality of the environment in New South Wales, having regard to the need to maintain ecologically sustainable development. This includes monitoring FCNSW’s compliance with IFOA conditions, including by maintaining and enforcing a compliance program.

The Coastal IFOA also introduced a new structure and regulatory approach for IFOAs, establishing outcomes, conditions and protocols. The conditions set mandatory actions and controls intended to protect threatened plants, animals, habitats, soils and water. The protocols, referenced in the conditions, set out additional enforceable actions and controls intended to support the effective implementation of the conditions.

Public native forestry is the largest component of hardwood supply in New South Wales. The 2019–20 bushfires had a major impact on regional communities, and large areas of native forest. This heightened environmental risks and challenges in public native forestry. Five million hectares of New South Wales was impacted, including more than 890,000 hectares of native State Forests. This is over 40% of the coastal and tablelands native State Forests in New South Wales.

In addition to effective compliance activities, the success of the regulatory approach to public native forestry operations depends on how wood supply yields are modelled, and ensuring that harvested volumes do not exceed these yields. This is of particular importance in areas where forests have been severely damaged by fire. This audit did not consider sustainable yields. Recent reviews of this include an independent review of the FCNSW sustainable yield model and a Natural Resources Commission review in 2021.

This audit assessed how effectively Forestry Corporation of NSW manages its public native forestry activities to ensure compliance, and how effectively the Environment Protection Authority regulates these activities.

Conclusion

Forestry Corporation of NSW (FCNSW) clearly articulates its compliance obligations at the corporate level and for each harvest site. However, there are deficiencies in FCNSW’s compliance approach. While FCNSW undertakes monitoring of its contractors in a number of ways, it does not consistently monitor compliance across its contractors and does not target its monitoring activities on a risk basis. This increases the risk that non-compliant practices will not be identified, potentially leading to environmental harm.

FCNSW has a compliance strategy and program that sets out its compliance obligations and how they will be managed. FCNSW’s Compliance Policy outlines compliance requirements, actions to ensure compliance, and responsibilities for staff, supervisors, senior management and board members. FCNSW also has a compliance monitoring system manual that outlines its monitoring program, and its risk-assessment and incident reporting procedures. These corporate documents set out FCNSW’s overall approach to managing compliance.

Harvesting in State Forests is undertaken by contractors or sub-contractors. FCNSW provides training to its staff and contractors and undertakes monitoring to identify contractor compliance with relevant requirements through a variety of means, including its quality assurance assessment (QAA) program. FCNSW also communicates compliance obligations to contractors in harvest plans.

FCNSW is not undertaking its monitoring activities on a risk basis. The frequency of contractor supervision is inconsistent and is not tied to the contractor’s past performance, meaning that monitoring resources are not necessarily being targeted at the areas of highest -risk.

FCNSW also does not target its QAAs on a risk basis. FCNSW does not have procedures for how QAAs should occur outside the North Coast region. QAAs are conducted inconsistently, with some reviews occurring in only part of the harvest site while others cover the whole harvest site. In addition, some QAAs do not meet FCNSW’s minimum standards. FCNSW’s record keeping of QAAs is also inconsistent, making it difficult to determine true levels of compliance and the cause of identified potential non-compliances.

In addition, FCNSW does not collate and analyse the results of its compliance monitoring to target its compliance audits. Undertaking these audits on a risk basis would allow FCNSW to apply its resources to the highest-risk harvest sites and contractors.

The EPA identifies native forestry as a high priority regulatory activity and undertakes proactive inspections of Coastal IFOA harvest sites on a risk basis. However, the EPA does not assess the risk at Western IFOA harvest sites, leaving a significant gap in its inspection regime. This means that the EPA may not be inspecting all high-risk harvest sites to ensure compliance with regulations across those sites. The EPA has started to train more of its staff in conducting forestry inspections, but it currently has a limited number of trained and experienced staff to undertake this work.

The EPA has developed a Regulatory and Compliance Priorities Statement 2022–23 which identifies native forestry as a key risk. This statement identifies that forestry is a priority area for its compliance activities because of the increased environmental risk and sensitivity in forests following the 2019–20 bushfires. A divisional plan for its regulatory operations contains specific actions for forestry, including ensuring that the EPA has a consistent approach to recording regulatory actions undertaken and identifying priority areas for assurance over State Forests.

As part of its compliance activities, the EPA responds to complaints received, or reports of non-compliance, across all four IFOA areas and also carries out proactive inspections in the Coastal IFOA area. To guide these inspections, the EPA determines the level of risk posed by each harvest site in the Coastal IFOA area using information it gathers from FCNSW. The EPA prioritises inspections of sites rated as high and medium-risk, but the EPA has not undertaken risk-assessments for the three Western IFOAs. By not determining the risks in these areas, the EPA does not have assurance that it is checking FCNSW compliance with regulations across all high-risk sites.

Most EPA staff have basic training in forestry matters, but few staff have the more advanced training required to effectively undertake forestry inspections. In addition, not all EPA officers have access to the technology required to undertake forestry inspections, such as internet-enabled tablets and specialised tapes for measuring tree diameter. This limits the EPA’s ability to determine the level of compliance with regulations and respond effectively to instances of environmental harm in relation to public native forestry.

The Coastal IFOA does not contain provisions which allow the EPA to unilaterally restrict forestry activities in the aftermath of a catastrophic event such as the 2019–20 bushfires. Following the bushfires, FCNSW approached the EPA and asked for additional site-specific operating conditions (SSOC) at some locations to assist it in maintaining compliance. The SSOCs were issued by the EPA and FCNSW was required to carry out forestry operations in accordance with the SSOCs at relevant harvest sites. These SSOCs were in place for 12 months. After a year, FCNSW decided not to renew this approach with the EPA, but implemented its own voluntary measures during harvesting operations. Unlike the SSOCs, the EPA was unable to undertake enforcement activities for breaches of voluntary measures.

Appendix one – Responses from agencies
Appendix two – About the audit
Appendix three – Performance auditing

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #382 - released 22 June 2023

Published

Actions for Financial Management and Governance in MidCoast Council

Financial Management and Governance in MidCoast Council

Local Government
Financial reporting
Internal controls and governance
Management and administration
Risk

Introduction

The Auditor-General's financial and performance audits of local councils aim to improve financial management, governance and public accountability across the local government sector.

Annual Local Government reports to Parliament have consistently highlighted risks and weaknesses across the sector in relation to financial management and governance. We will continue to focus on these matters as a priority area in our forward work program.

While this report focuses on MidCoast Council, the findings should be considered by all councils to better understand the challenges and opportunities when addressing financial sustainability and financial management needs.

Findings and recommendations around the effectiveness of long-term financial planning, comprehensive and timely financial reporting and financial management governance arrangements are relevant for all councils.

What this report is about

The Local Government Act 1993 requires councils to apply sound financial management principles, including sustainable expenditure, effective financial management and regard to intergenerational equity.

This audit assessed whether MidCoast Council has effective financial management arrangements that support councillors and management to fulfill their responsibilities as financial stewards.

What we found

MidCoast Council has not met all legislative and policy requirements for long-term financial planning.

From FY2019–20 to FY2020–21, the Council had financial management and governance gaps. Some gaps were addressed throughout FY2021–22.

MidCoast Council experienced significant challenges in its implementation of a consolidated financial management system following amalgamation in 2016 and the merging of MidCoast Water in 2017. This led to gaps in finance processes and data quality.

What we recommended

The report recommends that MidCoast Council should:

  • ensure its long-term financial plan meets legislative and policy requirements
  • undertake service reviews to better understand net costs to inform budget and financial planning decisions
  • improve the quality of asset management information to inform budget and financial planning decisions
  • use the financial management components of the MC1 system to its full potential
  • address control and process gaps identified in audits and reviews
  • ensure competency of those responsible for finance and budget
  • ensure financial sustainability initiatives account for the cost of services and asset management information.

Effective financial management is important in ensuring that councils achieve their long-term objectives, remain financially viable and deliver intended benefits to the community.

Sustainable financial management has been a priority for the local government sector since 2013 and continues to be one of the highest rated risks and priorities among councils in 2023.

According to data provided by the Department of Planning and Environment, during FY2020–21, NSW local councils:

  • collected $7.8 billion in rates and annual charges
  • received $5.8 billion in grants and contributions
  • incurred $4.8 billion of employee benefits and on costs
  • held $16.8 billion of cash and investments
  • managed $175.2 billion in infrastructure, property plant and equipment
  • entered into $3.7 billion of borrowings.

The Local Government Act 1993 (LG Act) requires local councils to apply sound financial management principles including responsible and sustainable expenditure, investment, and effective financial and asset management. Under the LG Act and the Local Government Regulation 2021 (LG Regulation) councils are required to:

  • establish and monitor their budget position
  • clearly establish approaches to raise revenue, including from rates and other sources
  • develop and implement integrated planning to ensure financial sustainability in line with community priorities and needs
  • regularly report on their financial performance through financial statements.

The objective of the audit is to assess whether MidCoast Council (the Council) has effective financial management arrangements that support councillors and management to fulfil their financial stewardship responsibilities. It considers whether:

  • the Council has an effective governance framework for financial management, through the existence of governance, risk management, internal controls and provision of adequate financial management training, including whether:
    • governance, risk management and internal controls are in place for financial management
    • adequate financial management and governance training and support has been provided to councillors, management and operational managers.
  • the Council has quality and comprehensive internal financial management reporting, including whether:
    • councillors and management have identified and implemented essential internal financial management reporting elements
    • council’s financial systems and data have integrity, and support identified financial management report production requirements
    • council reports are relevant, consistent, reliable, understandable, and tailored towards the requirements of key users (appendix two provides more information about the characteristics of effective financial management reporting).
  • the financial management governance and reporting arrangements support councillors and management to fulfil their financial stewardship responsibilities, including whether councillors and management use internal financial management reporting to:
    • support budget decisions, resource allocation and cost setting (for example fees and charges)
    • monitor financial sustainability
    • assess operational efficiency, financial services and investments
    • make improvements where necessary.

This audit completed fieldwork during November 2022 to February 2023. The audit period of review was from 1 July 2019 to 30 June 2022.

Conclusion

MidCoast Council has not effectively carried out long-term financial planning to address its identified long-term financial sustainability challenges.

MidCoast Council has not met all legislative and policy requirements to effectively carry out long-term financial planning. It has not effectively considered and communicated how it will achieve financial sustainability goals and has not identified options to achieve such goals through its long-term financial plan.

Since 2020, and throughout 2021 and 2022, MidCoast Council has identified a need to focus on developing strategies for financial sustainability following the projected operating deficit for its general fund over the next ten years.

In September 2022, the Council took early steps to implement plans that aim to address the identified financial sustainability issues, but the Council has not yet established effective processes to analyse the true cost of services and address its unreliable asset condition data. Both are required to accurately inform its long-term resourcing strategy.

Between FY2019–20 and FY2020–21, MidCoast Council had gaps in its financial management and governance arrangements. The Council has taken some actions to address the gaps throughout FY2021–22.

Between FY2019–20 and FY2020–21, MidCoast Council did not ensure effective financial management governance and reporting arrangements. Over that time, the Council did not perform monthly reconciliation and reporting processes that would provide timely information and assurance to management and councillors over the Council's finances. It did not ensure that all financial management reporting met statutory deadlines for submission to councillors.

During this period, reviews, financial audits and internal audits identified risks to, and gaps in, finance processes, systems and controls. The consequences of these gaps were increased use of manual processes, and risks to the integrity of financial data and information used by management.

During FY2021–22, MidCoast Council implemented actions and processes that have increased transparency and led to improved financial governance. These include addressing and implementing some audit recommendations, and implementing monthly financial management reporting and month-end reconciliations.

MidCoast Council has commenced a $21 million program to improve its customer experience, asset management, ICT and back office business processes. The Council advises that this program has a five-year implementation timeframe and it expects to achieve financial benefits over the ten years following commencement.

MidCoast Council experienced significant challenges in its implementation of a consolidated financial management system following amalgamation in 2016 and the merging of MidCoast Water functions in 2017. This has led to gaps in finance processes and data quality within the system.

In 2016, following amalgamation, MidCoast Council commenced work to procure and implement an enterprise resource planning system which included a consolidated financial management system. In 2017, Council further merged with MidCoast Water and arrangements were made to implement the system (MC1) after the functions of MidCoast water were incorporated. The Council continued to use four separate financial management systems until it commenced a progressive implementation of MC1 from 2019 to 2021. Across MC1's implementation, the Council experienced significant challenges relating to change management, user functionality and configuration.

This meant that the Council did not ensure that all of its staff were using MC1 effectively and efficiently, which led to gaps in finance processes and data quality, and delays in delivering integrated and automated financial processes across the amalgamated Council.

Since implementation, MidCoast Council has used MC1 to carry out finance processes required to collect rates, prepare budgets, monitor expenditure and income and prepare financial statements. 

Appendix one – Response from agency

Appendix two – Characteristics of effective financial management reporting

Appendix three – About the audit 

Appendix four – Performance auditing

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #381 - released 16 June 2023