Refine search Expand filter

Audit progress

- Any -

Sector

- Any -

Year

- Any -

Report type

- Any -

Topic

- Any -

Reports

Published

Integrity of grant program administration

Local Government
Premier and Cabinet
Internal controls and governance
Management and administration

What the report is about

This report assessed the integrity of the assessment and approval processes for two grant programs:

  • Stronger Communities Fund Round 2 (tied grants round), which was administered by the former Office of Local Government (OLG) and provided $252 million to newly amalgamated councils and other councils that had been subject to a merger proposal during 2017–18 and 2018–19.
  • Regional Cultural Fund, which was administered by Create NSW (now within the Department of Premier and Cabinet) and awarded $100 million for cultural projects in regional NSW.

What we found

The assessment and approval process for Round 2 of the Stronger Communities Fund lacked integrity. The government decided to prioritise funds for councils that had worked constructively with the government through the 2016 merger process. 

However, this information was not included in the program guidelines. The program guidelines were not published and did not contain details of selection and assessment processes. Councils and projects were instead identified by the former Premier, Deputy Premier and Minister for Local Government and communicated to OLG with little or no information about the basis for the council or project selection. There was no merit assessment of identified projects. This process resulted in 96 per cent of funds allocated to coalition state seats.

The assessment process that Create NSW used for the Regional Cultural Fund was robust and produced transparent and defensible recommendations to the minister. However, the former Minister for the Arts, in consultation with the former Deputy Premier, did not follow the recommendations of the independent assessment panel in 22 per cent of cases. Reasons for these changes were not documented by Create NSW.

What we recommended

The Department of Premier and Cabinet should develop a model for grant administration that must be used for all grant programs administered in NSW that:

  • is based on ethical principles such as impartiality, equity and transparency 
  • ensures assessments and decisions can be made against clear eligibility criteria
  • ensures accountability for decisions and actions of all those who are involved in the program 
  • includes minimum mandatory administration and documentation standards
  • requires any ministerial override of recommendations to be documented. 

The Department of Planning and Environment should ensure that guidelines prepared for all grant programs are published and include a governance framework that includes accountabilities and key assessment steps.

Fast facts    

Stronger Communities Fund Round 2

  • $252m allocated to 24 councils    
  • 96% allocated to council projects in coalition state seats
  • 36% of the funding ($90m) was allocated to a single council
  • $8m in projects identified before the program guidelines were finalised

Regional Cultural Fund

  • 405 applications received across three funding rounds
  • $99m awarded for 147 cultural projects in regional NSW 
  • 22% panel recommendations not followed by ministers  
  • $9.3m awarded to projects not recommended by panel

Grants are frequently used by the state government to deliver funds to councils and community organisations to provide infrastructure and services important to their local communities. Grant programs are administered by NSW Government agencies in line with priorities and objectives set by the government.

Guidance for agencies administering grant programs is available in the Good Practice Guide to Grants Administration (the 'DPC Guide') which is maintained by the Department of Premier and Cabinet (DPC). In addition to this guide, some agencies maintain their own grant program policies and guidelines. More broadly, public servants are required to comply with financial legislation and the Government Sector Employment Act 2013 which include requirements to be transparent, fiscally responsible and focus on the efficient, effective and prudent use of resources.

The objective of this performance audit is to assess the integrity of the assessment and approval processes for NSW Government grant programs.

The audit focuses on two grant programs, both administered during the 2017–18 and 2018–19 financial years. The Stronger Communities Fund (round two tied grants round) was administered by the former Office of Local Government (OLG), now referred to as the Local Government Group within the Department of Planning and Environment (DPE). The fund awarded $252 million to 24 councils that had amalgamated in 2016 or which had been the subject of a merger proposal. The Regional Cultural Fund was administered by Create NSW, now within the Department of Premier and Cabinet (DPC). The fund awarded $100 million to organisations in regional New South Wales to support the development of cultural infrastructure in regional areas.

The audit comments upon the role played by the then Premier, Deputy Premier, ministers and their staff in the audited grant programs to provide context. The Audit Office of NSW cannot compel those individuals to participate in the audit or provide documents. In all cases, reference to the Premier, Deputy Premier, ministers, MPs and their staff refers to the individuals who were in those roles at the time the grant programs were administered unless otherwise noted.

Conclusion

Stronger Communities Fund

The assessment and approval processes for round two of the Stronger Communities Fund (SCF) lacked integrity. The program guidelines developed by the Office of Local Government (OLG) were deficient in a number of aspects and were not used to guide the selection of councils or projects for funding. Of the 55 councils that met the eligibility criteria in the guidelines, 24 received funding. Ninety-six per cent of available SCF funding was allocated to projects in coalition-held state government electorates. Funding for councils was determined by the then Premier, Deputy Premier and Minister for Local Government and communicated by their staff through emails to OLG with little or no information about the basis for the council or project selection. OLG administered payment of these funds without questioning or recording the basis for selection. For the 22 councils where funding allocations were determined by the former Premier and Deputy Premier, the only record of their approval is a series of emails from their staff. The exclusion of key information from the program guidelines and the lack of formality in approving 22 of the 24 funding allocations prevent accountability and transparency over the government's approach to selecting councils for funding.

In July 2017, the NSW Government established priorities for how the remaining SCF funds should be used. The funds were to be used to cover costs associated with councils' legal action relating to amalgamation, to reimburse costs incurred by councils that were unable to merge but had participated constructively in the merger process, and to fund community initiatives in council areas that had amalgamated in 2016.

OLG developed the initial grant program guidelines between July 2017 and September 2017 in consultation with the then Premier, Deputy Premier and Minister for Local Government and their staff. These were then revised in June 2018. Neither version of the guidelines made reference to the type of projects that were to be prioritised and did not set out how the funds should be administered in accordance with these priorities. The guidelines also did not include information about how councils and projects would be selected and made no provision for an assessment of identified projects against the criteria for eligible projects in the guidelines. OLG did not publish the guidelines and the process adopted by the Premier, Deputy Premier and Minister for Local Government to select projects did not reference the criteria for eligible projects in the guidelines. The selection of councils and funded projects resulted in 96 per cent of available funding being allocated to projects in coalition-held state government electorates.

The Minister for Local Government was responsible for distributing the SCF funds but only approved funding for projects at two of 24 councils, both paid in November 2017. Projects at the other 22 councils were identified by the former Premier and Deputy Premier between June 2018 and June 2019 in consultation with other coalition Members of Parliament and communicated to OLG through emails from Premier and Deputy Premier's staff. When making payments in response to email instructions from staff in the offices of the Premier, Deputy Premier and Minister for Local Government, OLG did not seek to ensure that identified projects were consistent with the guidelines and made payments to selected councils with little or no information to justify them. With the exception of the two funding allocations approved by the then Minister for Local Government, OLG also did not ensure that formal records were in place to document approval for the remaining 22 funding allocations.

Regional Cultural Fund

The assessment process that Create NSW used for the Regional Cultural Fund was robust and produced transparent and defensible recommendations to the then Minister for the Arts. However, the integrity of the approval process for funding allocations was compromised because the minister, in consultation with the then Deputy Premier, did not follow the recommendations of the independent assessment panel in multiple cases and the reasons for making changes were not documented by the minister's office or Create NSW.

All projects that received funding were assessed by Create NSW as eligible for funding under the program. An independent assessment panel assessed applications against the program objective and criteria. This process was designed in line with good practice in grants administration and was implemented consistently. The then Minister for the Arts, in consultation with the former Deputy Premier, did not follow the panel's recommendations for 22 per cent, or more than one in five, of the applications assessed for funding. Thirty-four applications that were recommended by the independent panel did not receive any funding. In the second funding round, seven of the top ten ranked applications were not funded.

The Minister for the Arts approved funding for 22 applications that were not recommended by the independent panel. This resulted in around $9.3 million being awarded to applicants that were not rated highest by the independent panel, including six applicants that received grants of $500,000 or more. Most did not meet one or more assessment criteria and received low ratings.

The then minister did not provide reasons for not approving funding in line with the recommendations of the panel. This did not breach any legislation or guidelines in New South Wales, but it compromised Create NSW's ability to demonstrate integrity and value for money in the RCF approval process. It creates a clear perception that factors other than the merits of the projects influenced funding decisions.

Create NSW's administration of the Regional Cultural Fund was based on relevant legislative requirements and good practice guidance. The objectives of the program were defined clearly and the guidelines and criteria were consistent with the program objectives. The governance and probity framework was appropriate for the size and nature of the program.

Appendix one – Response from agencies

Appendix two – List of funded projects - Stronger Communities Fund Round 2

Appendix three – List of funded projects - Regional Cultural Fund

Appendix four – About the audit

Appendix five – Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #361 - released 8 February 2022.

Published

Internal controls and governance 2021

Whole of Government
Compliance
Cyber security

This report analyses the internal controls and governance of the 25 largest agencies in the NSW public sector, excluding state owned corporations and public financial corporations, for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the ‘Report on State Finances’ focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the ‘Report on State Finances’ has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no matters in this report impacting the Total State Sector Accounts we have decided to break with normal practice and table this report ahead of the ‘Report on State Finances’.

What the report is about

This report analyses the internal controls and governance of the 25 largest agencies in the NSW public sector, excluding state owned corporations and public financial corporations, for the year ended 30 June 2021.

What we found

Internal control trends

The proportion of control deficiencies identified as high risk this year increased to 2.8 per cent (2.5 per cent in 2019–20). Six high risk findings related to financial controls while three related to IT controls. Two were repeat findings from the previous year.

Repeat findings of control deficiencies now represent 49 per cent of all findings (42 per cent in 2019–20).

Information technology

We continue to see a high number of deficiencies relating to IT general controls, particularly around user access administration and privileged user access which affected 82 per cent of agencies.

Cyber security

Agencies' self-assessed maturity levels against the NSW Cyber Security Policy (CSP) mandatory requirements are low. Although agencies are required to demonstrate continuous improvement against the CSP, 20 per cent have not set target levels and of those that have set target levels, 40 per cent have not met their target levels.

Policies, processes and definition around security incidents and data breaches lack consistency. Improvement is required to ensure breaches are recorded in registers and action taken to address the root cause of incidents.

Conflicts of interest

Agencies' policies generally meet the minimum requirements of the Ethical Framework set out in the Government Sector Employment Act 2013. However, few meet the Independent Commission Against Corruption's best practice guidelines. Policies could be strengthened in relation to requirements around annual declarations of interests from employees and contractors.

Masterfile management

Policies governing the management of supplier masterfiles and employee masterfiles existed in 79 per cent and 54 per cent of agencies respectively.

Weaknesses were identified in those policies. Access restriction, segregation of duties and record keeping were the most common opportunities for improvement.

Tracking recommendations

Most agencies do not maintain a register to monitor recommendations from performance audits and public inquiries. Registers of recommendations could be improved to include risk ratings and record revisions to due dates. While recommendations can take several years to fully address, the oldest open items were originally due for completion by June 2016.

What we recommended

Agencies should:

  • prioritise actions to address repeat control deficiencies, particularly those that have been repeated findings for a number of years
  • prioritise improvements to their cyber security and resilience as a matter of urgency
  • formalise and implement policies on tracking and monitoring the progress of implementing recommendations from performance audits and public inquiries.

Fast facts

The 25 largest NSW government agencies in this report cover all nine clusters and represent over 95 per cent of total expenditure for NSW public sector.

  • high risk audit findings were identified this year
  • 40% of agencies have not formally accepted residual cyber risk based on their self-assessed maturity levels
  • 52% of agencies do not have a policy on tracking recommendations from performance audits and public inquiries
  • 50% of all internal control deficiencies identified in 2020–21 were repeat findings
  • 75% is the average completion rate of annual staff declarations of interests.

Internal controls are processes, policies and procedures that help agencies to:

  • operate effectively and efficiently
  • produce reliable financial reports
  • comply with laws and regulations
  • support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.

The scope of this year's report covers 25 general government sector agencies. Last year's report covered 40 agencies within the total state sector. For consistency and comparability, we have adjusted the 2020 results to include only the agencies remaining within scope of this year's report. Therefore, the 2020 figures will not necessarily align with those reported in our 2020 report.

Section highlights

  • We identified nine high risk findings, compared to eight last year, with two findings repeated from last year. Six of the nine findings related to financial controls and three related to IT controls.
  • The proportion of repeat deficiencies has increased from 44 per cent in 2019–20 to 50 per cent in 2020–21. The longer these weaknesses in internal control systems exist, the higher the risk that they may be exploited and consequential impact.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agency controls to manage key financial systems.

Section highlights

  • We continue to see a high number of deficiencies related to IT general controls, particularly those related to user access administration and privileged user access.
  • Agencies are increasingly contracting out key IT services to third parties, however, weaknesses in IT service providers' controls can expose an agency to cyber security risks.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' cyber security planning and governance arrangements.

Section highlights

  • Agencies' self‑assessed cyber maturity levels against the NSW Cyber Security Policy mandatory requirements are low and have not met their target levels. Forty per cent of agencies have not formally accepted the residual risk from gaps between their target and current maturity levels.
  • Most agencies have conducted cyber awareness training to staff during 2020–21. Some have further enhanced this training through awareness exercises such as simulated phishing emails to test staff knowledge.
  • Registers of security incidents and breaches are not consistent across agencies. Four agencies recorded nil breaches during 2020–21, however, their definition of incidents and breaches was not consistent with other agencies. For instance, they did not include account compromises or denial of service attacks. Only seven agencies' registers included details of actions taken to resolve issues.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' conflicts of interest management processes.

Section highlights

  • Most agencies have established conflicts of interest policies consistent with the mandatory requirements of the Code of Ethics and Conduct for NSW Government sector employees. Agencies' policies could be strengthened to apply the standard they apply to senior executives to all employees and contractors. Currently, only senior employees are required to make annual declarations of interests, yet the ability to make or influence decisions is delegated to others in the organisation.
  • Half of agencies' policies specify units or divisions that are at higher risk of conflicts of interest arising due to the nature of their business. Policies should identify additional measures at the unit/division level to mitigate these risks.
  • On average, less than 75 per cent of staff completed annual declarations of interest where required. This could be improved with ongoing staff training and awareness, and follow up on incomplete conflicts of interest.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agency's management of supplier and employee masterfiles.

Section highlights

  • Most agencies have established policies or procedures on supplier masterfile management, however, only 56 per cent do for employee masterfile management.
  • Less than half of agencies review user access rights to supplier or employee masterfiles which contain sensitive information and are susceptible to fraud. Access to edit the masterfiles should be limited to authorised personnel for whom it is required to perform their duties.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' processes to track and monitor the implementation of recommendations from performance audits and public inquiries.

Section highlights

  • Less than half of all agencies have a formal policy on monitoring recommendations from performance audits or public inquiries. Agencies should formalise and implement policies on tracking and monitoring the progress of those recommendations.
  • 56 per cent of agencies maintain a register of recommendations from performance audits or public inquiries. Registers could be improved to include features such as risk/priority rating, milestone due dates, record of revisions to due dates and explanatory comments.
  • Recommendations can take several years to address, with the oldest unactioned items we noted dating back to 2016. Agencies reported completion of a third of recommendations that were raised within the last year.

Published

Government advertising 2020-21

Premier and Cabinet
Compliance
Management and administration

What the report is about

The Government Advertising Act 2011 requires the Auditor General to conduct a performance audit on government advertising activities each financial year.

This audit looked at whether three campaigns run by Destination NSW (DNSW) during 2020–21 were carried out in an effective, economical and efficient manner:

  • Love Sydney (comprising two sub campaigns being ‘Sydney - Love It Like You Mean It’ and ‘Get Your Sydney On’)
  • Love NSW
  • Road Trips. 

What we found

DNSW complied with section 6 of the Government Advertising Act 2011 (the Act), prohibiting political content.

The Act requires the head of an agency to sign a compliance certificate that certifies that the campaign complies with the Act and is an efficient and cost effective means of achieving its public purpose. 

When the Acting Chief Executive of DNSW signed DNSW’s compliance certificate, evidence to support this certification was not available.

The Act requires a peer review and cost benefit analysis for campaigns over $1.0 million. DNSW did not complete the peer review or cost-benefit analysis for the audited advertising campaigns before they had concluded. 

The Department of Customer Service (DCS), which manages the peer review process, did not escalate the issue of the outstanding peer review documentation to senior DNSW staff. 

DNSW did not set targets for all measures established for the campaigns. This limits the ability to assess their effectiveness.

The impact of the COVID-19 pandemic likely contributed to the campaigns not meeting a substantial proportion of established outcome and impact targets.

None of the audited campaigns met the minimum requirement of 7.5 per cent for the allocation of the media budget for communications with Culturally and Linguistically Diverse and Aboriginal audiences.

What we recommended

DNSW should:

  • implement processes for planning and delivering advertising campaigns delivered in urgent circumstances to bring them in line with NSW Government practice
  • ensure that it establishes measurements and targets for outcomes and impacts of its advertising campaigns consistent with NSW Government evaluation frameworks and guidance.

The Department of Customer Service should:

  • establish a policy and procedure for ensuring that campaign documentation is completed in a timely manner in the case of urgent campaigns, including establishing expectations around timeframes for the completion of peer review
  • establish a procedure for escalating issues of outstanding documentation to ensure that the peer review is completed in line with reasonable expectations and timeframes.

Fast Facts

  • $9.6m is the total money spent on the three audited campaigns
  • $91.2m is the total amount of money spent by the NSW Government on advertising in 2020–21.

The Government Advertising Act 2011 (the Act) requires the Auditor-General to conduct a performance audit on the activities of one or more government agencies in relation to government advertising campaigns in each financial year. The performance audit assesses whether a government agency or agencies have carried out activities in relation to government advertising in an effective, economical and efficient manner and in compliance with the Act, the regulations, other laws and the Government Advertising Guidelines (the Guidelines). This audit examined three campaigns run by Destination NSW during the 2020–21 financial year:

  • Love Sydney (comprising two sub-campaigns being ‘Sydney - Love It Like You Mean It’ and ‘Get Your Sydney On’), focussing on increasing visitor activity in Sydney
  • Love NSW, focussing on increasing visitor activity in regional New South Wales
  • Road Trips, focussing on encouraging visitor activity on iconic road trips in regional New South Wales.

Section 6 of the Act prohibits political advertising. Under this section, material that is part of a government advertising campaign must not contain the name, voice or image of a minister, member of Parliament or a candidate nominated for election to Parliament or the name, logo or any slogan of a political party. Further, a campaign must not be designed to influence (directly or indirectly) support for a political party.

The Act and associated regulations and the Guidelines also establish an accountability and compliance framework around the investment in advertising by NSW Government agencies.

The government's operating circumstances at the commencement of the 2020–21 financial year were highly challenging, with the 2019–20 bushfires being followed by the COVID-19 pandemic. This created new demands across a range of government services, and without any clear view on the severity of the pandemic and when it would end. This was the case for Destination NSW, which had to plan for its advertising activities in the context of an uncertain future for national border closures (impacting international in-bound travel) and lockdowns across Australia, including in New South Wales (impacting domestic travel). Further, the sudden nature of outbreaks and lockdowns meant that Destination NSW often was required to change the targeting of its campaigns and, in some situations, had to cease particular advertising activities until specific lockdowns had ended.

Conclusion

The three Destination NSW campaigns subject to this audit were consistent with the allowed purposes of government advertising and did not include political advertising.

Destination NSW did not comply with the requirement to complete a peer review of campaigns, nor did it complete a cost-benefit analysis before or during the conduct of each of the audited campaigns. These requirements of the Act are designed to provide reasonable assurance that the advertising campaigns represented efficient, effective and economical uses of government funds.

Two of the three campaigns achieved some of their objectives relating to influencing consumers. The effects of the COVID-19 pandemic likely contributed to all of the campaigns not meeting a substantial proportion of established outcome and impact targets, with the impact of COVID-19 varying across campaigns and performance measures. It is particularly difficult to determine the impact of COVID-19 where measures or targets have not been set, as was the case with some of the measures for these campaigns. The impact of the COVID-19 pandemic also meant Destination NSW needed to make media placement changes when lockdown resulted in pauses or re-directions of media activities. This led to some unforeseen expenditure, but was an unavoidable consequence of needing to make changes at short notice.

Destination NSW was only able to present evidence that two of the campaigns ('Sydney - Love It Like You Mean It' and 'Love NSW') represented a positive benefit-cost ratio.

The Act requires the head of an agency to sign a compliance certificate stating that, among other things, the campaign complies with the Act, the regulations and the Guidelines, and that the campaign is an efficient and cost-effective means of achieving the public purpose. The Acting Chief Executive of Destination NSW signed the required compliance certificate associated with all of its 2020–21 advertising campaigns in February 2020, before they had been designed and planned, and before the associated expenditure had been approved.

Destination NSW did not complete required cost-benefit analyses before the campaigns commenced or while the campaigns were airing and did not establish complete suites of measures and targets for impact and outcomes of the advertising campaigns to inform the campaign.

Destination NSW did not ensure that the required peer review process was completed in a timely manner. The Department of Customer Service (DCS) supported Destination NSW's decision to commence the campaigns while the peer review was completed simultaneously. The Act allows this for urgent campaigns, and Destination NSW and DCS agreed that the need for this campaign to support driving economic activity in New South Wales after months of reduced activity brought on initially by the 2019–20 bushfires and then by the pandemic warranted this approach. As the campaigns progressed, DCS provided reminders to complete the peer review process, but this was not done. DCS did not escalate the issue of the incomplete peer review during this time. In September 2021 it advised Destination NSW officially that it would not consider further submissions for peer review with regard to the completed campaigns.

Destination NSW could not demonstrate how its campaign designs or media placements effectively supported the cultural needs and issues of culturally and linguistically diverse populations, consistent with the requirements of the 'Culturally and Linguistically Diverse (CALD) and Aboriginal Advertising Policy'.

Destination NSW did not establish comprehensive suites of measures and targets to allow for robust assessments of whether the campaigns achieved the intended outcomes from the campaigns. This limited the effectiveness of these measures as an accountability tool as intended by the NSW Government evaluation framework. 

All three advertising campaigns complied with the political advertising prohibitions in the Act and were for an allowed purpose.

The Acting Chief Executive of Destination NSW signed the required compliance certificate associated with all of its 2020–21 advertising campaigns in February 2020, before the campaigns had been designed and planned, and before the associated expenditure had been approved. This means that the assertions in the certification could not be supported. It is therefore not a reliable certification of compliance with the Act. A more reliable approach to completion of the compliance certificate, and an approach that is more typical across other NSW Government advertising campaigns, is to complete the certification after all planning and designs work is done, after the peer review is complete, and immediately prior to the launch of the campaign.

Destination NSW did not complete the peer review of campaigns, nor a cost-benefit analysis before or during the conduct of the audited campaigns. This is inconsistent with key aspects of accountability within the NSW Government's framework for advertising. As the campaigns progressed, DCS provided reminders to complete the peer review process, but this was not done by Destination NSW prior to the end of the campaigns. DCS did not escalate the issue of the incomplete peer review during this time. In September 2021 DCS advised Destination NSW officially that it would not consider further submissions with regard to the completed campaigns.

Destination NSW could not demonstrate how its campaign designs or media placements effectively supported the cultural needs and issues of culturally and linguistically diverse populations, consistent with the requirements of the 'CALD and Aboriginal Advertising Policy'. 

Campaign materials we reviewed did not contain political content

The audit team reviewed campaign materials developed as part of each of the paid advertising campaigns including radio transcripts, digital videos and display. See Appendix two for examples of campaign materials for this campaign.

Section 6 of the Act prohibits political advertising as part of a government advertising campaign. A government advertising campaign must not:

  • be designed to influence (directly or indirectly) support for a political party
  • contain the name, voice or image of a minister, a member of parliament or a candidate nominated for election to parliament
  • contain the name, logo, slogan or any other reference to a political party.

The audit found no breaches of section 6 of the Act in the campaign material reviewed.

All reviewed campaigns were for purposes permitted by section 1.2 of the Guidelines

Section 4 of the Act states that government advertising campaigns are 'the dissemination to members of the public of information about a government program, policy or initiative, or about any public health or safety or other matter'. To support this, section 1.2 of the NSW Government Advertising Guidelines states that government advertising campaigns may only be used to achieve certain objectives. One of these objectives is to encourage changed behaviours or attitudes that will lead to improved public health and safety or quality of life.

The audit team considers that each of the reviewed advertising campaigns was consistent with this objective. This reflects the intent of each of the campaigns to increase economic activity driven by tourism activity in New South Wales, that contributes to improved quality of life for New South Wales residents.

The Acting Chief Executive signed Destination NSW's compliance certificate without supporting evidence

The Acting Chief Executive of Destination NSW signed a single compliance certificate for all Destination NSW campaigns for 2020–21 (including the three campaigns that are considered by this audit) on 28 February 2020. Evidence was not available at this date to support the statements included in the compliance certificate for the campaigns that were considered by this audit.

The compliance certificate is required by section 8 of the Act and states that the head of the agency confirms that a proposed government advertising campaign:

  • complies with the Act, the regulations and the Guidelines, and
  • contains accurate information, and
  • is necessary to achieve a public purpose and is supported by analysis and research, and
  • is an efficient and cost-effective means of achieving that public purpose.

At the time of signing the certificate in February 2020, Destination NSW had not conceived, designed or planned any of the campaigns that are considered by this audit, nor had it developed the relevant supporting information that would enable the agency to support these statements. As noted above, peer review had not commenced prior to this date. Further, Destination NSW had not completed a cost-benefit analysis or equivalent analysis.

Without any form of cost-benefit analysis or other evaluation for any of the campaigns prior to the date of signing of the compliance certificate, the Acting Chief Executive had no evidence that could support the certification that the campaigns were 'an efficient and effective means of achieving the public purpose'. The absence of peer review or a cost-benefit analysis also means that the Acting Chief Executive could not certify that the campaigns complied with the Act, the regulations or the Guidelines, nor that the campaign was supported by analysis and research.

Destination NSW did not complete peer reviews for the advertising campaigns before they ended, limiting assurance over campaign effectiveness, efficiency and economy

As all the campaigns subject to this audit were valued at over $250,000, each campaign was required to undergo peer review. The peer review is an independent review of the need for the proposed advertising campaign, the creative and media strategy (including objectives and target audiences) and how the agency will manage the campaign. Ordinarily, a peer review would be completed prior to a campaign commencing, however section 7(4) of the Act permits agencies to carry out a peer review after the advertising campaign commences 'if the head of the government agency concerned is satisfied that the campaign relates to an urgent public health or safety matter or is required in other urgent circumstances'.

DCS supported Destination NSW's assessment that these were urgent campaigns and that it would accept consideration of peer review components in parallel with the roll-out of the advertising campaigns, given the urgency of the need to generate economic activity, initially after the 2019–20 bushfires and then after the challenging circumstances brought on by the COVID-19 pandemic. This is in line with section 7(4) of the Act.

Destination NSW presented and obtained clearance on creative materials and media planning on a timely basis for two of the three campaigns (but not for the Road Trips campaign), which would ordinarily form part of peer review. However, for all campaigns, the peer reviews were not completed or signed off by DCS prior to the completion of advertising campaigns. In particular, Destination NSW did not submit material related to the accountability for campaign effectiveness, including the campaign objectives and measures before the end of the campaigns.

The absence of peer review of much of the material prior to completion of the campaigns reduces the ability of the agency and government to be confident that the advertising expenditure was consistent with NSW Government requirements, or represented efficient, effective and economical use of funds.

Destination NSW noted that section 7(4) of the Act allows the peer review to be completed after the commencement of a campaign in urgent circumstances but places no requirement on it to be completed before the end of the campaign. The audit has determined that for the peer review to meet its intended purpose, being to inform the design and delivery of the advertising campaign, it needs to be completed prior to the end of the campaign, even in urgent circumstances. DCS has supported this intent of the framework.

By the end of September 2021, DCS advised Destination NSW that it would not consider any further material for peer review related to the 2020–21 advertising campaigns. At this time, DCS closed the peer review for the Love NSW and Road Trips campaigns and assessed them as incomplete. DCS assessed the Love Sydney peer review as complete, despite noting that the campaign evaluation was not complete and with no details or confirmation of meeting culturally and linguistically diverse (CALD) advertising requirements, including for Aboriginal communities.

DCS did not escalate the issue of outstanding peer review materials

DCS worked at officer level to remind Destination NSW that peer review material was outstanding during the year. While this is appropriate as an initial point of escalation, at no time was the issue of non-compliance escalated to higher levels of management. DCS also never sent formal correspondence requesting the materials needed to ensure the completion of peer review.

DCS does not have a process for ensuring the timely completion of peer review in situations where urgency exemptions are used. There is an opportunity to formalise this process to ensure that there are appropriate escalation points and to ensure that compliance obligations are fulfilled in future.

Destination NSW did not meet the minimum requirement for allocation of the media budget for communications with CALD and Aboriginal audiences

The NSW Government 'CALD and Aboriginal Advertising Policy' stipulates that at least 7.5 per cent of an advertising campaign media budget is to be spent on direct communications to multicultural and Aboriginal audiences. Spend may be on media or non-media communication activities (e.g. events, participation at cultural festivals, direct mail, competitions and websites).

Destination NSW spent only 1.6 per cent of its media spend on culturally and linguistically diverse specific media placement on the 'Sydney - Love It Like You Mean It' campaign and none of its media placement for the other audited campaigns. This level of expenditure is substantially below the requirement.

Destination NSW could not demonstrate how its campaign designs or media placements effectively supported the cultural needs and issues of culturally and linguistically diverse populations. In connection with the 'Sydney - Love It Like You Mean It' campaign, it was noted that timeframes and production issues limited the ability to incorporate culturally diverse individuals in imagery.

Destination NSW advised that it believes the application of a 7.5 per cent threshold for specific audiences is not an effective way to reach these audiences. Destination NSW advised that its advertising was targeted at audiences with a propensity to travel, which did not necessarily include culturally diverse audiences, and its media channel research influenced its decision not to target specific CALD-focussed media channels.

None of the above factors negate Destination NSW's responsibility to ensure that the 'CALD and Aboriginal Advertising Policy' requirements are met.

In addition, Destination NSW also noted a number of non-media activities that supported culturally and linguistically diverse audiences, including translations on the sydney.com website, capturing of culturally and linguistically diverse audiences in production shooting and the production of a range of other collateral for culturally and linguistically diverse audiences. Despite these non-media activities, which Destination NSW did not quantify, the requirement for minimum expenditure in the reviewed campaigns for CALD audiences was not met by Destination NSW.

Destination NSW advised that it believes that the 7.5 per cent requirement does not apply to advertising outside of New South Wales, which the 'Get Your Sydney On', Love NSW and Road Trips campaigns targeted in whole or in part. The 'CALD and Aboriginal Advertising Policy' does not specifically limit its application to advertising for New South Wales residents.

Destination NSW did not establish comprehensive suites of measures and targets to allow for robust assessments of whether the campaigns achieved the intended outcomes from the campaigns. This limited the effectiveness of these measures as an accountability tool as intended by the NSW Government Evaluation Framework.

None of the campaigns met the majority of the targets which had been established. This means that the campaigns did not have the market impact that was committed at the time of making the investment. Despite this, the Love NSW campaign did have a positive return on investment. The 'Get Your Sydney On' campaign was not required to undergo a cost-benefit analysis as it fell below the threshold, and the Road Trips campaign had not been assessed for return on investment at the time of the audit. This indicates a measure of cost-efficiency in the delivery of one of the campaigns, and a positive impact on the New South Wales economy. For the 'Sydney - Love It Like You Mean It' campaign, both the benefit-to-cost ratio and the return on investment were considerably below reasonable benchmarks, indicating a poor cost-efficiency outcome from the investment.

In all procurement of research, production and media services, Destination NSW complied with relevant procurement requirements, providing support to achieving value for money in relevant expenditure. 

Appendix one – Response to Destination NSW

Appendix two – Response from agencies

Appendix three – About the campaigns

Appendix four – About the audit

Appendix five – Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #360 - released (23 December 2021).

Published

Planning, Industry and Environment 2021

Environment
Industry
Local Government
Planning
Asset valuation
Financial reporting
Information technology
Internal controls and governance
Risk

This report analyses the results of our audits of the Planning, Industry and Environment cluster agencies for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no outstanding matters relating to audits in the Planning, Industry and Environment cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.

What the report is about

The results of the Planning, Industry and Environment cluster agencies' financial statements audits for the year ended 30 June 2021.

What we found

Unmodified audit opinions were issued for all completed 30 June 2021 financial statements audits of cluster agencies. Three audits are ongoing.

An 'Other Matter' paragraph was included in the Independent Planning Commission's (the IPC) audit opinion because the prior year comparative figures were not audited. Prior to 2020–21, the IPC was not required to prepare separate financial statements under the Public Finance and Audit Act 1983 (PF&A Act). The financial reporting provisions of the Government Sector Finance Act 2018 now require the IPC to prepare financial statements.

The number of identified misstatements increased from 51 in 2019–20 to 54 in 2020–21.

The 2010–11 to 2019–20 audits of the Water Administration Ministerial Corporation’s (the Corporation) financial statements are incomplete due to insufficient records and evidence to support the transactions of the Corporation, particularly for the earlier years. Management has commenced actions to improve the governance and financial management of the Corporation. These audits are currently in progress and the 2020–21 audit will commence shortly.

There are 609 State controlled Crown land managers (CLMs) across New South Wales that predominantly manage small parcels of Crown land.

Eight CLMs prepared and submitted 2019–20 financial statements by the revised deadline of 30 June 2021. A further 24 CLMs did not prepare financial statements in accordance with the PF&A Act. The remaining CLMs were not required to prepare 2019–20 financial statements as they met NSW Treasury's financial reporting exemption criteria.

The Department of Planning, Industry and Environment's (the department) preliminary assessment indicates that 60 CLMs are required to prepare financial statements in 2020–21. To date, no CLMs have prepared and submitted financial statements for audit in 2020–21.

There are also 120 common trusts that have never submitted financial statements for audit. Common trusts are responsible for the care, control and management of land that has been set aside for specific use in a certain locality, such as grazing, camping or bushwalking.

What the key issues were

The number of matters we reported to management increased from 135 in 2019–20 to 180 in 2020–21, of which 40 per cent were repeat findings.

Seven high-risk issues were identified in 2020–21:

  • system control deficiencies at the department relating to user access to HR and payroll management systems, vendor master data management and journal processing, which require manual reviews to mitigate risks
  • deficiencies related to the Centennial Park and Moore Park Trust's tree assets valuation methodology
  • the Lord Howe Island Board did not regularly review and monitor privileged user access rights to key information systems
  • the Natural Resources Access Regulator identified and adjusted three prior period errors retrospectively, which indicate deficiencies within the financial reporting processes
  • deficiencies relating to the Parramatta Park Trust's tree assets valuation methodology
  • lease arrangements have not been confirmed between the Planning Ministerial Corporation and Office of Sport regarding the Sydney International Regatta Centre
  • the Wentworth Park Sporting Complex land manager (the land manager) has a $6.5 million loan with Greyhound Racing NSW (GRNSW). GRNSW requested the land manager to repay the loan. However, the land manager subsequently requested GRNSW to convert the loan to a grant. Should this request be denied, the land manager would not be able to continue as a going concern without financial support. This matter remains unresolved for many years.

There continues to be significant deficiencies in Crown land records. The department uses the Crown Land Information Database (CLID) to record key information relating to Crown land in New South Wales that are managed and controlled by the department and land managers (including councils and land managers controlled by the state). The CLID system was not designed to facilitate financial reporting and the department is required to conduct extensive adjustments and reconciliations to produce accurate information for the financial statements.

The department is implementing a new system to record Crown land (the CrownTracker project). The department advised that the project completion date will be confirmed by June 2022.

What we recommended

The department should ensure CLMs and common trusts meet their statutory reporting obligations.

Cluster agencies should prioritise and action recommendations to address internal control deficiencies, with a focus on addressing high-risk and repeat issues.

The department should prioritise action to ensure the Crown land database is complete and accurate. This will allow the department and CLMs to be better informed about the Crown land they control.

Fast facts

The Planning, Industry and Environment cluster aims to make the lives of people in New South Wales better by developing well-connected communities, preserving the environment, supporting industries and contributing to a strong economy.

There are 54 agencies, 609 State controlled Crown land managers that predominantly manage small parcels of Crown land and 120 common trusts in the cluster.

  • 42% of the area of NSW is Crown land
  • $33.2b water and electricity infrastructure as at 30 June 2021
  • 100% unqualified audit opinions were issued for all completed 30 June 2021 financial statements audits
  • 7 high-risk management letter findings were identified
  • 54 monetary misstatements were reported in 2020–21
  • 40% of reported issues were repeat issues

This report provides parliament and other users of the Planning, Industry and Environment cluster (the cluster) agencies’ financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning, Industry and Environment cluster (the cluster) for 2021.

Section highlights

  • Unmodified audit opinions were issued for all completed 30 June 2021 financial statements audits of cluster agencies. Three audits are ongoing.
  • An 'Other Matter' paragraph was included in the Independent Planning Commission’s (the IPC) audit opinion because the prior year comparative figures were not audited. Prior to 2020–21, the IPC was not required to prepare separate financial statements under the Public Finance and Audit Act 1983. From 2020–21, the IPC is required to prepare financial statements under the Government Sector Finance Act 2018.
  • The 2010–11 to 2019–20 audits of the Water Administration Ministerial Corporation’s (the Corporation) financial statements were incomplete due to insufficient records and evidence to support the transactions of the Corporation, particularly for the earlier years. These audits are currently underway, and the 2020–21 audit will commence shortly.
  • The Department of Planning, Industry and Environment's (the department) preliminary assessment indicates that 60 State controlled Crown land managers (CLMs) are required to prepare financial statements in 2020–21. To date, no CLMs have prepared and submitted financial statements for audit in 2020–21. All 120 common trusts have never submitted their financial statements for audit. The department needs to do more to ensure that the CLMs and common trusts meet their statutory reporting obligations.
  • Nine agencies that were required to perform early close procedures did not complete a total of 20 mandatory procedures. The most common incomplete early close procedures include the revaluation of property, plant and equipment, documenting all significant management judgments and assumptions, and the implementation of new and updated accounting standards.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statements audits of agencies in the Planning, Industry and Environment cluster.

Section highlights

  • The number of findings reported to management has increased from 135 in 2019–20 to 180 in 2020–21, and 40 per cent were repeat issues.
  • Seven high-risk issues were identified in 2020–21, and three high-risk findings were repeat issues.
  • There continues to be significant deficiencies in Crown land records. The department should prioritise action to ensure the Crown land database is complete and accurate.

Appendix one - Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Customer Service 2021

Finance
Asset valuation
Cyber security
Financial reporting
Information technology
Internal controls and governance
Shared services and collaboration

This report analyses the results of our audits of the Customer Service cluster agencies for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the ‘Report on State Finances’ focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the ‘Report on State Finances’ has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no outstanding matters relating to audits in the Customer Service cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.

What the report is about

The results of Customer Service cluster agencies' financial statement audits for the year ended 30 June 2021.

What we found

Unmodified audit opinions were issued for all Customer Service cluster agencies.

The number of monetary misstatements decreased from 48 in 2019–20 to 46 in 2020–21.

Seven out of eight agencies did not complete all mandatory early close procedures.

What the key issues were

Upon the implementation of AASB 1059 'Service Concession Arrangements: Grantors', the Department of Customer Service (the department) recognised a service concession asset, the land titling database, totalling $845 million for the first time at 1 July 2019.

The department reported several retrospective corrections of prior period errors.

The 2020–21 audits identified three high-risk and 59 moderate risk issues across the cluster. The high-risk issues were related to:

  • the Department of Customer Service – internal control qualifications and control deviations in GovConnect service providers
  • the Department of Customer Service – significant control deficiencies in information technology change management controls
  • Rental Bond Board – uncertainties in the accounting treatment of rental bonds.

The percentage of repeat issues we report to management and those charged with governance in management letters increased from 29 per cent in prior year to 42 per cent in 2020–21 while the number of items decreased from 94 to 93.

The magnitude and number of internal control exceptions in GovConnect service providers increased resulting in additional audit procedures to address the risks of fraud and errors in the financial statements.

What we recommended

The department should improve the validation process of key valuation assumptions and inputs provided by the private operator NSW Land Registry Services. It should revisit its accounting treatment of new land titling records.

The department should ensure GovConnect service providers prioritise the remediation of control deficiencies in information technology services.

The department should continue to improve controls in cyber security management.

Cyber Security NSW and NSW Government agencies need to prioritise improvements to their cyber security resilience as a matter of urgency.

The New South Wales Government Telecommunications Authority should improve its fixed assets management and financial reporting process to accommodate its growing fixed assets profile.

Fast facts

The Customer Service cluster aims to plan, prioritise, fund and drive digital transformation and customer service across every cluster in the NSW Government.

  • $3.9b total expenditure incurred in 2020–21 
  • $34.1b total administered income managed on behalf of the NSW Government in 2020–21
  • 100% unqualified audit opinions were issued on agencies' 30 June 2021 financial statements 
  • 3 high-risk management letter findings were identified
  • 46 monetary misstatements were reported in 2020–21
  • 42% of reported issues were repeat issues.

This report provides Parliament and other users of the Customer Service cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Customer Service cluster (the cluster) for 2021.

Section highlights

  • Unqualified audit opinions were issued on the financial statements of cluster agencies.
  • The number of reported misstatements has decreased from 48 in 2019–20 to 46 in 2020–21.
  • Agencies could do more work to improve the quality and timeliness of completing mandatory early close procedures.
  • The Department of Customer Service implemented the new accounting standard AASB 1059 'Service Concession Arrangements: Grantors', which resulted in recognition of a service concession asset of $845 million at 1 July 2019. The valuation of land titling database requires significant judgements and estimations.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Customer Service.

Section highlights

  • The 2020–21 audits identified three high-risk and 59 moderate risk issues across the cluster. Twenty-six moderate risk issues were repeat issues. The most common repeat issues related to information technology controls around user access management.
  • The magnitude and number of internal control qualification issues from GovConnect service providers have increased. Ineffective controls at service providers increase the risk of fraud, error and security to data. Urgent attention is required to remediate the internal control exceptions in information and technology services.
  • The NSW Public Sector's cyber security resilience needs urgent attention. Cyber Security NSW and NSW Government agencies need to prioritise improvements to their cyber security resilience as a matter of urgency.

Findings reported to management

Forty-two per cent of findings reported to management were repeat issues

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.

In 2020–21, there were 93 findings raised across the cluster (94 in 2019–20). Forty-two per cent of all issues were repeat issues (29 per cent in 2019–20).

The most common repeat issues related to weaknesses in controls over information technology user access administration.

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.

The table below describes the common issues identified across the cluster by category and risk rating. 

Risk rating Issue
Information technology
High3
1 new,
1 repeat

The financial audits identified the need for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with:

  • internal control exceptions in information and technology services provided by GovConnect service providers
  • inadequate change management controls
  • poor user access administration and no monitoring of privileged user activities
  • insufficient cybersecurity controls and processes.

High-risk issues are discussed later in the chapter.

Moderate2
5 new,
8 repeat

Low1
7 new,
5 repeat
Internal control deficiencies or improvements

Moderate2
5 new,
3 repeat

The financial audits identified internal control weaknesses across key business processes, including:

  • lack of documentation support for payroll transactions
  • untimely removal of unused transaction negotiation authority facility and old bank signatories
  • inadequate fixed asset management controls including timely capitalisation of project overhead costs.

 Low1
3 new,
2 repeat
Financial reporting

High3
1 new

The financial audits identified opportunities for agencies to strengthen financial reporting, including:

  • uncertainties in legislation to support accounting of rental bonds as funds held in trust
  • improvements required in lease accounting including the review of extension options, assessing indicators of impairment and reviewing the lease reports for completeness and accuracy 
  • the removal of fully depreciated assets in the fixed asset register was not timely
  • the quality and timeliness of completing early close procedures required improvement.

High-risk issues are discussed later in the chapter.

Moderate2
9 new,
8 repeat

Low1
7 new,
3 repeat
Governance and oversight
Moderate2
10 new,
3 repeat

The financial audits identified opportunities for agencies to improve governance and oversight processes, including:

  • renewing or finalising service arrangement agreements between agencies were required 
  • lack of formalised documentation regarding arrangements with external providers for leasing and use of assets.
Low1
3 new
Non-compliance with key legislation and/or central agency policies
Moderate2
4 new,
4 repeat

The financial audits identified the need for agencies to improve its compliance with key legislation and central agency policies, including:

  • non-compliance with contract and procurement management policy, including the use of purchasing cards
  • non-compliance with TC 21-02 'Statutory Act of Grace Payments'
  • annual leave in excess of 30 days where Circular 2020-12 requires agency heads to reduce employee recreation leave balances to 30 days or less.
Low1
1 repeat
4 Extreme risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
3 High-risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
1 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based on management letters issued to agencies.

2020–21 audits identified three high-risk findings

High-risk findings, including repeat findings, were reported at the following cluster agencies. One of the 2019–20 high-risk findings were not resolved.

Agency Description
2020–21 findings  
Department of Customer Service
Repeat finding:
Qualifications and control deviations in GovConnect NSW controls assurance reports

The GovConnect information technology general controls (ITGC) provided by the department, Infosys and Unisys were qualified in 2020–21. The key controls over user access, system changes and batch process failed in all ITGC reports. Most of these deviations were not mitigated or sufficiently mitigated to address the risk of unauthorised user access.

The control deficiencies in ITGC increase:

  • the risk of unauthorised transactions, system and configuration changes (workflow approvals, three-way match etc.) and modifications to the system reports
  • incomplete, invalid and inappropriate system access, segregation of duties controls and system reports for the customers using the SAPConnect.

The role of the department has changed significantly from a coordinating agency on behalf of GovConnect customers to a GovConnect IT service provider. It is leading a new IT operating model called ‘Service Integration and Application Management’ (SIAM) to strengthen governance and improve performance of GovConnect service providers. The Department is responsible for the remediation of control deficiencies and continuous improvement in the GovConnect environment.

This matter was assessed as high-risk, if not adequately addressed, it had the potential to result in material fraud and error in the department's financial statements and reputation damages.

This issue is further discussed later in this chapter.
2020–21 findings  
Department of Customer Service
New finding:
Change management significant control deficiencies

Revenue NSW, a division of the department has a key role in managing the State’s finances. It administers State taxes, manages fines, recovers State debt and administers grants and subsidies.

The audit team found significant control deficiencies in change management controls:

  •  appropriate system controls were not in place to restrict developers from releasing changes to the live business systems
  • 8 developers had direct access to the business application servers used for calculating and administering State taxes.

We have included this matter as a high-risk management letter finding, as the audit team could not identify mitigating controls. The system activity of these developers was also not being independently logged and monitored. This increases the risk of unauthorised system change. This can significantly affect the integrity of tax calculation, business process approvals, invalid changes to bank accounts, unauthorised refunds and write-offs. The audit team conducted a risk analysis over the relevant business processes affected by this issue and performed additional audit procedures to address the audit risk.
Rental Bond Board
Repeat finding: Accounting treatment of rental bonds held in trust

The Rental Bond Board (the Board) holds rental bonds totalling $1.7 billion at 30 June 2021. The Board treated the rental bonds off-balance sheet and disclosed the rental bonds as ‘trust funds’. This treatment is based on management’s judgement that the Board does not have control of these funds.

Previously the Board obtained advices from the Crown Solicitors who stated that in their view the rental bond funds held in the rental bond account were not moneys held in trust and the Residential Tenancies Act 2010 (the Act) should be reviewed and amended to better support its accounting treatment of rental bonds. The Board has initiated the need to amend the Act, however the implementation of the legislative amendments is still pending.

This matter was assessed as high-risk, if not adequately supported, it had the potential to result in material misstatements in the Board's financial statements.

The number of moderate risk findings increased from prior year

Fifty-nine moderate risk findings were reported in 2020–21, which was a 11.3 per cent increase from 2019–20. Of these, 26 were repeat findings, and 33 were new issues.

Moderate risk findings include:

  • weaknesses in user access management, such as untimely access removal for terminated staff, and a lack of periodic user access review
  • accounting for leases such as the review of extension options, assessing indicators of impairment and reviewing the lease reports for completeness and accuracy
  • formalising arrangements between agencies including corporate service arrangements, funding arrangements, leases, use of SAP system and computer assets
  • use of purchasing cards where our data analytics performed indicated potential gaps and controls and non-compliance with government policies.

The magnitude and number of internal control exceptions in GovConnect service providers have increased

In 2015, the NSW Government selected Unisys Australia Pty Limited’s (Unisys) as an information technology (IT) outsourced service provider and Infosys Limited (Infosys) as a business process outsourced service provider. The outsourced services arrangement was branded GovConnect NSW (GovConnect). The Department of Customer Service (the department) is the contract authority for the NSW Government. In 2019, the NSW Government transitioned a number of Unisys’ IT services progressively to the department and ceased all Unisys's IT services in May 2021. In 2020-21, Infosys, Unisys and the Department were co-providers of business processes and information technology services that constitute the GovConnect environment.

The role of the department has changed significantly from a coordinating agency on behalf of GovConnect customers to a GovConnect IT service provider. The department is responsible for the remediation of control deficiencies and continuous improvement in GovConnect internal control environment.

The department leads the project management of GovConnect services, including the arrangement to provide internal control assurance reports to customers in 2020–21. It engages an independent service auditor (service auditor) from the private sector to perform annual assurance reviews of controls at GovConnect service providers in accordance with Australian Standard on Assurance Engagements 3402 'Assurance Reports on Controls at a Service Organisation' (ASAE 3402). The service auditor reports on the internal controls at a service organisation, which are relevant to a user entity's internal control environment.

The service auditor issued eight ASAE 3402 reports covering business processes controls and information technology general controls (ITGC) provided by the service providers. Four out of eight reports were qualified, a significant increase from previous years.

The table below shows the service auditor's ASAE 3402 opinions issued in various business processes and information technology services provided by service providers for the last five years.

ASAE 3402 controls report# 2015–16^ 2016–17 2017–18 2018–19 2019–20 2020–21
Infosys Accounts receivable Qualified Unqualified Unqualified Unqualified Unqualified Qualified
Infosys Accounts payable Qualified Qualified Unqualified Unqualified Unqualified Unqualified
Infosys Fixed assets Qualified Unqualified Unqualified Unqualified Unqualified Unqualified
Infosys General ledger Qualified Qualified Unqualified Unqualified Unqualified Unqualified
Infosys Payroll Adverse Qualified Unqualified Unqualified Unqualified Unqualified
Infosys ITGC Qualified Qualified Unqualified Unqualified Unqualified Qualified
Unisys ITGC Qualified Unqualified Qualified Qualified Unqualified Qualified
The department ITGC* -- -- -- -- Qualified Qualified
ServiceFirst** Disclaimer -- -- -- -- --
# The ASAE 3402 controls reports were issued by an independent private sector service auditor appointed by the Department of Customer Service.
* Information technology services were transitioned from Unisys to the department in phases from 2019–20 to 2020–21.
** ServiceFirst was the shared service centre and its last reporting period was from 1 July 2015 to 13 December 2015.
^ GovConnect first reporting period from 14 December 2015 to 30 June 2016.

In 2020–21, the information technology services controls reports issued to the department, Infosys and Unisys were qualified. Infosys' accounts receivable business process controls report was also qualified. The audit qualifications were because:

  • the service auditor did not get access to the complete set of records processed during the financial year for several ITGC controls. The system that stored these records was hosted at Unisys. From December 2019 to 28 May 2021, the services at Unisys were progressively migrated to the department's IT environment but this system could not be migrated to the department in the required format, resulting in audit scope limitation for service auditors
  • of the deviations identified during sample testing of ITGC controls
  • the monthly follow up of outstanding receivables was not performed regularly, which was the only key control to address the timely collection of accounts receivable.

Internal control exceptions in GovConnect information and technology services require urgent remediations

The relevant controls over user access, system changes and password controls failed in all three ASAE 3402 GovConnect ITGC reports. These control failures can lead to unauthorised system access, system and configuration changes (workflow approvals, three-way match, etc.) and modifications to key reports. It increases the risk of:

  • fraud and error in the financial statements
  • ineffective segregation of duties controls
  • accuracy and completeness of system generated reports for the agencies using the SAPConnect system.

The table shows the number of ITGC control deviations compared to prior year:

Year ended 30 June 2021 2020
  Total controls tested Total number of control deviations and findings Total controls tested Total number of control deviations and findings
Infosys ITGC 41 16 35 8
Unisys ITGC 25 11 33 4
DCS ITGC 31 9 10 5

Most of these deviations were not mitigated or sufficiently mitigated to address the risk of unauthorised user access.

The service auditor identified significant areas for remediation:

  • governance arrangement of the IT services
  • user access management controls
  • SAP database controls
  • logical access
  • incident management.

In response to the internal control qualifications, the audit teams performed data analytics over payroll and accounts payable. The data analytics identified several terminated employees that were paid long after their termination dates which resulted in salary overpayments during 2020–21. While management had put processes in place to recover these overpayments, the payroll processing controls need to be improved to prevent such overpayments.

The Department of Customer Service advised that it established a ‘Control Reframe Project’ (the project) to address the internal control exceptions at GovConnect service providers. The objective of the project is to ensure the GovConnect assurance model is aligned with clear lines of responsibility and remediation actions are in place to support the delivery of services and achieve an improved outcome for future years.

Recommendation

We recommend the Department of Customer Service:

  • improve governance and internal control environment over the information technology services
  • ensure GovConnect service providers prioritise remediation actions to address internal control exceptions
  • perform a post-implementation review of the transition of the Unisys arrangement to identify lessons learnt and continuous improvement
  • develop data analytics to help analyse and identify high-risk patterns and anomalies in GovConnect key transaction systems, augmenting their existing monitoring and detective controls.

The NSW Public Sector's cyber security resilience needs urgent attention

The 2020 'Central Agencies' Report to Parliament highlighted the need for Cyber Security NSW, a business unit within the Department of Customer Service, and NSW Government agencies to prioritise improvements to their cyber security resilience as a matter of urgency. A status update of the 2020 recommendation is included in Appendix five of this report.

The Audit Office's Annual Work Program identifies cyber security as a focus area for the Audit Office in 2021–24. It outlines a three-pronged approach to auditing cyber security in this period:

  • considering how agencies are responding to the risks associated with cyber security across our financial audits across the NSW public sector
  • examining the effectiveness of cyber security planning and governance arrangements for large NSW state government agencies for our Internal Controls and Governance report
  • conducting deep-dive performance audits of the effectiveness of specific agency activities in preparing for, and responding to cyber security risks.

A performance audit 'Managing cyber risks' was tabled in Parliament in July 2021. The audit made several recommendations to audited agencies to uplift their cyber security management. It also recommended the Department of Customer Service to:

  • clarify the requirement of the NSW Cyber Security Policy (CSP) reporting to all systems
  • require agencies to report the target level of maturity for each mandatory requirement.

A compliance audit 'Compliance with the NSW Cyber Security Policy' was tabled in October 2021. The audit examined whether agencies are complying with the NSW Cyber Security Policy to ensure all NSW Government departments and public service agencies are managing cyber security risks to their information and systems.

The report found that key elements to strengthen cyber security governance, controls and culture are not sufficiently robust and not consistently applied. There has been insufficient progress to improve cyber security safeguards across NSW Government agencies. The poor levels of cyber security maturity are a significant concern. Improvement requires dedicated leadership and resourcing. To comply with some elements of the government’s policy agencies will have to invest in technical uplift and some measures may take time to implement. However, other elements of the policy do not require any investment in technology. They simply require leadership and management commitment to improve cyber literacy and culture. And they require accountability and transparency. Transparent reporting of performance is a key means to improve performance.

The report noted that the CSP was not achieving the objective of improved cyber governance, controls and culture. The compliance audit made several recommendations to Cyber Security NSW and other NSW Government agencies.

The 2021 maturity self-assessment results against the Australian Cyber Security Centre Essential 8 for the 25 largest NSW State Government agencies are reported in the 2021 'Internal Control and Governance' Report to Parliament.

Repeat recommendation

Cyber Security NSW and NSW Government agencies need to prioritise improvements to their cyber security resilience as a matter of urgency.

Management of cyber security risk

Our 2020-21 financial audit assessed whether cyber security risks represent a risk of material misstatement to the department's own financial statements. A request performance audit 'Service NSW's handling of personal information' was tabled on 18 December 2020. The audit followed two cyber security incidents that resulted in data breaches of customer information. As part of our audit procedures, we obtained an understanding of the controls the department has in place to address the risk of cyber security incidents and respond to any incidences which may have occurred during the year, including its impact on the audit.

Our assessment of the department’s own cyber risk management shows that:

  • an approved security incident response plan was not in place during the reporting period. There was a lack of testing over incident detection and monitoring process
  • a formal process over patch management that includes assessment, determining relevance and priority, timely rollout and escalation and reporting of long outstanding patches to senior management is being established.

The department provides information security services including cyber security management to cluster agencies. We found that there were insufficient communications within the Customer Service cluster over the controls and assurance over cyber security risk management. Some cluster agencies had put in place limited controls over cyber security risk management.

Recommendation

We recommend the Department of Customer Service:

  • establish an approved security incident response plan and formal process over patch management
  • improve communications with cluster agencies over the controls and assurance in cyber security management.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

Appendix five – Status of 2020 recommendations

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Machinery of government changes

Premier and Cabinet
Treasury
Whole of Government
Management and administration
Project management

What the report is about

The term ‘machinery of government’ refers to the way government functions and responsibilities are organised.

The decision to make machinery of government changes is made by the Premier. Changes may be made for a range of reasons, including to support the policy and/or political objectives of the government of the day.

Larger machinery of government changes typically occur after an election or a change of Premier.

This report assessed how effectively the Department of Planning, Industry and Environment (DPIE) and the Department of Regional NSW (DRNSW) managed their 2019 and 2020 machinery of government changes, respectively. It also considered the role of the Department of Premier and Cabinet (DPC) and NSW Treasury in overseeing machinery of government changes.

What we found

The anticipated benefits of the changes were not articulated in sufficient detail and the achievement of benefits has not been monitored. The costs of the changes were not tracked or reported.

DPC and NSW Treasury provided principles to guide implementation but did not require departments to collect or report information about the benefits or costs of the changes.

The implementation of the machinery of government changes was completed within the set timeframes, and operations for the new departments commenced as scheduled.

Major implementation challenges included negotiation about the allocation of corporate support staff and the integration of complex corporate and ICT systems.

What we recommended

DPC and NSW Treasury should:

  • consolidate existing guidance on machinery of government changes into a single document that is available to all departments and agencies
  • provide guidance for departments and agencies to use when negotiating corporate services staff transfers as a part of machinery of government changes, including a standard rate for calculating corporate services requirements
  • progress work to develop and implement common processes and systems for corporate services in order to support more efficient movement of staff between departments and agencies.

Fast facts

  • $23.7m is the estimated minimum direct cost of the 2019 DPIE changes to date, noting additional ICT costs will be incurred
  • $4.0m is the estimated minimum direct cost of the 2020 DRNSW changes, with an estimated $2.7 million ongoing annual cost
  • 40+ NSW Government entities affected by the 2019 machinery of government changes

The term ‘machinery of government’ refers to the way government functions and responsibilities are allocated and structured across government departments and agencies. A machinery of government change is the reorganisation of these structures. This can involve establishing, merging or abolishing departments and agencies and transferring functions and responsibilities from one department or agency to another.

The decision to make machinery of government changes is made by the Premier. These changes may be made for a range of reasons, including to support the policy and/or political objectives of the government of the day. Machinery of government changes are formally set out in Administrative Arrangements Orders, which are prepared by the Department of Premier and Cabinet, as instructed by the Premier, and issued as legislative instruments under the Constitution Act 1902.

The heads of agencies subject to machinery of government changes are responsible for implementing them. For more complex changes, central agencies are also involved in providing guidance and monitoring progress.

The NSW Government announced major machinery of government changes after the 2019 state government election. These changes took place between April and June 2019 and involved abolishing five departments (Industry; Planning and Environment; Family and Community Services; Justice; and Finance, Services and Innovation) and creating three new departments (Planning, Industry and Environment; Communities and Justice; and Customer Service). This also resulted in changes to the 'clusters' associated with departments. The NSW Government uses clusters to group certain agencies and entities with related departments for administrative and financial management. Clusters do not have legal status. Most other departments that were not abolished had some functions added or removed as a part of these machinery of government changes. For example, the functions relating to regional policy and service delivery in the Department of Premier and Cabinet were moved to the new Department of Planning, Industry and Environment.

Our Report on State Finances 2019, tabled in October 2019, outlined these changes and identified several issues that can arise from machinery of government changes if risks are not identified early and properly managed. These include: challenges measuring the costs and benefits of machinery of government changes; disruption to services due to unclear roles and responsibilities; and disruption to control environments due to staff, system and process changes.

In April 2020, the Department of Regional NSW was created in a separate machinery of government change. This involved moving functions and agencies related to regional policy and service delivery from the Department of Planning, Industry and Environment into a standalone department.

This audit assessed how effectively the Department of Planning, Industry and Environment (DPIE) and the Department of Regional NSW (DRNSW) managed their 2019 and 2020 machinery of government changes, respectively. It also considered the role of the Department of Premier and Cabinet and NSW Treasury in overseeing machinery of government changes. The audit investigated whether:

  • DPIE and DRNSW have integrated new responsibilities and functions in an effective and timely manner
  • DPIE and DRNSW can demonstrate the costs of the machinery of government changes
  • The machinery of government changes have achieved or are achieving intended outcomes and benefits.
Conclusion

It is unclear whether the benefits of the machinery of government changes that created the Department of Planning, Industry and Environment (DPIE) and the Department of Regional NSW (DRNSW) outweigh the costs. The anticipated benefits of the changes were not articulated in sufficient detail and the achievement of directly attributable benefits has not been monitored. The costs of the changes were not tracked or reported. The benefits and costs of the machinery of government changes were not tracked because the Department of Premier and Cabinet (DPC) and NSW Treasury did not require departments to collect or report this information. The implementation of the machinery of government changes was completed within the set timeframes, and operations for the new departments commenced as scheduled. This was achieved despite short timelines and no additional budget allocation for the implementation of the changes.

The rationale for establishing DPIE was not documented at the time of the 2019 machinery of government changes and the anticipated benefits of the change were not defined by the government or the department. For DRNSW, the government’s stated purpose was to provide better representation and support for regional areas, but no prior analysis was conducted to quantify any problems or set targets for improvement. Both departments reported some anecdotal benefits linked to the machinery of government changes. However, improvements in these areas are difficult to attribute because neither department set specific measures or targets to align with these intended benefits. Since the machinery of government changes were completed, limited data has been gathered to allow comparisons of performance before and after the changes.

DPC and NSW Treasury advised that they did not define the purpose and benefits of the machinery of government changes, or request affected departments to do so, because these were decisions of the government and the role of the public service was to implement the decisions.

We have attempted to quantify some of the costs of the DPIE and DRNSW changes based on the information the audited agencies could provide. This information does not capture the full costs of the changes because some costs, such as the impact of disruption on staff, are very difficult to quantify, and the costs of ICT separation and integration work may continue for several more years. Noting these limitations, we estimate the initial costs of these machinery of government changes are at least $23.7 million for DPIE and $4.0 million for DRNSW. For DPIE, this is predominantly made up of ICT costs and redundancy payments made around the time of the machinery of government change. For DRNSW it includes ICT costs and an increase in senior executive costs for a standalone department, which we estimate is an ongoing cost of at least $1.9 million per year.

For the DPIE machinery of government change, there were risks associated with placing functions and agencies that represent potentially competing policy interests within the same 'cluster', such as environment protection and industry. We did not see evidence of plans to manage these issues being considered by DPIE as a part of the machinery of government change process.

The efficiency of machinery of government changes could be improved in several ways. This includes providing additional standardised guidance on the allocation of corporate functions and resources when agencies are being merged or separated, and consolidating guidance on defining, measuring and monitoring the benefits and costs of machinery of government changes.

Appendix one – Response from agencies

Appendix two – About the audit

Appendix three – Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #359 - released (17 December 2021).

Published

Members' additional entitlements 2021

Whole of Government
Internal controls and governance

What the report is about

The Auditor-General's review analyses claims made by members of the NSW Parliament during the 2020–21 financial year by testing a sample of transactions. Our sample consisted of 67 claims submitted by 52 of the 137 members.

What we found

While we did not identify any instances of material non-compliance with the Parliamentary Remuneration Tribunal's Determination, we did identify 31 departures from the Determination, which were of an administrative nature.

What we recommended

The Department of Parliamentary Services (the department) should continue to work with the Presiding Officers, members, the Clerk of the Parliaments and the Clerk of the Legislative Assembly to enhance reporting of members' expenditure.

In 2020, we recommended the department work with the Tribunal to provide additional guidance to members to clarify:

  • the definition of 'parliamentary duties'
  • the activities that meet the definition
  • requirements for retaining documents.

The department will work with the Tribunal to clarify these items as part of its submission to the 2022 annual Determination.

Fast facts

  • 12 claims were submitted after 60 days
  • 7 Sydney allowance reconciliations were submitted late
  • 10 annual loyalty scheme declarations were submitted late
  • 2 publications had not made the required authorisations and attributions
  • $22.5m of additional entitlements were claimed in the 2020–21 financial year. This was 4.2% higher than in the 2019–20 financial year.

The Auditor-General has reviewed the compliance of the members of the NSW Parliament (members) with certain requirements outlined in the Parliamentary Remuneration Tribunal's Determination (the Determination) for the year ended 30 June 2021.

The Auditor-General's review analyses claims made by members during the 2020–21 financial year by testing a sample of transactions. Our sample consisted of 67 claims submitted by 52 of the 137 members.

Results

Although our review did not identify any instances of material non-compliance with the Determination for the year ended 30 June 2021, we did identify 31 departures from the Determination, which were of an administrative nature. Such departures may help identify areas in the current processes where greater clarity is needed or where training or education for members is needed. These departures were as follows:

  • 12 claims were not submitted for payment within 60 days of receipt or occurrence of the expense
  • 10 annual loyalty scheme declarations were submitted by members after the due date specified in the guideline
  • 7 reconciliations for the Sydney Allowance were submitted after the due date
  • 2 publications claimed under the Communications Allowance had not made the required authorisations and attributions on the publication.

Background

The Parliamentary Remuneration Tribunal (the Tribunal) determines the salary and additional entitlements of members of the NSW Parliament (members), details of which are set out in the Tribunal's annual Determination. The NSW Parliament, through the Department of Parliamentary Services (the department), administers payments of additional entitlements to members in accordance with the Tribunal's annual Determination. An overview is presented below:

Twelve claims were not submitted for payment within 60 days of receipt or occurrence of the expense

The Determination requires members' expense claims to be submitted to the department within 60 days of when the expense is incurred or receipted. Our audit procedures identified 12 instances where members submitted their claims between six and 248 days late.

Ten annual loyalty/incentive scheme declarations were submitted by members after the due date specified in the guidelines

At the end of each financial year, members must declare they have not used loyalty/incentive scheme benefits accrued from their parliamentary duties for private purposes. The Determination requires current members to complete the declarations at the end of each year (by 27 August 2021 per the department's administrative process). Former members must complete the declarations within 30 days of leaving Parliament. We found ten current members submitted their declarations between three and 18 days late. The declaration is important as it affirms that loyalty benefits accrued using the members' parliamentary allowances and entitlements were not used for private purposes.

Seven reconciliations for the Sydney Allowance reconciliations were submitted after the due date

Open prior period recommendations

Enhanced public reporting

In 2016, the Auditor-General's Report to Parliament recommended the Tribunal consider requiring the department to regularly publish full details of members' expenditure claims on its website in an accessible and searchable format. The Tribunal had developed a plan requiring greater public reporting of members' additional expenditure from 1 July 2019 but does not have the power to require the department to facilitate this.

The Annual Reports of the Legislative Assembly and the Legislative Council, published on the Parliament's website, currently list the total amount claimed during the year by each member for each allowance. However, transparency around members’ claims would be enhanced if information was more extensively and regularly published on the Parliament’s website. The department should continue to work with the Presiding Officers, members, the Clerk of the Parliaments and the Clerk of the Legislative Assembly to enhance reporting of members' expenditure.

Clarifying key parameters of the annual Determination

In 2020, the Auditor-General's Reports to Parliament recommended the department work with the Tribunal to provide additional guidance to members to clarify:

  • the definition of 'parliamentary duties'
  • the activities that meet the definition
  • requirements for retaining documents.

To address this recommendation, the department has performed a review of the definitions and activities used by other jurisdictions, in their administration of members' entitlements. The department is also continuing to monitor for changes in the administration of members' entitlements occurring at the Federal level. The department will work with the Tribunal to clarify these items as part of its submission to the 2022 annual Determination.

Resolved prior period recommendations

Recommendations resolved since the 2020 Auditor-General's report

The 2019 Auditor-General's Report recommended the department work with the Tribunal to clarify whether members can claim the cost of travel from their General Travel Allowance when the travel was used to produce communications during the blackout period. Members are not permitted to use their Communications Allowance for the production and distribution of publications that they intended to distribute in a State Election year in the period from 26 January to the election date (the ‘blackout period’).

The 2021 Determination has clarified this matter by stating that during the 'blackout period' travel necessary for parliamentary duties rather than electioneering is acceptable. The 2021 Determination has also included the condition that a member may not use their General Travel Allowance to fund communications that would normally be funded from the Communications Allowance during a 'blackout period'.

Appendix one - Response from Department of Parliamentary Services

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Stronger Communities 2021

Justice
Community Services
Financial reporting
Internal controls and governance

This report analyses the results of our audits of the Stronger Communities cluster agencies for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no outstanding matters relating to audits in the Stronger Communities cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.

What the report is about

The results of the Stronger Communities cluster agencies' financial statement audits for the year ended 30 June 2021.

What we found

Unqualified audit opinions were issued for all 30 June 2021 financial statements of cluster agencies.

Eleven of the 15 cluster agencies required to submit 2020–21 early close financial statements and other mandatory procedures did not meet the statutory deadline. Five agencies did not perform all mandatory procedures.

The implementation of AASB 1059 'Service Concession Arrangements: Grantors' had a significant impact on the Department of Communities and Justice's (the department) 2020–21 financial statements. The department applied a modified retrospective approach upon initial adoption at 1 July 2020 and recognised service concession assets and liabilities of $1.0 billion and $1.2 billion respectively (relating to three correctional centres with private sector operators).

The department was, this year for the first time, able to reliably measure Incurred But Not Reported (IBNR) claims relating to its Victims Support Scheme. The department recorded a liability of $200 million at 30 June 2021. Liabilities for Child Sexual Assault IBNR claim continue to be not recorded on the basis they are unable to be reliably measured.

The number of monetary misstatements identified during the audit of the financial statements for the cluster increased from 61 in 2019–20 to 72 in 2020–21.

What the key issues were

The number of issues reported to management decreased from 191 in 2019–20 to 172 in 2020–21. However, 45 per cent were repeat issues related to information technology, governance and oversight controls.

Seven high risk issues were identified in 2020–21, an increase of five compared to last year. High risk issues related to deficiencies in IT access controls at Sydney Cricket and Sports Ground Trust; a lack of a formal agreement between the Office of Sport and Planning Ministerial Corporation over the management of a sporting venue; asset revaluations at both Fire and Rescue NSW and the Trustees of the Anzac Memorial Building; and three issues related to revenue recognition control deficiencies at New South Wales Aboriginal Land Council and two of its subsidiaries.

What we recommended

Cluster agencies should ensure all applicable mandatory early close procedures are completed and the outcomes provided to the audit team in accordance with the deadlines set by NSW Treasury.

We recommend cluster agencies action recommendations to address internal control weaknesses promptly. Focus should be given to addressing high risk and repeat issues.

Fast facts

The Stronger Communities cluster, consisting of 28 agencies, aims to deliver community services that support a safe and just New South Wales.

  • $14.0b property, plant and equipment as at 30 June 2021 
  • $20.9b total expenditure incurred in 2020–21
  • 100% unqualified audit opinions were issued for all 30 June 2021 financial statements
  • 7 high risk management letter findings were identified
  • 72 monetary misstatements were reported in 2020–21
  • 45% of reported issues were repeat issues.

This report provides Parliament and other users of the Stronger Communities cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster (the cluster) for 2021.

Section highlights

  • Unqualified audit opinions were issued for all 30 June 2021 financial statements of cluster agencies including the acquittal and compliance audits for the Legal Aid Commission of New South Wales and Crown Solicitor's Office.
  • An 'Other Matter' paragraph was included within the Multicultural NSW and Office of the Ageing and Disability Commissioner’s Independent Auditor's Report. While the paragraph did not modify the audit opinion, it noted the agencies did not have a signed instrument of delegation from their responsible Minister(s) to incur expenditure for the 2020–21 financial year and therefore were non‑compliant with section 5.5 of the Government Sector Finance Act 2018 .
  • 11 of the 15 cluster agencies required to submit 2020–21 early close financial statements and all other mandatory procedures did not meet the statutory deadlines. The agencies cited changes in key staff, delays in finalising actuarial and valuation work and the timing of Audit and Risk Committee meetings as the main reasons for not meeting the deadlines. Five agencies did not complete all mandatory procedures.
  • The Department of Communities and Justice (the department) was, for the first time, able to reliably measure and record a liability of $200 million at 30 June 2021 for Incurred But Not Reported (IBNR) claims relating to its Victims Support Scheme. Child Sexual Assault IBNR claim liabilities continue to be not recorded on the basis they are still unable to be reliably measured.
  • The International Financial Reporting Standards Interpretations Committee released an agenda decision on 'Configuration or customisation costs in a cloud computing arrangement' (the IFRIC agenda decision). The department treated the financial impacts of the IFRIC agenda decision as a change in accounting policy and retrospectively recorded prepaid assets and expenses of $52.3 million and $90.5 million respectively relating to intangible assets they had previously capitalised.
  • The implementation of AASB 1059 'Service Concession Arrangements: Grantors' had a significant impact on the department's 2020–21 financial statements. The department applied a modified retrospective approach upon initial adoption at 1 July 2020 and recognised service concession assets and liabilities of $1.0 billion and $1.2 billion respectively in relation to three correctional centres with private sector operators.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.

Section highlights

  • The number of issues reported to management has decreased from 191 in 2019–20 to 172 in 2020–21, and 45 per cent were repeat issues. Many repeat issues related to information technology, governance and oversight controls.
  • Seven high risk issues were identified in 2020–21, an increase of five compared to last year.
  • The two high risk issues identified in 2019–20 relating to New South Wales Institute of Sport were resolved.

Findings reported to management

The overall number of findings has decreased, but the level of repeat issues increased

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.

In 2020–21, there were 172 findings raised across the cluster (191 in 2019–20). 45 per cent of all issues were repeat issues (32 per cent in 2019–20).

Repeat issues largely related to weaknesses in controls over information technology (IT), governance and oversight.

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision‑making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.

2020–21 audits identified seven high risk findings

High risk findings were reported at the following cluster agencies. Two high risk findings reported in 2019–20 were resolved.

Agency Description
2020–21 findings
Sydney Cricket and Sports Ground Trust (new finding) * The audit of Sydney Cricket and Sports Ground Trust's IT access controls identified:
  • activity (audit) logs of privileged access within iPOS (purchasing system) and Microsoft Dynamics (sales system) are not maintained and periodically reviewed by an independent officer
  • the review of privileged activity logs of booking system Event Business Management Software (EBMS) is not formally documented
  • 8 generic super user accounts are being shared across four IT systems including iPOS, Microsoft Dynamics, EBMS and SUN (accounting system).
The matter has been included as a high risk finding in the management letter as there is an increased risk of:
  • unauthorised transactions and changes to financial data
  • unauthorised users gaining access to financial systems
  • data breaches or financial loss.
Fire and Rescue NSW (new finding) Fire and Rescue NSW (FRNSW) completed a comprehensive revaluation of its fire appliances in 2020–21. The audit of the revaluation found there was inadequate analysis and quality control by management over the valuation process prior to the outcomes being included in the financial statements.
FRNSW had 57 fleet assets that have not been revalued due to problems with data supplied by the valuer. The written down value:
  • did not agree to the valuer's calculations for 28 assets
  • was provided by the valuer for 29 assets, but there were no supporting calculations.
These assets have been left at their previous book values of $3.0 million. The accounting standards require the entire class of assets to be revalued when a revaluation is performed.
The review also found:
  • inconsistent valuation of vehicles of the same make, model, age and specifications
  • errors had been made when the previous valuation was uploaded into the fixed asset register
  • the valuer incorrectly included additional equipment in the replacement cost estimate for vehicles that did not have that equipment.
The matter has been included as a high risk finding as it resulted in monetary misstatements and caused delays to the overall timeframes for the audit.
New South Wales Aboriginal Land Council (NSWALC) (new finding) The audit of NSWALC's revenue identified there was no formal assessment of relevant contracts for the nature, amount and timing of revenue recognition before preparing the financial statements.
This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to revenue transactions.
NSWALC Employment and Training Limited (new finding) The audit of NSWALC Employment and Training Limited's revenue found:
  • there was no formal assessment of relevant contracts for the nature, amount and timing of revenue recognition before preparing the financial statements
  • the financial statements' preparation did not include updated accounting policies reflecting the requirements of AASB 15 'Revenue from Contracts with Customers' (AASB 15) and AASB 1058 'Income of Not-for-Profit Entities' (AASB 1058).
This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to revenue transactions.
NSWALC Housing Limited (new finding) The audit of NSWALC Housing Limited's revenue identified it:
  • did not perform formal assessments of relevant contracts for the nature, amount and timing of revenue recognition before preparing the financial statements
  • deferred revenue recognition for funding received from NSWALC  (the parent entity). There are no sufficiently specific performance obligations in the funding letter, hence revenue should be recognised on receipt of the funding
  • recognised rental income from managing properties from the Aboriginal Housing Office (AHO) without considering the agreement, which requires remittance of profit to the AHO
  • the financial statements did not include updated accounting policies according to the requirements of AASB 15 and AASB 1058.
This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to revenue transactions.
Office of Sport (new finding)

The Olympic Co-ordination Authority Dissolution Act 2002 transferred the assets, rights and liabilities relating to the Sydney International Regatta Centre (SIRC) to the Planning Ministerial Corporation (the Corporation) effective from 1 July 2002. The Corporation recognised the related land assets but did not recognise any of the built assets at the time of transfer. The total value of the land and built assets at 30 June 2021 was
$13.8 million and $11.2 million (written down value) respectively.

The SIRC has been managed by the Office of Sport (the Office) for many years in accordance with a not yet executed management agreement.

It appears there was a clear intention in 2005 that the control of SIRC built assets was to be transferred from the then Department of Planning to the then Department of Tourism, Sport and Recreation (a predecessor of the Office), through the exchange of letters between the relevant Ministers and an Administrative Order (the Order). The Order transferred the SIRC staff from the then Department of Planning to the then Department of Tourism, Sport and Recreation. However, it was silent on whether the relevant built assets were transferred.

Currently, the Office recognises the SIRC built assets in the financial statements whilst the Corporation recognises the land assets as the legal owner of the property.

This matter has been included as a high risk finding as the lack of a formal management agreement casts doubt over the accounting treatment of SIRC property.
The Trustees of the Anzac Memorial Building (new finding)

The audit of the Trustees of the Anzac Memorial Building's property, plant and equipment identified:

  • the fixed assets register for plant and equipment had not previously included sufficient detail about the individual assets to which costs related to reconcile it to the work performed by management's valuation expert
  • the financial statements did not meet the requirement of AASB 108 ‘Accounting Policies, Changes in Accounting Estimates and Errors’  to disclose the nature and reason why it corrected a prior period error of $778,000.

This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to property, plant and equipment.
*         The finding related to the former Sydney Cricket and Sports Ground Trust (based on the completion audit for the period 1 March 2020 to 30 November 2020). This agency was dissolved and transferred to Venues NSW on 1 December 2020.
 

Recommendation (repeat issue)

We recommend cluster agencies action recommendations to address internal control weaknesses promptly. Focus should be given to addressing high risk and repeat issues.

The table below describes issues commonly identified across the cluster by category and risk rating.

Risk rating Issue
Information technology

High3
1 new

The financial audits identified weaknesses in information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues with:

  • user access administration
  • cyber security including governance arrangements, monitoring of third-party system access and patch management
  • password security and policy parameters
  • development, review and testing of disaster recovery plans.

Moderate2
8 new,
22 repeat
Low1
5 new,
6 repeat
Internal control deficiencies or improvements

High3
1 new

The financial audits identified internal control weaknesses across the following key business processes: 

  • expenditure, including the approval of purchase requisitions and review of open purchase orders
  • supplier and employee masterfile maintenance
  • segregation of duties.

Moderate2
6 new,
3 repeat

 Low1
23 new,
7 repeat
Financial reporting

High3
4 new

The financial audits identified weaknesses in financial reporting processes, including:

  • fully depreciated assets still in use, indicating the need to perform more frequent assessments of useful lives of assets
  • robustness of property, plant and equipment asset revaluations
  • incomplete or inaccurate recording of balances in the financial statements.

Moderate2
9 new,
1 repeat

Low1
11 new,
5 repeat
Governance and oversight
High3
1 new

The financial audits identified areas where agencies could strengthen governance and oversight processes, including:

  • review and update of policies and procedures
  • formalising existing key business arrangements
  • records management practices.
Moderate2
5 new,
11 repeat
Low1
12 new,
8 repeat
Non-compliance with key legislation and/or central agency policies
Moderate2
7 new,
6 repeat

The financial audits identified the need for agencies to improve their compliance with key legislation and/or central agency policies, including:

  • management of excessive annual leave balances
  • existence of and compliance with financial delegations
  • related party transactions disclosures from key management personnel.
Low1
2 new,
8 repeat
4 Extreme risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
3 High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
1 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.

The number of moderate risk findings decreased from prior year

Seventy‑eight moderate risk findings were reported in 2020–21, representing a 22 per cent decrease from 2019–20. Of these, 43 were repeat findings, and 35 were new issues.

Moderate risk findings reported in 2020–21 include:

  • weaknesses in governance arrangements, including outdated policies and procedures and arrangements that do not align with NSW Government guidelines, such as the NSW Government Procurement Policy Framework and NSW Cyber Security Policy
  • weaknesses in user access administration including:
    • user access reviews
    • monitoring of privileged user access and activities
    • password policy configuration
  • cyber security improvements including:
    • implementation and update of governance arrangements
    • monitoring of third‑party system access
    • patch management improvement
  • outdated instruments of financial delegation and non‑compliance with established financial delegations
  • weaknesses in supplier and employee masterfile maintenance.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Published

Health 2021

Health
Asset valuation
Compliance
Cyber security
Financial reporting
Infrastructure
Internal controls and governance
Procurement

This report analyses the results of our audits of the Health cluster agencies for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no outstanding matters relating to audits in the Health cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.

What the report is about

The results of Health cluster (the cluster) agencies' financial statements audits for the year ended 30 June 2021.

What we found

Unmodified audit opinions were issued for the financial statements of all Health cluster agencies.

The COVID-19 pandemic increased the complexity and number of accounting matters faced by the cluster. The total gross value of corrected misstatements in 2020–21 was $250.2 million, of which $226.0 million were pandemic related.

A qualified audit opinion was issued on the Annual Prudential Compliance Statement. The basis of the qualification related to 19 instances (18 in 2018–19) of non-compliance relating to three of the 20 prudential requirements across five aged care facilities.

What the key issues were

The total number of matters we reported to management across the cluster increased from 112 in 2019–20 to 116 in 2020–21. Of the 116 issues raised in 2020–21, three were high risk (one in 2019–20) and 57 were moderate risk (47 in 2019–20). Nearly one half of the issues were repeat issues.

The three new high-risk issues identified were:

Hotel Quarantine (HQ) fees

The absence of a tailored debt recovery strategy, data integrity issues and uncertainties around future HQ arrangements increased risks around the recoverability of HQ fees from travellers.

COVID-19 inventories

Data errors and anomalies in the impairment model and difficulties forecasting key factors impacting the management of Personal Protective Equipment (PPE) increased uncertainty associated with the valuation and impairment of COVID-19 inventories.

COVID-19 vaccines

The Commonwealth did not provide information about the cost of vaccines provided to NSW free of charge, which required the performance of internal valuations to reflect the consumption of vaccines in the financial statements.

What we recommended

Hotel Quarantine (HQ) fees

Develop a tailored assessment methodology to estimate recoverability of HQ fees and work with Revenue NSW to develop a tailored debt recovery strategy.

COVID-19 inventories

Review the current stocktaking and impairment methodology to incorporate validation of data key to the management of COVID-19 related PPE.

COVID-19 vaccines

Work with the Commonwealth to obtain primary price information on COVID-19 vaccines.

Fast facts

The Health cluster, comprising 15 local health districts, five pillars agencies, two specialty health networks and six shared state-wise services agencies, deliver health services to the people of New South Wales.

  • 100% unqualified audit opinions were issued on agencies' 30 June 2021 financial statements
  • 24 monetary misstatements were reported in 2020–21
  • high risk management letter findings were identified
  • 47.4% of reported issues were repeat issues
  • $23.5b property, plant and equipment as at 30 June 2021
  • $26.8b total expenditure incurred in 2020–21

This report provides Parliament and other users of the Health cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely. This chapter outlines our audit observations related to the financial reporting of agencies in the Health cluster (the cluster) for 2021.

Section highlights

  • Unqualified audit opinions were issued for all cluster agencies required to prepare general-purpose financial statements.

  • The total gross value of all corrected monetary misstatements for 2020–21 was $250.2 million, of which $226.0 million were related to complexities arising from the COVID-19 pandemic.

  • A qualified audit opinion was issued on the Ministry's Annual Prudential Compliance Statement.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making. This chapter outlines our observations and insights from our financial statement audits of agencies in the Health cluster.

Section highlights

  • The total number of internal control deficiencies has increased from 112 issues in 2019–20 to 116 in 2020–21. Of the 116 issues raised in 2020–21, three were high (one in 2019–20) and 57 were moderate (47 in 2019–20); with nearly one half of all control deficiencies reported in 2020–21 being repeat issues.
  • The complexities arising from accounting for agreements between governments to respond to the COVID-19 pandemic presented three new high risk audit findings with respect to the:
    • expected rate of recoverability of outstanding Hotel Quarantine fees
    • procurement, stocktaking and impairment of COVID-19 inventories
    • valuation and recognition of COVID-19 vaccines received from the Commonwealth Government.
  • Management of excessive leave balances and poor quality or lack of documentation supporting key agreements were amongst the repeat issues observed again in the 2020–21 financial reporting period.

Findings reported to management

The number of findings reported to management has increased, with 47.4 per cent of all issues being repeat issues

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of cluster agencies. The Audit Office does this through our management letters, which include observations, implications, recommendations and risk ratings.

In 2020–21, there were 116 findings raised across the cluster (112 in 2019–20). 47.4 per cent of all issues were repeat issues (38.4 per cent in 2019–20).

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.

The table below describes the common issues identified across the cluster by category and risk rating.

Risk rating Issue
Information technology

Moderate2
7 new,
3 repeat

We identified the need for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with:

  • lack of reviews of user access and privileged user access for
  • HealthRoster
  • Assets and Facilities Management Online
  • vMoney Powerhouse
  • Patient Billing and Revenue Collection system.

Repeat issues included:

  • deficient password controls
  • no independent review for data integrity of any changes made to HealthRoster
  • incomplete reviews of StaffLink User Access.

Low1
4 new,
5 repeat
Internal control deficiencies or improvements

High3

1 new, 

0 repeat

We identified internal control weaknesses across key business processes, including new issues relating to:

  • procurement, stocktaking and impairment of COVID-19 inventories (personal protective equipment)
  • instances where employees' timesheets were approved in advance
  •  monthly reconciliations not reviewed in a timely manner
  • asset revaluation processes at Illawarra Shoalhaven Local Health District.
     

Repeat issues included:

  • forced finalisation of rosters in order to finalise processing of payroll
  • partial repeat issue relating to HealthShare NSW's stocktake process, refer to details in the following section of this report.

Moderate2
6 new,
12 repeat

 Low1
10 new,
4 repeat
Financial reporting

High3

2 new, 
0 repeat

We identified weaknesses with respect to financial reporting in relation to the:

  • expected rate of recoverability of outstanding Hotel Quarantine fees
  • valuation and recognition of COVID-19 vaccines received from the Commonwealth Government
  • application of AASB 16 'Leases'
  • improvement in health agencies' grant register to better support management's accounting treatment under the applicable revenue accounting standards.

Moderate2
6 new,
1 repeat

Low1
8 new,
3 repeat
Governance and oversight
Moderate2
9 new,
5 repeat

We identified opportunities for agencies to improve governance and oversight processes, including:

  • ensure better documentation around governance arrangements for major health capital works delivered by Health Infrastructure
  • absence of documented practices at health agencies level relating to Visiting Medical Officer claims.
     

Repeat issues include:

  • delegations manual for Health Infrastructure remains in draft and has done so since 2017.
Low1
2 new,
2 repeat
Non-compliance with key legislation and/or central agency policies
Moderate2
1 new,
7 repeat

We identified the need for agencies to improve compliance with key legislation and central agency policies, with new findings including:

  • bank signatories list not updated to remove terminated employees
  • subsequent changes made to Junior Medical Officers' approved rosters not approved by an authorised delegate.
     

Repeat issues include:

  • management of excessive annual leave
  • non-compliance with the Government Information (Public Access) Act 2009 (GIPA Act) by Ambulance NSW.
Low1
5 new,
13 repeat

4Extreme risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
3 High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
1 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.

Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.

Complexities arising from the COVID-19 response

The 2020–21 audit identified three new high-risk findings

COVID-19 has presented the cluster with several new accounting challenges. New and evolving matters arose from changes to operating conditions, which characterised the 2020–21 financial reporting period. Issues with a high degree of estimation uncertainty will require ongoing attention as the strategies employed to deal with the COVID-19 pandemic evolve.

Expected rate of recovery of outstanding Hotel Quarantine invoices

The estimation of the amount likely to be recovered is complicated not only by the uncertainties that exist regarding the assumptions those estimations rely upon, but also the debt collection processes and strategies put into place to manage the accumulated debtors' balance. Debt collection is not administered by the cluster, but rather Revenue NSW. We observed an absence of a methodology to assess the likelihood of recovery. Instead, Sydney Local Health District was relying on Revenue NSW to develop and execute on a collection strategy. Sydney Local Health District was using the same approach to hotel quarantine debts as it did to other Health receivables. As the approach to managing international borders evolves over time, so too will the cluster's need to develop robust estimation models to assess the likely collectability of debtors. 

Procurement, management and impairment of COVID-19 inventories

$656.2 million of COVID-19 inventories were procured in 2020–21, with $220.2 million consumed; $558.7 million impaired and a further $217.1 million written off. Estimates of the degree to which inventories are expired, not fit for purpose or are faulty is often based on management judgement at all stages in the procurement cycle.

With respect to the stocktaking methodology applied, the following issues were identified:

  • discrepancies noted in the stock bin listing provided for audit
  • discrepancies in the recount sheet generated
  • inconsistent application of the stocktake methodology
  • inconsistent labelling of quarantined stock
  • a lack of an approach for validating stock expiry dates, which is a key input to the impairment calculations.

Although management had developed processes and a methodology to count as well as to assess the level of inventory that was not fit for purpose, ongoing attention to the operating environment that emerges post pandemic will be important in assessing the degree to which existing COVID-19 inventories can be integrated into a ‘business as usual’ model going forward. Further refinement of the key elements of the stocktaking methodology will also be required to ensure that key inputs upon which management relies to calculate the year-end inventory impairment provision can be appropriately validated.

Valuation and recognition of COVID-19 vaccines received from the Commonwealth Government

The 2020–21 financial reporting period saw the Commonwealth acquire COVID-19 vaccines and provide these to state jurisdictions to dispense to their communities. The vaccines, although provided free of charge require recognition. However, Health entities were not responsible for acquiring the vaccines and data on the vaccines' cost was not shared by the Commonwealth. Management undertook a valuation using publicly available data to estimate the value to attribute to the vaccine inventory; developed new systems and leveraged existing pharmacy systems to track physical quantities received from the Commonwealth and ultimately distributed to NSW citizens. As the response to the pandemic evolves, larger quantities, and new lines of vaccine stock will be dealt with, and policy settings will need to adapt when patterns of distribution of those vaccines (e.g., timing of third booster shots) emerge. The Ministry of Health will need to ensure that the valuations applied to the prices of inventory distributed and held in stock are as accurate as possible. This can be done through further refinement of the existing valuation methodology, obtaining price information from the Commonwealth and engaging specialist pharmaceutical valuers.

Emerging trends

Recognition of provisions without sufficient support

Several NSW Health entities raised accruals and provisions in 2020–21, which did not have an appropriate basis for recognition. Liabilities can only be recognised where there is a present obligation to make a payment arising from a past event. A number of these errors remain uncorrected in the financial statements of those entities as they are not material, individually or in aggregate to the financial statements as a whole. Increased training and guidance are required to ensure that treatment within the cluster is consistent and reflects events that have occurred and give rise to obligations.

Treatment of Commonwealth funding

In the 2020–21 and 2019–20 financial reporting periods, we observed prior period errors arising from the treatment of Commonwealth funding. These errors related to recognising revenue under funding agreements entered into with the Commonwealth in the incorrect period. The conditions of these funding arrangements, the transactional information requiring validation and the circumstances when revenue should be recognised are not always clear and can be complex. Early and continuous engagement with the Commonwealth is required to ensure that revenue recognition principles are consistently applied across the cluster.

Key repeat issues

Management of excessive annual leave

NSW Treasury guidelines stipulate annual leave balances exceeding 30 days are considered excess annual leave balances. Managing excess annual leave balances has been reported as an issue for the cluster for more than five years, with the average percentage of employees with excessive leave balances over the last five years being 36.1 per cent (35.5 per cent over five years covering 2015–16 to 2019–20).

The operational demands required to manage the COVID-19 pandemic have presented new challenges for the cluster in trying to manage its excessive leave balances. 39.2 per cent of employees now have excess leave balances at 30 June 2021 (35.4 per cent at 30 June 2020).

The state's leave policy C2020-12 Managing Accrued Recreation Leave Balances requires agencies to manage excessive leave balances to 30 days or less to maintain their workforces physical and mental health.

Accurate time recording

Forced-finalisation of time records by system administrators within HealthRoster remains an issue and we continue to observe time records forced-finalised by system administrators so pay runs can be finalised on a timely basis. During 2020–21, a total of two million (2.2 million in 2019–20) time records were force approved, which represents 5.7 per cent of total time records (6.9 per cent in 2019–20).

Existence, completeness and accuracy of key agreements

Delivery of major capital projects

Health Infrastructure (a division of the Health Administration Corporation) is responsible for the delivery of major capital projects with a budgeted spend of more than $10.0 million. Health Infrastructure oversee the planning, design, procurement, and construction phases. Capital works in progress are recognised in the financial statements of the health entity that intends to use those assets upon completion. The health entities recognise both the capital work in progress and the revenue associated with the capital funding from the Ministry for the construction of the assets. Capital funding is currently agreed with health entities as part of the annual Service Agreement. The assumption that the health entities control the assets during their construction is consistent with Health Infrastructure's role as an agent for the health entity and the Ministry's policy directive PD2020-033 'Management and control of Health Administration Corporation owned Real Property'.

We continued to observe a lack of clarity regarding agreements between Health Infrastructure, the Ministry and the cluster agency that will eventually receive the completed asset. This can lead to confusion and uncertainty around the rights and obligations of each party to the transaction.

Cross border patient funding arrangements

When patients require medical care in a jurisdiction where they are not generally domiciled, there are arrangements in place to provide funding to support cross border patient treatments. We have previously observed that agreements between NSW and other jurisdictions have not been finalised, and this continues to be the case. In the case of Victoria, no agreement has been finalised for the past seven years.

We continue to note that the cluster has long outstanding receivables and payables with other states. The absence of formal agreements between the states hampers the settlement of the debts relating to the treatment of cross border patients. The following table shows the status of Cross Border Agreements between NSW and other jurisdictions:

States 2014–15 2015–16 2016–17 2017–18 2018–19 2019–20 2020–21
Queensland Signed Signed Signed Signed Signed Not finalised Not finalised
Victoria Not finalised Not finalised Not finalised Not finalised Not finalised Not finalised Not finalised
Australian Capital Territory Signed Signed Signed Signed Signed Signed Not finalised
South Australia Signed Signed Signed Signed Signed Signed Not finalised
Tasmania Signed Signed Signed Signed Signed Signed Not finalised
Northern Territory Signed Signed Signed Signed Signed Signed Not finalised
Western Australia Signed Signed Signed Signed Signed Signed Not finalised

Albury Base Hospital

Albury Base hospital is located on the border of NSW and Victoria and services residents of both states. Documentation supporting the extension of the expired Intergovernmental Agreement 2009–2017 between NSW and Victoria in relation to the integration of health services in Wodonga and Albury could not be located.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

COVID Intensive Learning Support Program

Education
Management and administration
Project management
Service delivery
Workforce and capability

What the report is about

This audit examined a state-wide program to provide small-group tuition to students disadvantaged by the move to learning from home during 2020.

The audit assessed the design and implementation of the program.

What we found

The program design was based on research and data showing learning loss during 2020. 

The department rapidly planned and developed the policy design and guidelines for schools. 

Governance arrangements matured during program delivery.

The department changed the models for funding schools but did not clearly explain the reasons for doing so.

Government schools with over 900 students were disadvantaged by the funding model compared to smaller schools. 

Guidelines, resources and professional learning helped schools implement the program.

Staff eligibility for the program was expanded after reported difficulties in recruiting qualified teachers in some areas. 

Online tuition and third-party provider options were developed throughout the program.

There were issues with the quality and timeliness of data used to monitor school progress. 

Evaluation arrangements were developed early in the program.

Data limitations mean the evaluation will not be able to fully assess all program objectives.

What we recommended

  1. Distributing funds between schools more equitably and improving communication of the funding methods. 
  2. Clearer communication about the intended targeted group of students.
  3. Reviewing the time needed to administer the program.
  4. Improve support for educators other than qualified teachers.
  5. Offer the online tuition program to more schools.
  6. Analysis of the effects of learning from home during 2021 across equity groups and geographic areas.
  7. Working with universities to increase use of pre-service teachers in the program.

The report also identifies lessons learned for future programs.
 

Fast facts

  • $337m in total program funding. $289 million for government schools and $31 million for non government schools
  • 12 days to develop the policy and provide costings to Treasury 
  • 290,000 targeted students in government schools and 31,000 in non government schools
  • 80% of schools were providing small group tuition by the target start date of Week 6, Term 1
  • 2–4 months was the estimated student learning loss from the move to learning from home during 2020
  • 7,600 tutors engaged in the program as at September 2021.

The NSW Government announced the COVID Intensive Learning Support Program on 10 November 2020, as part of the 2020–21 NSW Budget. The primary goal of the $337 million program was to deliver intensive small group tuition for students who were disadvantaged by the move to remote and/or flexible learning, helping to close the equity gap. It included:

  • $306 million to provide small-group tuition for eligible students across every NSW Government primary, secondary and special purpose school
  • $31.0 million for around 400 non-government schools to provide small-group tuition to students with the greatest levels of need.

The objective of this audit was to assess the effectiveness of the design and implementation of the COVID Intensive Learning Support Program (the program). To address this objective, the audit assessed whether the Department of Education (the department):

  • effectively designed the program and supporting governance arrangements
  • is effectively implementing the program.

This audit focuses on activities between October 2020 and August 2021, which aimed to address the first session of learning from home in New South Wales. From August to October 2021, students in many areas of New South Wales were learning from home again, but this second period has not been a focus of this audit. On 18 October 2021, the NSW Government announced the program would be extended into 2022.

Conclusion

The COVID Intensive Learning Support Program was effectively designed to help students catch up on learning loss due to the interruptions to schooling caused by COVID-19. The department rapidly stood up a taskforce to implement the program and then developed supporting governance arrangements during implementation.

Most students in New South Wales were required to learn from home for at least seven weeks during 2020 due to the impact of the Novel-Coronavirus (COVID-19). The department researched, analysed and advised government on several options to address the learning loss that resulted. It recommended small group tuition as the preferred option as it was supported by available evidence and could be rolled out at scale with speed. It identified risks of ensuring an adequate supply of educators and options to address those risks. Consistent with its analysis of where the impact of the learning loss was most severe, the department proposed to direct funding to schools with higher concentrations of students from the most disadvantaged backgrounds.

The department established a cross-functional taskforce to conduct detailed planning and support program implementation. Short timeframes meant the taskforce initially sought approval for key decisions from the program sponsor and existing oversight bodies on an as-needed basis before dedicated program governance arrangements were formalised. Once established, the governance body met regularly to oversee program delivery.

The COVID Intensive Learning Support Program is being effectively implemented. The department has refined the program during rollout to respond to risks, issues and feedback from schools. Issues with how schools enter data into department systems have affected the timeliness and accuracy of program monitoring information.

The department provided schools with guidelines, example models of delivery, systems to record student progress and professional learning. Around 80 per cent of schools had begun delivering tuition under the program by the target date. Schools reported issues with sourcing qualified teachers as a key reason they were unable to start the program by the expected date. In response, the department expanded the type of staff schools could employ, developed an online tuition program, and allowed schools to engage third-party providers to help schools that had difficulty finding qualified teachers for the program.

The department used existing systems to monitor school progress in implementing the program. This reduced the administrative burden on schools, but there were several issues with data quality and timeliness. The program included a mid-year review point to check whether schools were on track to spend their funding. This helped focus schools on ensuring funding would be spent and allowed for redistribution between schools.

The department considered program evaluation early in policy design and planning. It embedded an evaluator on the taskforce and expanded a key assessment program to help provide evidence of impact. A process and outcome evaluation is underway which will help inform future delivery. The evaluation will examine educational impacts for students participating in the program but it has not established methods to reliably assess the extent to which the program has met a goal to help 'close the equity gap' for students.

This chapter considers how effectively the COVID Intensive Learning Support Program (the program) was designed and planned for implementation.

This chapter considers how effectively the COVID Intensive Learning Support Program was implemented over our period of review (Terms 1 and 2, 2021).

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #358 - released (15 December 2021).

View our audit program
View audit program
EXPLORE
upcoming audits
Have your say
CONTRIBUTE