About this report

Financial audit results of the NSW public universities’ financial statements for the year ended 31 December 2024.

Findings

Unmodified audit opinions were issued for all ten universities.

Six universities reported net deficits in 2024, compared to eight in 2023. Nine universities’ net results improved from 2023.

The main driver of revenue growth in 2024 was a 25.5% increase in fees and charges revenue from overseas students, due to increased enrolments of 18.9%. Revenue from domestic students increased by 12%, however, enrolment numbers remain below 2020 levels.

In 2024, revenue growth of 14.9% exceeded the 9.4% growth rate of expenses. However, universities are still recovering from the shortfalls experienced in 2022 and 2023 following financial disruptions caused by the COVID-19 pandemic.

Half of the universities show indicators of financial risk in the form of liquidity ratios of less than one and having less than three months of cash reserves to fund operating and financing activities.

The number of reported audit findings has decreased from 111 in 2023 to 98 this year. Most control deficiencies related to information technology /cyber security, governance, and payroll.

Universities are not consistently following their own procedures for recording cyber incidents, data breaches and privacy breaches.

Data breaches that required mandatory notification resulted in unauthorised access and disclosure of personal information, and mainly caused by phishing attacks and human error.

Recommendations

Universities should:

• finalise mitigating actions to address the risk of future wage underpayments and prioritise repayments to affected staff
• adequately prepare themselves to comply with the climate disclosure requirements under NSW Treasury’s reporting framework
• clearly document the requirements for business cases and post-completion reviews for capital projects
• comply with established processes when recording cyber security incidents and data breaches
• require staff to complete cyber security training regularly, include simulated phishing attacks and provide students with basic cyber security training
• create a central artificial intelligence (AI) inventory, establish and implement an AI policy and consider the benefits of establishing an AI strategy.

Read the PDF report

About this report

Financial audit results of the NSW public universities’ financial statements for the year ended 31 December 2024.

Findings

Unmodified audit opinions were issued for all ten universities.

Six universities reported net deficits in 2024, compared to eight in 2023. Nine universities’ net results improved from 2023.

The main driver of revenue growth in 2024 was a 25.5% increase in fees and charges revenue from overseas students, due to increased enrolments of 18.9%. Revenue from domestic students increased by 12%, however, enrolment numbers remain below 2020 levels.

In 2024, revenue growth of 14.9% exceeded the 9.4% growth rate of expenses. However, universities are still recovering from the shortfalls experienced in 2022 and 2023 following financial disruptions caused by the COVID-19 pandemic.

Half of the universities show indicators of financial risk in the form of liquidity ratios of less than one and having less than three months of cash reserves to fund operating and financing activities.

The number of reported audit findings has decreased from 111 in 2023 to 98 this year. Most control deficiencies related to information technology /cyber security, governance, and payroll.

Universities are not consistently following their own procedures for recording cyber incidents, data breaches and privacy breaches.

Data breaches that required mandatory notification resulted in unauthorised access and disclosure of personal information, and mainly caused by phishing attacks and human error.

Recommendations

Universities should:

• finalise mitigating actions to address the risk of future wage underpayments and prioritise repayments to affected staff
• adequately prepare themselves to comply with the climate disclosure requirements under NSW Treasury’s reporting framework
• clearly document the requirements for business cases and post-completion reviews for capital projects
• comply with established processes when recording cyber security incidents and data breaches
• require staff to complete cyber security training regularly, include simulated phishing attacks and provide students with basic cyber security training
• create a central artificial intelligence (AI) inventory, establish and implement an AI policy and consider the benefits of establishing an AI strategy.

Financial reporting is an important element of good governance. Confidence in, and transparency of, university sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines the 2024 financial reporting audit results of NSW universities.

Financial performance is a measure of an organisation’s ability to use its resources to generate revenue and manage expenses while maintaining appropriate levels of net assets and cash flows.

Financial performance also encompasses financial sustainability, which is the ability to meet current and future financial obligations without reducing essential services or borrowing money to fund successive operational deficits. This is achieved by ensuring that over the medium and longer term, revenue is sufficient to cover expenses, cash flow and risks are well managed, long-term financial planning is effective and sources of revenue are diverse.

This chapter presents our observations on the financial performance of universities in 2024.

Governance is the framework of rules, processes and systems that enable organisations to achieve goals and comply with legal requirements. Good governance promotes public confidence in the integrity and effectiveness of universities’ systems and operations. A strong system of internal controls enables universities to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations, and support ethical and transparent decision-making.

This chapter outlines our findings on internal controls and governance across the ten NSW universities.

Financial audits focus on the key internal controls and governance that support the preparation of financial statements. Breakdowns and weaknesses in internal controls can increase the risk of fraud and error. Our management letters report deficiencies in internal controls, matters of governance interest and unresolved issues to those charged with governance. These letters also include risk ratings, implications, recommendations and management responses.

Universities’ primary objectives are teaching and research. They invest most of their resources to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and standing in international and Australian rankings.

This chapter outlines enrolments and teaching outcomes for NSW universities in 2024.

This chapter focuses on the cyber security incident environment at universities, the reporting of incidents to regulators and how universities have responded to data breaches as a result of cyber security incidents. We also address how universities train their staff to identify and prevent cyber security incidents.

The Australian Government identifies that artificial intelligence (AI) presents great opportunities for all levels of government to transform service delivery and enhance productivity and wellbeing. However, AI comes with risks that require active management.

This chapter offers an overview of AI adoption in universities and the current policies in place to oversee the use of AI.

While there is no one common definition of AI, the NSW Government’s ‘Artificial Intelligence Ethics Policy’ adopts the following definition:

The Australian and NSW Governments have established policies and principles for responsible and ethical use of AI. While NSW universities are not bound by these documents, they are considered best practice. This includes:

• the Australian Government’s ‘Policy for the responsible use of AI in government’, ‘Australia’s AI Ethics Principles’ and ‘National framework for the assurance of artificial intelligence in government’
• the NSW Government’s ‘Artificial Intelligence Ethics Policy’ and ‘NSW artificial intelligence assessment framework’.

Appendix 1 - Status of 2023 recommendations 

Appendix 2 - Universities' controlled entities

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

About this report

The report presents the results of the local government sector financial audits for the year ended 30 June 2024.

Audit results

Unqualified audit opinions were issued for 124 (of 128) councils, 8 (of 9) county councils, and 11 (of 13) joint organisations.

Disclaimers of opinion were issued for Glen Innes Severn Council and the New England Weeds Authority.

Qualified audit opinions were issued for Snowy Valleys Council and Moree Plains Shire Council.

Timeliness improved as 88% of councils lodged their audited financial statements by the statutory deadline of 31 October (67% in the previous year).

Findings

Financial sustainability is a concern for some councils

There were 35 councils that met none or just one of the three key financial sustainability benchmarks. Sixteen councils have insufficient cash and investments, not subject to external restrictions, to meet three months of their expenses (excluding depreciation and interest).

Revenue growth lags expenditure growth after adjusting for inflation, resulting in negative growth in real terms.

About 40% of councils did not break even in 2023–24.

Cyber security remains a risk

Cyber security controls have improved, especially regarding cyber governance. However, control gaps were identified in cyber security training and risk management of third-party systems.

Recommendations

• The Department of Planning, Housing and Infrastructure should reduce councils’ financial reporting burden, and remove non-value-adding disclosures from financial statements.
• Councils should perform more robust month-end processes, quality reviews of financial statements and supporting working papers before they are submitted for audit.

Financial reporting is an important element of good governance. Confidence in, and transparency of, local government decision-making is enhanced when financial reporting is accurate and timely.

This chapter outlines the financial reporting audit results of councils, county councils and joint organisations.

Financial sustainability is the ability to meet current and future financial obligations without reducing essential services or borrowing money to fund successive operational deficits. This is achieved by ensuring that over the medium and longer term, revenue is sufficient to cover expenses, cash flow and risks are well managed, long-term financial planning is effective and sources of revenue are diverse.

Councils are required to prepare long-term financial plans to help ensure they remain financially viable. Benchmarks established by the OLG are used to assess past performance and indicate areas where councils are under pressure.

The graphs and tables presented in this chapter are prepared from councils’ financial statement data and in many cases represent averages of the metropolitan, regional and rural councils.

Governance is the framework of rules, processes and systems that enable organisations to achieve goals and comply with legal requirements. Good governance promotes public confidence in the integrity and effectiveness of councils’ systems and operations. A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations, and support ethical government.

This chapter outlines our findings on internal controls and governance across councils, county councils and joint organisations.

Financial audits focus on the key internal controls and governance that support the preparation of financial statements. Breakdowns and weaknesses in internal controls can increase the risk of fraud and error. Our management letters report deficiencies in internal controls, matters of governance interest and unresolved issues to those charged with governance. These letters also include risk ratings, implications, recommendations and management responses.

This chapter focuses on the cyber security environment for councils, how they have assessed and responded to the relevant risks, and the extent to which they have implemented or plan to implement controls. We also focus on how councils educate and raise awareness of cyber security risks for those with access to their IT systems and information.

The Audit Office’s Annual Work Program

Each year, the Audit Office’s Annual Work Program includes an ongoing strategic assessment of the risks and challenges facing government. It outlines future focus areas for financial audits, as well as planned performance audit topics published as a three-year rolling program. We aim to inform the NSW Parliament, the public sector and the community about key risks we identify, as well as priorities and expected timeframes for delivering our work. This helps give our stakeholders the best opportunity to prepare for, and engage with, our audits.

Our financial audit program for local government includes:

• assessments of controls and governance on cyber security
• analyses of financial sustainability
• reporting of findings and recommendations.

Audits will target the efficient and responsible use of public resources

The Government Sector Audit Act 1983 provides that the Auditor-General may have regard to the wastage of public resources in the exercise of their functions and may deal with reports made by public officials about serious and substantial waste of public money. The Audit Office defines serious and substantial waste as the uneconomical, inefficient or ineffective use of resources, whether authorised or unauthorised, and which could result in a loss of public funds or resources.

Waste can result in an opportunity cost for councils where money could have been used for better purposes, or better spent on achieving the same purpose. Waste can also lead to higher costs being incurred to address failings in either procurement, budgeting or contract management.

Our audits may focus on whether procurement practices, budgeting and contract management have effectively reduced waste.

Our performance audit program for local government includes the following performance audits in progress.

Coastal management reforms

The coast is one of NSW’s greatest assets and is home to nearly 85% of the state’s population. The NSW Government has established a framework to manage the coastal environment in a sustainable way for the wellbeing of the people of NSW. The key policy instruments are the Coastal Management Act 2016, under which local councils in the coastal zone prepare coastal management programs, and the State Environmental Planning Policy (Resilience and Hazards) 2021.

The Department of Climate Change, Energy and Water (DCCEEW) and the DPHI oversee and facilitate implementation of the coastal management framework by local councils.

This audit will answer the following questions:

• Are the DCCEEW and the DPHI effectively overseeing and facilitating councils’ implementation of the coastal management framework?
• Have councils effectively developed plans and priorities for coastal management?

Long-term financial planning

Sustainable financial management is a significant risk and priority for the local government sector. Under the legislative and policy requirements, all NSW local councils must prepare and adopt a long-term financial plan. This plan should reflect and inform decision-making for important processes like longer-term strategic planning, and immediate and short-term budget processes.

This audit will assess whether selected local councils have established effective and compliant long-term financial plans that promote financial sustainability and reflect their communities’ priorities for services and assets.

Appendix 1 – Response from the Office of Local Government within the Department of Planning, Housing and Infrastructure

Appendix 2 – Status of previous recommendations

Appendix 3 – Status of audits

Appendix 4 – Council liquidity

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What this report is about

This report focuses on the 2023–24 Consolidated State Financial Statements of the New South Wales General Government Sector (GGS) and Total State Sector (TSS), which comprise the Total State Sector Accounts.

It comments on the key matters and highlights significant factors that have contributed to the State’s financial outcomes for the year ended 30 June 2024.

Observations

The audit opinion on the Total State Sector Accounts for the year ended 30 June 2024 was unqualified.

The GGS’s net operating balance for the 2023–24 financial year was a deficit of $10.7 billion. This was $2.9 billion more than the original budgeted deficit of $7.8 billion, and $1.1 billion more than the revised budget deficit of $9.6 billion estimated during the 2023–24 half yearly review.

Revenue growth exceeded expense growth in 2022–23 and 2023–24, after several years when expenses increased in excess of revenue as the government responded to COVID-19 and natural disasters.

The State recorded $769 million in write offs of infrastructure and other assets in 2023–24, largely from transport projects including the Great Western Highway upgrade, the Beaches Link project and the Fast Rail program.

The State also wrote off $334 million of inventories including expired rapid antigen test kits and personal protective equipment.

The GGS’s net debt to gross state product increased from -0.3% in 2019 to 11.4% in 2024. It is predicted to reach 14.2% of gross state product by 2028.

The State maintained its triple-A and AA+ credit ratings.

Recommendations

Seven of nine 2023 report recommendations have been addressed.

NSW Treasury is working to address the two open recommendations relating to reviewing the financial reporting exemption framework.

The Audit Office’s annual work program

The Annual Work Program 2024–27 was published in August 2024

Each year, the Audit Office’s Annual Work Program reflects an ongoing strategic assessment of the risks and challenges facing government. It outlines subsequent focus areas for financial audits, as well as planned performance audit topics published as a three-year rolling program. We aim to inform NSW Parliament, the public sector and the community about key risks we identify, as well as our priorities and expected timeframes for delivering our work. This helps to give our stakeholders the best opportunity to prepare for, and engage with, our audits.

Our financial audit program this year included a consolidated report on the audit results of NSW Government agencies’ financial statements. The State agencies 2024 report highlighted the issues that had the most significant impact across the whole sector.

There are five key focus areas in our performance audit program:

• effective advice and decision making
• First Nations people in NSW
• environment and sustainability
• efficient and responsible use of public resources
• cyber security.

A sharper focus on information technology risks and data

The NSW public sector is increasingly reliant on information technology to improve service delivery. The Systems Assurance, Cyber and Data Branch within the Audit Office seeks to respond to the pervasive risks and opportunities associated with information technology, and the growing availability of large amounts of data. The creation of this branch reflects the prominence of data and cyber issues within our Corporate Strategy and Annual Work Program, and the importance of our information systems assurance work. The work of the branch supports our financial and performance audits, with insights reflected in our financial and performance audit reports.

The outcome we seek is a sharper focus on information technology risks within the public sector, particularly cyber security risks, to be highlighted in our performance and financial audits. Our increasing use of data for more effective audits aims to further enhance our audit reports.

The Systems Assurance, Cyber and Data Branch also plays a role in thought leadership about artificial intelligence and its impacts on the way we work and the work of the agencies we audit. This plan includes commencing our first audit focused on artificial intelligence.

Digital audit transformation

The Audit Office is embarking on a digital audit transformation which is looking at how we can better use data and technology to enhance our audits.

This transformation looks to re-imagine how we plan for, complete and report on our financial and performance audits incorporating data analytic solutions, automation and predictive analytics, leading to more efficient, effective and timely audits.

An initial key focus is on standardising and automating data requests from agencies, which will streamline processes, save time, automate some audit procedures and improve audit risk assessment and benchmarking.

We understand that there are some key enablers required to achieve this outcome and acknowledge that there are some key risks that we need to manage. Ensuring that we have a workforce that is digitally capable, and technological solutions that are fit-for-purpose, while continuing to maintain high levels of security and privacy over information is essential.

While this transformation will be staged, the support of the sector will be crucial to ensure speedy and consistent implementation across the entire sector.

Audits will target the efficient and responsible use of public resources

The Government Sector Employment Act 2013 establishes the core values of the public sector in NSW. One of these core values is that public servants should be fiscally responsible and focus on the efficient, effective and prudent use of resources.

The Government Sector Audit Act 1983 provides that the Auditor-General may have regard to the wastage of public resources and may deal with reports about the serious and substantial waste of public money. Serious and substantial waste involves the uneconomical, inefficient or ineffective use of resources, whether authorised or unauthorised, and which could result in a loss of public funds or resources.

Waste can result in an opportunity cost for government where money could have been used for a better purpose, or better spent on achieving the same purpose. Waste can also lead to higher costs being incurred to address earlier failings in program design, budgeting and management.

The Audit Office’s work program for 2024–27 includes audits that focus on identifying whether the planning and management of key programs and services has been efficient and financially responsible, and whether opportunities to avoid and reduce waste have been identified early.

Climate-related financial reporting in NSW

The NSW Government has announced the introduction of mandatory climate-related financial disclosures as part of agencies’ annual reporting.

The release of climate-related financial disclosures by government entities is intended to provide transparency on the NSW Government’s exposure to the impacts of climate change and enhance accountability over strategies to respond to risks and capitalise on opportunities.

NSW Treasury recently issued its framework for first year climate-related financial disclosures

In October 2024, NSW Treasury issued TPG24-33 ‘Reporting Framework for First Year Climate-related Financial Disclosures’ (the Framework). The Framework sets out mandatory reporting requirements, including key guiding principles and disclosure content.

The Framework is closely informed by the Australian Accounting Standards Board’s (AASBs) Australian sustainability reporting standard, AASB S2 ‘Climate-related Disclosures’. It has been tailored by NSW Treasury to reflect NSW Government circumstances and reporting entity capability and capacity.

Entity level climate-related financial disclosures will commence in stages from 1 July 2024

The disclosure obligations will commence in 2024–25 for the largest entities or those entities likely to be most exposed to material climate-related risks. Based on NSW Treasury’s assessment, 29 ‘phase 1 entities’ will apply the Framework for their 2024–25 climate disclosures.

Other entities will apply the Framework when they make their first climate-related financial disclosures in subsequent phases.

The assurance regime over climate-related financial disclosures is being developed

The Audit Office has been engaging with NSW Treasury to determine the nature and scope of independent public sector assurance over future climate-related disclosures at both a whole-of-government and agency level. Assurance requirements are expected to be staged, with NSW Treasury recently seeking expressions of interest for some phase 1 entities to have their 2024–25 climate disclosures assured by the Audit Office. Mandatory assurance for all phase 1 entities will commence in 2025–26.

Appendix 1 – Key audit matters

Appendix 2 – Prescribed entities

Appendix 3 – Controlled entities of the State

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

About this report

Results and key themes from our audits of the state agencies’ financial statements for the year ended 30 June 2024.

It also includes observations on the following areas of focus:

• risk management
• capital projects
• shared service arrangements.

Findings

The Treasurer did not table the audited Total State Sector Accounts (TSSA) in Parliament as required by the Government Sector Finance Act 2018, and Responsible Ministers did not table 16 annual reports in Parliament by the required date.

Audit results

Unqualified opinions were issued for all but one agency.  The quality of financial statements submitted for audit improved, with reported misstatements down to a gross value of $3.9 billion in 2023–24, compared to $10.8 billion in 2022–23.

Key themes

Errors in accounting for assets led to financial statements adjustments of $1.4 billion. 

Our audits identified deficiencies in key controls across financial management, payroll, contract management and procurement.

Risk management

Risk management maturity is low across most agencies. Some of the largest 40 agencies self-assess their risk maturity as requiring improvement.

Capital projects

There is a lack of transparency in the NSW budget papers relating to significant capital projects. The estimated total costs for some major projects are not published as the amounts are considered commercially sensitive. The budget papers do not provide a complete and accurate reflection of the actual costs of large infrastructure projects.

Shared service arrangements

Three of the five agencies that provide shared services to 108 customer agencies did not obtain independent assurance over the effectiveness of their control environment. 

Recommendations

The report makes recommendations to agencies to improve controls and processes in relation to:

• financial reporting
• financial management
• risk management
• shared service arrangements
• capital projects.

Financial reporting is an important element of good governance. Confidence in, and transparency of, public sector decision making is enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations relating to the financial reporting of State Government agencies.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are also essential for quality and timely decision making.

This chapter outlines observations and insights from our audits of financial statements of the 40 largest agencies in the State sector. These agencies are listed in Appendix 3.

This chapter outlines audit observations, conclusions and recommendations from our review of agencies’ risk maturity, assessment processes, governance, systems and culture across the 40 largest agencies in the state sector. These agencies are listed in Appendix 3.

This chapter outlines observations, conclusions and recommendations from our review of the 15 most significant capital projects in the State.

Shared service arrangements can centralise corporate services functions such as finance, human resources, procurement and information technology (IT). Across NSW Government agencies, many business processes and IT functions are provided on a shared services model, that is, one agency operates a business function or IT platform that is used by other agencies rather than each agency maintaining their own. These services are shared by several agencies (‘customers’), but generally are operated and managed by one agency or department (‘provider’).

This chapter outlines audit observations, conclusions and recommendations from our review of shared service arrangements provided and received by the 40 largest agencies in the state sector. These agencies are listed in Appendix 3.

This report outlines the findings on shared service arrangements.

Appendix 1 – Status of audits of consolidated entities

Appendix 2 – Status of audits of non-consolidated entities

Appendix 3 – Forty largest State agencies contents

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

About this report

Local councils in NSW manage a large proportion of roads across the state. Roads often represent a significant proportion of total council
expenditure.

How councils manage roads is impacted by their revenue, local conditions, and the needs of residents, businesses and other road users.

This audit was undertaken within the wider context of natural disasters and weather events that have significantly impacted the road network in NSW in recent years.

It assessed whether three councils had effectively managed their road assets to meet the needs of their communities, makes detailed findings and recommendations to each audited council, and identifies key lessons for the wider local government sector.

Key findings

All councils can improve how they link community consultation with planned service levels. Formalising these processes could help better demonstrate how current service levels meet community needs.

Clarence Valley Council

• has established a strategic priority for road asset management but not formal governance arrangements or a long-term capital works program
• is delivering and reporting on its work to respond to natural disasters but does not report against targets for road asset quality and service
• has set benchmarks for road asset maintenance, replacement and renewal but needs clear service levels.

Gwydir Shire Council

• did not have aligned, up-to-date asset plans during the audit period
• did not have a long-term capital works program but adopted a prioritisation program for capital works in August 2024
• did not effectively implement formal governance, or coordinate management oversight, to manage its road assets.

Wollondilly Shire Council

• has a strategic framework for road asset management and has used long-term plans to guide its asset capital and maintenance works
• has reported asset management outcomes against a planned capital works program but could improve how it uses KPIs to demonstrate performance.

This is the first performance audit of the local government sector that I am tabling in Parliament as Auditor-General for New South Wales.

Our performance audits are designed to provide valuable information to parliamentarians, sector stakeholders and the public. Ultimately, our aim is to ensure transparency, a principle that underpins effective and efficient use of public resources.

The management of roads and associated assets is a critical issue for local councils across the state. In recent years, many councils have had to contend with the immediate and ongoing effects of natural disasters.

These natural disasters, along with increased community expectations, population changes and complex regulatory obligations all contribute to financial sustainability risks for councils. Some councils have used short-term funding allocations (including emergency relief grants) to cover the costs of managing long-term assets. These councils do not have the capacity to generate sufficient income from their own sources, and therefore depend on assistance from other levels of government. Councils’ ability to plan and budget for the long term has also been disrupted by the need for new or restored infrastructure outside asset life cycles.

Several reports and inquiries in recent years have highlighted these significant financial sustainability risks. The parliamentary inquiry into the ‘Ability of local governments to fund infrastructure and services’,¹ due to be tabled soon, will be a critical input to a long-term solution.

The three councils audited in this report – Clarence Valley, Gwydir Shire and Wollondilly Shire –each experienced significant natural disasters, including fires, storms and floods during the audit period. Despite this, each audited council was able to deliver a large volume of road asset management works.

This report provides valuable lessons from these audited councils that can help all councils manage their roads more effectively in the face of evolving risks and competing resource demands.

I acknowledge this has been a difficult time for some councils across NSW. This report supports councils with practical steps to manage their roads as effectively as possible, improve their resilience to climate challenges and meet legislative requirements.

¹ The inquiry into the ‘Ability of local governments to fund infrastructure and services’ by the NSW Legislative Council Standing Committee on State Development commenced on 14 March 2024 to inquire into, and report on, the ability of local governments to fund infrastructure and services.

Background

Local councils in New South Wales (NSW) manage over 180,000 km of local and regional roads combined. These roads are crucial to travel within local government areas and across the state, improving community accessibility. Reliable roads ensure commercial and public transport can run on time, increase safety and keep the environment clean.

As roads age and deteriorate, they become more expensive to repair. Road surfaces and formations are vulnerable to both extreme heat and water exposure. These kinds of exposure have varying effects on the ways roads degrade, depending on the amount of traffic and the kinds of vehicles that use them.

Local conditions, business and road-user needs, and the impacts of natural disasters vary between councils and influence the way each council manages its roads. Regularly maintaining roads can keep roads functional and safe and prevent costly, unbudgeted repairs and replacements.

In the 2022–23 financial year (FY2022–23), the estimated total replacement cost of council road assets across NSW was around $102 billion. In the same year, local councils reported collective road asset maintenance expenditure of around $1 billion.

Since 2017, financial audits of local councils have identified asset management-related issues, including gaps in asset management processes, governance and systems. The Audit Office’s ‘Local Government 2023’ report outlined 266 asset management-related findings across the local government sector, including gaps in revaluation processes, maintenance of information in asset management systems and accounting practices.

Councils also provide a wide range of other services and infrastructure, including water and sewer infrastructure and services, waste management, environmental protection, housing, and community transport. Through integrated planning and reporting, councils determine how they will allocate resources to their services and infrastructure. Understanding community expectations for assets and services, alongside technical requirements, supports effective planning for function, cost and quality.

Audit objective

This audit assessed how effectively three councils – Clarence Valley Council, Gwydir Shire Council and Wollondilly Shire Council – are managing their road assets to meet the needs of their communities.

The audit assessed whether the selected councils:

• have a strategic framework in place for managing their road assets
• have effective governance, data and systems for road asset management
• are managing their road assets in line with planned service levels and quality outcomes.

Overview of findings

This audit assessed how effectively Clarence Valley Council, Gwydir Shire Council and Wollondilly Shire Council managed their road assets to meet the needs of their communities.

In assessing each Council’s performance, this audit concluded:

Clarence Valley Council has effectively established a strategic priority for road asset management, but delivery of this priority was not supported by formal governance arrangements or a long-term capital works program. While the Council is delivering and reporting on a large volume of road asset works in response to natural disasters, it does not report on consolidated targets for road asset quality and service. The Council has set benchmarks for maintenance, replacement and renewal of roads. It now needs to enhance this with clear service levels to ensure community needs and expectations are met.

Detailed conclusions and recommendations for the Council are outlined in sections 2.2 and 2.3. Recommendations include that Clarence Valley Council:

• updates and implements its asset management plan and associated improvement actions
• reviews and implements key performance indicators (KPIs)
• captures lessons learned from its natural disaster responses
• implements a long-term capital works program.

Gwydir Shire Council did not have aligned, up-to-date long-term asset management plans to support a strategic framework for road asset management across the audit period. The Council did not effectively implement formal governance and coordinated management oversight for its road assets. The Council implemented updates to its asset management plans in June 2024 and governance arrangements in July 2024.

The Council has reported on the large volume of works it is delivering, including in response to natural disasters, but is not reporting in the context of information about targets and quality benchmarks. The Council does not have a long-term capital works program, but adopted a prioritised rolling program of works in August 2024 to guide its priorities and efforts over time.

Detailed conclusions and recommendations for the Council are outlined in sections 3.2 and 3.3. Recommendations include that Gwydir Shire Council:

• implements its asset management plans and associated improvement actions
• formalises and documents community priorities and service level expectations for roads
• captures lessons learned from its natural disaster responses.

Wollondilly Shire Council has effectively applied a coordinated and strategic framework to deliver road asset management. The Council has long-term plans to guide its efforts and uses data to inform its approach. The Council has delivered a large volume of works in response to natural disasters during the audit period. The Council is reporting its road asset management outcomes and can demonstrate progress against a clearly defined capital works program, but its use of performance indicators could be improved.

Detailed conclusions and recommendations for the Council are outlined in sections 4.2 and 4.3. Recommendations include that Wollondilly Shire Council:

• finalises and implements its transport asset management plan
• reviews performance indicators for road assets
• formalises and documents community priorities within its integrated planning and reporting (IP&R) and asset management frameworks.

Key observations of good practice

While each council was separately audited, this report also identifies practices that contribute to effective road asset management across all local councils.

These include:

1. a good understanding and articulation of the community’s vision, priorities and purpose for local roads
2. asset management documents that are current and aligned with broader strategies and financial plans
3. long-term capital works planning that considers associated ongoing costs, and is supported by systematic prioritisation of works
4. clear and documented decision making processes
5. transparent performance reporting on progress and outcomes
6. reliable, accurate and assured data and systems
7. continuous improvement through both formal reviews and capturing lessons learned
8. resilience and responsiveness to natural disasters with a planned approach to disaster recovery.

Further lessons for local government can be found in Appendix 3.

Appendix 1 – Response from entity

Appendix 2 – Council expenditure profile

Appendix 3 – Lessons for local government road asset management

Appendix 4 – About the audit

Appendix 5 – Performance auditing

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #401 - released 21 November 2024.

About this report

Internal controls are key to the accuracy and reliability of agencies’ financial reporting processes. This report analyses the internal controls and governance of 26 of the NSW public sector’s largest agencies for the 2023–24 financial year.

Findings

There are gaps in key business processes, which expose agencies to risks. These gaps are identified in 121 findings across the 26 agencies—including 4 high risk, 73 moderate risk and 44 low risk findings. All four high-risk issues related to IT controls and 19% of control deficiencies were repeat issues. Thirty-five per cent of agencies had deficiencies in control over privileged access.

Shared IT services

Six agencies provide IT shared services to 120 other customer agencies. All six had control deficiencies—three of these were high risk. Four agencies provide no independent assurance to their customers about the effectiveness of their own IT controls.

Cyber security

Eighteen agencies assessed cyber risk as being above their risk appetite. Fourteen of these agencies had not set a timeframe to resolve these risks and two agencies have not funded plans to improve cyber security.

Fraud and corruption control

Agencies need to improve fraud and corruption control. Instances of non-compliance with TC18-02 NSW Fraud and Corruption Policy were identified, including gaps such as a lack of comprehensive employment screening policies and not reporting matters to the audit and risk committee.

Gifts and benefits

Management of gifts and benefits requires better governance and transparency. All agencies had policy and guidance but all had gaps in management and implementation—such as not publishing registers nor providing ongoing training.

Information Technology

Nine agencies did not effectively restrict or monitor user access to privileged accounts.

Recommendations

The report makes recommendations to agencies to implement proper controls and improve processes in relation to:

• organisational processes
• information technology
• cyber security
• fraud and corruption, and
• gifts and benefits.

Read the PDF report

Internal controls are processes, policies and procedures that help agencies to:

• operate effectively and efficiently
• produce reliable financial reports
• comply with laws and regulations
• support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies found across agencies.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agency controls to manage key financial systems.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' cyber security.

This chapter outlines our audit observations, conclusions and recommendations from our review of agencies' fraud and corruption control framework, policies and practices. Our Internal Controls and Governance 2018 found a number of fraud and corruption control gaps in NSW Government.

The NSW Treasury Circular TC18-02 NSW Fraud and Corruption Control Policy (the Circular) requires NSW government agencies to develop, implement and maintain a fraud and corruption control framework. The Circular sets out minimum standards for a NSW Government agency’s fraud and corruption control framework.

Previous Audit Office report on agency fraud and corruption control

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' managing of gifts and benefits.

About this report

Over 1,100 native animals, plants and ecological communities are listed as threatened in New South Wales. The Department of Climate Change, Energy, the Environment and Water (DCCEEW) delivers programs and activities aiming to reduce the risk of extinction for threatened species and ecological communities. 

This audit assessed whether DCCEEW has effectively delivered outcomes to support threatened species and ecological communities across New South Wales including delivery of the statutory Biodiversity Conservation Program (Saving our Species). 

Findings

DCCEEW uses a risk‑based approach to guide and deliver a range of programs aiming to improve the outcomes for threatened species and ecological communities.

However, DCCEEW has not effectively determined departmental priorities, coordinated programs to align efforts, or reported on the overall outcomes it is delivering for threatened species and ecological communities. 

Further, DCCEEW does not capture sufficient data to monitor species that it is not actively managing, creating a risk that it cannot readily identify or respond to further decline.

Under the Saving our Species program, DCCEEW is delivering conservation actions for less than one‑third of all threatened species and ecological communities. This number has reduced over time, in line with reduced program funding. 

Gaps in core program planning and risk management frameworks create program delivery risks. 

Recommendations

The report made several recommendations to DCCEEW, focusing on:

• Strengthening Saving our Species program compliance, governance, planning and risk management frameworks.
• Developing a long‑term framework to coordinate and align efforts across DCCEEW for the delivery of threatened species outcomes.
• Expanding activities to improve coordination with other parts of government delivering activities that impact on outcomes for threatened species.

This chapter assesses the effectiveness of DCCEEW’s ability to report on threatened species outcomes across its various programs and activities, and its strategic planning for the delivery of these outcomes at a departmental level.

Under Part 4, Division 6 of the BC Act, DCCEEW is required to deliver a Biodiversity Conservation Program. The program’s statutory objectives are to:

• maximise the long-term security of threatened species and ecological communities in nature
• minimise the impacts of key threatening processes on biodiversity and ecological integrity.

Under Section 4.36 of the BC Act, the program must have:

• strategies to achieve the objectives of the program in relation to each threatened species and threatened ecological community
• a framework to guide the setting of priorities for implementing the strategies
• a process for monitoring and reporting on the overall outcomes and effectiveness of the program.

Appendix one – Response from agency

Appendix two – Legislative and regulatory provisions relevant to threatened species

Appendix three – Programs and activities relevant to threatened species

Appendix four – Comparison of statutory provisions for the conservation of threatened species

Appendix five – About the audit

Appendix six – Performance auditing

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 Parliamentary reference - Report number #399 released 15 August 2024.

About this report

Financial audit results of the NSW public universities’ financial statements for the year ended 31 December 2023.

Audit findings

Unmodified audit opinions were issued for all ten universities.

Eight universities reported net deficits. Three of these improved on their 2022 results.

Total fees and charges returned to pre-pandemic levels, with 40.5% earned from overseas students from three countries.

Employee related expenses increased 10.2% in 2023 mainly due to an additional 2,830 full time equivalent staff, in response to increased teaching and research activities.

Key issues

The number of findings reported to management has increased to 111 matters in 2023 up from 88 in 2022.

These included one high risk finding and 62 moderate risk findings, a 72% increase from last year.

Gaps identified in universities governance processes included delays in responding to findings and recommendations; staff not attesting compliance with codes of conduct annually; and not capturing and recording staff conflicts of interests within central registers.

Seven of the ten universities have cyber security risks above what they determine as an acceptable risk. Four universities did not have a cyber security uplift program.

Recommendations

Universities should address all recommendations made in the report (see Appendix one for a summary of these).

In particular, there should be a focus on prioritising remediation of wage underpayments to affected employees; ensuring a centralised conflict of interest register is maintained for all staff; considering emerging risks in university risk registers; ensuring controlled entities are considered when determining internal audit plans; and focusing efforts to improve cyber security risk management and cyber resilience capability.

This report provides NSW Parliament with the results of our 2023 financial audits of universities in New South Wales and their controlled entities, including analysis, observations and recommendations in the following areas:

• financial reporting
• internal controls and governance
• teaching and enrolments
• cyber security.

Financial reporting is an important element of good governance. Confidence and transparency in university sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines audit observations related to the financial reporting of universities in NSW for 2023.

Appropriate financial controls help to ensure the efficient and effective use of resources and administration of policies. They are essential for quality and timely decision-making. Effective governance is essential for the stability, sustainability and ethical operation of universities. It ensures accountability, transparency and promotes responsible decision making.

This chapter outlines our observations and insights from our financial statement audits of NSW universities.

Our audits do not review all aspects of internal controls and governance every year. The more significant issues and risks are included in this chapter. These, along with the less significant matters, are reported to universities for management to address.

Universities' primary objectives are the functions of teaching and research. They invest most of their resources aiming to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and their standing in international and Australian rankings.

This chapter outlines teaching and enrolment outcomes for universities in NSW for 2023.

This chapter of the report focuses on the cyber risk environment for universities, how universities have assessed that risk, what frameworks they use to strategically identify controls that respond to those risks, and the extent to which they have implemented or have plans to implement those controls. We also address some specific controls in respect of cyber resilience.

Appendix one – List of 2023 recommendations

Appendix two – Status of 2022 recommendations

Appendix three – Universities' controlled entities

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What this report is about

Results of the local government sector financial statement audits for the year ended 30 June 2023.

Findings

Unqualified audit opinions were issued for 85 councils, eight county councils and 12 joint organisations.

Qualified audit opinions were issued for 36 councils due to non-recognition of rural firefighting equipment vested under section 119(2) of the Rural Fires Act 1997.

The audits of seven councils, one county council and one joint organisation remain in progress at the date of this report due to significant accounting issues.

Fifty councils, county councils and joint organisations missed the statutory deadline of submitting their financial statements to the Office of Local Government, within the Department of Planning, Housing and Infrastructure, by 31 October.

Audit management letters included 1,131 findings with 40% being repeat findings and 91 findings being high-risk. Governance, asset management and information technology continue to represent 65% of the key areas for improvement.

Fifty councils do not have basic governance and internal controls to manage cyber security.

Recommendations

To improve quality and timeliness of financial reporting, councils should:

• adopt early financial reporting procedures, including asset valuations
• ensure integrity and completeness of asset source records
• perform procedures to confirm completeness, accuracy and condition of vested rural firefighting equipment.

To improve internal controls, councils should:

• track progress of implementing audit recommendations, and prioritise high-risk repeat issues
• continue to focus on cyber security governance and controls.

Pursuant to the Local Government Act 1993 I am pleased to present my Auditor-General’s report on Local Government 2023. My report provides the results of the 2022–23 financial audits of 121 councils, eight county councils and 12 joint organisations. It also includes the results of the 2021–22 audits for two councils and two joint organisations which were completed after tabling of the Auditor-General’s report on Local Government 2022. The 2022–23 audits for eight councils, one county council and one joint organisation remain in progress due to significant accounting issues.

This will be my last consolidated report on local councils in NSW as my term as Auditor-General ends in April. Without a doubt, the change in mandate to make me the auditor of the local government sector has been the biggest challenge in my term. Challenging for councils as they adjust to consistent audit arrangements and for the staff of the Audit Office of NSW as they learn about the issues facing NSW councils.

The change in mandate aimed to improve the quality of financial management and reporting across the sector. This will take time. But this report does show some ‘green shoots’ with more councils submitting financial reports to the Office of Local Government by 31 October and more councils having Audit, Risk and Improvement Committees. 

I also want to acknowledge that councils face significant challenges responding to and recovering from emergency events whilst cost and resourcing pressures have been persistent.

The findings from our audits identify opportunities to further improve timeliness and quality of financial reporting and integrity of systems and processes. The recommendations in this report are also intended to improve financial management and reporting capability, encourage sound governance, and boost cyber resilience.

Margaret Crawford PSM
Auditor-General for New South Wales

Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines audit observations related to the financial reporting audit results of councils, county councils and joint organisations.

A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations, and support ethical government.

This chapter outlines the overall trends in governance and internal controls across councils, county councils and joint organisations in 2022–23.

Financial audits focus on key governance matters and internal controls supporting the preparation of councils’ financial statements. Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues are reported to management and those charged with governance through audit management letters. These letters include our observations with risk ratings, related implications, and recommendations.

Appendix one – Response from the Office of Local Government within the Department of Planning, Housing and Infrastructure

Appendix two – NSW Crown Solicitor’s advice

Appendix three – Status of previous recommendations

Appendix four – Status of audits

Appendix five – Councils received qualified audit opinions for non-recognition of rural firefighting equipment

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.