Refine search Expand filter



Actions for Universities 2023

Universities 2023

Cyber security
Financial reporting
Information technology
Internal controls and governance
Service delivery

About this report

Financial audit results of the NSW public universities’ financial statements for the year ended 31 December 2023.

Audit findings

Unmodified audit opinions were issued for all ten universities.

Eight universities reported net deficits. Three of these improved on their 2022 results.

Total fees and charges returned to pre-pandemic levels, with 40.5% earned from overseas students from three countries.

Employee related expenses increased 10.2% in 2023 mainly due to an additional 2,830 full time equivalent staff, in response to increased teaching and research activities.

Key issues

The number of findings reported to management has increased to 111 matters in 2023 up from 88 in 2022.

These included one high risk finding and 62 moderate risk findings, a 72% increase from last year.

Gaps identified in universities governance processes included delays in responding to findings and recommendations; staff not attesting compliance with codes of conduct annually; and not capturing and recording staff conflicts of interests within central registers.

Seven of the ten universities have cyber security risks above what they determine as an acceptable risk. Four universities did not have a cyber security uplift program.


Universities should address all recommendations made in the report (see Appendix one for a summary of these).

In particular, there should be a focus on prioritising remediation of wage underpayments to affected employees; ensuring a centralised conflict of interest register is maintained for all staff; considering emerging risks in university risk registers; ensuring controlled entities are considered when determining internal audit plans; and focusing efforts to improve cyber security risk management and cyber resilience capability.

Read the PDF report


Actions for Oversight of the child protection system

Oversight of the child protection system

Community Services
Internal controls and governance
Management and administration
Service delivery
Shared services and collaboration
Workforce and capability

About this report

This audit assessed the effectiveness of the Department of Communities and Justice (DCJ) in planning, designing, and overseeing the NSW child protection system.

The audit used 'follow the dollar' powers to assess the performance of five non-government organisations (NGOs), that were contracted to provide child protection services. More information about how we did this is included in the full report.


The NSW child protection system is inefficient, ineffective, and unsustainable.

Despite recommendations from numerous reviews, DCJ has not redirected its resources from a ‘crisis driven’ model, to an early intervention model that supports families at the earliest point in the child protection process.

DCJ's organisational structure and governance arrangements do not enable system reform.

DCJ has over 30 child protection governance committees with no clarity over how decisions are made or communicated, and no clarity about which part of DCJ is responsible for leading system improvement.

DCJ's assessments of child protection reports are labour intensive and repetitive, reducing the time that caseworkers have to support families with services.

DCJ has limited evidence to inform investments in family support services due to a lack of data about the therapeutic service needs of children and families. This means that DCJ is not able to provide relevant services for families engaged in the child protection system. DCJ is not meeting its legislated responsibility to ensure that families have access to services, and to prevent children from being removed to out of home care.

DCJ does not monitor the wellbeing of children in out of home care. This means that DCJ does not have the information needed to meet its legislative responsibility to ensure that children 'receive such care and protection as is necessary for their safety, welfare and well-being’.

In August 2023, there were 471 children living in costly and inappropriate environments, such as hotels, motels, and serviced apartments. The cost of this emergency accommodation in 2022–2023 was $300 million. DCJ has failed to establish ‘safe, nurturing, stable and secure’ accommodation for children in these environments.

Since 2018–19, the number of children being returned to their parents from out of home care has declined. During the five years to 2022–23, families have had limited access to restoration services to support this process.


The audit made 11 recommendations to DCJ. They require the agency to identify accountability for system reform, and to take steps to ensure that children and families have access to necessary services and support.


Read PDF report

Parliamentary reference - Report number #394 - released 6 June 2024


Actions for Safeguarding the rights of Aboriginal children in the child protection system

Safeguarding the rights of Aboriginal children in the child protection system

Community Services
Internal controls and governance
Project management
Service delivery
Shared services and collaboration

About this report

The Department of Communities and Justice (DCJ) is responsible for safeguarding the rights of Aboriginal children, families, and communities when they encounter the child protection system. These rights are known as the Aboriginal and Torres Strait Islander Principles (the Principles), which are set out in legislation.

DCJ provides early intervention, prevention and out of home care services and also subcontracts non-government organisations to provide these services.

This audit assessed whether DCJ, and five funded non-government organisations that provide out of home care services, are effectively safeguarding the rights of Aboriginal children in the child protection system.


DCJ cannot demonstrate its compliance with the Principles. DCJ has not embedded the Principles in its governance, accountability arrangements, policy and day-to-day casework practice.

Insufficient governance and accountability arrangements have contributed to DCJ's failure to deliver on Aboriginal strategies and reforms in the last five years.

DCJ has not developed holistic family preservation models based on Aboriginal ways of healing.

DCJ is aware that its structured decision-making tools, used to make significant casework decisions, adversely affect Aboriginal children and their families. However, DCJ continues to use the tools.

DCJ has no quality assurance mechanisms over its child protection system and casework practice.

As system steward, DCJ has not provided non-government organisations with means to satisfy the Principles.


The audit recommends that DCJ:

  • establish governance and accountability arrangements that provide oversight of the safeguards and outcomes for Aboriginal children and families
  • develop and implement a quality assurance framework to ensure compliance with safeguards for Aboriginal children at all points in the child protection system
  • fulfil its commitment to develop and implement a healing framework for child protection services
  • commission family preservation services consistent with the principles of self-determination and participation set out in the Principles.

Read the PDF report

Parliamentary reference - Report number #395 - released 6 June 2024.


Actions for Workers compensation claims management

Workers compensation claims management

Management and administration

What this report is about

Workers compensation schemes in NSW provide compulsory workplace injury insurance. The effective management of workers compensation is important to ensure injured workers are provided with prompt support to ensure timely, safe and sustainable return to work.

Insurance and Care NSW (icare) manages workers compensation insurance. The State Insurance Regulatory Authority (SIRA) regulates workers compensation schemes. NSW Treasury has a stewardship role but does not directly manage the schemes.

This audit assessed the effectiveness and economy of icare’s management of workers compensation claims, and the effectiveness of SIRA’s oversight of workers compensation claims.


icare is implementing major reforms to its approach to workers compensation claims management - but it is yet to demonstrate if these changes are the most effective or economical way to improve outcomes.

icare’s planning and assurance processes for its reforms have not adequately assessed existing claims models or analysed other reform options.

icare's activities have not focused enough on its core responsibilities of improving return to work and maintaining financial sustainability.

SIRA has improved the effectiveness of its workers compensation regulatory activities in recent years. Prior to 2019, SIRA was mostly focussed on developing regulatory frameworks and was less active in its supervision of workers compensation schemes.

NSW Treasury's role in relation to workers compensation has been unclear, which has limited its support for performance improvements.


icare should:

  • Ensure that its annual Statement of Business Intent clearly sets out its approach to achieving its legislative objectives.
  • Monitor and evaluate its workers compensation scheme reforms.
  • Develop a quality assurance program to ensure insurance claim payments are accurate.

NSW Treasury should:

  • Work with relevant agencies to improve public sector workers compensation scheme outcomes.
  • Engage with the icare Board to ensure icare's management is in line with relevant NSW Treasury policies.

SIRA should:

  • Address identified gaps in its fraud investigation.
  • Develop a co-ordinated research strategy.

Workers compensation schemes in New South Wales provide workplace injury insurance for around 4.7 million workers. The effective management of workers compensation is important to ensure injured workers are appropriately supported and provided with prompt treatment to ensure timely, safe and sustainable return to work. There were around 110,000 injured workers compensation claims in 2022–23.

The two main workers compensation schemes in NSW are the Nominal Insurer (NI), which is for the private sector and is funded by premiums paid by employers, and the Treasury Managed Fund (TMF) which covers public sector workers and is funded by the NSW Government.

Insurance and Care NSW (icare) is responsible for managing the provision of workers compensation insurance, as well as several other insurance schemes. The State Insurance Regulatory Authority (SIRA) is responsible for regulating workers compensation and other insurance schemes. NSW Treasury has an oversight and monitoring role but does not directly manage or regulate workers compensation schemes.

icare outsources the management of workers compensation claims to several external insurance agents, which it refers to as claims service providers (CSPs). Tasks completed by CSPs include registering and assessing workers compensation claims, managing payments to injured workers, and liaising with injured workers, employers, and medical providers to support injury management and return to work.

The objective of this audit was to assess the effectiveness and economy of icare’s management of workers compensation claims, and the effectiveness of SIRA’s oversight of workers compensation claims. To address this objective, the audit considered whether icare’s reforms to its workers compensation claims management models are effective and economical, and whether there is an effective performance and accountability framework for the NI and TMF.

icare did not assess its existing claims management model or conduct a comprehensive options analysis assessing alternative claims management models before selecting its new claims management model for the Nominal Insurer

In 2021, icare decided to change the claims management model for the Nominal Insurer (NI) from a single outsourced claims service provider (CSP) to a model using multiple CSPs. icare did not conduct a detailed analysis of options before deciding on its new claims management model for the NI. icare did not complete a business case or undertake analysis of costs and benefits of the chosen model compared to other options, such as in-house provision of services by icare, a hybrid delivery model, or remaining with a single-provider model with improved support and performance incentives.

icare completed a procurement strategy which acknowledged a potential alternative model based on icare delivering claims management services. However, there was no detailed analysis or costing of this or other models for comparison with the outsourced model that had been chosen. The in-house provision option was not recommended because it was stated that ‘competition between external service providers can drive better performance than what icare could achieve’. The 2019 Independent Review Report on the NI recommended that icare use additional providers to reduce the pressure on its single provider. It was appropriate for icare to consider this recommendation when developing its new claims model, but it does not remove the need for icare to conduct its own detailed analysis to support decision making on major projects.

The absence of a business case or other similar detailed analysis reduces icare’s accountability for improved outcomes. It also means the stated benefits and costs of icare’s claims services model have not been fully tested. Introducing competition and performance-based payments to CSPs might improve return to work and financial sustainability outcomes but could create perverse incentives or increase the risk of CSPs withdrawing from contracts. A business case would have also provided information that could have been used to inform an evaluation framework for the new claims services model, including interim measures to help assess whether intended benefits are on track.

A business case is the primary document to outline the case for change and analysis of alternative options, as well as the costs, benefits and financial viability of the proposal. icare’s procurement policy does not require the development of a business case, but the NSW Procurement Strategy and NSW Treasury Business Case Guidelines require agencies to demonstrate value for money by submitting a business case to NSW Treasury for investment proposals over $10 million. At the point when icare sought approval from the icare Board to commence the procurement process, the maximum total contract value for the engagement of the six providers was estimated at between $3.7 billion and $6.4 billion over ten years.

icare conducted a comprehensive procurement process to select CSPs for its new NI claims management model

The procurement process for new providers for the NI involved an open market process that included extensive engagement with potential CSPs. This allowed icare to improve its understanding of the capacity and capability of providers and work collaboratively to refine the details of its claims management model.

icare developed a detailed procurement strategy that outlined the objectives of the new model, expected costs, services sought, governance framework, and an evaluation plan. icare provided regular updates to the icare Board on the progress of the procurement process and sought approval for key decisions about the changes being made.

icare met its planned timeframe for having contracts with multiple CSPs in place by 1 January 2023. icare’s contracts provide it with flexibility to adjust the performance measures after three years if required. The contracts also require 12 months’ notice from the CSP if they wish to withdraw from the contract. This helps icare to manage the risk of a reduction in capacity to manage claims if an existing CSP withdraws.

icare is implementing a new remuneration structure for CSPs which aims to provide better financial incentives to improve performance

The icare Board approved the introduction of a multiple provider model as part of its NI Improvement Program in December 2021. As a part of planning for the change, icare developed a different remuneration structure for the new CSP contracts that aim to create stronger incentives for innovation to improve performance. The previous remuneration model for providers involved a guaranteed fee that was set at 110% of the estimated cost of providing the service and had no financial penalties if CSPs did not meet performance targets. The new remuneration model splits the fees paid to CSPs into three categories:

  1. a base fee, a guaranteed fixed fee which covers 95% of a benchmarked cost agreed by icare and CSPs (this was the estimated cost of providing the service in an efficient way)
  2. a quality fee, which may be positive (up to ten per cent of the benchmarked cost) or negative (up to five per cent) depending on the CSP’s performance against the quality measures specified in the contract. These are mostly related to compliance with claims management processes such as timeliness, accuracy, and record keeping
  3. an outcome fee up to 50% of the benchmarked cost depending on the CSP’s performance against the outcome measures specified in the contract. These relate to the key performance measures in the system such as return to work rates, claim payments made, and medical costs. The outcomes fee can only be earned if the CSP achieves acceptable performance in the quality measures.

This remuneration model aims to provide CSPs with financial incentives to improve performance. Setting the 'base fee' at slightly below the expected cost of providing the service should mean that CSPs need to meet their quality measures to ensure they cover costs and would need to exceed performance targets in order to increase its profit margin. The success of this model will depend on factors including the appropriateness of the base fee and performance targets, and the behaviour of CSPs. These changes are not yet fully implemented and icare is taking a staged approach to the transition of new CSPs, so it is too early to judge their effectiveness.

icare’s new remuneration structure will increase payments to CSPs for the NI without initially requiring improved performance

The new provider model is expected to cost up to $100 million more per year compared to icare’s previous, single provider model. This fee increase depends on the extent to which CSPs achieve its outcome targets. For example, if all CSPs improve their performance to a level where they meet all of their performance targets, the full $100 million would be paid to CSPs. A lower amount would be paid if some CSPs did not achieve outcome targets. icare’s modelling indicates that the extra costs in payments to CSPs would be offset by reductions in payments to injured workers as a result of improvements in return to work rates.

For at least the first year of the new model, icare has committed to paying a proportion of the outcome fees to CSPs even if they do not achieve their performance targets. This is intended to support CSPs to invest in their systems with the goal of achieving better longer-term performance. However, it means that icare will initially pay higher fees for similar or potentially lower performance.

icare lowered the return to work rate targets in 2023 compared to 2022 to account for the impact of the transition to the new multiple provider claims management model. Exhibit 9 shows the differences between the targets in 2021–22 and 2022–23.

Exhibit 9: Return to work rate targets for the NI, 2021–22 and 2022–23
 Business Plan FY22 (%)Business Plan FY23 (%)Change
Return to work targets

4-week: 70.0%

13-week: 85.0%

26-week: 87.8%

52-week: 89.8%


4-week: 65.4%

13-week: 77.5%

26-week: 82.1%

52-week: 85.6%

4-week: -4.6%

13-week: -7.5%

26-week: -5.7%

52-week: -4.2%

Source: icare planning documents (unpublished).

CSP remuneration has increased from around $251 million in 2018–19 to almost $379 million in 2022–23, an increase of more than 50%. CSP remuneration has increased in each financial year during this period (Exhibit 10).

icare’s focus for reforming the TMF is not based on addressing key strategic challenges for the scheme

icare initiated a ‘TMF transformation program’ in 2022. The business case for the TMF transformation program did not include an assessment of the key strategic challenges for the TMF or describe how the transformation would improve return to work rates. Instead, it focused predominantly on the implementation of a single IT platform for managing workers compensation claims. While a single IT platform may be an important technological enabler for claims management, it does not address the underlying strategic issues that contributed to a decline in claims management performance and increase in costs in the TMF.

icare’s analysis indicates that the implementation of the new IT system will cause a short-term decline in return to work rates for the TMF. Reducing performance in return to work rates, even if only temporarily, can have a long-term impact on outcomes for affected workers and for scheme costs. icare’s internal modelling indicates that if the early stages of a claim are not managed well, claimants are much more likely to have a long-term claim.

The primary purpose of the workers compensation scheme is to optimise return to work outcomes for injured workers and to maintain the financial sustainability of the schemes. Previous reviews have stated that icare should apply a return to work focus for all its activities because this is the outcome on which it is judged by Parliament, workers, employers and the community.

icare has commenced a procurement process for the TMF without conducting detailed analysis of its claims management model

In December 2023, icare completed a procurement strategy for approval by the icare Board to guide its procurement of CSPs for the TMF. The TMF procurement strategy refers to the broader improvement objectives for the TMF, which include improving return to work performance and increasing capability to manage psychological injury claims. It contains a brief analysis of an in-house claims management model compared to an out-sourced approach. However, it does not include detailed analysis of options for its claims management model. This analysis contained a similar amount of detail as the procurement strategy for the NI (see Chapter 2). It did not include any evaluation of the outsourced model that icare has used previously and did not assess options for hybrid models that use a mixture of in-house and outsourced services. icare has had the same claims management model for the TMF, using the same three CSPs prior to its establishment in 2015. icare inherited contractual arrangements with three CSPs that had commenced in 2010. Its most recent procurement process for CSPs took place in 2019. Before commencing this procurement, icare did not evaluate the effectiveness of the arrangements that were in place from 2010 to 2019 or analyse alternative options for claims management models.

icare plans to draw on the work done for the NI procurement of CSPs in 2022 by using clauses in the NI contracts to extend them to cover TMF work. icare has also commenced an open expression of interest process to engage with other potential CSPs for the TMF.

The TMF procurement strategy sets out options for a revised performance and remuneration framework for CSPs in the TMF. This is based on the work done for the NI procurement and has the same goal of providing stronger financial incentives for CSPs to improve their claims management performance.

icare’s analysis estimates that these changes will lead to savings because the new remuneration model will improve CSP performance, which will reduce overall scheme costs. However, the estimates presented in the TMF procurement strategy, which was presented to the icare Board for approval, do not have supporting analysis or completed modelling of costs. A key gap is the details used to estimate the actual costs for CSPs to deliver the services, which underpins the payment amounts under the revised remuneration framework. The strategy also does not include analysis of risks, such as impacts to return to work rates because of the transition to a new model. Without these details, icare cannot demonstrate that its planned approach is likely to deliver value for money.

Fees paid to CSPs for the TMF have increased significantly in recent years despite previous forecasts of reductions in fees paid and improvements in performance

icare’s payments to CSPs managing TMF claims has increased by around 30% in the last five years, rising from around $90 million in 2018–19 to around $125 million in 2022–23. This increase in payments to CSPs occurred during a period when return to work performance declined by two percentage points and the total payments for workers compensation claims increased by around 60%. The number of claims received also increased significantly in this time, as noted in Chapter 1.

Some of icare’s reform activities aim to improve return to work and financial sustainability

One of the stated goals of icare’s NI improvement program is ‘getting injured workers back to work sooner’ and the improvement program includes implementing a new claims management model for the NI (discussed in Chapter 2). Alongside this program, icare has made other changes that aim to improve the day-to-day claims management processes. In recent years icare has begun working to clarify roles and responsibilities for the claims management process. This has included consultation with CSPs and producing written documents that specify which issues should be handled by CSPs and which should be referred to icare.

icare has also developed a Professional Standards Framework that aims to provide a consistent set of standards that case managers are expected to adhere to. This framework sets out minimum standards and capability expected of CSP staff. It is a contractual requirement for NI providers to comply with the framework through its recruitment and training for staff. The framework is intended to also apply to the TMF but is not yet included in TMF provider contracts. Since 2021, icare has also provided training material to CSPs focussing on key aspects of claims management. Training covers topics that have previously been identified as areas of weakness, such as the calculation of weekly payments, initial contact, and injury management.

icare’s accountability for achieving scheme outcomes is not clear enough

While the practical changes discussed have the potential to help improve claims management performance, icare’s acceptance of overall accountability for scheme outcomes remains unclear. In 2021, icare considered several ‘business models’ that would guide its overall approach to reforming its workers compensation claims models. It decided to adopt what it described as a ‘platform’ model, which positioned icare as a facilitator and focused on self-direction and choice for employers and employees. Among the models that it chose not to adopt was a ‘scheme administrator’ model, which was characterised by transparency and clear accountability for performance.

This underlying approach can be seen in icare’s reforms to the claims management model for the NI. Some elements of the reforms target improvements in return to work outcomes, such as the introduction of performance-based payments to CSPs (discussed in Chapter 2). However, icare described the goal of the reforms as creating a competitive market of CSPs that would provide choice to employers, which indicates icare taking accountability for implementing system changes but not for the achievement of outcomes. icare’s plans for reforms to the TMF are similarly focused on icare’s accountability for providing support systems for workers compensation schemes, rather than accepting responsibility for ensuring the key outcomes are achieved.

The management of workers compensation schemes is a complex task. There are external factors outside icare’s control that influence the key performance measures of return to work and scheme financial viability. However, as the provider of workers compensation schemes, icare is primarily accountable for improving return to work rates for the NI and TMF and its strategies and activities should be focused accordingly. icare’s most recent corporate strategy documents described its current phase of its organisational strategy as ‘increase focus on those we serve’. This is a positive change from the previous year when the same phase was described as ‘simplify for improved outcomes’.

icare has committed significant resources to internal organisational improvement programs

icare has committed significant resources to an organisational improvement program in recent years. The program responds to the recommendations of previous external reviews (summarised in Chapter 1). These reviews made a combined total of 107 recommendations. Of these, 98 related to ‘enterprise improvement’, covering internal processes such as governance, procurement and risk management. The focus of the recommendations on internal processes reflects the terms of reference for these reviews. As a result, icare’s improvement program has a focus on internal organisational change, rather than a broader strategic assessment of the key challenges to the performance of workers compensation schemes, such as the rise in psychological injury claims.

The program has been overseen by an external advisor and quarterly reports have been published that outline progress, with the first report published in December 2021 and the most recent in August 2023. Accountability for implementing recommendations of external reviews is important. However, the strong focus on internal organisational projects has contributed to increases in icare’s operating expenses without fully addressing the strategic challenges to the key legislative objectives of workers compensation schemes – optimising return to work outcomes and ensuring financial sustainability.

icare’s employee and other operating expenses have increased significantly during a period when workers compensation scheme performance has not improved

According to its annual financial reports, icare’s total employee expenses have increased significantly in recent years. The total number of employees at icare increased from 1,431 in 2020–21 to 1,756 in 2022–23, an increase of 23%. icare’s budget for 2023–24 includes a further increase in staff numbers to 1,800.

There has been a corresponding increase in icare’s employee expenses, with staff costs increasing by 29%, from $214 million in 2020–21 to $276 million in 2022–23. icare did not take on any new functions during this period and the performance of the NI and TMF did not improve, as described in Chapter 1. Over the past three years icare has added the highest number of new employee positions in the ‘digital and transformation’ area. Additional staff positions have also been created in corporate areas including people and culture and risk and governance. Many of these positions relate to icare’s improvement program.

icare’s other operating expenses have also increased in recent years, rising from $699 million in 2020–21 to $814 million in 2022–23. The majority of icare’s other operating expenses are fees paid to CSPs. However, icare has also spent a significant amount on contractors, contingent workers, and consultants in recent years, despite also increasing its permanent staff numbers. Some of these contractor and consultant expenses related to icare’s improvement program discussed above. Over the last three years, icare spent an average of more than $100 million per year on hired labour, comprised of:

  • $60 million per year on contractors
  • $35 million per year on contingent workers
  • $8 million per year on consultants.

icare completed a review of its corporate expenses in September 2023 and reported the results of this review to the icare Board. icare’s review stated that it had reduced its expenses by a total of $88 million from 2019–20 to 2021–22. This included a reported decrease of $40 million in spending on contractors and contingent workers, which is in contrast to its annual financial reporting data which shows an increase of $25 million during this period. icare’s expenses review used management reporting data which categorises expenses differently to the way expenses are categorised in annual financial statements. For example, a large proportion of expenditure on contractors and contingent workers was categorised as project expenditure in icare’s management reporting. While this may be appropriate for management reporting purposes, it resulted in icare reporting lower expenditure on contractors and contingent workers in its expenses review compared to its annual reporting.

The number of icare senior executives in the top pay band for the NSW public service increased from two in 2021–22 to eight in 2022–23. The average remuneration of icare’s senior executives in 2022–23 was $652,000. This is more than double the average remuneration for the two senior executives that were in the highest pay band at the former WorkCover Authority, icare’s predecessor agency, in its last year of operation in 2014–15. It is also approximately double the average remuneration for senior executives at icare’s equivalent entities in comparable jurisdictions. The average remuneration for the ten senior executives at WorkSafe Queensland in 2022–23 was $285,000 and the average remuneration for the 11 senior executives at WorkSafe Victoria was $276,000.

icare spent at least $470 million on projects that were intended to improve the operations of the workers compensation schemes between 2016–17 and 2019–20. This includes the implementation of a single provider claims management model and the introduction of a new IT platform but does not include the cost of contractors and consultants who worked on these projects. Previous external reviews of icare found that these projects did not achieve their objectives and contributed to a deterioration in performance against the key legislative objectives for workers compensation of return to work and financial sustainability. icare spent another $45 million on moving back to a multiple provider model for the NI from 2023.

icare’s reporting on the performance of workers compensation schemes has not provided a clear indication of performance in its core areas of responsibility

icare’s public reporting has not provided transparency in the key areas of return to work and financial sustainability of workers compensation schemes. Prior to 2019–20, icare did not report publicly on its return to work rate targets in the NI. icare did not report on a TMF return to work target until 2022–23. icare’s four most recent annual reports have included an ‘enterprise performance scorecard’. In 2021–22 this scorecard had 11 measures, with only four that related to insurance scheme performance (return to work rate in the NI, net results in NI, net results in TMF and investments). The scorecard had seven measures that related to icare’s internal processes in that year, such as staff engagement scores, risk management, and internal audit. In 2022–23, the scorecard included five measures that related to insurance scheme performance. However, the measure relating to return to work performance for the NI had changed from the previous years. As a part of its reforms to the NI, icare plans to publish more information about workers compensation scheme outcomes on its website. It commenced this reporting in December 2023.

The key document outlining icare’s strategic approach to managing its operations is the Statement of Business Intent (SBI). The measure icare has used for reporting on return to work targets for the NI in its SBI has changed in each of the last four years. Exhibit 13 shows icare’s internal reporting on NI return to work targets since 2020–21. The frequent changes to the way icare has reported on its key performance measures make it difficult to track its performance over time.

Exhibit 13: Return to work measures used for reporting in icare’s Statement of Business Intent (SBI), 2020–21 to 2023–24
Financial yearReporting measure for return to work in SBI
2020–21Return to work rate measured at 26 weeks after claim made
2021–22Return to work rate measured at 4, 13, 26 and 52 weeks after claim mad
2022–23Return to work rate measured at 13 weeks after claim made
2023–24Return to work rate measured as ‘working rate’ (using a different methodology)

SIRA has recently updated its strategic framework to improve the effectiveness of its regulatory activities

One of SIRA's principal legislative objectives is to provide effective supervision of the workers compensation system. SIRA updated its strategic framework in 2021. The strategy outlines guiding considerations across four ‘pillars’ of SIRA’s regulatory work: scheme design, licensing, supervision, and enforcement.

SIRA has increased its focus on supporting improvements to return to work outcomes in recent years. It commissioned a research paper to inform SIRA's system-wide strategy to improve return to work rates. This paper provides a summary of the current evidence relating to factors most likely to support better return to work outcomes. This research has been used to inform SIRA's strategies and plans. For example:

  • SIRA has a return to work action plan which outlines ten actions aimed at supporting improvements in return to work rates. Actions include reviewing insurers’ return to work practices in 2022, developing a return to work standard of practice, and targeting compliance work to employers identified as higher risk.
  • SIRA advises it is currently developing a ‘Recover Through Work Strategy’ which expected to replace its action plan. The draft strategy covers research, promotion and education activities related to early intervention, psychological injuries, and additional data and insights relating to return to work.
  • SIRA developed a mental health recovery and support action plan in 2021 based on research it had commissioned. 

SIRA has used regulatory instruments including written directions and letters of censure to icare when it has identified issues that require remediation, as noted in Chapter 2. SIRA’s ability to regulate the workers compensation scheme is limited by the fact that it cannot impose licence conditions on the NI or other entities, which limits its ability to escalate its regulatory responses if needed.

A previous review of the legislative arrangements for workers compensation recommended that SIRA should be given additional powers to ensure it can fully perform its regulatory functions for workers schemes. The review also found the roles and responsibilities between icare and SIRA were unclear in some areas. For example, workers compensation legislation allocates operational functions to SIRA which has created duplication and inefficiencies as noted in this chapter. The review recommended government consider amending legislation to state clearly the powers and functions of each entity. Both issues are yet to be addressed.

SIRA was mostly focussed on developing regulatory guidelines and frameworks in the years after it was established

SIRA was created in late 2015 and was tasked with regulating multiple insurance schemes and establishing operational frameworks to supervise each insurance scheme within its remit. In the initial years of SIRA’s establishment, SIRA developed guidelines and standards around the management of workers compensation. For example, SIRA’s first Standards of Practice was issued in 2018 and contained broad claims management principles to guide insurer conduct and support the achievement of scheme legislative objectives. SIRA also first published an Insurer Supervision Model in 2017 which outlined SIRA’s approach to monitoring and supervising the performance across workers compensation insurers. The model contained compliance and performance indicators to help SIRA identify and address risks in the areas of conduct, claims management and financial sustainability. SIRA advises this supervision model assisted it to identify a significant decline in the performance of the NI in 2018, which led SIRA to commission its first independent review of the NI in 2018–19.

SIRA has become more active in its regulation of the NI but only recently started actively supervising the TMF

SIRA increased its monitoring and supervision of the NI following the findings of the 2019 review, with SIRA commencing quarterly compliance and performance audit of claims management of the NI from July 2020. SIRA’s reviews of the NI had a strong focus on compliance with specific legislative requirements, in response to concerns about a lack of capability among claims managers at the time. Some of SIRA's more recent reviews of the NI have selected a strategic focus area, such as compliance with the ‘early intervention’ requirements of claims management. This theme was selected based on research evidence indicating that the management of a claim in the first four weeks has a significant impact on return to work outcomes. SIRA advises that future audits will use a risk-based approach and focus on areas in which low compliance has been identified and there is evidence that the compliance requirement is based on better outcomes, such as injury management planning.

SIRA has issued two penalty notices as a result of its increased oversight on the NI:

  • The penalty notice issued on 6 September 2019 totalled $132,000. The penalties were imposed for icare’s failure in 24 instances to commence weekly workers compensation payments within seven days of initial notification of the injury to the insurer.
  • The penalty notice issued on 22 January 2020 totalled $82,500. The penalties were issued for icare’s failure in ten instances to ensure employer’s premium rate does not increase by more than 30% from the previous policy year, as required in SIRA’s premium guidelines. icare’s failure to comply with the capping requirement led to impacted policy holders paying an additional premium totalling over $700,000.

SIRA began regularly reporting to government on NI financial sustainability in 2016–17, with its first report provided to government in August 2018. The 2016–17 report noted generally that a new claims model had been implemented from January 2018 which may impact claims experience and make future treatment and costs more complicated. However, the report did not provide further details of these risks, such as potential impacts on the key areas of return to work or related cost impacts due to the transition. SIRA’s annual reports from the years up to and including 2018–19 did not draw attention to any performance concerns for the NI or the TMF and did not provide detailed information on SIRA’s supervision activities for the schemes. The reports focused mostly on other areas of SIRA’s responsibility, particularly the implementation of reforms to the compulsory third party insurance scheme during 2017.

In January 2020, SIRA commenced investigations into the management of three Corrective Services NSW (CSNSW) claims in the TMF following reports it received around claims mismanagement. The report outlined several actions, including that SIRA undertake a broader review of the compliance and performance of the TMF and a larger audit of CSNSW workers compensation claims with a focus on psychological injuries. In August 2022, SIRA commenced a review of 100 CSNSW claims to assess the compliance of these claims against legislative and regulatory requirements. During the audit, SIRA advised these reviews led to SIRA developing the evidence base for undertaking its broader review of the TMF in 2023. The 2023 TMF review has a focus on managing psychological injury claims.

The audit did not see evidence of SIRA taking a strategic approach to the regulation of the TMF in earlier years despite the outcomes of SIRA’s initial CSNSW investigations, deteriorating return to work performance, increasing costs, and the emerging strategic risk of the rise in psychological injury claims. Given these issues, a more active regulatory presence from SIRA would have been justified.

Any decline in return to work rates, even if only temporary, can have a long-term impact on outcomes for affected workers and for scheme costs. For example, research indicates that injured workers who are not working for a longer period become progressively less likely to ever return to work and are more likely to develop a secondary psychological injury associated with their initial injury. As a result, the poor performance of workers compensation schemes in previous years is having an ongoing impact on scheme performance today.

SIRA began focussing on improving compliance of employers with workers compensation obligations from 2020, but did not have a strategy or active program prior to this

In 2020, SIRA created an Employer Supervision and Return to Work Directorate as part of a broader organisational restructure. The Directorate was created to strengthen the focus and regulatory approach for employers and support the development of an employer supervision strategy and framework. The strategy and framework for employers were finalised in 2022. These are consistent with its organisation-wide regulatory framework and outlines SIRA’s approach to planning and conducting regulatory activities in identified areas of highest risk.

In December 2021, SIRA also established an inspectorate to undertake employer education activities and conduct reviews of employer compliance with workers compensation obligations, in addition to those conducted by SafeWork NSW. Prior to this, SIRA did not have a dedicated employer supervision and compliance strategy or function, although it did provide educational resources for employers. It relied on SafeWork inspectors to conduct workplace inspections on its behalf, which were guided by SIRA’s modelling work.

SIRA has legislative powers to enter workplaces to gather evidence, conduct audits and reviews, and impose penalties for non-compliance. SIRA targets its employer inspections primarily through a predictive data analysis tool, with a smaller number of inspections in response to complaints or referrals. The predictive tool assesses new workers compensation claims made and identifies those that are at higher risk of a poor return to work outcome, based on factors including the type of claim and employer or industry.

SIRA has not allocated sufficient resources to investigate and prosecute fraud

SIRA has a legislative responsibility to assist in measures to deter and detect fraud within workers compensation schemes. In February 2023, SIRA engaged an internal review to assess its capability and structure in enforcement and prosecution in all schemes it oversees, including the Compulsory Third Party scheme and the Home Building Compensation Fund. The review found there was a backlog of high-risk fraud referrals. This could indicate that cases of fraud in the workers compensation system may have gone undetected or unaddressed in recent years. The review recommended SIRA expand its investigations team to reduce the backlog of matters and ensure all icare referrals are investigated.

During the audit, SIRA advised that while it has not fully responded to these recommendations yet, it has engaged additional resources for the employer investigations team and will consider additional resourcing in 2024–25. SIRA also advised it had taken other actions to reduce fraud risks, including initiating regular meetings with icare to discuss new fraud referrals and working with icare on a Memorandum of Understanding to strengthen fraud investigations and prosecutions. However, these actions are unlikely to address the issues relating to resourcing that were identified in the review.

Some of SIRA's research and pilot programs duplicate or overlap with those of icare

SIRA has a legislative function to 'to initiate and encourage research to identify efficient and effective strategies for the prevention and management of work injury and for the rehabilitation of injured workers'. In 2019, SIRA commissioned a review of its research strategy on workers compensation and other insurance schemes which it oversees. The review found, among other things, additional work was needed to coordinate SIRA's research program to avoid duplication. The review recommended SIRA improve collaboration with icare, SafeWork and other stakeholders and develop a model for knowledge translation to ensure evidence informs practice.

SIRA and icare's research and pilot programs still overlap in several areas, especially workplace mental health-related research. For example:

  • icare has a ‘Front of Mind’ program that is focussed on developing and testing mental health platforms, like development of apps and education programs. SIRA has a 'Recovery Boost' program which provides grants to universities and private service providers to research and develop programs related to mental health.
  • icare has also developed a 'Design for Care' program in partnership with Curtin University to research work design impacting mental health. Similarly, SIRA has funded various research projects on workplace mental health, including Monash University's work-connected interventions for psychological injuries, and Black Dog Institute's two-year research fellowship on recovery after psychological injury.
  • icare has reported it would be developing a mental health strategy and action plan in 2022–23. SIRA has also developed action plans and strategies on mental health.

SIRA revised its research strategy in response to the review's findings and recommendations. SIRA's Research Strategy 2022–25 outlines its research objectives, actions, and measures of success. Actions include working with stakeholders to co-design research projects and working with stakeholders to prioritise research based on level of impact. Measures of success include creating opportunities for CSPs and other stakeholders to engage with SIRA's programs and increasing the number of research partnerships targeting personal injury evidence gaps.

NSW Treasury’s role in overseeing icare is not clearly defined, limiting its ability to support performance improvements in workers compensation

NSW Treasury does not have a legislated role in the management of workers compensation. icare is directly accountable to the icare Board and the icare Board is accountable to the responsible minister for icare achieving its statutory objectives. The TMF is funded by the NSW Government and has a direct impact on the NSW budget, so NSW Treasury has a role in advising the Treasurer on the performance and operations of the TMF. NSW Treasury also supports the minister responsible for icare, so has a role in advising the responsible minister in relation to icare's management of the NI. This includes reviewing and advising the minister on icare’s annual Statement of Business Intent, which icare must submit to the responsible minister and the Treasurer.

NSW Treasury has monitored icare’s financial and operational performance and has reported regularly on this to the responsible Minister and the Treasurer. However, NSW Treasury has not taken action to address issues that it is aware of. For example, when reviewing icare’s Statement of Business Intent (SBI) in 2022–23, NSW Treasury stated that it had concerns about the performance and financial sustainability of workers compensation schemes. Its response was to advise the responsible minister and the Treasurer to note its concern about these issues. In this review, NSW Treasury also advised that icare had not achieved its own forecasts from previous years for improvements to the financial position of the NI but did not propose any action in response to this. Similarly, NSW Treasury noted in another ministerial brief that icare made changes to its targets for return to work rates in 2020–21 that only required performance to be maintained or improve marginally. It expressed concern that this represented an acceptance of ongoing performance at lower than historical levels but did not propose any actions. NSW Treasury’s lack of specific responses to these issues reflects its limited powers to influence icare’s actions.

Recent changes to icare’s governing legislation allow the Treasurer or the Secretary of NSW Treasury to require icare to provide information relating to its activities. This may help NSW Treasury to be more active in its oversight of icare’s key decisions and activities. In November 2023, icare’s responsible minister announced that NSW Treasury will conduct a review of icare focusing on its operational costs.

This audit has identified several gaps in icare’s management of workers compensation schemes. For example, icare proceeded with changes to its claims management model for the NI that involve a multi-billion dollar procurement process without completing detailed options or benefit-cost analysis, as discussed in Chapter 2. icare has also focused significant resources and attention on internal corporate improvement activities that do not directly contribute to the achievement of the key legislative objectives of workers compensation schemes. Both of these issues have led to significant increases in icare’s costs without improved return to work outcomes in recent years. Stronger engagement from NSW Treasury with the icare Board could help improve icare's performance by providing advice and challenge in areas in which icare has consistently under-performed.

Appendix one – Responses from audited agencies

Appendix two – About the audit

Appendix three – Performance auditing


© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.


Parliamentary reference - Report number #393 - released 2 April 2024


Actions for Local Government 2023

Local Government 2023

Local Government
Asset valuation
Cyber security
Financial reporting
Information technology
Internal controls and governance

What this report is about

Results of the local government sector financial statement audits for the year ended 30 June 2023.


Unqualified audit opinions were issued for 85 councils, eight county councils and 12 joint organisations.

Qualified audit opinions were issued for 36 councils due to non-recognition of rural firefighting equipment vested under section 119(2) of the Rural Fires Act 1997.

The audits of seven councils, one county council and one joint organisation remain in progress at the date of this report due to significant accounting issues.

Fifty councils, county councils and joint organisations missed the statutory deadline of submitting their financial statements to the Office of Local Government, within the Department of Planning, Housing and Infrastructure, by 31 October.

Audit management letters included 1,131 findings with 40% being repeat findings and 91 findings being high-risk. Governance, asset management and information technology continue to represent 65% of the key areas for improvement.

Fifty councils do not have basic governance and internal controls to manage cyber security.


To improve quality and timeliness of financial reporting, councils should:

  • adopt early financial reporting procedures, including asset valuations
  • ensure integrity and completeness of asset source records
  • perform procedures to confirm completeness, accuracy and condition of vested rural firefighting equipment.

To improve internal controls, councils should:

  • track progress of implementing audit recommendations, and prioritise high-risk repeat issues
  • continue to focus on cyber security governance and controls.


Pursuant to the Local Government Act 1993 I am pleased to present my Auditor-General’s report on Local Government 2023. My report provides the results of the 2022–23 financial audits of 121 councils, eight county councils and 12 joint organisations. It also includes the results of the 2021–22 audits for two councils and two joint organisations which were completed after tabling of the Auditor-General’s report on Local Government 2022. The 2022–23 audits for eight councils, one county council and one joint organisation remain in progress due to significant accounting issues.

This will be my last consolidated report on local councils in NSW as my term as Auditor-General ends in April. Without a doubt, the change in mandate to make me the auditor of the local government sector has been the biggest challenge in my term. Challenging for councils as they adjust to consistent audit arrangements and for the staff of the Audit Office of NSW as they learn about the issues facing NSW councils.

The change in mandate aimed to improve the quality of financial management and reporting across the sector. This will take time. But this report does show some ‘green shoots’ with more councils submitting financial reports to the Office of Local Government by 31 October and more councils having Audit, Risk and Improvement Committees. 

I also want to acknowledge that councils face significant challenges responding to and recovering from emergency events whilst cost and resourcing pressures have been persistent.

The findings from our audits identify opportunities to further improve timeliness and quality of financial reporting and integrity of systems and processes. The recommendations in this report are also intended to improve financial management and reporting capability, encourage sound governance, and boost cyber resilience.


Margaret Crawford PSM
Auditor-General for New South Wales

Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines audit observations related to the financial reporting audit results of councils, county councils and joint organisations.

A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations, and support ethical government.

This chapter outlines the overall trends in governance and internal controls across councils, county councils and joint organisations in 2022–23.

Financial audits focus on key governance matters and internal controls supporting the preparation of councils’ financial statements. Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues are reported to management and those charged with governance through audit management letters. These letters include our observations with risk ratings, related implications, and recommendations.

Appendix one – Response from the Office of Local Government within the Department of Planning, Housing and Infrastructure

Appendix two – NSW Crown Solicitor’s advice

Appendix three – Status of previous recommendations

Appendix four – Status of audits

Appendix five – Councils received qualified audit opinions for non-recognition of rural firefighting equipment


© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.


Actions for Cyber security in local government

Cyber security in local government

Local Government
Cyber security
Information technology
Internal controls and governance
Management and administration

What this report is about

NSW local councils provide a wide range of essential services and infrastructure to their communities and are increasingly reliant on digital technologies.

Councils need to manage cyber security risks to ensure their information, data and systems are appropriately safeguarded. Councils also need to be prepared to detect, respond and recover when a cyber security incident occurs.

The audit assessed how effectively three selected councils identified and managed cyber security risks.

The audit also included the Department of Planning, Housing and Infrastructure (Office of Local Government) and Department of Customer Service (Cyber Security NSW), due to their roles in providing guidance and support to local councils.

Audit findings

The audit found that the selected councils are not effectively identifying and managing cyber security risks. Each of the councils undertook activities to improve their cyber security during the audit period, but this audit found significant gaps in their cyber security risk management and cyber security processes.

Such gaps result in unmitigated risks to the security of information and assets which, if compromised, could impact their local communities, service delivery and public infrastructure.

Cyber Security NSW and the Office of Local Government recommend that councils adopt requirements in the Cyber Security Guidelines for Local Government, but could do more to monitor whether the Guidelines are enabling better cyber security risk management in the sector.

Audit recommendations

In summary, the councils should:

  • integrate assessment and monitoring of cyber security risks into corporate governance processes
  • self-assess their performance against Cyber Security NSW's guidelines for local government
  • develop and implement a risk-based cyber security improvement plan and program of activities
  • develop, implement and test a cyber incident response plan.

Cyber Security NSW and the Office of Local Government should regularly consult on cyber security risks facing local government, and review the effectiveness of guidelines and related resources for the sector.

While this report focuses on the performance of the selected councils, the findings and recommendations should be considered by all councils to better understand their risks and challenges relevant to managing cyber security risks.

Local councils in New South Wales (NSW) provide a wide range of essential services and infrastructure to their communities and are increasingly reliant on digital technologies for this.

Councils use various information systems and software to manage significant amounts of information and data relevant to their corporate functions, infrastructure and service delivery. This may include sensitive information about residents, customers and staff.

Audit Office of New South Wales reports to Parliament have highlighted gaps in councils' cyber security risk management approaches since 2020. The Local Government 2023 report, tabled in March 2024, found that 50 councils were yet to implement cyber security governance frameworks and related internal controls.

The threat from cyber security incidents continues to rise. Such incidents can harm local government service delivery and may include the theft of information, denial of access to critical technology, or even the hijacking of systems for profit or malicious intent.

It is important that councils are effectively identifying and managing cyber security risks to:

  • protect their information, data and systems
  • be prepared to detect, respond to and recover from cyber security incidents 
  • ensure confidence in the services they are providing for their communities.

This report outlines important findings and recommendations from a performance audit of three councils: City of Parramatta Council, Singleton Council and Warrumbungle Shire Council. This audit report has deidentified findings for each council, but the specific findings have been directly shared with each council to enable them to remediate and improve cyber safeguards. The findings and recommendations in this report are likely to be relevant to most local councils in NSW and councils are encouraged to ensure they have sufficient cyber safeguards.

This audit assessed how effectively the selected councils identified and managed cyber security risks. The audit considered whether the councils:

  • effectively identify and plan for cyber security risks
  • have controls in place to effectively manage identified cyber security risks
  • have processes in place to detect, respond to, and recover from cyber security incidents.

This audit also included the Department of Customer Service and the Office of Local Government (OLG) within the Department of Planning and Environment (DPE) due to their roles in providing guidance and support to local government.1

Cyber Security NSW, part of the Department of Customer Service, supports local councils to improve their cyber resilience through a range of services and guidance, including the Cyber Security Guidelines – Local Government issued in December 2022.

The OLG is responsible for strengthening the sustainability, performance, integrity, transparency and accountability of the local government sector.


The three councils are not effectively identifying and managing cyber security risks. As a result, councils' information and systems are exposed to significant risks, which could have consequences for their communities and infrastructure.

Ineffective cyber security risk management can result in unmitigated risks to the security of information and assets which, if compromised, could impact the councils' local communities, service delivery and public infrastructure.

Poor management of cyber security can lead to consequences including theft of information or money, service interruptions, costs of repairing affected systems, and reputational damage.

Each council undertook activities to improve their cyber security during the audit period, but there were significant gaps in the councils' risk management processes and controls meaning the councils are not effectively identifying and managing cyber security risks.

Key findings include:

  • None of the councils are effectively using risk management processes to identify and manage cyber security risks.
  • None of the councils have assessed the business value of their information and systems to inform cyber security risk identification and management, nor have they assigned cyber security responsibilities for all core systems.
  • Two of the three councils do not have a formal plan to improve their cyber security, resulting in an uncoordinated approach to cyber security activities and related expenditure. The council that does have a plan has not formally considered the resourcing required to fully implement the plan.
  • None of the councils have implemented effective governance arrangements to ensure accountability for managing cyber security risks, and their reporting to ARICs did not link activities to risk mitigation.
  • None of the councils have effective cyber security policies and procedures for managing cyber security risks and to support consistent cyber security practices.None of the councils have a clear and consistent approach to monitoring the effectiveness of controls to mitigate identified cyber security risks.
  • All three councils are not effectively identifying or managing third party cyber security risks.

None of the councils have up to date plans and processes to support effective detection, response and recovery from cyber security incidents.

Councils need to be prepared to identify when a cyber incident occurs, and be able to respond to cyber incidents to contain any compromises and minimise the impact. This is even more important for councils with low levels of maturity in their preventative cyber security controls.

Key findings include:

  • None of the councils have a cyber incident response plan to ensure an effective response to and prompt recovery from cyber incidents, and their business continuity and disaster recovery planning documentation is not up to date.
  • None of the councils have clearly defined roles and responsibilities for detecting, responding to (including through appropriate reporting) and recovering from cyber incidents.
  • None of the councils maintain a register of cyber incidents to record information about the sources and types of incidents experienced and relevant responses, to support post-incident evaluation.

Cyber Security NSW and the OLG recommend that councils adopt requirements set out in the Cyber Security Guidelines for Local Government, but could do more to monitor whether the Guidelines are enabling better cyber security risk management in the sector.

Cyber Security NSW and the OLG recommend that local councils implement the Cyber Security Guidelines for Local Government. However, while the roles of both Cyber Security NSW and the OLG involve identifying and responding to specific sector risks, neither is monitoring the uptake of the Guidelines by local councils to identify whether they are enabling better cyber security risk management.

Cyber Security NSW and the OLG did not ensure that their roles, responsibilities and actions relevant to cyber security management were coordinated and complementary during the audit period. Cyber Security NSW's Local Government Engagement Plan was updated in November 2023 to include information about its approach to stakeholder collaboration to support a cyber secure NSW Government, including through engagement with the OLG.

1 The OLG was part of DPE up to 1 January 2024, when DPE was abolished and the OLG became part of the Department of Planning, Housing and Infrastructure (DPHI).

Local councils in New South Wales (NSW) provide a wide range of essential services and infrastructure to their communities. In doing so, councils use a range of information technology (IT) systems, assets, and digital services.

This audit follows several audit reports by the Audit Office of New South Wales that have considered how effectively NSW Government entities, including local councils have managed cyber security risks (see Appendix three).

The Audit Office of New South Wales has reported on how councils have managed cyber security risks since 2020. In the Local Government 2023 report, tabled in March 2024, gaps in cyber security frameworks and related internal controls were reported in 50 councils.

This chapter includes a summary of thematic key findings for the selected councils.

Cyber Security NSW is responsible for supporting local councils to improve their cyber resilience through a range of services and guidance and published its Local Government Engagement Plan in 2023 (discussed below).

The Office of Local Government (OLG) is responsible for strengthening the sustainability, performance, integrity, transparency and accountability of the local government sector. It does this through a range of activities including monitoring sector-wide and council-specific risks, issuing guidance, engaging with councils to build capacity and supporting the Minister for Local Government’s discretionary intervention powers.

Appendix one - Response from entities Cyber security in LG

Appendix two - Glossary-  Cyber security in local government

Appendix three – Overview of Audit Office of New South Wales reports that consider cyber security - Cyber security in local government

Appendix four – Cyber Security Guidelines – Local Government foundational requirements- Cyber security in local government

Appendix five – About the audit- Cyber security in local government

Appendix six – Performance auditing -Cyber security in local government


Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #392- released 26 March 2024


Actions for Regulation insights

Regulation insights

Local Government
Whole of Government
Cyber security
Internal controls and governance
Management and administration

What this report is about

In this report, we present findings and recommendations relevant to regulation from selected reports between 2018 and 2024.

This analysis includes performance audits, compliance audits and the outcomes of financial audits.

Effective regulation is necessary to ensure compliance with the law as well as to promote positive social and economic outcomes and minimise risks with certain activities.

The report is a resource for public sector leaders. It provides insights into the challenges and opportunities for more effective regulation.

Audit findings

The analysis of findings and recommendations is structured around four key themes related to effective regulation:

  • governance and accountability
  • processes and procedures
  • data and information management
  • support and guidance.

The report draws from this analysis to present insights for agencies to promote effective regulation. It also includes relevant examples from recent audit reports.

In this report, we also draw out insights for agencies that provide a public sector stewardship role.

The report highlights the need for agencies to communicate a clear regulatory approach. It also emphasises the need to have a consistent regulatory approach, supported by robust information about risks and accompanied with timely and proportionate responses.

The report highlights the need to provide relevant support to regulated parties to facilitate compliance and the importance of transparency through reporting of meaningful regulatory information.

Picture of Margaret Crawford Auditor-General for New South Wales in a copper with teal specks dress with black cardigan.

I am pleased to present this report, Regulation insights. This report highlights themes and generates insights about effective regulation from the last six years of audit.

Effective regulation is necessary to ensure compliance with the law. Effective regulation also promotes social, economic, and environmental outcomes, and minimises risks or negative impacts associated with certain activities. But regulation can be challenging and costly for governments to implement. It can also involve costs and impact on the regulated parties, including other public sector and private entities, and individuals. As such, effective regulation needs to be administered efficiently, and with integrity.

Having a clearly articulated and communicated regulatory approach is essential to achieving this outcome, particularly when this promotes voluntary compliance and sets performance standards that are informed by community expectations. A consistent approach to exercising regulatory powers is important: it should be supported by robust information about regulatory risks and issues, and accompanied with timely, proportionate responses. Providing relevant support to the regulated parties and coordinating activities to facilitate compliance and performance can generate efficiencies.

Finally, transparency matters. It matters so that government has oversight of and can be held accountable for its leadership of public sector compliance, and in regulating the activities of third parties. Transparency also matters because it can provide insights into the effective exercise of government power. To achieve this, meaningful regulatory information needs to be reported.

While these issues are most pertinent for government agencies that exercise traditional regulatory functions, they are also relevant to lead government agencies that provide a stewardship role in promoting compliance and performance by other government agencies in relation to particular areas of risk.

Over the past six years, our audit work has found many common and repeat performance gaps, creating risks, inefficiencies, and limiting outcomes of regulatory activities. In considering these gaps, this report provides public sector leaders with insights into the challenges and opportunities they may encounter when aiming for more effective regulation, including the good governance of regulatory activities. This includes insights for lead agencies that provide a public sector stewardship role. Through applying these insights and maximising regulatory effectiveness, unintended impacts on the people and sectors government serves and protects can be avoided or at the very least minimised.


Margaret Crawford PSM
Auditor-General for NSW

This report brings together key findings and recommendations relevant to regulation from selected performance and compliance audits between 2018 and early 2024 (19 in total), and from two reports that summarise results of financial audits during the same period. It aims to provide insights into the challenges and opportunities the public sector may encounter when aiming to enhance regulatory effectiveness.

The report is structured in two sections, each setting out insights from relevant audits and providing summaries as illustrative examples.

Section 3 is focused on insights from audits of agencies that administer regulatory powers and functions over other entities or activities (typically known as 'regulators'). The powers and functions of regulators are defined in law, and often relate to issuing approvals (e.g., licensing) for certain activities, and/or monitoring allowable activities within certain limits. Regulators often have compliance and enforcement powers that can be exercised in particular circumstances, such as when a regulated entity has not complied with relevant requirements.

Agencies may be primarily established as regulators or perform regulatory activities alongside other functions. Depending on the context, the regulated activity may relate to other state agencies, local government entities, non-government entities or individuals.

Section 4 summarises insights from a selection of audits of agencies that provide a stewardship role in promoting compliance by and performance of other state agencies and local government entities in relation to specific regulations or policies. These policies may or may not be mandatory and, unlike a more traditional regulator, the coordinating agency may not have enforcement powers to ensure compliance.

These policies, and accompanying guidelines and frameworks, are typically issued by ‘central agencies’ such as the Premier's Department that have a public sector stewardship role. They can also be issued by agencies with a leadership role in particular policy areas ('lead agencies'). While individual agencies and local government entities implementing these policies are responsible for their own compliance and performance, lead and central agencies have an oversight role including by promoting accountability and coordinating activities towards achieving compliance and performance outcomes across the public sector.

Readers are encouraged to view the full reports for further information. Links to versions published on our website are provided throughout this document, and a full list is in Appendix one. An overview of the rationale for selecting these audits and the approach to developing this report is in Appendix two.

The status of agencies' responses to audit recommendations

Findings from the audits referred to in this report were current at the time each respective report was published. In many cases, agencies accepted audit recommendations, as reflected in the letters from agency heads that are included in the appendix of each audit report.

The Public Accounts Committee of the NSW Parliament has a role in reporting on and ensuring that agencies respond appropriately to audit recommendations. Readers are encouraged to review the Public Accounts Committee's inquiries on agencies' implementation of audit recommendations, which can be found on the Committee's website.


Actions for Design and administration of the WestInvest program

Design and administration of the WestInvest program

Premier and Cabinet
Management and administration

What this report is about

WestInvest is a $5 billion funding program announced in September 2021 to provide ‘local infrastructure to help communities hit hard by COVID-19’ in 15 local government areas (LGAs) selected by the government. It was divided into three parts: $3 billion for NSW government agency projects; $1.6 billion for competitive grants to councils and community groups; and $400 million for non-competitive grants to councils.

Following the change of government at the 2023 election, the program was renamed the Western Sydney Infrastructure Grants Program. Funding decisions made for the community and local government grants were retained, but multiple funding decisions for the NSW government projects were changed.

The audit objective was to assess the integrity of the design and implementation of the program and the award of program funding.


The design of the program lacked integrity because it was not informed by robust research or analysis to justify the commitment of public money to a program of this scale.

The then government did not have sufficient regard to the implications for the state's credit rating. A risk to the credit rating arose because the government may have been perceived to be using proceeds from major asset sales to fund new expenditure, rather than pay down its debt.

Decisions about program design were made by the then Treasurer's office without consultation with affected communities. The rationale for these decisions was not documented or made public.

For the NSW government projects, funding allocations did not follow advice from departments. Many funded projects did not meet the objectives of the program.

The two other rounds of the program were administered effectively, except for some gaps in documentation and quality assurance. The program guidelines did not require an equitable or needs-based distribution of funding across LGAs and there was a significant imbalance in funding between the 15 LGAs.


Our recommendations for the administration of future funding programs included:

  • considering whether competitive grants are the best way to achieve the program's purpose
  • completing program design and guidelines before announcements
  • ensuring adequate quality assurance.

We also recommended that when providing advice for submissions by Ministers to Cabinet, agencies should ensure that departmental advice is clearly identified and is distinct from other advice or political considerations. 


WestInvest is a $5 billion funding program that was announced in September 2021. The program was established with the stated aim of building ‘new and improved facilities and local infrastructure to help communities hit hard by COVID-19’.

WestInvest was divided into three funding streams:

  • $3 billion NSW government projects round open to NSW government agencies
  • $1.6 billion community projects competitive round administered as a competitive grant program that was open to local councils, non-government organisations, Local Aboriginal Land Councils, and educational institutions in the 15 eligible LGAs
  • $400 million local government projects round administered as a non-competitive grant round only open to the 15 eligible councils, with each council receiving a pre-determined share of the $400 million.

The WestInvest program was administered by NSW Treasury and the Premier's Department (previously the Department of Premier and Cabinet). Decisions about funding allocations were made by the former Treasurer in his role as the statutory decision-maker and announced by the former government in the lead up to the March 2023 NSW State election, but no funding was paid prior to the election.

Following the change of government, the funding decisions for the community projects competitive round and local government projects round were confirmed and negotiation of funding deeds commenced. The current government reviewed the decisions for the NSW government projects round and made changes to multiple decisions as part of the 2023–24 NSW Budget process. The current government has also changed the name of the program to the Western Sydney Infrastructure Grants Program.

The objective of the audit was to assess the integrity of the design and administration of the WestInvest program. This included assessing the processes used in the design and implementation of the program and award of funding.

The audit did not re-assess the merits of individual projects that were submitted for funding consideration and did not examine the implementation of projects that were allocated funding.

Decisions about the objectives and focus areas for the program were made without advice or analysis from the agencies that administered the program

The WestInvest program involved the commitment of $5 billion as a stimulus measure linked to economic recovery from the COVID-19 pandemic. However, there was no business case or other economic analysis conducted to support consideration of the potential benefits and costs of the program. Media releases and the public guidelines for WestInvest stated that western Sydney was affected by the COVID-19 pandemic more severely than other parts of Sydney and regional NSW. These assertions were not supported by evidence or analysis.

Evidence from NSW Treasury provided for this audit indicates that it was asked to prepare the initial proposal for the WestInvest program within a very short timeframe. This limited its ability to conduct research, analysis and consultation that could have informed the development of the program. This is particularly important for the integrity of decisions involving large-scale spending. Staff from NSW Treasury and the Premier's Department advised the audit team that the areas of focus for WestInvest were decided by Ministers and their staff without advice from the audited agencies. There is no documented analysis justifying the decision to focus the program on community infrastructure, or the six ‘areas of focus’ that were selected. The Premier's Department commissioned research from Western Sydney University after the areas of focus for the program had been decided. This did not inform decisions about the program focus but aimed to provide baseline information about community infrastructure in the 15 eligible LGAs which could be used in program evaluation.

The rationale for making 15 LGAs eligible for the program was not clear

It is not clear how the government decided which LGAs would be eligible for WestInvest funding. Public communication about the program referred to the western Sydney region and commented on areas that had been ‘hit hard’ by the COVID-19 pandemic. The specific factors that were used to decide which LGAs were eligible were not explained publicly or documented.

In the 2019–20 NSW Budget papers, "western Sydney" was defined as 12 LGAs. All of these were included as eligible for the WestInvest program. The additional three LGAs that were made eligible for the WestInvest program (Burwood, Canterbury-Bankstown, and Strathfield) were not within the NSW Budget papers definition but were designated "areas of concern" during the COVID-19 pandemic, which meant they were subject to more restrictions than other LGAs at certain points.

Georges River and Bayside LGAs both made public statements that drew attention to the fact that they were not made eligible for the WestInvest program despite being designated areas of concern. Several of the 15 LGAs that were made eligible for WestInvest had not been designated areas of concern during the pandemic, including Penrith, The Hills, and Blue Mountains. 

There was no consultation with eligible councils or other key stakeholders before the program design was decide

The program design had not been subject to consultation with councils or other relevant organisations in western Sydney. This meant that the views of eligible councils and community organisations on strategic priorities in their respective communities were not considered before decisions on program design were made.

Staff from some councils interviewed by the audit team indicated that while funding for community infrastructure is welcome, some councils had other priority areas for infrastructure development that were at least as high as new community infrastructure. As independent entities, each council has its own strategic planning processes to identify and plan for infrastructure projects and other areas of need. These were not considered in the design of the WestInvest program.

Staff at several councils we spoke to highlighted delivery risks to the projects for which they had been allocated funding. These included:

  • the short timetable set by the then government (considering the amount of funding available and the requirements for applications) meant that full project development and assurance processes were not completed for most applications when they were submitted
  • difficulty complying with the government’s administrative and assurance requirements for funding recipients, such as detailed planning and reporting.

When early planning for WestInvest was being done, both NSW Treasury and the Premier's Department identified the risk that applicants may not be able to deliver funded projects on time or within budget. The absence of consultation, research and analysis before the program design was finalised meant that these factors were not considered before the government had committed to the program. We did not see evidence that the then government had considered the cumulative impact of an additional $5 billion in infrastructure projects on the costs of materials and skilled labour concentrated in the eligible LGAs.

The Premier's Department conducted an online survey (WestInvest 'Have Your Say'), between 23 February 2022 and 31 March 2022. This was open to the public and asked questions about which of the six ‘areas of focus’ were most important to them and what type of community infrastructure projects they would like to see. This found higher levels of community support for two of the six areas (community infrastructure and green and open space).

On 18 April 2022, the Premier's Department released a summary report on the findings of the WestInvest ‘Have Your Say’ Survey. The Premier's Department noted that the survey was for consultation purposes only and did not form part of the application process for the WestInvest program. The Premier's Department stated in its summary report that the survey results 'will feed into the assessment process across the WestInvest Program'.

However, the Premier's Department staff interviewed by the audit team told us that the survey results did not play any formal role in the assessment process or funding recommendations for projects. The survey did not provide data that could be used to inform assessment decisions because:

  • responses could be submitted by any member of the public who accessed the survey, not just those living in the LGAs that were eligible for the program, so the data could not be taken as representative of the views of the residents of eligible LGAs
  • many survey responses were ruled ineligible as they were deemed to be associated with a community campaign that related to projects outside the focus areas of WestInvest.

The government did not have sufficient regard to risks to the State's credit rating when establishing the WestInvest program

The NSW Government has a policy of maintaining a AAA credit rating for the State of New South Wales. This is codified in the Fiscal Responsibility Act 2012. The NSW Government did not have sufficient regard to the implications and risks of committing $5 billion of funding to the WestInvest program to its credit rating. A risk to the State's credit rating arose because the government may have been perceived to be using proceeds from major asset sales to fund new expenditure, rather than paying down State debt.

The $3 billion NSW government projects round was open to NSW government agencies and administration of the round was led by NSW Treasury. Funding allocated through this round was not subject to the NSW Grants Administration Guide. This is because the funding was awarded to NSW government agencies rather than organisations external to government, so it did not meet the definition of a grant program. Projects were submitted by NSW government agencies to NSW Treasury and were assessed against program criteria by staff from NSW Treasury and the Premier's Department. Each project received a score and advice on whether it was suitable for funding or not. The WestInvest steering committee considered these and provided advice to the then Treasurer.

NSW Treasury prepared guidelines for the $3 billion NSW government projects round, but these were not approved by the then Treasurer until after the program assessment had commenced

NSW Treasury prepared guidelines for the NSW government projects round in September 2021. These were submitted to the then Treasurer for approval in December 2021 but were not approved. This meant that the process for assessing applications for NSW government projects was not agreed between government agencies and the then Treasurer, who was the statutory decision-maker of the allocations of funding. NSW Treasury subsequently prepared an assessment plan based on the unapproved guidelines, which set out more details about the process to be used for assessing applications for the NSW government projects round. The program guidelines were not published, which meant there was no public information about the process for assessing the largest component of the WestInvest program.

In May 2022, the then Treasurer’s Office requested that NSW Treasury make changes to the unapproved guidelines so that projects that delivered 'business as usual' state government infrastructure such as schools, roads, and health infrastructure were no longer considered ineligible for the program. These revised guidelines were approved in June 2022, but were not published. The changes were not consistent with the initial purpose of the WestInvest program which was to fund ‘transformational’ community infrastructure.

The funding advice from the WestInvest steering committee was not followed by the then Treasurer and the justifications for the funding allocation decisions were not documented

One-third of the projects that were allocated funding (9 out of 27) had been assessed by the WestInvest steering committee as having low or moderate merit. These projects were allocated combined funding of $1.1 billion. Reasons that the steering committee gave for assessing these projects as not suitable for funding through the WestInvest program included the absence of completed business cases, incomplete project development, and poor alignment to the objectives and criteria for the WestInvest program as outlined in the original program guidelines.

Staff from NSW Treasury and the Premier's Department put considerable resources into preparing guidelines and assessing and providing advice on the merits and eligibility of applications against these guidelines, but in most cases the advice was not followed by the then Treasurer. There was no documentation of reasons for the departures from steering committee advice. The NSW government projects round was not subject to the NSW Grants Administration Guide, so the requirement under those guidelines for documenting reasons for departures from advice on funding decisions did not apply. However, when the WestInvest program was established, it was noted that any departures from the funding advice from the steering committee would be documented by the then Treasurer. This applied to the entire WestInvest program. None of the projects that were allocated funding through the NSW government projects round were actually given funding, as only allocations of funding were approved by the then Treasurer.

Most of the funding was allocated to projects that did not align with the purpose of WestInvest or meet the assurance requirements of the program

Of the 27 projects that were allocated funding (Exhibit 3), 12 were from the Department of Education and seven from Transport for NSW. This resulted in over $2 billion, or 69% of the funding available through the NSW government projects round, being allocated to state school and road projects. Most of these projects were not aligned with any of the six focus areas of the WestInvest program. In addition, these projects were examples of ‘business as usual’ activities of NSW government agencies that did not clearly align with the initial purpose of the program to deliver transformational community infrastructure that would improve liveability in the 15 eligible LGAs.

Exhibit 3: NSW government projects round funding allocations announced prior to the 2023 NSW State election

State schools

  • Upgrade nine public schools across western Sydney ($478 million)
  • Improve cooling in 84 public schools across western Sydney ($131 million
  • Westmead Education Campus ($308 million)
  • Box Hill (Terry Road) new school ($112 million)

State roads

  • M7 Motorway connections - Townson Road and Richmond Road ($285 million)
  • Elizabeth Drive upgrade ($200 million)
  • Henry Lawson Drive stage 1B ($200 million)
  • Richmond Road Marsden Park ($100 million)
  • Garfield Road east ($100 million)
  • Pitt Town bypass ($100 million)
  • Londonderry Road flood evacuation improvements ($15 million)


  • Integrated community health hubs in Liverpool and Glenfield ($243 million)

Open spaces

  • Australian Botanic Garden Mount Annan masterplan stage 1 ($204 million)
  • Salt Pan Creek parklands ($86 million)
  • Fernhill Estate transformation ($65 million)
  • The People's Loop Parramatta ($56 million)
  • Penrith Lakes parkland ($15 million)

Arts and community infrastructure

  • Transforming Parramatta's Roxy Theatre ($122 million)
  • Western Sydney Stadium precinct community-based asset ($111 million).

Source: NSW Treasury documents.

Conditions were attached to the approval of funding allocations for 21 of the 27 projects. Most of these conditions related to the completion of a business case and other project assurance requirements, which were required under the program guidelines.

Projects approved through the WestInvest program were to receive funding from the Community Services and Facilities Fund (CSFF), which is a legislative fund created under the NSW Generations Funds Act 2018 (the Act). The Act states that the purpose of the CSFF is to provide funding for ‘cost-effective facilities and services’ (s.12(1)). The absence of business cases and other assurance requirements from most of the projects approved created the risk of legislative non-compliance, as many of the projects that had been allocated funding could not clearly demonstrate that they would be cost-effective.

NSW Treasury and the Premier's Department’s assessment of the first group of projects submitted for the NSW government projects round indicated that agencies applying for funding did not understand the purpose or requirements of the program. NSW Treasury and the Premier's Department received 153 applications after the first call for proposals. Most did not align with the stated purpose of WestInvest or meet the assurance requirements that had been set for the program. For example:

  • 90 project proposals (59% of those submitted) were assessed as ineligible. Thirty-five of the 90 did not include any infrastructure, which was the main purpose of the WestInvest program. The other 55 proposed infrastructure projects were not consistent with any of six areas of focus for the program.
  • 118 proposals (77% of proposals submitted) did not have a business case, which was a requirement of the WestInvest program guidelines.

As the first request for project proposals did not generate enough suitable applications, the then Treasurer made a second request to NSW government agencies in August 2022 seeking additional project proposals. This occurred after the guidelines for the NSW government projects round had been broadened to allow more projects to be considered for funding (discussed above).

Multiple state school projects were allocated funding after being assessed by the WestInvest steering committee as ineligible or unsuitable for funding

The Westmead Education Campus project, valued at $308 million, was rated as ineligible by NSW Treasury and the Premier's Department because it did not address any of the six specified focus areas for the WestInvest program. This meant it did not go through a full assessment against the program criteria and was not submitted to the then Treasurer for funding consideration.

The project was later re-submitted and the then Treasurer subsequently approved it for funding allocation. This occurred after the guidelines for the NSW government projects round had been broadened (discussed above). NSW Treasury's advice on this submission noted that the project had not been fully developed, with key decisions about the delivery model not made, and it did not have a final business case.

The Box Hill (Terry Road) new school project, valued at $112 million was rated as ‘moderate – not suitable for funding consideration at this time’ by the WestInvest steering committee. It was subsequently approved for funding by the then Treasurer.

Nine school upgrade projects with a total value of $478 million were allocated funding by the then Treasurer. Each of these had been assessed as ineligible by NSW Treasury and the Premier's Department against the original program guidelines because they did not meet any of the WestInvest focus areas and were not considered 'transformational'. There were a further 14 similar proposals for school upgrades that were also assessed as ineligible but were not allocated funding.

Funding allocations from the WestInvest program were changed after the 2023 NSW State election

Following the change of government at the 2023 NSW state election, most of the funding decisions announced by the former government were changed. The new government had announced during the election campaign that, if elected, it would redirect some WestInvest funding 'to rebuild Western Sydney schools and Western Sydney hospitals'. Eleven of the 27 projects that had been announced by the former government were not funded by the new government. The combined value of these projects was at around $1.5 billion (Exhibit 4). The seven roads projects that had been allocated funding through WestInvest, valued at $1 billion, were also removed from the WestInvest funding allocation but these still received funding from a different source.

Exhibit 4: Projects from the NSW government projects round not funded post-2023 NSW State election

State schools

  • Improve cooling in 84 public schools across western Sydney ($131 million)
  • Westmead Education Campus ($308 million)
  • Box Hill (Terry Road) new school ($112 million)


  • Integrated community health hubs in Liverpool and Glenfield ($243 million)

Open spaces

  • Australian Botanic Garden Mount Annan masterplan stage 1 ($204 million)
  • Salt Pan Creek parklands ($86 million)
  • Fernhill Estate transformation ($65 million)
  • The People's Loop Parramatta ($56 million)
  • Penrith Lakes parkland ($15 million)

Arts and community infrastructure

  • Transforming Parramatta's Roxy Theatre ($122 million)
  • Western Sydney Stadium precinct community-based asset ($111 million).

Source: NSW Treasury documents.

The funding was reallocated to 17 projects that the new government had announced as election commitments during the 2023 State election campaign. This comprised ten school infrastructure projects, five health infrastructure projects, and two transport infrastructure projects. All of these projects had a cost of more than $10 million each, which means they are subject to NSW Government business case and gateway assurance requirements. Business cases had been completed for the two transport projects. The other 15 projects did not have business cases.

Exhibit 5: Election commitments funded through WestInvest, post-2023 NSW State election

State schools

  • New primary school near Sydney Olympic Park ($71 million)
  • New high school for Melrose Park ($98 million)
  • Convert Eagle Vale High School into a sports high school ($4 million)
  • Build new high school in Jordan Springs ($132 million)
  • Dundas Public School upgrade ($6 million)
  • New high school for Schofields and Tallawong ($130 million)
  • The Ponds High School upgrade ($15 million)
  • New public high school in Gledswood and Gregory Hills ($118 million)
  • New high school in Leppington/Denham Court ($125 million)
  • Kingswood Public School upgrades ($13 million)


  • Additional beds at Mt Druitt Hospital ($60 million)
  • Additional beds at Blacktown Hospital ($60 million)
  • Expansion of Scope of new Rouse Hill Hospital ($400 million)
  • Canterbury Hospital extension and upgrade ($350 million)
  • Fairfield Hospital extension and upgrade ($350 million)


  • More accessible, safe and secure train stations ($300 million)
  • Active Transport ($60 million)

Source: NSW Treasury documents.

After these changes, the $3 billion NSW government projects round funding distribution was:

  • Nine school upgrades, valued at $478 million, that had been allocated funding by the former government (see Exhibit 3).
  • 17 new projects, with a total value of around $2.3 billion, that had been announced as election commitments by the new government (Exhibit 5). All of these are state school, health, or transport infrastructure.
  • Three projects that covered administrative costs associated with the WestInvest program, with a total value of around $230 million (not previously announced).

The $1.6 billion community project grants - competitive round was open to local councils, NGOs, Local Aboriginal Land Councils, and educational institutions, across 15 eligible LGAs in western Sydney. Exhibit 6 shows a timeline of key dates for the community project grants - competitive round.

The $400 million local government projects round was administered as a non-competitive grant round that was only open to the 15 eligible councils. Each council was allocated a portion of the $400 million funding via a formula that provided a base allocation and an additional amount based on the population of each LGA. Each council received between $21 million and $35 million.

Applications for funding were submitted to the Premier's Department for assessment. Proposed projects were required to be eligible for the program and be rated as having merit against the published program criteria, which were the same as those for the competitive round. Exhibit 12 shows a timeline of key dates for the Local government projects competitive round.

Appendix one – Responses from audited agencies

Appendix two – About the audit

Appendix three – Performance auditing

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #391 - released 28 February 2024.




Actions for Effectiveness of SafeWork NSW in exercising its compliance functions

Effectiveness of SafeWork NSW in exercising its compliance functions

Internal controls and governance
Management and administration
Project management

What this report is about 

This report assesses how effectively SafeWork NSW, a part of the Department of Customer Service (DCS), has performed its regulatory compliance functions for work health and safety in New South Wales. 

The report includes a case study examining SafeWork NSW's management of a project to develop a real-time monitoring device for airborne silica in workplaces. 


There is limited transparency about SafeWork NSW's effectiveness as a regulator. The limited performance information that is available is either subsumed within DCS reporting (or other sources) and is focused on activity, not outcomes. 

As a work health and safety (WHS) regulator, SafeWork NSW lacks an effective strategic and data-driven approach to respond to emerging WHS risks. 

It was slow to respond to the risk of respirable crystalline silica in manufactured stone. 

SafeWork NSW is constrained by an information management system that is over 20 years old and has passed its effective useful life. 

While it has invested effort into ensuring consistent regulatory decisions, SafeWork NSW needs to maintain a focus on this objective, including by ensuring that there is a comprehensive approach to quality assurance. 

SafeWork NSW's engagement of a commercial partner to develop a real-time silica monitoring device did not comply with key procurement obligations. 

There was ineffective governance and process to address important concerns about the accuracy of the real-time silica monitoring device. 

As such, SafeWork NSW did not adequately manage potential WHS risks. 


The report recommended that DCS should: 

  • ensure there is an independent investigation into the procurement of the research partner for the real-time silica detector 
  • embed a formal process to review and set its annual regulatory priorities 
  • publish a consolidated performance report 
  • set long-term priorities, including for workforce planning and technology uplift 
  • improve its use of data, and start work to replace its existing complaints handling system 
  • review its risk culture and its risk management framework 
  • review the quality assurance measures that support consistent regulatory decisions

SafeWork NSW is the work health and safety regulator in New South Wales. It was established by the State Insurance and Care Governance Act 2015.

As the regulator, SafeWork NSW is responsible for, among other things, enforcing compliance with the Work Health and Safety Act 2011 (the WHS Act) and the Work Health and Safety Regulation 2017. The regulator’s full functions are set out in section 152 of the WHS Act.

SafeWork NSW’s operations are guided by seven regulatory priorities for 2023, which contribute to three strategic outcomes:

  • Workers understand their rights and responsibilities.
  • Employers ensure that work is healthy and safe, with no advantage for cutting corners.
  • Regulation is fair and efficient.

This audit assesses the effectiveness of SafeWork NSW in monitoring and enforcing compliance with the WHS Act, through the examination of three lines of inquiry:

  1. Does SafeWork NSW have evidence-based processes to set its objectives and priorities for monitoring and enforcing compliance?
  2. How effectively does SafeWork NSW measure and report its performance in monitoring and enforcing compliance against the WHS Act?
  3. Are SafeWork NSW's policies and procedures for monitoring and enforcing compliance applied consistency across different sectors?

As SafeWork NSW is part of the NSW Department of Customer Service (DCS), the department is the auditee. Prior to 2019, SafeWork NSW was located in the former Department of Finance, Services and Innovation. Unless otherwise stated, any reference to SafeWork NSW should be read as including the broader department in which it sits.

This chapter considers whether SafeWork NSW has evidence-based processes to set its objectives and priorities, including how it takes into account operational feedback and expertise. It also includes how existing and emerging risks are assessed as part of the priority-setting process, and how planning and prioritisation takes into account resourcing, including workforce skills and capacity.

SafeWork NSW's operating model is now based on annual regulatory priorities, rather than longer-term priorities

From 2016 to 2022, SafeWork NSW worked under a six-year Work Health and Safety Roadmap (‘the Roadmap’). The Roadmap was revised in August 2018 and included the following statements:

The WHS Roadmap for NSW, along with the BRD Strategic Plan, provides a clear line of sight between our strategic objectives and the activities that will allow us to deliver our overall outcomes.

This Roadmap spans 2016-2022 but it will be refreshed and released every two years to ensure it stays relevant.


In addition to the Roadmap, SafeWork NSW operated under its 2019–20 Strategic Business Plan.

After SafeWork NSW was moved into DCS, the Roadmap was subject to a mid-term evaluation by ARTD Consultants in 2020. SafeWork NSW management subsequently accepted all nine recommendations of that mid-term evaluation, which included the following:

  • Strengthen business intelligence data systems to allow managers and inspectors to access to real-time data on safety incidents and workers compensation claim data (Rec 5).
  • Improve evidence available to assess Roadmap outcomes in 2022 (Rec 9).

In 2023, SafeWork NSW replaced its six-year Roadmap with a model of setting annual regulatory priorities. Seven regulatory priorities were set for 2023. These priorities were:

  •  gig economy – increase safety and WHS compliance in the sector, particularly food delivery riders and health care
  • safety around moving plant – reduce workplace safety incidents, particularly forklifts
  • seasonal workplaces – increase WHS compliance to support itinerant workers, particularly in the agricultural sector and those working with amusement devices
  • psychological safety – reduce the prevalence of psychological injury at workplaces, with a focus on mental health and well being
  • respect at work – reduce the incidence of bullying, sexual harassment, and customer aggression in the workplace, particularly in make dominated sectors and healthcare
  • exposure to harmful substances – reduce the incidence of worker exposure to dangerous substances in the workplace, particularly silica and dangerous chemicals
  • falls – reduce the incidence of falls from heights with a particular focus on construction.

These priorities are intended 'to deliver on three strategic outcomes’:

  • Workers understand their rights and responsibilities.
  • Employers ensure that work is healthy and safe, with no advantage for cutting corners.
  • Regulation is efficient and fair.

As SafeWork NSW works to deliver on these outcomes, the focus is on priority or vulnerable groups of workers – these being younger workers, workers from culturally and linguistically diverse backgrounds (especially newly arrived workers), and Aboriginal people.

Shorter-term priorities are intended to enable SafeWork NSW to be more responsive to work health and safety risks and were developed in consultation with operational staff

The adoption of shorter-term priority-setting is intended to enable a more agile approach to regulation that, according to DCS, is better able to adapt to changes in risk profiles and industries. It was put to the audit by some interviewees that the six-year plan was less able to respond to rapid changes in the economy that may lead to quickly emerging work health safety risks. An example commonly cited was the significant increase in gig economy workers, including in areas such as food delivery workers and personal care workers. It was put to the audit that this example highlighted new WHS risks unique to those emerging workplaces.

According to DCS, in addition to being more agile and responsive to macro changes in the workforce, the annual priorities are intended to enhance accountability by creating a more timely and contemporaneous link between activities and outcomes. The more immediate nature of annual priorities is also designed to provide a more immediate and tangible link to SafeWork NSW’s activities and ensure better accountability for delivery.

The annual priorities are intended to complement SafeWork NSW’s commitments under the national Australian Work Health and Safety Strategy 2023-33. This strategy sets a high-level vision and goal for Australia’s work health and safety regulators, including to address agreed persistent challenges, such as psychosocial risks, vulnerable workers, and ensuring that small businesses are adequately supported to meet their work health and safety obligations.

The process for developing regulatory priorities for 2023 involved internal consultation with SafeWork NSW executive directors, directors, managers, inspectors, project leads, as well as consultation with external stakeholders and experts. There is evidence that SafeWork NSW considered the feedback it received, including from its inspectors.

SafeWork NSW staff identified potential risks that SafeWork NSW will need to manage as the process for developing regulatory priorities continues to develop

The audit team interviewed almost all SafeWork NSW executive directors, directors, and team managers, particularly those performing regulatory functions. These interviews revealed a strong level of commitment to the purpose and functions of SafeWork NSW, as well as a shared desire to see the organisation fulfil its potential.

In regard to the annual priorities, senior executives and the majority of team managers we interviewed supported the adoption of annual priorities and expressed confidence that establishing annual priorities would improve the effectiveness of SafeWork NSW in delivering its compliance functions. It was noted by SafeWork NSW that the shift towards regulatory priorities 'brings us to a level of maturity mirroring the approach of regulators such as ASIC and the ACCC'.

While most staff interviewed during this audit welcomed the sharper focus and greater flexibility afforded by shorter-term priorities, others identified a range of risks. Some experienced people managers in SafeWork NSW expressed significant doubts about the pursuit of annual regulatory priorities. Risks identified during audit interviews included:

  • That the short-term focus had prevented SafeWork NSW from establishing a longer-term goal or vision.
  • That the annual priorities were simplistic and lacked sufficient detail to engage the regulator, industry, and the community.
  • That short-term priorities would make it difficult to meaningfully measure and report progress, especially for activities and initiatives that may take longer to achieve demonstratable change.
  • That the process of considering the next annual priorities may need to commence well before initiatives for the current year have been completed (or even commenced), hindering how effectively lessons can be incorporated into future planning.
  • That frequent changes in regulatory priorities may make it difficult to ensure that the SafeWork NSW workforce has appropriate capability and capacity, particularly for potentially complex emerging threats such as artificial intelligence in workplaces.

In response to these risks, SafeWork NSW has noted that:

  • SafeWork NSW has a separate vision in addition to the regulatory priorities. This is 'healthy, safe and productive working lives'.
  • A review process will occur to understand what went well and what did not from the first year of regulatory priorities before finalising priorities for 2024.
  • Planning will improve over time as the process reoccurs, and lessons learned will be linked to future priorities.

The inability to achieve full ‘buy-in’ from experienced people managers in SafeWork NSW suggests that change management, including consultative and communication processes, has not been completely successful. SafeWork NSW advised that this initiative was a significant shift for all its staff and in particular middle management. Given this, the leadership of SafeWork NSW should prioritise investment in effective change management processes, especially if the annual regulatory priorities are anticipated to change in 2024.

Importantly, the SafeWork NSW leadership team should undertake strategic planning to ensure that a meaningful set of longer-term priorities underpin their investment decision-making on organisational fundamentals, such as a capable and sustainable workforce and fit-for purpose technology systems. Without this, there is a real risk that the regulator's business needs and priorities will be overtaken by the priorities of a much bigger department.

SafeWork NSW consulted with external stakeholders in determining its 2023 annual regulatory priorities

SafeWork NSW developed a discussion paper in 2022 for external stakeholders as a precursor to consultation on its 2023 annual priorities. This discussion paper outlined an intent by SafeWork NSW to develop a new strategy that would prioritise activities that were the biggest points of leverage to drive material change and were the biggest risks and most important trends affecting WHS in NSW.

SafeWork NSW considered expert feedback and expertise in the development of its regulatory priorities through this process. A summary document detailing the rationale for its regulatory priorities provides evidence that feedback from external stakeholders, such as unions and industry groups, were taken into account.

SafeWork NSW has not established a formal process for determining its regulatory priorities for 2024 and beyond

SafeWork NSW has an indicative timeline for preparing its 2024 priorities which provides that the priorities will not be settled until March 2024 and will be based on the results of the previous year’s priorities to December 2023. However, no ongoing process for determining annual priorities in each future year was settled at the time of writing this report. Some priorities might be expected to remain relatively constant, especially persistent challenges such as preventing falls from heights. However, if the annual priorities model is to meet the expectation of being agile, then new and emerging priorities will need to be identified, understood, scoped, and responded to with relatively short notice.

Elements of the 2023 regulatory priorities will overlap with any new or revised priorities, such as the monitoring and evaluation framework, and the three-year Construction Services Blueprint. SafeWork NSW explains that these longer-term initiatives are 'intended to support the delivery of priorities that are likely to run over many years, providing more granular detail on specific drivers of harm, regulatory responses and targets'.

SafeWork NSW does not effectively use data to inform its priority-setting or assessment of risk, despite adopting the recommendations from the 2020 mid-term Roadmap evaluation

SafeWork NSW states that it chose its regulatory priorities in 2023 based on the following factors - potential for serious harm or death, new or emerging risks, and increases in the frequency of an issue. An emerging issue is where:

A hazard and/or risk to health and safety relating to a new or existing product, process or service was not previously known or fully realised and SafeWork NSW intervenes to address the workplace health and safety risks for example, guidance material, training, regulatory change. 

SafeWork NSW has a substantial data repository, with over 20 years of case and activity data contained in its Workplace Services Management System (WSMS). However, SafeWork NSW does not effectively interrogate this data to provide an evidence base for its regulatory functions.

SafeWork NSW has only recently established a data governance committee. SafeWork NSW also advised that a data science function was created within the Centre for Work Health and Safety during 2023, repurposing existing resources and supported by a business intelligence working group comprising of inspector representatives from operational directorates.

While this data science function is newly created, SafeWork NSW does not have a strategic business intelligence function that is both recognised and understood across each directorate and team, and the ability of its technology infrastructure to deliver sophisticated strategic and operational data intelligence has been limited.

As a result of this lack of central coordination and capability, directorates have sought to develop their own data analysis capability, with inconsistent, fragmented and potentially duplicative results. The audit did find specific (albeit isolated) examples of data being used to inform decision-making, though these efforts were disparate and uncoordinated at the directorate level.

SafeWork NSW said that data is used to inform leadership discussions at the quarterly SafeWork NSW Leadership Meetings, and monthly operational executive meetings. The audit did not review the agenda papers for these meetings.

At the 2020–21 NSW Parliament Budget Estimates Committee hearing, SafeWork NSW stated that it:

…used predictive analytics and machine learning to generate a WHS rating system leveraging a large dataset to aid decision-making. The WHS rating supports an evidence-based approach to identifying high risk workplaces and provides additional data-based evidence to assist in decision-making'. 

SafeWork NSW has started to use artificial intelligence to interrogate historical compliance data to rate the risk of different employers. However, this is used inconsistently across SafeWork NSW and there is limited evidence about its effectiveness. A similar tool does not exist for industry or product-related trends or relationships that may assist SafeWork to proactively identify high-risk workplaces and issues.

Outdated technology and uncertainty in planning its replacement is limiting SafeWork NSW's ability to effectively use its data for analytics and insights

SafeWork NSW uses WSMS to manage work health and safety data. This system has been in place for over 20 years. It was noted in interviews conducted during this audit that this data system is at the end of its effective life.

Issues noted by users of WSMS include:

The lack of governance associated with data management of WSMS. There is no data custodian, and a formalised data quality assurance process does not exist. This means that data can be extracted from the system with no controls on the accuracy of the analysis.

Access to WSMS cannot be tracked (and is therefore not auditable).

  • Data quality is variable, depending on the quality of notes provided by inspectors (with individuals noting that these notes could be full of speculation), and inconsistent approaches to entering information into the system. At the same time, inspectors noted that entering information into the system can be an administrative burden due to duplication and time requirements.
  • Analysis cannot readily be undertaken on a geographic basis (for example, all high-risk employers within a particular region).
  • As WSMS does not track information about the directors of companies, it is unable to identify risks associated with 'phoenixing', where directors of wound-up businesses establish new entities, or other forms of related-entity risk. The audit team linked WSMS data with ASIC data to match company directors with company and notice data. This was done in order to understand the additional intelligence that could be used to inform risk-based decision-making. As an example, the audit found that there is a large number of companies that have not received notices from SafeWork NSW but may be at higher risk due to the conduct of their directors:
    • There were approximately 151,000 companies with directors that were also linked to at least one other company that had received at least one type of notice from SafeWork NSW.
    • There were approximately 24,500 companies with directors that were also linked to one or more companies that had cumulatively received over 100 notices from SafeWork NSW.
    • There were approximately 8,600 companies with directors that were also linked to one or more other companies that had cumulatively received over 400 notices from SafeWork NSW.

In addition to the feedback provided by WSMS users within SafeWork NSW, the audit team also found related data quality issues during the course of our own analysis, including:

  •  Industry analysis is more challenging to perform because specific industry data points and grouping details are not captured in WSMS.
  • There was no systematic method to identify all silica-related incidents. The search terms were not standardised and relied on judgement, for example: ‘silic’ (potentially capturing both ‘silica’ and ‘silicosis’) and ‘benchtop’, though SafeWork NSW advised that consultation with subject matter experts informed these searches. There is a high-risk of false positives and incomplete analysis without time intensive manual review of each identified case. WSMS was not readily able to provide data on silica-related complaints without workarounds and manual file review (which proved unreliable) and requiring significant effort from data staff in both the Audit Office and SafeWork NSW.
  • Test data is captured in production systems, rather than in test systems. These records do not have a unique identifier and are difficult to identify and isolate for business intelligence analysis.
  • Data validations are not enforced (for example, on Australian Business Number, Australian Company Number columns). Instead, the data entry fields allow for incorrect details to be captured or left blank without explanation from the staff entering the data.

SafeWork NSW provided advice to the audit team that an upgrade of WSMS was planned as part of the broader e-regulation program across DCS (that is, the single digital platform for all 28 business regulators). However, this upgrade is now uncertain as there is no funding for SafeWork NSW to be onboarded to the new platform. This means that for the foreseeable future SafeWork NSW will be constrained by the limitations inherent to WSMS.

SafeWork NSW took around eight years to actively and sufficiently respond to the emerging risk of respirable crystalline silica in manufactured stone

Silicosis is a progressive, occupational lung disease resulting from inhalation of respirable crystalline silica (RCS). Silicosis is one of the oldest known occupational diseases, particularly affecting industries like mining. In Australia, silicosis has been a known cause of death and disability for over 100 years. This disease is preventable through appropriate workplace practices in a hierarchy of controls, which includes the use of correct personal protective equipment.

The use of manufactured stone for applications such as kitchen benchtops became popular in Australia in the early 2000s. Other substances that contain silica, such as rock, stone, clay, gravel, concrete and brick, may contain between 2% and 40% silica. In contrast, manufactured stone contains up to 95% silica. Workers exposed to respirable crystalline silica from manufactured stone are more likely to develop severe silicosis (and other serious lung diseases), and more quickly, than workers exposed to silica from other sources.

In 2010, international research was published that pointed to the specific heightened risk posed by the high silica content of manufactured stone used primarily for kitchen countertops and bathroom fixtures. This was confirmed by subsequent research published in 2012, which concluded that, in regard to a documented outbreak of silicosis among manufactured stone workers in Israel:

This silicosis outbreak is important because of the worldwide use of this and similar high-silica-content, artificial stone products. Further cases are likely to occur unless effective preventive measures are undertaken and existing safety practices are enforced. 

This research was relevant to Australia as the sample of workers was derived from the same Israeli-based manufacturer and exporter of manufactured stone that supplies the majority of the product used in Australia.

The first identified group of related workers who contracted silicosis in NSW was reported in literature in 2015. Further cases have been reported in the media since 2015. These included examples of relatively young workers developing silicosis, presumptively from inhaling silica dust derived from manufactured stone.

In 2017, SafeWork NSW listed RCS as one of the top ten priority chemicals in its 2017–2022 Hazardous Chemicals and Materials Exposures Baseline and Reduction Strategy (dated October 2017).

A legislatively-mandated case finding study conducted by SafeWork NSW in 20213 reported that screening conducted by icare between 2017–18 and 2019–20 found an average of 29 cases per year of silicosis among workers in the manufactured stone industry.4 Despite the relatively small size of this workforce, this was three times the number of cases of all workers engaged in all other at-risk industries.

While the heightened risk posed by respirable crystalline silica in manufactured stone was first published in research in 2010 and detected in cases from 2015, SafeWork NSW’s first substantial practical response commenced in 2018–19.

From July 2018, SafeWork NSW convened a Manufactured Stone Industry Taskforce, including representatives from industry, unions, health, education and other government agencies. During the term of this taskforce (which ended at 30 June 2019), SafeWork NSW conducted 523 visits to 246 manufactured stone sites. These inspections resulted in 656 improvement notices being issued, along with 43 prohibition notices (this included matters not related to silica). Prior to this, the extent of SafeWork NSW’s active response to the emerging risk was to conduct a limited inspection program of six work sites in May 2017 (one site) and August 2017 (five sites). The results of these six workplace visits were incorporated into a research project report that was finalised in August 2018.

In the period from 2012 to 2018, SafeWork NSW also received complaints about silica-related matters, including matters not related to manufactured stone. These are detailed in Exhibit 1 below. The number of complaints was a relatively small proportion of all complaints received, though the number increased after 2018. This increase may be a result of increased community and industry awareness through media reporting and SafeWork NSW’s proactive audit work.5 The majority of these complaints did not result in further regulatory action by SafeWork NSW beyond preliminary inquiries and, in some cases, site visits. The right-hand column of the below table shows key events leading up to and shortly after SafeWork NSW’s first regulatory interventions.

Exhibit 1: Silica-related complaints made to SafeWork NSW, 2012–2023
YearNumberSilica-related activity and events
201255International published research reiterates 2010 findings of a link between manufactured stone and silicosis.
201538First NSW case series linked to manufactured stone industry.
201654Youngest known case of silicosis in NSW admitted to hospital.
201770Crystalline silica listed as the second priority chemical (out of 10 priority chemicals) by SafeWork NSW. Media reporting on the ABC.
2018104SafeWork NSW commences proactive work. Manufactured Stone Industry Taskforce commenced. Media reporting on the ABC, The Project and Daily Mail on silicosis.
2019173NSW Parliamentary Dust Diseases Review.
Probable first Australian death from silicosis caused by manufactured stone.
2020210Silicosis becomes notifiable, fines introduced, workplace exposure standard halved.
2021174Respirable crystalline silica exposure in the NSW manufactured stone industry case finding study undertaken.
Media reporting by The Project and ABC 7.30 Report.

*         2023 data are to 30 November 2023.
Note: Complaints received by SafeWork NSW where the issue description includes ‘silic*’ or ‘benchtop’. This will include silica derived from sources other than manufactured stone, including relating to those products listed in the Safe Work Australia 2020 national guide.
Source: Audit Office analysis of WSMS data.

High-profile media reporting in 2018, 2021, and early 2023 appeared to provide impetus to SafeWork NSW’s regulatory actions. SafeWork NSW subsequently conducted further rounds of proactive compliance, education and awareness activities among identified workplaces. This work increasingly targeted high-risk workplaces. Since 2018–19, SafeWork NSW has conducted three rounds of workplace inspections that have progressively focused on the highest risk workplaces. This program has adopted a strategic and evidence-based approach.

Since October 2019, 17 matters were progressed to further investigation with a view to prosecution. Five silica-related matters have been filed in court for prosecution. Three of these matters were still in court at the time of this audit, and two matters have been finalised.

In 2020, NSW introduced a range of legislative reforms including:

  • Banning the practice of dry cutting engineered stone containing crystalline silica. Maximum penalty of $30,000 for a body corporate and $6,000 for an individual, with on-the-spot fines for uncontrolled dry processing of engineered stone.
  • Halving the Workplace Exposure Standard from 0.1mg/m3 to 0.05 mg/m3 (ahead of the national deadline to implement it).
  • Silicosis becoming a notifiable disease requiring clinicians to report each case of silicosis diagnosed in NSW. Those notifications are shared with SafeWork NSW to manage a NSW Dust Disease Register. An annual report is tabled in Parliament and published on the NSW Government website (NSW Silica Dashboard) alongside some information on compliance activities.
  • On 27 October 2020, silicosis became a notifiable disease requiring clinicians to report each case of silicosis diagnosed in NSW. Those notifications are shared with SafeWork NSW to manage a NSW Dust Disease Register. In August 2021, SafeWork NSW published the first NSW Dust Disease Register Annual Report, detailing diagnosed cases of silicosis, asbestosis, and mesothelioma in NSW during 2020–21 and the Case Finding Study Report on silica exposure in the Manufactured Stone Industry. The Annual Report is tabled in Parliament and published on the NSW Government website (NSW Silica Dashboard) alongside some information on compliance activities.

Also in 2020, SafeWork NSW released the NSW Dust Strategy 2020-2022, which identified silica as one of three focus areas for the regulator.

In February 2022, New South Wales introduced the NSW Code of Practice – Managing the risks of respirable crystalline silica from engineered stone in the workplace, based on the National Model Code that was finalised in late 2021. The Code provides practical information on how to manage health and safety risks associated with respirable crystalline silica from engineered stone in the workplace.

Silica continues to be a priority for SafeWork NSW in 2023 under the SafeWork NSW regulatory priority: Exposure to harmful substances - Reduce the incidence of worker exposure to dangerous substances in the workplace, particularly silica and dangerous chemicals.

The online NSW Silica Dashboard provides members of the public with information on SafeWork NSW’s silica workplace visit program that commenced in 2018 through to 30 September 2023.

Organisational silos within SafeWork NSW contribute to inconsistent regulatory decision-making, duplication of effort, and inefficient practices

There is evidence indicating that SafeWork NSW works in silos, with limited communication, collaboration, and awareness of activities across functions.

We note the finding made by the South Australian Independent Commission Against Corruption in reviewing SafeWork SA:

A failure to ensure adequate and appropriate communication within an agency can result in duplication of effort, inconsistent approaches to the same function and the creation of unique risks. 

The existence of silos was evidenced by the audit team through:

  • The inconsistent application of policies and procedures. For example, performance management practices differ between directorates and individual teams. This is further discussed in Chapter 4.
  • How data is used across SafeWork NSW. While there are pockets of effective data analysis, they often seem to operate in isolation from each other, resulting in duplication and a failure to achieve economies of scale and the benefits of synergies.
  • Limited feedback loops across SafeWork NSW. SafeWork NSW does not have an overarching continuous improvement framework, and communication surrounding decision-making is limited. For example, where the Investigations and Emergency Response team decide to discontinue an investigation, there is no requirement to inform the referring inspector that this has occurred, or the rationale behind the decision.

Similar findings on the existence of silos, and the need to improve teamwork and collaboration, have been made by SafeWork NSW in internal reviews undertaken as part of restructuring activities.

This audit also found broader issues of concern regarding organisational structure. SafeWork NSW staff frequently expressed reservations about the effectiveness of the current structure and compared it unfavourably to the regulator’s previous form. In particular, some SafeWork NSW staff said that the existing structure:

  • reduced SafeWork NSW’s profile as the regulator for work health and safety in NSW
  • confused lines of accountability for senior strategic leadership
  • diluted the regulator’s focus and the cohesion of the staff.

The Independent Review of SafeWork NSW being conducted by Mr Robert McDougall KC is examining organisational structural issues. In the interim, the decision has been made by DCS that SafeWork NSW will transition out of the Better Regulation Division of DCS from 1 December 2023, to become a standalone division within DCS.

Organisational restructuring and any uncertainty that it involves in the short- to medium-term could impact on the SafeWork NSW's progress in achieving desired policy outcomes, especially if the change management process is not effective.

The lack of a strategic approach to data and intelligence by SafeWork NSW hampers effective targeting and prioritisation of proactive compliance activity

Effective proactive compliance work is an important part of an effective regulatory approach. For SafeWork NSW, these activities range from dedicated state-wide programs over extended periods through to specific, localised ‘blitzes’ of targeted workplaces. These activities are performed alongside 'reactive compliance activities' such as responding to incidents, complaints, or requests by ‘persons conducting a business or undertaking’ (PCBUs) for education and awareness-building activities.

In accordance with Safe Work Australia’s National Compliance and Enforcement Policy, proactive compliance activities are intended to be:

…conducted in line with the activities of assessed highest risk and the strategic enforcement priorities.

SafeWork NSW’s proactive compliance activity is intended to be based on:

  • SafeWork NSW’s annual regulatory priorities
  • data and insights on high-risk harms, industries or businesses
  • the identification of new or emerging risks
  • targeted programs focused on reducing the greatest harms.

As discussed earlier in this section, SafeWork NSW does not effectively use data to inform priorities or to assess risk.

While managers at SafeWork NSW referred to an overall target for proactive work (it was commonly suggested that between 60% and 70% of regulatory activities should be proactive), we were informed by the Head of SafeWork NSW (and Deputy Secretary of the Better Regulation Division) that there was no specific target.

In practice, there is significant variation in the mix of proactive and reactive compliance activities between directorates and teams, with some teams doing either largely proactive or largely reactive activities. This can depend on the nature of the industry sectors and geographic areas in which they function, and the extent of teams’ non-discretionary reactive workload.

Planning, implementing and evaluating proactive compliance work is inconsistently done across SafeWork NSW, making it hard to assess whether resources are being used effectively

The audit team found widely differing approaches to how directorates and even individual teams within the same directorate used evidence to identify and target risk areas for proactive work programs, such as blitzes. While there was evidence that data was used to inform how activities would be targeted, this was not consistent. For example, some teams draw on intelligence generated by dedicated interventions staff in their directorates, while others rely entirely on opportunistically identifying potential worksites for proactive work by driving or walking past sites. The audit found examples of effective use of data and intelligence to plan proactive activities.

There is also no consistent approach to planning, implementing, or evaluating proactive compliance work across SafeWork NSW. Even within the same directorate, there can be significant differences in approach. Some of these differences can be explained by the different types of matters and circumstances that apply to PCBUs across different industries. However, inconsistencies extended to fundamental aspects of proactive compliance work such as:

  • the rigour of evidence and intelligence by which priorities are determined and targeted, which was partly reflected by directorates having different levels of internal data capability
  • the degree of project management capability and resourcing, including where some directorates have dedicated specialist project management skills, while others rely on inspectors to perform project management
  • the extent to which different directorates and teams had a clear approach to how programs would be evaluated, beyond simply measuring activity, something which appears undermined by the absence of an evaluation framework
  • whether the strategic intent of programs and blitz activities are to drive meaningful behavioural change or just, as some interviewees expressed it, to ‘make sure they tick some boxes.’

These material differences and lack of consistency in approaches to proactive compliance makes it difficult to assess whether these activities are effective and efficient regulatory interventions. While there was strong support for proactive compliance activity among both managers and inspectors (indeed, most thought that there should be more proactive activity), there were relatively few who could provide an evidence base to justify the significant staff resources that they consume.

The Centre for Work Health and Safety has a function to improve data, research, and evidence to support risk identification

The Centre for Work Health and Safety (CWHS), a functional unit within SafeWork NSW, was established in December 2017 under the WHS Roadmap 2016-2022. Among other things, it has an insights and analytics function. Its establishment was driven by the recognition that SafeWork NSW was not effectively using data and evidence to support its decision-making and activities.

Two pieces of work undertaken by the CWHS are intended to provide SafeWork NSW with greater capability in identifying and addressing risk in both strategic and operational contexts.

First, the WHS Radar project is intended to deliver ‘…regular and actionable insights about WHS in an Australian context.’ Conducted twice a year, the WHS Radar synthesises information about work health and safety by drawing on five sources of evidence:

  • existing data, including incidents, worker’s compensation, ABS, and prosecutions
  • analysis of grey literature (non-peer reviewed sources, such as government reports, some conference papers, and reports from academic, business and industry bodies)
  • social media listening
  • nationwide survey of WHS inspectors and experts
  • nationwide survey of Australian workers across all industries.

The WHS Radar is intended to reduce the extent to which SafeWork NSW is dependent on lag data, by actively collecting more contemporaneous data from multiple sources. The first WHS Radar report was released publicly in April 2023.

A second piece of work delivered by the CWHS is the WHS Risk Rating tool for a PCBU.6 This tool attributes a rating to many businesses in NSW based on assessment of their future risk of non-compliance with WHS legislation. The WHS Risk Rating is intended to:

  • support existing SafeWork NSW Triage decision-making
  • support IDMP decision-making
  • select high-risk profiles during blitz operations
  • proactively screen and target high-risk profiles.

While some managers in SafeWork NSW did use the WHS Risk Rating tool, others were less confident in its value, expressing doubts about the accuracy and completeness of the data, or were not aware of it at all. These inconsistent views between different managers and directors, between those who use the WHS Risk Rating tool and those who do not use it or do not even have awareness about it, suggests that its purpose and functionalities have not been fully communicated to the wider inspectorate.

The governance of the CWHS, and particularly its relationship to SafeWork NSW, is somewhat unclear. While the Centre sits under the Executive Director, Regulatory Engagement, it identifies on its website as ‘A division of the Department of Customer Service’. Structurally, it is equivalent to a directorate under the Regulatory Engagement business area of SafeWork NSW, rather than a division of the department.

SafeWork NSW's inspectors are its core asset, and its ability to recruit, train and retain inspectors is key to fully performing its functions and meeting the internationally recognised benchmark

SafeWork NSW is funded to fully operate with up to 370 inspectors, though with 352 inspectors at August 2023 it has not recruited to full capacity.

Staff retention within the inspectorate has been a historic strength of the regulator. However, there has been a recent increase in inspector turnover. SafeWork NSW notes that from 2020 to 2022 attrition rates doubled from 5.3% to 10.6% within the inspectorate, which – due to the average age of its workers – was anticipated. Nearly one-third of inspectors were 56 years or older in the 2021–22 financial year. SafeWork NSW also experienced a general increase in resignations since the COVID-19 pandemic.

Increased recruitment activity is intended to mitigate the impact of ongoing attrition due to retirement. However, given the training requirements for new inspectors, there is a significant lag time between recruitment and the utility of inspectors in the field to progress regulatory priorities. SafeWork NSW notes however that inspectors receive authorisations to use their powers throughout the 12-month training period, with individuals assessed at a number of stages based on individual competence.

Where there have been capacity limitations, there have been localised responses such as the sharing of inspectors between teams, or the change in resourcing profile of investigations where instead of one inspector working on a case, a case is assigned to a team.

The International Labour Organization sets a benchmark of one labour inspector per 10,000 workers in industrial market economies. This benchmark is considered the number of inspectors deemed sufficient to ensure the effective discharge of the duties of the inspectorate. In October 2022, SafeWork NSW reported at the Parliamentary Budget Estimates Committee hearings that recruiting the full contingent of 370 inspectors would have meant that there was one SafeWork NSW inspector for every 10,000 workers, allowing it to meet this benchmark.

SafeWork NSW provided advice to the audit team that forecast increases in the number of workers and workplaces in New South Wales will result in 471 inspectors being required to meet the International Labour Organization benchmark by 2027.

SafeWork NSW inspectors can take up to two years to be considered ready to be fully utilised, due to training requirements and variations in their experience

Once recruitment is completed and new inspectors commence employment, they will start the New Inspector Training Program (NITP). The NITP is a 12-month comprehensive training program which prepares new Inspectors to perform the duties required of an Inspector within SafeWork NSW as well as providing training and assessment required for the PSP50116 Diploma of Government (Workplace Inspection) qualification. Inspectors will be fully trained after 12 months.

They will be issued with their instrument of appointment (authorities) to use their powers throughout the 12 month course. However it was noted throughout interviews with the inspectorate that it can take up to two years for new inspectors to be deployed in the field on their own and confidently making decisions. SafeWork NSW notes that the level of mentoring and support provided to individual inspectors, and access to a variety of experiences to build a range of skills contributes to variations in new inspectors building their confidence.

SafeWork NSW also provides:

  • a structured framework for new inspector onboarding and capacity-building, including in May 2023 formalising requirements for accompanied field visits, and delivering the NITP, delivered by the SafeWork NSW Registered Training Organisation (RTO) and utilising experienced inspectors from across the directorate to deliver training across the 12-month period
  • a SafeWork NSW Inspectorate and Manager Continuing Professional Development Program Policy
  • formal processes for Inspectorate Continuing Professional Development and Manager Continuing Professional Development, including recognition of prior learning through credit transfer from other registered training organisations
  • a formalised procedure for inspectors to progress to senior inspector and principal inspector.

While it was beyond the scope of this audit to assess the effectiveness of this training and capability development framework, it was recognised by interviewees that the commitment of time and resources provided by SafeWork NSW to training inspectors was significant. This underscores the importance of ensuring the effective use of inspectors.

There are inconsistent expectations around the responsibilities of SafeWork NSW inspectors and managers for identifying new and emerging issues

Inspectors may apply to the Inspector Progression Panel of SafeWork NSW to progress from Inspector to the level of Senior Inspector, or Senior Inspector to the level of Principal Inspector. In addition to the overarching requirements of the (Department of Customer Service – SafeWork NSW Inspectors 2007) Reviewed Award, this process is governed by a formal written procedure.

This procedure sets out that in considering applications for progression, the panel should take into account whether the applicant has fulfilled the responsibilities of their current role. The procedure specifies that inspectors and principal inspectors are accountable to:

Identify trends and emerging issues and provide advice to inform decision making.’ 

It is unclear why inspectors and principal inspectors have this responsibility, but not the intermediate level of senior inspectors. It is also unclear whether people managers, such as team managers, directors, and executive directors, also have similar formal obligations to proactively identify emerging issues.

Moreover, as senior inspectors are not accountable for identifying trends and emerging issues, inspectors are not assessed against this accountability when seeking progression to the senior inspector level. In contrast, when seeking progression from senior inspector to principal inspector, the applicant is required to provide evidence of how they meet this accountability, even though it is not an accountability specified for senior inspectors.

The accuracy of SafeWork NSW’s workforce planning is uncertain

Workload capacity is managed at the directorate level, with a forecasting report on the capacity across all teams discussed quarterly at the SafeWork NSW Leadership Group. Inspectors do not fill out timesheets, instead, this is based on time estimates for specific activities undertaken by inspectors. Directorates are also responsible for leading or supporting work against specific regulatory priorities, requiring directorates to discuss workforce capacity as part of planning proactive work.

SafeWork NSW has a 'workload management treatment model' that provides operation guidance once certain thresholds are reached within this forecasting report. These mechanisms include the reallocation of resources within the directorate at 125% of capacity reached, sharing and reallocation of work between equivalent portfolios at 150% of capacity reached, and cross directorate sharing of work and resources as well as the cessation or deference of work at 175% of capacity reached.

The actual allocation of inspectors to individual directorates is determined at the executive level when vacancies arise, with SafeWork NSW noting that 'consideration is given to the demand for regulatory services (current and expected future) across all teams to determine which directorate and office location a replacement position should be allocated'.

Audit interviews identified some concern that the calculations the forecasting reports are based on were not accurate, overestimated time, and that the data was used inconsistently and as a method to 'grab for resources'. While this audit did not examine SafeWork NSW's forecasting methodology in detail, a sample of the workforce forecasting report for April to June 2023 showed average capacity ranging from 9% to 390%, which may indicate under-utilised or over-utilised teams, or under or overweighted activities.

While there are mechanisms in place to review operational capacity, longer-term strategic workforce planning does not seem to form part of these review processes.

As part of developing its regulatory priorities, SafeWork NSW released a discussion paper that noted broader trends affecting workplaces and communities that it regulates, for example the rise in mental health issues in the workplace, automation, and the return of regional on-shore manufacturing. SafeWork NSW has a SafeWork Inspectorate and Manager Continuing Professional Development Program Policy, however this policy was only finalised in July 2023.

3 This study, conducted by a third-party, stemmed from a recommendation made by the NSW Parliament’s 2019 Dust Disease Review to amend the WHS Act to require SafeWork NSW to ensure that a case finding study was carried out:

  • to investigate respirable crystalline silica exposure in the manufactured stone industry, and

  • to gather information to improve the identification and assessment of workers at risk of exposure.

The purpose of this recommendation was to ‘to improve the identification and assessment of workers at risk of exposure.

4 The authors of this case finding study identified significant data limitations, which meant that it was not possible to estimate with confidence the complete number of workers potentially affected by silicosis.

5 Because of the lag period between when a worker is exposed to risky work practices and when they may develop silicosis, complaint data is not necessarily a useful tool to identify the emerging risk, especially where awareness of the risk is low. Unlike with risks that pose a more immediate and direct harm – such as falling off an insecure elevated platform - individuals may be less conscious to complain about a risk where the potential injury is not immediately visible.

6 A person conducting a business or undertaking has the primary duty of care for work health and safety.


This chapter considers how effectively SafeWork NSW measures and reports its performance in monitoring and enforcing compliance with the WHS Act. This includes whether it has meaningful performance measures, whether its performance is transparent to all stakeholders, and whether it uses performance information to support continuous improvement and quality assurance.

Performance measurement and reporting are essential to demonstrating a regulator's effectiveness

The Audit Office’s 2022 Audit Insights 2018–22 report noted that:

Defining measurable outcomes, tracking and reporting performance are core to delivering system stewardship, and to ensure effective and economical use of public funds.’ 

The same report also observed that government activity should:

…be supported by performance frameworks that provide structure for agencies to set performance targets, assess performance gaps, measure outcomes achieved, and benefits realised, capture lessons learned, and implement continuous improvement. 

Relatedly, the Organisation for Economic Co-Operation and Development has said that it is important for regulators to be aware of the impacts of their regulatory actions and decisions, and that this:

…helps drive improvements and enhance systems and processes internally. It also demonstrates the effectiveness of the regulator to whom it is accountable and helps to build confidence in the regulatory system. 

SafeWork NSW reports its activities and performance against certain KPIs, along with equivalent regulators in other Australian jurisdictions

Safe Work Australia, the national policy body for work health and safety, collects, analyses and publishes data across jurisdictions. SafeWork NSW provides data on regulatory activities such as the volume of proactive and reactive regulatory work, and performance measures such as injuries and fatalities. This is contained in the Safe Work Australia Comparative Performance Monitoring – Work Health and Safety Performance, and Work Health and Safety Compliance and Enforcement Activities reports.

The data published by Safe Work Australia provides comparative and longitudinal performance data relating to workplace injuries, fatalities, and compliance activities. This is ‘lag’ data, often 12 months or more in arrears. SafeWork NSW notes that due to the currency of data, it is not useful for planning purposes.

The ability to directly compare jurisdictional activities to form a view on the effectiveness of each regulator is limited, due to differences in how each work health and safety regulator works and the scope of their powers and responsibilities. For example, unlike in other states and territories, SafeWork NSW is not responsible for claims management or return to work matters.

Data reported by SafeWork NSW to Safe Work Australia indicates that, while fatalities have decreased, SafeWork NSW may not have had meaningful impact on the rates of serious injuries and disease claims since 2016–17

The data provided to Safe Work Australia shows that SafeWork NSW has presided over a period where there has been an increase in the incident rate of serious injury and disease claims in New South Wales. While SafeWork NSW is not responsible for workers compensation, the payment of workers compensation necessitates that a workplace injury has occurred.

The audit team has not seen evidence that SafeWork NSW has interrogated the root cause data trends since 2016–17 (discussed below). While the causes of workplace injury are often complex and multifaceted, the data suggests that SafeWork NSW may not be having a meaningful impact on reducing rates of serious injuries, but the poor data quality means that we cannot be sure. It was beyond the scope of this audit to specifically examine serious injuries and disease claims, or the root cause(s) for the upward trend.

An extract of one performance indicator is shown in Exhibit 2 below. It shows serious injury and disease claim data from 2012–13 through to 2020–21 (where 2020–21p stands for preliminary data). The 2015–16 financial year is highlighted to indicate the establishment phase of SafeWork NSW.


This chapter considers selected policies and procedures that SafeWork NSW has implemented to ensure that it performs its compliance functions in a manner that is consistent with regulatory good practice. This includes that regulatory decisions are fair, consistent, predictable, transparent and in accordance with any laws or government policy. This extends to how complaints and incidents are initially triaged, the decisions inspectors make in response to complaints or incidents, and decisions made about whether a matter is referred to investigation for possible prosecution.

SafeWork NSW has made significant efforts to promote consistency in regulatory decision-making

A core element of an effective compliance regime is that the regulator’s behaviour and decision-making should be consistent and predictable. This encourages trust and confidence in the regulator, while promoting clarity and certainty among regulated entities.

SafeWork NSW faces particular challenges to achieving consistency in regulatory outcomes without fettering the legislative decision-making authority of individual inspectors. The audit was made aware of cases where stakeholders could not understand the rationale by which decisions were made, including in matters raised in Parliamentary Budget Estimates Committee hearings.

The reasons for the lack of consistency, whether perceived or actual, includes such matters as:

  • the unique circumstances that may apply to individual risks, hazards, or incidents
  • the wide variation in characteristics of PCBUs, including in regard to matters that might affect their culpability for non-compliance, such as their size or compliance history
  • varying levels of experience across inspectors
  • potential differences between individual inspectors in risk appetite, regulatory posture and attitudes to varying regulatory interventions.

These complexities have received heightened attention by SafeWork NSW since the 2020 findings of the NSW Ombudsman’s inquiry into SafeWork NSW and the Blue Mountains City Council. Among other things, in this inquiry the Ombudsman found that:

  • only inspectors had the authority to form a ‘reasonable belief’ that non-compliance with the WHS Act or regulation had occurred
  • where an inspector forms a ‘reasonable belief’ of non-compliance, then they must issue a regulatory notice
  • instances had occurred where inspectors had issued notices without forming the necessary ‘reasonable belief’ that valid grounds existed for those notices
  • inspectors had issued notices without forming their own requisite ‘reasonable belief’ because they had been directed to issue notices by management.

Notwithstanding these challenges, SafeWork NSW was able to demonstrate that it has implemented measures aimed at promoting consistency in regulatory decision-making. These measures include:

  • extensive guidance in exercising discretionary decision-making
  • inspector practice notes
  • directorate and team level discussions intended to promote consistency in decision-making.

These measures are primarily focused at encouraging consistency in the application of the law prospectively. There was less evidence that decisions were consistently, formally, and robustly reviewed retrospectively, such as by:

  • peer review
  • internal audit or quality assurance of decisions
  • managerial coaching and mentoring.

The audit found varying practices and processes across SafeWork NSW teams and directorates for these sorts of retrospective and reflexive learning processes. Some managers and directors were able to describe regular review activities, either through one-on-one case reviews with individual inspectors, or through team meetings, though the evidence was that these activities were not consistent across regulatory decision-making areas of SafeWork NSW.

Such retrospective mechanisms would not be aimed at varying decisions already made, but at contributing to standardising how inspectors make future decisions by promoting consistency through setting precedents for responding to substantively similar matters.

Staff performance management is inconsistent across SafeWork NSW, which may hinder consistent practices, behaviours and outcomes

The use of organisational performance management and planning systems can be an important tool for promoting consistent behaviours, understandings and outcomes.
This audit included a survey of all members of the inspectorate, excluding team managers. Approximately 60% the inspectorate responded to the survey. The survey of found that:

  • 36% said that they did not have an annual performance agreement – almost one in every two inspectors (46%) in the two metropolitan focused directorates said they did not have performance agreements that set out what was required of them
  • the Investigation and Emergency Response directorate had a comparatively higher rate of reported performance agreements in place (80%) than all the other directorates that comprised SafeWork NSW (57%) – the reasons for this were not examined by the survey.

Findings from a survey of the inspectorate highlight the role of discretion in decision-making, and how these factors can be inconsistently applied

The survey conducted by the audit also asked inspectors about how different factors might affect their decision to issue a penalty notice for a breach of the WHS Act (excluding the most serious categories of matters that would ordinarily be immediately referred to full investigation and possible prosecution).

The discretionary factors that were included in the survey included:

  • a sample taken from SafeWork NSW's written procedure for issuing penalty notices (shown in Exhibit 5 below)
  • a small number that had been raised with the audit team by SafeWork NSW staff during interviews, namely: current regulatory priorities, media or political interest, and the size of the PCBU (specifically, whether or not a hypothetical PCBU was a small, family-owned business).
Exhibit 5: Discretionary factors when issuing a penalty notice

Factors that are considered relevant to the exercise of discretion to issue a penalty notice are:

  1. The seriousness of the risk and the actual or potential consequences or harm.
  2. The extent of any injury or illness (penalties must not be issued for a fatality or serious injury which may lead to a full investigation or prosecution unless in accordance with this procedure).
  3. The duty holder’s safety and compliance history, e.g., a repeat offender or there is a likelihood of the offence being repeated.
  4. The prevalence of the offence in the jurisdiction and industry impact.
  5. The culpability of the duty holder, that is, how far below acceptable standards the conduct falls and the extent to which the duty holder contributed to the risk.
  6. Whether the duty holder was authorised to undertake certain types of work, e.g., work requiring a licence, registration, permit or other authority (however described) as required by the regulations.
  7. Prior notice of the risk or offence (e.g., direct to the duty holder or through codes of practice, educational material, safety alerts, guidance sheets, campaigns or priority interventions etc).
  8. Whether the circumstances warrant the application of an administrative sanction at a lesser scale than an enforceable undertaking or prosecution (in addition to remedial action in the form of an improvement or prohibition notice).
  9. Any mitigating or aggravating circumstances including efforts undertaken by the duty holder to control risks and the duty holder’s co-operation and willingness to address the issue.

Source: SafeWork NSW, Penalty Notice Procedure.

Inspectors were asked whether a range of selected factors were in general more, less, or not at all likely to influence their decision to issue a penalty notice.

As shown in Exhibit 6 below, the survey found that the most common response to most of the factors was that they made it neither more nor less likely that an inspector would issue a penalty notice in response to non-compliance. In some cases, this is probably to be expected.

For example, whether or not a non-compliant PCBU is a NSW government agency should probably not affect whether it is issued with a penalty notice. This was the case for 80% of respondents (though notably, 20% of inspectors responded that it would affect their decision, including 3% who responded that they would be much more likely to issue a penalty notice).

Other variations seem less intuitive to explain. This is particularly the case when a factor is written in policy or procedures. For example, 44% of inspectors responded that their decision would not be affected by whether or not the PCBU had prior notice of the risk, even though prior notice is prescribed in the SafeWork NSW procedure as a factor that should be taken into account (see item 7 of Exhibit 5).

The role played by SafeWork NSW regulatory priorities is also uncertain. On the one hand, 62% of inspectors said that they would be more (39%) or much more (23%) likely to issue a penalty if the non-compliance related to a regulatory priority, while 38% said it would have no impact.

The survey also found noticeable variations in responses between directorates regarding when penalty notices would be more or less likely to be issued. This included in regard to:

  • whether a non-compliant PCBU was a small business or not
  • the role of PCBU culpability
  • whether non-compliance related to a matter of media or political interest.

This chapter presents a case study that arose during the course of this audit. The case study demonstrates issues discussed in earlier chapters of this report, particularly in relation to the management of risk and the proper application of policies and procedures to ensure SafeWork NSW’s effectiveness as a regulator.

About the case study

The case study concerns the activities of the Department of Customer Service and SafeWork NSW, the latter of which is located within the department. Neither the case study nor this performance audit generally examined the activities of the commercial partner (including any related companies) referenced in the case study, including Trolex Ltd (UK), Trolex Nome Australia Pty Ltd., or Trolex Sensors Pty Ltd. No findings have been made, either express or implied, in relation to the commercial partner.

The case study was based on a review of evidentiary documents, primarily in the form of emails sourced from SafeWork NSW. To avoid compromising other processes, interviews were not held.

SafeWork NSW’s respirable crystalline silica real-time detection project

As discussed earlier, silicosis is a progressive, occupational lung disease resulting from inhalation of respirable crystalline silica. In recent years, there has been high profile attention to respirable crystalline silica exposure from manufactured stone products (such as kitchen benchtops), though these risks had been published in international research since at least 2010. Unlike asbestos, respirable crystalline silica from manufactured stone can lead to the development of silicosis and other lung diseases after relatively short exposure and latency periods, resulting in relatively young workers developing serious diseases.

From 2016 to 2022, SafeWork NSW’s Work Health and Safety Roadmap included a target to reduce workplace exposure to priority hazardous chemicals and materials by 30%. This focus was retained in SafeWork NSW's regulatory priorities for 2023, which included the aim of reducing the incidence of worker exposure to harmful substances such as silica.

In 2018, SafeWork NSW commenced a project to fund a ‘research partner’ to develop a device that would detect in real-time the presence of respirable crystalline silica in workplaces. This project was led by the Centre for Work Health and Safety within SafeWork NSW.

Following a selection process, Trolex, a private company from the United Kingdom, was selected as the research partner. Trolex developed a device intended to meet the objective of the project. This device is called the Air XS and sells for approximately $18,500 AUD. The Air XS device was launched on 7 April 2022. The first-generation of the Air XS devices are no longer on the market, however up to 60 second-generation devices are currently in use across Australia.

In December 2022, this research project won the DCS Secretary’s Award for Excellence in Digital Innovation and was also one of the department’s nominees for a Premier’s Award in 2022.

As part of understanding SafeWork NSW’s response to the work health and safety risks of respirable crystalline silica from manufactured stone products, the audit examined this research project to procure a 'research partner' to develop a respirable crystalline silica real-time detection device. The findings of this examination are set out below.

SafeWork NSW’s processes were ineffective in responding to and mitigating risk and in ensuring compliance

As detailed below, our examination of this project found significant governance failings in SafeWork NSW, including the absence of key documentation, which created risks relating to whether the project would deliver its objective and whether it complied with procurement requirements. Concerns about whether the Air XS device would satisfy project objectives were not properly addressed.

We also found non-compliance with mandatory procurement policies. The failure to ensure compliance with procurement requirements leaves open the risk that value for money was not achieved, or that the procurement was not fair, transparent, consistent with promoting competition, or free from corruption or maladministration.

As a result of the Audit Office raising these issues with the Head of SafeWork NSW, the regulator undertook to enter into discussions with the CSIRO to conduct further testing of the real-time RCS detection device.

Concerns were raised by staff about the accuracy of the Air XS devices, though these concerns were not escalated beyond Director-level staff

Both before and after the launch of the Air XS device, concerns were raised by technical staff within SafeWork NSW about the accuracy of the devices and the rigour with which they had been tested during development.

It should be noted that the manufacturer, in correspondence with SafeWork NSW, defended the accuracy of the Air XS devices. It was beyond the scope of the audit to reconcile apparently conflicting technical assessments. Rather, the audit examined how SafeWork NSW managed the potential project delivery risk when these material concerns were raised.

Toward the end of 2021, concerns first emerged about the accuracy of the Air XS devices in emails between staff in the Regulatory Engagement business area of SafeWork NSW. These emails outlined concerns that the Air XS devices were not sufficiently accurate in detecting respirable crystalline silica. These views were derived from testing performed outside of any technical assurance process. At the time, these concerns were not shared with executive-level staff, including with any relevant Directors.

By the end of March 2022, the Centre for Work Health and Safety had requested and received from Trolex testing reports on the Air XS device. Two technical staff in the Testing Services directorate of SafeWork NSW were asked to review the testing reports. They were given five days to conduct these reviews.

On 5 April 2022, two days before the product was launched, one of the technical staff emailed the Director, Testing Services, advising that each of the two technical staff had independently prepared assessments and that their conclusions were ‘…not what DCS will want to hear’.

The internal assessment reports were subsequently provided to the Director, Testing Services, and to the Centre for Work Health and Safety. One of the reports stated that the product was not ‘market ready’ and that further testing was required. The audit did not find evidence that these conclusions were escalated to the Executive Director, Regulatory Engagement.

On 6 April 2022, the research project manager was advised by a staff member in the Centre for Work Health and Safety that an independent expert’s report (commissioned by the Centre for Work Health and Safety) concluded that ‘…there isn’t enough data to assess the validity of the device’.

Despite these concerns, the product launch occurred on 7 April 2022.

The audit found that concerns were again documented on at least two occasions after the product was launched. First, in September 2022, a senior technical staff member in the Centre for Work Health and Safety expressed concerns to colleagues, including the Director, Testing Services, that the staff member was uncomfortable promoting the Air XS without further testing being conducted.

Secondly, in May 2023, an internal test report prepared within the Testing Services business unit highlighted specific concerns about the accuracy of a first-generation Air XS device. This internal test report was provided to the Director, Testing Services, and was conducted with at least the knowledge of the Director, Research and Evaluation.

In both cases (September 2022 and May 2023), there are gaps in the evidence concerning how widely these internal concerns were shared. The audit found no evidence of:

  • any material response by SafeWork NSW management to address the concerns that had been raised
  • any assessment of risks posed to SafeWork NSW and other stakeholders
  • any escalation of the concerns to the relevant Executive Director or to the Head of SafeWork NSW.

This apparent lack of management action was despite the potential risks to the work health and safety of workers who may have relied on the Air XS, and to the reputation of the regulator.

Some SafeWork NSW staff were hesitant to raise concerns about the Air XS device

Some staff reported to us that they did not raise these risks with their managers due to concerns that to do so might affect their employment. In the Auditor-General’s 2018 audit report Managing risks in the NSW public sector: risk culture and capability, it was noted that:

Effective risk management is essential to good governance, and supports staff at all levels to make informed judgements and decisions. 

The report also observed that it is now widely accepted that organisational culture is a key element of risk management because it influences how people recognise and engage with risk. This includes ensuring that agencies have a culture of open communication so that all employees feel comfortable speaking openly about risks.

In this case, SafeWork NSW lacked the risk processes and culture to encourage all staff to identify, raise, escalate, and respond to risk appropriately. While the department does have a mechanism (via dedicated phone and email contacts) for staff to report integrity concerns, this mechanism was not used.

Concerns about the Air XS device were also raised by an external user of the device, though there is no evidence that these concerns were substantively addressed

On 21 August 2023, a senior manager from an external user emailed staff in SafeWork NSW’s Testing Services Directorate to advise that they had told the local distributor that they no longer wished to conduct further testing, nor purchase any Air XS devices. The senior manager stated that:

…the claim that the Air XS Silica monitor ‘delivers highly accurate, continuous, real-time silica detection’ could not be validated by the distributor despite many requests and efforts in the field to test the monitors and validate the data. 

The senior manager further stated that they were:

…disappointed that SafeWork NSW promotes the monitors with no evidence, known and/or held by them, that the monitors deliver the promoted monitor outcomes. 

The audit found no evidence that these concerns were meaningfully addressed by SafeWork NSW.

The process of procuring a ‘research partner’ to develop the Air XS device was flawed, in that there was non-compliance with procurement obligations and inadequate record keeping

The cost of procuring the Air XS research partner increased from an initial estimated cost of $200,000 when the request for tender was issued in May 2019 to $1.34 million when the final contract was executed in August 2019.

The audit found non-compliance in the process undertaken by the CWHS to procure the research partner. This non-compliance related to the requirements of the applicable departmental procurement manual, as well as with DCS financial delegations, and with the tender evaluation plan prepared for the process.

Examples of non-compliance and other poor practices are outlined below.

  • The Director, Research and Evaluation, was a voting member of the evaluation committee and also signed the acceptance letter for the successful proposal. This contravened the department’s procurement requirement that an approving delegate may not also evaluate tender responses. At the time, the estimated cost of the engagement was $200,000 and was therefore within the Director’s financial delegation.
  • The evaluation of the submitted tenders included an assessment provided by a designated non-voting member of the tender evaluation committee who had a declared conflict of interest.
  • One member of the tender evaluation committee lodged a strong objection to the preferred provider. SafeWork NSW could not provide documentation about how this objection was addressed.
  • When the final cost of the engagement increased to $1.34 million by August 2019, the Director, Research and Evaluation, no longer had the necessary delegation to approve the engagement of Trolex. Under the delegations issued by the DCS Secretary on 29 August 2019, the approval of an Executive Director was required for contracts valued between $500,000 and $2 million.
  • The scoring in the tender evaluation committee’s (unsigned) evaluation report did not comply with the approach set out in the tender evaluation plan. This was material as, had the tender evaluation plan been followed, two tenders would have been assessed as having the same successful score.
  • SafeWork NSW was unable to provide:
    • a signed and dated copy of an approval to issue the initial request for tender
    • a signed and dated copy of an approval for SafeWork NSW to enter into a formal agreement with Trolex
    • a final tender evaluation report signed by all members of the tender evaluation panel
    • evidence of any approval to increase the value of the contract from the $200,000 anticipated in the initial request for tender up to the $1.34 million final value of the contract.

Such non-compliance can contribute to the risk of maladministration in procurement activities, including by undermining probity and challenging whether value for money is achieved.


Appendix one – Response from agency

Appendix two – About the audit

Appendix Three – Performance auditing


© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.


Parliamentary reference - Report number #390 - released 27 February 2024



Actions for Flood housing response

Flood housing response

Whole of Government
Community Services
Premier and Cabinet
Internal controls and governance
Management and administration
Project management
Service delivery
Shared services and collaboration

What this report is about

Extreme rainfall across eastern Australia in 2021 and 2022 led to a series of major flood events in New South Wales.

This audit assessed how effectively the NSW Government provided emergency accommodation and temporary housing in response to the early 2022 Northern Rivers and late 2022 Central West flood events.

Responsible agencies included in this audit were the Department of Communities and Justice, NSW Reconstruction Authority, the former Department of Planning and Environment, the Department of Regional NSW and the Premier’s Department.


The Department of Communities and Justice rapidly provided emergency accommodation to displaced persons immediately following these flood events.

There was no plan in place to guide a temporary housing response and agencies did not have agency-level plans for implementing their responsibilities.

The NSW Government rapidly procured and constructed temporary housing villages. However, the amount of temporary housing provided did not meet the demand.

There is an extensive waitlist for temporary housing and the remaining demand in the Northern Rivers is unlikely to be met. The NSW Reconstruction Authority has not reviewed this list to confirm its accuracy.

Demobilisation plans for the temporary housing villages have been developed, but there are no long-term plans in place for the transition of tenants out of the temporary housing.

Agencies are in the process of evaluating the provision of emergency accommodation and temporary housing.

The findings from the 2022 State-wide lessons process largely relate to response activities.

Audit recommendations

The NSW Reconstruction Authority should:

  • Develop a plan for the provision of temporary housing.
  • Review the temporary housing waitlist.
  • Determine a timeline for demobilising the temporary housing villages.
  • Develop a strategy to manage the transition of people into long-term accommodation.
  • Develop a process for state-wide recovery lessons learned.

All audited agencies should:

  • Finalise evaluations of their role in the provision of emergency accommodation and temporary housing.
  • Develop internal plans for implementing their roles under state-wide plans.

Extreme rainfall across eastern Australia in 2021 and 2022 led to a series of major flood events in New South Wales. In response, the NSW Government declared each of these events a natural disaster and made available a wide range of support for affected individuals and businesses. The flooding experienced by the State was widespread and its severity caused significant destruction in communities across the State. Some of the most significant damage occurred in the Northern Rivers and Central West regions of New South Wales.

Whilst areas of the Northern Rivers are prone to regular flooding, the scale of flooding in 2022 had not been experienced in the region before. On 28 February 2022, the Wilsons River in Lismore reached a height of 14.4 metres, approximately 2.3 metres higher than the previous record. A second flood occurred on 30 March 2022, with the river reaching 11.4 metres. The flooding in the region was extensive, affecting towns including Lismore, Coraki, Woodburn and Ballina. Between late February and early April 2022, 13 lives were lost in the Northern Rivers floods. In addition, 4,055 properties were deemed uninhabitable, and a further 10,849 properties were assessed as damaged. Approximately 4,000 people had to be evacuated from Lismore alone during this period, with thousands displaced from their homes across the region.

In the Central West, on 14 November 2022, the Lachlan River at Forbes peaked at 10.6 metres and was categorised as major flooding due to the inundation of extensive rural areas with properties, villages and towns isolated. On the same day in Eugowra, the Mandagery Creek peaked at 9.8 metres, passing the previous record of 9.6 metres in 1950. Flooding occurred in other areas of the Central West including Parkes, Molong, Cowra and Canowindra. Two lives were lost in the town of Eugowra with 80% of homes and businesses in the town damaged.

This audit assessed the following two areas of NSW Government support provided in response to these flood events:

  • Provision of emergency accommodation: short-term accommodation provided to displaced persons unable to return to their own home in an emergency situation.
  • Provision of temporary housing provided in the form of temporary pods and caravans.

The Department of Communities and Justice (DCJ) is responsible for the provision of emergency accommodation and other welfare services in response to a disaster event. With regards to temporary housing, the following agencies were involved in this audit:

  • Resilience NSW was the lead agency responsible for recovery and led the implementation of the temporary housing program under the oversight of the Chair, Housing Taskforce (HTF) from July 2022. On 16 December 2022, Resilience NSW was abolished, with some staff transferred to the NSW Police Force, Department of Premier and Cabinet (DPC) and DCJ. The remaining staff were transitioned to the newly established NSW Reconstruction Authority.
  • The Department of Planning and Environment (DPE) chaired the HTF until July 2022 and led the process for the identification and evaluation of temporary housing village sites. On 1 January 2024, DPE was abolished and the DPE functions discussed in this report now form part of the Department of Planning, Housing and Infrastructure.
  • NSW Public Works (NSWPW), a branch of the Department of Regional NSW (DRNSW) procured and managed the construction of the pods used in this program, and procured the caravans used as part of the temporary housing response.

The then DPC (now Premier’s Department (PD)) was responsible for whole-of-government policy advice, convening the Crisis Policy Committee of Cabinet, and whole-of-government communications.

This audit assessed how effectively the NSW Government provided emergency and temporary housing in response to the early 2022 Northern Rivers and late 2022 Central West flood events. We addressed this objective by examining whether the audited agencies:

  • effectively planned for the provision of emergency accommodation and temporary housing prior to the flood events
  • provided emergency accommodation and temporary housing to meet the needs of affected communities in response to the flood events
  • are effectively capturing lessons learned in relation to their provision of emergency accommodation and temporary housing as part of the flood response.

There is a State-level plan in place to guide the approach to emergency accommodation

The Welfare Services Functional Area Supporting Plan (WSFASP, the plan) is a supporting plan to the New South Wales Emergency Management Plan (EMPLAN). The plan outlines the responsibilities of the Department of Communities and Justice (DCJ) for the coordination and delivery of disaster welfare services in New South Wales. This includes the provision of emergency accommodation services. The plan in place during the flood events outlined the responsibilities of DCJ and the former Office of Emergency Management (OEM), some responsibilities of which have since transitioned to the NSW Reconstruction Authority (the Reconstruction Authority). The plan sets out a framework for government and non-government organisations to coordinate to provide key welfare services during an emergency, and outlines agreed roles and responsibilities. The plan outlines preparedness measures and arrangements for the provision of key welfare services during the response to and recovery from emergencies in New South Wales.

The plan details the organisations and key positions involved in welfare services, including their overall roles and responsibilities, and a basic structure for the delivery of disaster welfare services. For example, the plan states that both the former Department of Families and Communities Services and the not-for-profit Adventist Development and Relief Agency (ADRA) are responsible for emergency accommodation but does not clarify the detailed responsibilities associated with this role. These provide a State-wide, though not detailed, approach to emergency accommodation and welfare services in a disaster recovery context.

There was no plan in place to guide the temporary housing response, despite the NSW Government utilising this type of response in a previous emergency event

The State-level emergency planning documents do not contemplate the need for temporary housing as a government disaster response. Although there was a temporary housing response to the Black Summer bushfires in 2019–20, albeit on a smaller scale, no specific plans were in place to guide this response or the flood events in 2021–22. The NSW Government therefore had to develop its approach to addressing demand for temporary housing whilst responding to the flood emergency as it was occurring.

A partnership was established between the NSW Government and the Minderoo Foundation in 2020 to provide 100 pods to people whose homes were destroyed in the Black Summer bushfires. The initial rollout consisted of four-person pods, however the need for greater capacity was identified, with larger, family-sized pods developed for up to six people. The implementation of this program did not include formalising the work completed in documented plans for future use in response to other emergency events.

A plan that sets out how temporary housing should be used is in place in Queensland. The Queensland Government released a Temporary Emergency Accommodation (TEA) plan in 2021 which describes the arrangements, roles and responsibilities of key organisations critical to supporting displaced community members after the closure of an evacuation centre. The TEA plan outlines the five phases in the provision of accommodation support which includes temporary housing recovery. This demonstrates that a plan for the use of temporary accommodation would not be unprecedented.

Without plans in place to respond to all aspects of an emergency, decision makers are forced to be reactive in their decision making or to develop these plans while also responding to the events. In this specific instance, the government was forced to develop governance structures and perform tasks such as options analysis and site selection for temporary housing during the immediate aftermath of the flood events.

The Reconstruction Authority has acknowledged the need for a formalised plan for temporary housing responses and has started work to develop this in preparation for future flood events. It advised that the Housing Taskforce (HTF) has begun this work by performing assessments and reviews of high-risk areas and engaging with local councils and community groups. The Reconstruction Authority is also developing a Recovery Readiness Checklist, which will include preparedness for the provision of temporary housing in an emergency. Pre-event recovery planning specific to Local Government Areas (LGAs) is also underway, with the Reconstruction Authority developing tailored checklists which cover the provision of temporary housing. These tools will form part of the State's recovery response under the NSW Recovery Plan, which the Reconstruction Authority is currently in the process of updating. The Reconstruction Authority advises that this update will include identifying responsibilities in relation to the temporary housing response and recovery more broadly.

The WSFASP in place during the flood events had not been reviewed and updated in line with its planning requirements

Plans which outline the coordination and delivery of services in response to an emergency are imperative to ensure all required activities are completed, and the needs of affected communities are met. Plans also serve as a common reference point for decision making. Out of date plans can result in unclear roles and responsibilities, requiring agencies to make improvised decisions due to the urgent nature of emergency response. This creates a risk of key activities not being fulfilled and community needs going unmet.

The WSFASP in place during the flood response was last updated and endorsed by the State Emergency Management Committee (SEMC) in June 2018. As part of the planning requirements outlined in the plan, the State Welfare Services Functional Area Coordinator (WelFAC) is required to ensure the plan is reviewed every five years, or when relevant aspects require review following emergency operations or changes to legislation. The State WelFAC is an officer from DCJ responsible for the monitoring, support and coordination of disaster welfare services in New South Wales.

In 2020, a machinery of government change was implemented which established Resilience NSW as a public service executive agency and transferred persons employed in OEM to Resilience NSW. Despite these legislative changes, the plan had not been updated in line with its requirements to reflect these and subsequent changes, as OEM was still listed as one of the two agencies responsible for the coordination and delivery of disaster welfare services. Similarly, the plan had not been updated to reflect emergency operations changes with ADRA listed as the responsible coordinator for the provision of emergency accommodation services, despite no longer being responsible for this service.

The WSFASP has since been updated to reflect these changes and was endorsed by the SEMC in September 2023. The current WSFASP aligns with the welfare services responsibilities following the transfer of the welfare services functional area to DCJ in 2023. This includes the role of DCJ as the lead agency for the WSFASP, and DCJ and the Housing Contact Centre (HCC) within DCJ as the coordinator of emergency accommodation. The updated plan also provides an outline of the key welfare services that are delivered by the functional area, including emergency accommodation, personal support, essential food and grocery items, and transition from emergency accommodation. The outline provides a description of each service and the agency, team or non-government organisation responsible for coordinating the service.

Agencies did not have agency-level plans in place for implementing their responsibilities under State-level emergency accommodation and temporary housing plans

The State EMPLAN establishes a framework for sub plans, supporting plans and related policy instruments and guidelines. It states that a supporting plan should describe the support which is to be provided to the controlling or coordinating authority during emergency operations and be an action plan which describes how an agency or functional area is to be coordinated in order to fulfill the roles and responsibilities allocated. Without this more detailed guidance being in place, there is no common reference point for individuals within an agency to refer to when implementing the broader State-level plans, such as the WSFASP.

The WSFASP defines emergency accommodation and outlines the government and non-government organisations responsible for its provision. It does not provide a detailed description of the specific roles and responsibilities related to its provision. DCJ does not have an agency-level plan in place that specifies these in more detail, and did not have any standard operating procedures (SOPs) in place to guide the process of housing displaced persons in emergency accommodation.

The absence of SOPs to guide this process can increase the chance of inconsistent implementation of the WSFASP, with a reliance on the experience of staff to complete tasks to house people in emergency accommodation. For example, at the onset of an emergency, staff in the HCC contact local accommodation venues such as hotels and motels to determine availability in the area. They may also book blocks of rooms in preparation for housing displaced persons. At the time of the flood events, there was no documentation which detailed the process for DCJ staff to follow and these tasks were not recorded anywhere as requiring completion before a disaster occurred.

DCJ has advised that they have since developed internal processes which form part of the training program for Disaster Welfare staff. In addition to this, the HCC has developed a guide which steps out the various processes relating to the provision of emergency accommodation, as well as outlining the different roles and responsibilities within the HCC in relation to these processes.

As noted, there is no State-level plan in place to guide the temporary housing response. As a result, there is no framework to guide this process at an agency level for the Reconstruction Authority. The absence of both State and agency-level plans guiding the provision of temporary housing at the time of the flood events meant that agencies were required to develop a process to follow at the same time as responding to the flood events.

Appropriate governance structures were established quickly and changed as needed to reflect recovery needs

The State Recovery Committee (SRC) was activated following the 2019–20 bushfires and was still operating at the time of the 2022 floods. As part of this, the SRC had a terms of reference which included responsibilities of the SRC and a membership list. The responsibilities of the SRC in the terms of reference are to:

  • provide strategic direction in relation to disaster recovery
  • oversee reconstruction and recovery efforts in disaster impacted areas
  • provide senior leadership to facilitate whole-of-government coordination
  • monitor and report to the Premier, Deputy Premier and Cabinet on the progress of recovery efforts in disaster impacted areas.

Once the flood events commenced on 28 February 2022, the SRC increased its meeting frequency to every two days initially, for a total of 13 meetings in March. The SRC continued to meet at least twice a week from mid-April until the end of May, at which point it reduced gradually in frequency to weekly and then fortnightly. The SRC continued to meet throughout all of 2022 and 2023.

The SRC established a range of subcommittees to assist with recovery efforts. These subcommittees were operational from March 2022 onwards. Subcommittees had terms of reference setting out their role and were chaired by appropriate agencies with operational responsibilities that aligned with those roles. The Health and Wellbeing subcommittee was established as part of this and initially had responsibility for the provision of both emergency accommodation and temporary housing. This subcommittee was chaired by a relevant Senior Executive in DCJ.

As noted above, none of the whole-of-government plans prior to the flood events allocated responsibility to an agency or subcommittee for constructing and managing temporary housing. Although temporary housing had been utilised by the government previously in response to the 2019–20 bushfires, its provision had never been implemented on the scale required in response to the flood events.

In early March, the SRC created a new subcommittee: the Housing Taskforce (HTF). The HTF contained key staff from a wide variety of agencies, as well as other key stakeholders like local councils where appropriate, and was chaired by a Senior Executive from the Planning Branch of the Department of Planning and Environment (DPE). A terms of reference was quickly developed for the subcommittee. The HTF’s initial purpose included developing a strategy for identifying locations and pathways for temporary housing. This allowed the Health and Wellbeing subcommittee and the HTF to provide more focus on their particular areas of responsibility.

The SRC helped to manage issues but did not provide strategic risk management

Subcommittees regularly reported to the SRC throughout the flood response period. The SRC was able to manage issues with these programs as they arose, often by connecting relevant staff and providing a forum for these issues to be resolved across agencies. In this way, the SRC was able to manage issues, which aligns with its role in facilitating whole-of-government coordination.

Given that all relevant agencies were represented on the SRC, it was uniquely placed to provide strategic risk management across all aspects of the recovery effort including provision of accommodation and housing following the floods. This would fall within the SRC’s role of providing strategic direction in relation to disaster recovery. Strategic risk management involves addressing external risks, including those which may impact the government’s ability to achieve its objectives. The SRC did not undertake strategic risk management to proactively identify issues that could hinder the recovery effort, such as through developing risk registers and assigning mitigation strategies to agencies or specific individuals.

In regards to the flood temporary housing response, this may have included identifying and mitigating risks that could impact on the quantity of housing provided, risks to the overall flood recovery budget, and risks related to further flood events occurring that might hinder flood recovery. While the SRC did not consider this work during the flood response, Resilience NSW and the Reconstruction Authority both documented some whole-of-government risks to the delivery of the response to natural disasters as part of their enterprise risk management processes, including throughout 2022. However, this work was not undertaken specifically in relation to the unfolding flood events, but was instead done as part of the agency's regular review of its enterprise risks. Given that only one agency was involved in this risk identification, it was not a substitute for whole-of-government risk identification through the SRC.

The HTF did undertake some separate risk identification for the temporary housing response in the Northern Rivers, but not until October 2022. The HTF had been in operation since March 2022 without undertaking formal risk assessments to determine key risks to the provision of temporary housing that required mitigation. Some of the risks identified included expenditure on temporary housing exceeding its allocated budget, temporary housing sites failing to deliver agreed outcomes, and that there would be inappropriate or ineffective engagement with Aboriginal communities. This risk identification from the HTF was also reflected in Resilience NSW's and the Reconstruction Authority’s enterprise risk registers, where it is identified that there is a risk that the agencies do not effectively deliver on short and medium term housing.

The SRC provided oversight of the work of subcommittees

As noted above, one of the roles of the SRC is to oversee reconstruction and recovery efforts in disaster impacted areas. To fulfil this role of providing oversight, the SRC received updates on the activities of each subcommittee at each meeting.

In March 2022, each subcommittee developed a 100-Day Flood Action Plan that set out actions that would be completed in the first 30, 60 and 100 days. Each subcommittee was required to update its Flood Action Plan and report progress on implementation to the SRC every two weeks. The SRC received this regular reporting from each subcommittee, which included the status of each item, actions undertaken to date, and the next steps that each subcommittee was undertaking. This served to provide the SRC with oversight of the actions of each group to supplement the subcommittee updates with greater detail.

The quality of reporting from the HTF to the SRC reduced throughout August and September 2022. At this time the updates from the subcommittee included either only a verbal update or only statistical updates on the temporary housing response. This means that throughout this period, the SRC was providing only limited oversight of the temporary housing response. From October 2022, the HTF provided more detailed updates to the SRC, providing data on the temporary housing villages including the number of dwellings, estimated capacity and the status of each of the village sites (whether operational or estimated date of construction completion).

DCJ adapted its usual procedures to house a large number of people in emergency accommodation following the Northern Rivers flood event

The HCC, a branch within DCJ, is responsible for arranging emergency accommodation during a disaster, although this responsibility was not outlined in a specific emergency accommodation plan or procedure at the time of the flood events. Once a disaster is declared, the HCC is activated for a disaster welfare response. The team is required to estimate the number of people who will be displaced by the disaster and may seek emergency accommodation. The team is also required to contact local accommodation providers such as hotels, motels and caravan parks to determine vacancy information, as well as obtain information about the facilities such as wheelchair accessibility and pet-friendly rooms. The HCC team will then make direct contact with staff at evacuation centres and facilitate bookings based on the demand. A central internal database is utilised by the HCC, which enables them to see providers and book within the system.

In following these procedures, DCJ housed 788 people in the two weeks following the initial flood event by utilising the standard local accommodation providers. On 27 April 2022, 1,440 people were reported as staying at local accommodation providers as part of the emergency accommodation response. Exhibit 5 shows the number of people housed in emergency accommodation across the North Coast from March 2022 to early April 2023.

Governance structures continued to operate as previously established in response to the Central West flood event

The governance structures established in response to the 2019–20 bushfires and the flood event in the Northern Rivers mostly operated in the same capacity for the management of the Central West flood event. In October 2022, the meeting frequency for the SRC reduced to fortnightly, following the same structure with subcommittee updates discussed as part of the agenda. There was no increase in meeting frequency during or in the immediate aftermath of the response to the Central West flood event.

Resilience NSW continued to document whole-of-government risks to the delivery of the response to natural disasters during the response to the Central West flood event, and this work was continued by the Reconstruction Authority once established. Resilience NSW also continued to develop risk dashboard heatmaps each quarter, monitoring any changes in the residual risk rating of these risks, as well as outlining issues identified, and any new and emerging risks.

DCJ housed displaced persons in the Central West quickly, considering additional needs during the process

DCJ, through the HCC, advised that it followed its standard process outlined above for the provision of emergency accommodation during the Central West flood event. The evacuation order for Eugowra was made on 15 November 2022, and by 8 December 2022, DCJ had housed 93 people from the community in emergency accommodation. The HCC was able to utilise alternative accommodation such as rooms at Charles Sturt University to meet the increasing demand for emergency accommodation in the Central West.

Through the initial consultation process conducted with displaced persons at evacuation centres, the HCC was also able to consider their additional needs and meet these where possible. For example, companion animals were supported by Local Land Services and the Royal Society for the Prevention of Cruelty to Animals through the provision of boarding services. DCJ advised that local needs were also considered as part of the intake process. For example, displaced persons were accommodated as close to their hometown as possible. Those evacuated from Forbes were given priority for emergency accommodation in Forbes. This did impact evacuees from other towns. Ordinarily, those displaced in Eugowra would also be housed in Forbes, but due to limited accommodation options, they were evacuated to Orange instead. Other considerations made for displaced persons included level access and accessible rooms for those with disabilities, and baby care items, such as cots, where required.

The At-home Caravans program was implemented as immediate shelter for displaced persons awaiting pods on their property in the Central West

By 28 November 2022, Resilience NSW made the decision to activate the At-home Caravans program in the Central West, with applications from displaced persons being taken within a week after the flood event in Eugowra. Caravans were temporarily set up on private properties in Eugowra. Displaced persons are able to live in these caravans while waiting for a pod to be installed on their property. By 10 January 2023, 102 caravans had been delivered to the Central West and started to be located on private properties. At 30 May 2023, Resilience NSW had delivered 124 out of the 129 required caravans to properties. A plan was implemented to provide immediate shelter in the community through the caravans, organise medium-term housing in the form of pods, and support displaced persons to repair or rebuild their homes. Caravans were provided to households where properties required demolition, those that were damaged but reparable, and rental properties with owner’s consent.

Other options for immediate shelter were considered but not progressed. Placing caravans on site at showgrounds or caravan parks was considered, however a NSWPW assessment found that 95% of impacted homes could accommodate caravans on property. Caravans on property require less ongoing case management, site works and utilities. Private farm house rental accommodation was also considered, however extremely low availability of these in the area resulted in the decision to not progress this option.

Resilience NSW was able to meet the demand for housing in the Central West by placing temporary housing on people’s property

Resilience NSW conducted early analysis of potential temporary housing village sites in the aftermath of the floods in the Central West. However, after reviewing the situation in Eugowra and the relatively larger blocks, it was decided a more appropriate solution would be to place temporary pods on private property. Part of this decision was the impact a centralised village located in Eugowra would have on displaced persons from other affected towns. At 30 May 2023, 59 out of 100 pods had been installed on private properties. These pods replaced caravans initially installed on private properties, although at the time of the audit some disaster-affected persons were still living in caravans while they wait for pod installation on their property.

Resilience NSW was able to utilise the excess pods from the Northern Rivers to reduce the wait time for displaced persons to move into the pod from the caravan located on their property. Once their eligibility had been confirmed, the resident met with NSWPW and the builders contracted to install the pods. The resident confirmed where they would like the pod placed and the size needed. Applicants were then prioritised by Resilience NSW and pods installed in order of this prioritisation. NSWPW engaged the same third-party contractor used in the Northern Rivers construction to expedite the installation process.

Resilience NSW used measures to adapt the pods for suitable use in the Central West, as well as configuring them to meet mobility needs of residents. Cabonne Shire and Forbes Shire Councils required pods to be built at a height of 1.5 metres. The pods were therefore installed on scaffolding to raise their height. As the pods were designed and constructed for the Northern Rivers climate, insulation was installed on the base of the pods to ensure the inside temperature was appropriate for residents in the Central West. The raised height of the pods also impacted their accessibility, so the contractor was also engaged to install ramps instead of stairs where needed.

The first demobilisation of a pod occurred on 7 August 2023, after the resident’s home had been repaired and it was suitable for them to move back home. The Reconstruction Authority advised that as pods continue to be demobilised, they will be cleaned, any required repairs completed, and then moved onto the next property as needed. There was no long-term plan initially developed for the transition of tenants out of temporary housing, although the Reconstruction Authority has advised that the newly developed Temporary Housing Plan will include these considerations to inform processes at the end of the lease period. There has been consideration for returning the pods to the Northern Rivers once the work in the Central West is complete.

The Reconstruction Authority advised that due to the delays residents are facing in accessing trades and payment of insurance claims, the HTF is currently seeking the support of councils to extend the placement of pods beyond the two years that were initially planned.

There was no clear process in place to support displaced persons in emergency accommodation who were ineligible for temporary housing in the Central West

The WSFASP in place during the flood events did not outline a transition plan for displaced persons staying in emergency accommodation. Resilience NSW took over responsibility for the transition of displaced persons from emergency accommodation to temporary housing. It was not always possible to house rental tenants by placing a pod on the property they were occupying because they were unable to obtain landowner permission. It was necessary to find an alternative property to install these pods, usually on property owned by a family member. This was able to address most tenants’ issues.

It was unclear which agency was responsible for the support of renting households in the medium to long-term. The lack of a documented process for the provision of emergency accommodation created a gap in relation to the support for displaced persons. The WSFASP has since been updated to include provision for coordinated case management support to assist people in emergency accommodation with longer-term housing needs.

DCJ maintained a list of displaced persons who had been staying in emergency accommodation and were unable to exit without assistance. This list was provided to Resilience NSW weekly. Resilience NSW provided updates to DCJ on the status of those who were being transitioned into temporary housing, but no assistance was provided by Resilience NSW to those who were ineligible for temporary housing. DCJ was therefore required to provide case management to these people to assist in their transition to more stable housing.

Agencies learned and applied lessons from the Northern Rivers floods to the Central West flood event, but most have not formalised these for future consideration

Agencies involved in the provision of emergency accommodation and temporary housing learned key lessons from the Northern Rivers floods that could be applied in the Central West response. These lessons included the Reconstruction Authority rapidly standing up the At-home Caravans Program to provide immediate accommodation to displaced persons, and instigating a community reference group to provide feedback on the proposed housing response plan. These lessons learned were largely undocumented, with many staff being involved across both the Northern Rivers and Central West flood response, and able to directly apply lessons learned from their experience in the earlier response. It is good practice to formalise lessons learned to ensure that future responses may have access to contemporary information to learn from both positive and negative experiences in previous situations.

DCJ and Premier’s Department (PD) have not yet documented any lessons learned from their roles in the flood events. Some lessons were documented by Resilience NSW in April 2022 as part of a process to identify emerging insights. These lessons covered a broad range of activities, including findings relevant to the provision of temporary housing.

In June 2023, the Reconstruction Authority formally documented its own lessons learned from the provision of temporary housing. This includes identifying actions to avoid repeating some of the negative experiences, such as Aboriginal communities not being consulted at the appropriate time, and not having adequate program design processes in place for the temporary housing program. In addition, NSWPW has commissioned an evaluation of its work in the construction and provision of temporary housing, which includes a formal lessons learned component.

External reviews have also been conducted and have captured interim lessons learned, including the 2022 NSW Flood Inquiry and the ‘Response to major flooding across New South Wales in 2022’ Parliamentary Inquiry.

Agencies are in the process of evaluating the provision of emergency accommodation and temporary housing

Agencies have commenced the process of evaluating their role in the provision of emergency accommodation and temporary housing. DCJ advised that an external evaluation would commence shortly and that it was in the process of engaging a consultancy firm to conduct this. NSWPW has also commenced an external review of its provision of temporary housing. DPE and PD have not commenced a review, although PD has established a new unit for strategic communications during disasters in response to the agency's involvement in crisis communications during the flood events. This unit has been developed to deliver overarching whole-of-government messaging during disaster events.

Similarly, the Reconstruction Authority advised that an evaluation was planned for the provision of temporary housing. In addition, Resilience NSW commissioned an evaluation of the use of the Minderoo Foundation pods in response to the 2019–20 bushfires. This review reported in November 2022, though it had limited consideration of the role of the Minderoo Foundation pods as a source of temporary housing in the Northern Rivers. This report made 19 recommendations to the Reconstruction Authority and the Minderoo Foundation, and found that the Minderoo pods had largely been delivered in line with the original intended objectives.

There is no State-wide process in place to capture lessons learned from all agencies involved in recovery

Each year, the SEMC conducts a State-wide lessons learned exercise, incorporating learnings from all of the emergency events in the previous year. This exercise has commenced for the 2022 emergency events, however at the time of the audit it was in draft and not yet formally endorsed by the SEMC.

The agencies involved in the State lessons learned process are agencies with emergency response responsibilities. The findings largely relate to these response activities, with very few lessons learned relating to recovery. Only a limited number of agencies are involved in this activity, and the 2022 review did not incorporate the views of a number of agencies that were involved in the recovery phase of the Northern Rivers and Central West flood events.

While it is important that lessons are learned from the response phase of an emergency, it is equally important that State-wide lessons are learned from the recovery phase to ensure that appropriate State-wide changes can be made, or positive experiences can be continued. There is currently no process in place to capture these lessons learned from the recovery phase from all agencies involved in the recovery phase.

Appendix one – Responses from entities

Appendix two – About the audit

Appendix three – Performance auditing


© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.


Parliamentary reference - Report number #389 - released 22 February 2024