Refine search

Reports

19 December 2018

Published

Education 2018

Education

Asset valuation

Financial reporting

Information technology

Infrastructure

Service delivery

Shared services and collaboration

Workforce and capability

The Auditor-General for New South Wales, Margaret Crawford, released her report today on the results of the financial audits of agencies in the Education cluster. The report focuses on key observations and findings from the most recent financial audits of these agencies. 'I am pleased to report that unqualified audit opinions were issued on the financial statements of both agencies in the Education cluster', the Auditor-General said. Statements were submitted and audited within statutory deadlines.

This report analyses the results of our audits of financial statements of the Education cluster for the year ended 30 June 2018. The table below summarises our key observations.

This report provides parliament and other users of the Education cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations
service delivery.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster for 2017–18.

Observation	Conclusions and recommendations
2.1 Quality of financial reporting
Unqualified audit opinions were issued on the financial statements of both cluster agencies.	Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement.
2.2 Timeliness of financial reporting
Both cluster agencies met the statutory deadlines for completing early close procedures and submitting financial statements.	Early close procedures continue to facilitate the timely preparation of cluster agencies’ financial statements and completion of audits, but scope exists to improve outcomes by resolving issues and supplying supporting documentation earlier.
2.3 Key issues from financial audits
Inconsistencies in the Department’s annual leave and long service leave data, identified over the past three audits, remain unresolved. This issue impacts the Department’s liability estimates for annual leave and long service leave, including associated on-costs. It also on-flows to the Crown Entity, which assumes the Department's liability for long service leave.	Recommendation: The Department should confirm leave data and review assumptions following deployment of the new HR/Payroll system to better estimate the liability for employee benefits and the amount to be assumed by the Crown Entity.
2.4 Key financial information
Cluster agencies recorded net deficits in 2017–18.	The Department recorded a net deficit of $30.7 million in 2017–18 against a budgeted surplus of $122 million. The NSW Education Standards Authority recorded a net deficit of $4.1 million against a budgeted deficit of $4.7 million.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from:

our financial statement audits of agencies in the Education cluster for 2018
the areas of focus identified in the Audit Office work program.

The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.

Observation	Conclusions and recommendations
3.1 Internal controls
Twenty internal control deficiencies were identified during our audits of cluster agencies. We assessed one as a high risk finding.
Eight internal control weaknesses were repeat issues from previous financial audits that had not been fully addressed by management.	Recommendation: Management should prioritise and action recommendations to address internal control weaknesses.
3.2 Information technology
Delivery of the Learning Management and Business Reform (LMBR) program is complete.	The LMBR program has been a major project for the Department since it was established in 2006. A staged approach was adopted for implementing the Department’s new HR/Payroll system to manage the risks associated with this large-scale roll-out.
3.3 Valuation of the Department’s land and buildings
The Department completed a revaluation of land and building assets during 2017–18.	A market approach was used to revalue the Department’s land, resulting in a revaluation increment of $2.3 billion. A current replacement cost approach was used to revalue the Department’s school buildings, resulting in an increment of $6.2 billion.
3.4 Maintenance of school facilities
The Department regularly assesses the condition of school buildings and uses Life Cycle Costing to predict maintenance and capital renewal, and to prioritise maintenance activities.	The Life Cycle Costing assessment conducted by the Department in 2017–18 rated 70 per cent of school buildings as being in either as new or good condition. No school buildings were rated as being in end-of-life condition.
3.4 School asset delivery
The Department’s School Assets Strategic Plan is designed to ensure that there are sufficient fit-for-purpose places for students up to 2031.	The Department created a new division, School Infrastructure NSW, to oversee the planning, supply and maintenance of schools and implement major school infrastructure projects.

This chapter provides service delivery outcomes for the Education cluster for 2017–18. It provides important contextual information about the cluster's operation, but the data on achievement of these outcomes is not audited. The Audit Office does not have a specific mandate to audit performance information.

Appendix one - List of 2018 recommendations

Appendix two - Status of 2017 recommendations

Appendix three - Cluster agencies

Appendix four - Financial data

4 December 2018

Published

Family and Community Services 2018

Community Services

Compliance

Financial reporting

Information technology

Management and administration

Project management

Risk

Service delivery

Workforce and capability

The Auditor-General for New South Wales, Margaret Crawford released her report today on the Family and Community Services cluster. The report focuses on key observations and findings from the most recent financial audits of agencies in the cluster. Cluster entities received unqualified audit opinions for their 30 June 2018 financial statements. Opportunities to improve the quality of financial reporting were identified and reported to management.

This report analyses the results of our audits of financial statements of the Family and Community Services cluster for the year ended 30 June 2018. The table below summarises our key observations.

This report provides NSW Parliament and other users of the financial statements of Family and Community Services' agencies with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations
service delivery.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Family and Community Services cluster for 2018.

Observation	Conclusions and recommendations
2.1 Quality of financial reporting
Unqualified audit opinions were issued for all cluster agencies' financial statements.	Conclusion: Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement.
Agencies complied with NSW Treasury’s mandatory early close requirements. Completing other early close procedures was inconsistent and not always supported by adequate evidence.	Conclusion: There are opportunities for agencies to improve the quality of financial reporting by: documenting all significant judgements and assumptions used when preparing the financial statements regularly reconciling inter-agency balances and transactions reconciling key account balances on a timely basis quantifying the impact of new and revised accounting standards.
2.2 Timeliness of financial reporting
Agencies completed revaluations of property, plant and equipment and submitted 31 March 2018 financial statements by the due date as required by NSW Treasury. Agencies submitted year-end financial statements by the statutory deadline.	Conclusion: Early revaluations of property, plant and equipment contributes to agencies meeting the year-end statutory reporting deadline.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from:

our financial statement audits of agencies in the Family and Community Services cluster for 2018
the areas of focus identified in the Audit Office annual work program.

The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each NSW Government cluster.

Observation	Conclusions and recommendations
3.1 Internal controls
The 2017–18 audits reported 47 internal control weaknesses. While none were high risk, there were 15 repeat issues.	Conclusion: Management accepted audit findings and advised they are actioning recommendations. Timely action is important to ensure internal controls operate effectively.
Twenty-two of these internal control weaknesses related to information technology processes and control environment.	Conclusion: Control weaknesses in information systems may compromise the integrity and security of financial data used for decision making and financial reporting. Recommendation: Agencies should strengthen user access administration to prevent inappropriate access to key IT systems by: ensuring privileged user access is limited to those requiring access to maintain the IT systems monitoring privileged user access to address risks from unauthorised activity ensuring IT password settings comply with password policies ensuring timely removal of access to business systems for terminated and casual employees.
The Department, NSW Land and Housing Corporation (LAHC) and three other cluster agencies’ contract registers are incomplete and/or inaccurate.	Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations.
3.2 Audit Office annual work program
Financial impact of the commissioning approach. The transfer of disability services to the National Disability Insurance Scheme and other commissioning of service delivery has contributed to a 36 per cent decrease in frontline employee numbers since 2015–16. Similarly, corporate services’ employee numbers reduced by 34 per cent. The Department’s salary costs have reduced by $232 million or 18 per cent from 2016–17.	Conclusion: The ratio of corporate services employee numbers to support frontline and support services has remained at 1:10 since 2015–16, which indicates restructures have been planned to align with the transfer of disability services.
Impact of the new social housing maintenance contract Maintenance expenses have increased by about 40 per cent since the new maintenance contract commenced in April 2016. LAHC measures the benefits of the new maintenance contract such as improved tenant satisfaction.	Conclusion: The new maintenance contract has contributed to some positive social outcomes such as tenants being employed by the contractors to conduct maintenance, as call centre operators and in administration. However, more can be done to ensure value for money is being achieved.
ChildStory IT Project Whilst phase one of the ChildStory IT project went 'live' in 2017–18, the planned timetable has not been met and the revised date for full implementation is end of 2018. According to the 2014–15 NSW Budget, the budget for ChildStory was $100 million over a four-year period. During the design and implementation stage, this amount was revised to $128 million, with approval of the Expenditure Review Committee. The actual cost incurred over the four years until 30 June 2018, is approximately $131 million. We identified issues with the data migration from the legacy systems to ChildStory.	Conclusion: To inform future IT projects, we understand the Department is capturing our findings, along with the findings from the Department of Finance, Services and Innovation’s ‘Healthchecks’.

This chapter outlines certain service delivery outcomes for 2017–18. The data on activity levels and performance is provided by Cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited.

In our recent performance audit, Progress and measurement of Premier's Priorities, we identified 12 limitations of performance measurement and performance data. We recommended that the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all agency data sources.

Appendix one - List of 2018 recommendations

Appendix two - Status of previous recommendations

Appendix three - Summary financial information

Appendix four - Cluster information

28 November 2018

Published

Transport 2018

Transport

Asset valuation

Compliance

Financial reporting

Infrastructure

Management and administration

Procurement

Risk

Service delivery

Workforce and capability

The Auditor-General for New South Wales, Margaret Crawford released her report today on key observations and findings from the 30 June 2018 financial statement audits of agencies in the Transport cluster. Unqualified audit opinions were issued for all agencies' financial statements. However, assessing the fair value of the broad range of transport related assets creates challenges.

This report analyses the results of our audits of financial statements of the Transport cluster for the year ended 30 June 2018. The table below summarises our key observations.

This report provides Parliament and other users of the Transport cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Transport cluster for 2018.

Observation	Conclusions and recommendations
2.1 Quality of financial reporting
Unqualified audit opinions were issued for all agencies' financial statements	Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement.
2.2 Key accounting issues
Valuation of assets continues to create challenges. Although agencies complied with the requirements of the accounting standards and Treasury policies on valuations, we identified some opportunities for improvements at RMS.	RMS incorporated data from its asset condition assessments for the first time in the valuation methodology which improved the valuation outcome. Overall, we were satisfied with the valuation methodology and key assumptions, but we noted some deficiencies in the asset data in relation to asset component unit rates and old condition data for some components of assets. Also, a bypass and tunnel were incorrectly excluded from RMS records and valuation process since 2013. This resulted in an increase for these assets’ value by $133 million. The valuation inputs for Wetlands and Moorings were revised this year to better reflect the assets' characteristics resulting in a $98.0 million increase.
2.3 Timeliness of financial reporting
Residual Transport Corporation did not submit its financial statements by the statutory reporting deadline.	Residual Transport Corporation remained a dormant entity with no transactions for the year ended 30 June 2018.
With the exception of Residual Transport Corporation, all agencies completed early close procedures and submitted financial statements within statutory timeframes.	Early close procedures allow financial reporting issues and risks to be addressed early in the reporting and audit process.
2.4 Financial sustainability
NSW Trains and the Chief Investigator of the Office of Transport Safety Investigations reported negative net assets of $75.7 million and $89,000 respectively at 30 June 2018.	NSW Trains and the Chief Investigator of the Office of Transport Safety Investigations continue to require letters of financial support to confirm their ability to pay liabilities as they fall due.
2.5 Passenger revenue and patronage
Transport agencies revenue growth increased at a higher rate than patronage.	Public transport passenger revenue increased by $114 million (8.3 per cent) in 2017–18, and patronage increased by 37.1 million (5.1 per cent) across all modes of transport based on data provided by TfNSW.
Negative balance Opal Cards resulted in $3.8 million in revenue not collected in 2017–18 and $7.8 million since the introduction of Opal. A total of 1.1 million Opal cards issued since its introduction have negative balances.	Transport for NSW advised it is liaising with the ticketing vendor to implement system changes and are investigating other ways to reduce the occurrences.
2.6 Cost recovery from public transport users
Overall cost recovery from users has decreased.	Overall cost recovery from public transport users (on rail and bus services by STA) decreased from 23.2 per cent to 22.4 per cent between 2016–17 and 2017–18. The main reason for the decrease is due to expenditure increasing at a faster rate than revenue in 2017–18.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from:

our financial statement audits of agencies in the Transport cluster for 2018
the areas of focus identified in the Audit Office annual work program.

Observation	Conclusions and recommendations
3.1 Internal controls
There was an increase in findings on internal controls across the Transport cluster.	Key themes related to information technology, employee leave entitlements and asset management. Eighteen per cent of all issues were repeat issues.
3.2 Audit Office Annual work program
The Transport cluster wrote-off over $200 million of assets which were replaced by new assets or technology.	Majority of this write-off was recognised by RMS, with $199 million relating to the write-off of existing assets which have been replaced during the year.
RailCorp is expected to convert to TAHE from 1 July 2019.	Several working groups are considering different aspects of the TAHE transition including its status as a for-profit Public Trading Enterprise and which assets to transfer to TAHE. We will continue to monitor developments on TAHE for any impact to the financial statements.
RMS' estimated maintenance backlog at 30 June 2018 of $3.4 billion is lower than last year. Sydney Trains' estimated maintenance backlog at 30 June 2018 increased by 20.6 per cent to $434 million. TfNSW does not quantify its backlog maintenance.	TfNSW advised it is liaising with Infrastructure NSW to develop a consistent definition of maintenance backlog across all transport service providers.
Not all agencies monitor unplanned maintenance across the Transport cluster.	Unplanned maintenance can be more expensive than planned maintenance. TfNSW should develop a consistent approach to define, monitor and track unplanned maintenance across the cluster.

We report this information on service delivery to provide additional context to understand the operations of the Transport cluster and to collate and present service information for different modes of transport in one report.

Appendix one - Status of 2016 and 2017 recommendations

Appendix two - Cluster agencies

Appendix three - Financial data

Appendix four - Bus contracts regions

10 August 2018

Published

Managing Antisocial behaviour in public housing

Community Services

Asset valuation

Infrastructure

Regulation

Service delivery

Workforce and capability

The Department of Family and Community Services (FACS) has not adequately supported or resourced its staff to manage antisocial behaviour in public housing according to a report released today by the Deputy Auditor-General for New South Wales, Ian Goodwin.

In recent decades, policy makers and legislators in Australian states and territories have developed and implemented initiatives to manage antisocial behaviour in public housing environments. All jurisdictions now have some form of legislation or policy to encourage public housing tenants to comply with rules and obligations of ‘good neighbourliness’. In November 2015, the NSW Parliament changed legislation to introduce a new approach to manage antisocial behaviour in public housing. This approach is commonly described as the ‘strikes’ approach.

When introduced in the NSW Parliament, the ‘strikes’ approach was described as a means to:

improve the behaviour of a minority of tenants engaging in antisocial behaviour
create better, safer communities for law abiding tenants, including those who are ageing and vulnerable.

FACS has a number of tasks as a landlord, including a responsibility to collect rent and organise housing maintenance. FACS also has a role to support tenants with complex needs and manage antisocial behaviour. These roles have some inherent tensions. The FACS antisocial behaviour management policy aims are:

to balance the responsibilities of tenants, the rights of their neighbours in social housing, private residents and the broader community with the need to support tenants to sustain their public housing tenancies.

This audit assessed the efficiency and effectiveness of the ‘strikes’ approach to managing antisocial behaviour in public housing environments.

We examined whether:

the approach is being implemented as intended and leading to improved safety and security in social housing environments
FACS and its partner agencies have the capability and capacity to implement the approach
there are effective mechanisms to monitor, report and progressively improve the approach.

Conclusion

FACS has not adequately supported or resourced its staff to implement the antisocial behaviour policy. FACS antisocial behaviour data is incomplete and unreliable. Accordingly, there is insufficient data to determine the nature and extent of the problem and whether the implementation of the policy is leading to improved safety and security.

FACS management of minor and moderate incidents of antisocial behaviour is poor. FACS has not dedicated sufficient training to equip frontline housing staff with the relevant skills to apply the antisocial behaviour management policy. At more than half of the housing offices we visited, staff had not been trained to:

conduct effective interviews to determine whether an antisocial behaviour complaint can be substantiated
de escalate conflict and manage complex behaviours when required
properly manage the safety of staff and tenants
establish information sharing arrangements with police
collect evidence that meets requirements at the NSW Civil and Administrative Tribunal
record and manage antisocial behaviour incidents using the information management system HOMES ASB.

When frontline housing staff are informed about serious and severe illegal antisocial behaviour incidents, they generally refer them to the FACS Legal Division. Staff in the Legal Division are trained and proficient in managing antisocial behaviour in compliance with the policy and therefore, the more serious incidents are managed effectively using HOMES ASB.

FACS provides housing services to most remote townships via outreach visits from the Dubbo office. In remote townships, the policy is not being fully implemented due to insufficient frontline housing staff. There is very limited knowledge of the policy in these areas and FACS data shows few recorded antisocial behaviour incidents in remote regions.

The FACS information management system (HOMES ASB) is poorly designed and has significant functional limitations that impede the ability of staff to record and manage antisocial behaviour. Staff at most of the housing offices we visited were unable to accurately record antisocial behaviour matters in HOMES ASB, making the data incorrect and unreliable.

Parliamentary reference - Report number #306 - released 10 August 2018

23 April 2018

Published

Managing risks in the NSW public sector: risk culture and capability

Finance

Health

Justice

Treasury

Internal controls and governance

Management and administration

Risk

Workforce and capability

The Ministry of Health, NSW Fair Trading, NSW Police Force, and NSW Treasury Corporation are taking steps to strengthen their risk culture, according to a report released today by the Auditor-General, Margaret Crawford. 'Senior management communicates the importance of managing risk to their staff, and there are many examples of risk management being integrated into daily activities', the Auditor-General said.

We did find that three of the agencies we examined could strengthen their culture so that all employees feel comfortable speaking openly about risks. To support innovation, senior management could also do better at communicating to their staff the levels of risk they are willing to accept.

Effective risk management is essential to good governance, and supports staff at all levels to make informed judgements and decisions. At a time when government is encouraging innovation and exploring new service delivery models, effective risk management is about seizing opportunities as well as managing threats.

Over the past decade, governments and regulators around the world have increasingly turned their attention to risk culture. It is now widely accepted that organisational culture is a key element of risk management because it influences how people recognise and engage with risk. Neglecting this ‘soft’ side of risk management can prevent institutions from managing risks that threaten their success and lead to missed opportunities for change, improvement or innovation.

This audit assessed how effectively NSW Government agencies are building risk management capabilities and embedding a sound risk culture throughout their organisations. To do this we examined whether:

agencies can demonstrate that senior management is committed to risk management
information about risk is communicated effectively throughout agencies
agencies are building risk management capabilities.

The audit examined four agencies: the Ministry of Health, the NSW Fair Trading function within the Department of Finance, Services and Innovation, NSW Police Force and NSW Treasury Corporation (TCorp). NSW Treasury was also included as the agency responsible for the NSW Government's risk management framework.

Conclusion

All four agencies examined in the audit are taking steps to strengthen their risk culture. In these agencies, senior management communicates the importance of managing risk to their staff. They have risk management policies and funded central functions to oversee risk management. We also found many examples of risk management being integrated into daily activities.

That said, three of the four case study agencies could do more to understand their existing risk culture. As good practice, agencies should monitor their employees’ attitude to risk. Without a clear understanding of how employees identify and engage with risk, it is difficult to tell whether the 'tone' set by the executive and management is aligned with employee behaviours.

Our survey of risk culture found that three agencies could strengthen a culture of open communication, so that all employees feel comfortable speaking openly about risks. To support innovation, senior management could also do better at communicating to their staff the levels of risk they are willing to accept.

Some agencies are performing better than others in building their risk capabilities. Three case study agencies have reviewed the risk-related skills and knowledge of their workforce, but only one agency has addressed the gaps the review identified. In three agencies, staff also need more practical guidance on how to manage risks that are relevant to their day-to-day responsibilities.

NSW Treasury provides agencies with direction and guidance on risk management through policy and guidelines. Its principles-based approach to risk management is consistent with better practice. Nevertheless, there is scope for NSW Treasury to develop additional practical guidance and tools to support a better risk culture in the NSW public sector. NSW Treasury should encourage agency heads to form a view on the current risk culture in their agencies, identify desirable changes to that risk culture, and take steps to address those changes.

In assessing an agency’s risk culture, we focused on four key areas:

Executive sponsorship (tone at the top)

In the four agencies we reviewed, senior management is communicating the importance of managing risk. They have endorsed risk management frameworks and funded central functions tasked with overseeing risk management within their agencies.

That said, we found that three case study agencies do not measure their existing risk culture. Without clear measures of how employees identify and engage with risk, it is difficult for agencies to tell whether employee's behaviours are aligned with the 'tone' set by the executive and management.

For example, in some agencies we examined we found a disconnect between risk tolerances espoused by senior management and how these concepts were understood by staff.

Employee perceptions of risk management

Our survey of staff indicated that while senior leaders have communicated the importance of managing risk, more could be done to strengthen a culture of open communication so that all employees feel comfortable speaking openly about risks. We found that senior management could better communicate to their staff the levels of risk they should be willing to accept.

Integration of risk management into daily activities and links to decision-making

We found examples of risk management being integrated into daily activities. On the other hand, we also identified areas where risk management deviated from good practice. For example, we found that corporate risk registers are not consistently used as a tool to support decision-making.

Support and guidance to help staff manage risks

Most case study agencies are monitoring risk-related skills and knowledge of their workforce, but only one agency has addressed the gaps it identified. While agencies are providing risk management training, surveyed staff in three case study agencies reported that risk management training is not adequate.

NSW Treasury provides agencies with direction and guidance on risk management through policy and guidelines. In line with better practice, NSW Treasury's principles-based policy acknowledges that individual agencies are in a better position to understand their own risks and design risk management frameworks that address those risks. Nevertheless, there is scope for NSW Treasury to refine its guidance material to support a better risk culture in the NSW public sector.

Recommendation

By May 2019, NSW Treasury should:

Review the scope of its risk management guidance, and identify additional guidance, training or activities to improve risk culture across the NSW public sector. This should focus on encouraging agency heads to form a view on the current risk culture in their agencies, identify desirable changes to that risk culture, and take steps to address those changes.

Appendix one - Response from agencies

Appendix two - Survey results

Appendix three - About the audit

Appendix four - Performance auditing

Parliamentary reference - Report number #298 - released 23 April 2018

20 December 2017

Published

Internal Controls and Governance 2017

Finance

Education

Community Services

Health

Justice

Whole of Government

Asset valuation

Compliance

Cyber security

Information technology

Internal controls and governance

Project management

Risk

Agencies need to do more to address risks posed by information technology (IT).

Effective internal controls and governance systems help agencies to operate efficiently and effectively and comply with relevant laws, standards and policies. We assessed how well agencies are implementing these systems, and highlighted opportunities for improvement.

1. Overall trends

New and repeat findings	The number of reported financial and IT control deficiencies has fallen, but many previously reported findings remain unresolved.
High risk findings	Poor systems implementations contributed to the seven high risk internal control deficiencies that could affect agencies.
Common findings	Poor IT controls are the most commonly reported deficiency across agencies, followed by governance issues relating to cyber security, capital projects, continuous disclosure, shared services, ethics and risk management maturity.

2. Information Technology

IT security	Only two-thirds of agencies are complying with their own policies on IT security. Agencies need to tighten user access and password controls.
Cyber security	Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat.
Other IT systems	Agencies can improve their disaster recovery plans and the change control processes they use when updating IT systems.

3. Asset Management

Capital investment	Agencies report delays delivering against the significant increase in their budgets for capital projects.
Capital projects	Agencies are underspending their capital budgets and some can improve capital project governance.
Asset disposals	Eleven per cent of agencies were required to sell their real property through Property NSW but didn’t. And eight per cent of agencies can improve their asset disposal processes.

4. Governance

Governance arrangements	Sixty-four per cent of agencies’ disclosure policies support communication of key performance information and prompt public reporting of significant issues.
Shared services	Fifty-nine per cent of agencies use shared services, yet 14 per cent do not have service level agreements in place and 20 per cent can strengthen the performance standards they set.

5. Ethics and Conduct

Ethical framework	Agencies can reinforce their ethical frameworks by updating code‑of‑conduct policies and publishing a Statement of Business Ethics.
Conflicts of interest	All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour.

6. Risk Management

Risk management maturity	All agencies have implemented risk management frameworks, but with varying levels of maturity.
Risk management elements	Many agencies can improve risk registers and strengthen their risk culture, particularly in the way that they report risks to their lead agency.

This report covers the findings and recommendations from our 2016–17 financial audits related to the internal controls and governance of the 39 largest agencies (refer to Appendix three) in the NSW public sector. These agencies represent about 95 per cent of total expenditure for all NSW agencies and were considered to be a large enough group to identify common issues and insights.

The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2017 cluster financial audit reports tabled in Parliament from October to December 2017.

This new report offers strategic insight on the public sector as a whole

In previous years, we have commented on internal control and governance issues in the volumes we published on each ‘cluster’ or agency sector, generally between October and December. To add further value, we then commented more broadly about the issues identified for the public sector as a whole at the start of the following year.

This year, we have created this report dedicated to internal controls and governance. This will help Parliament to understand broad issues affecting the public sector, and help agencies to compare their own performance against that of their peers.

Without strong control measures and governance systems, agencies face increased risks in their financial management and service delivery. If they do not, for example, properly authorise payments or manage conflicts of interest, they are at greater risk of fraud. If they do not have strong information technology (IT) systems, sensitive and trusted information may be at risk of unauthorised access and misuse.

These problems can in turn reduce the efficiency of agency operations, increase their costs and reduce the quality of the services they deliver.

Our audits do not review every control or governance measure every year. We select a range of measures, and report on those that present the most significant risks that agencies should mitigate. This report divides these into the following six areas:

Overall trends
Information technology
Asset management
Governance
Ethics and conduct
Risk management.

Internal controls are processes, policies and procedures that help agencies to:

operate effectively and efficiently
produce reliable financial reports
comply with laws and regulations.

This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume then illustrates this year’s controls and governance findings in more detail.

Issues	Recommendations
1.1 New and repeat findings
The number of internal control deficiencies reduced over the past three years, but new higher-risk information technology (IT) control deficiencies were reported in 2016–17. Deficiencies repeated from previous years still make up a sizeable proportion of all internal control deficiencies.	Recommendation Agencies should focus on emerging IT risks, but also manage new IT risks, reduce existing IT control deficiencies, and address repeat internal control deficiencies on a more timely basis.
1.2 High risk findings
We found seven high risk internal control deficiencies, which might significantly affect agencies.	Recommendation Agencies should rectify high risk internal control deficiencies as a priority
1.3 Common findings
The most common internal control deficiencies related to poor or absent IT controls. We found some common governance deficiencies across multiple agencies.	Recommendation Agencies should coordinate actions and resources to help rectify common IT control and governance deficiencies.

Information technology (IT) has become increasingly important for government agencies’ financial reporting and to deliver their services efficiently and effectively. Our audits reviewed whether agencies have effective controls in place over their IT systems. We found that IT security remains the source of many control weakness in agencies.

Issues

Recommendations

2.1 IT security

User access administration

While 95 per cent of agencies have policies about user access, about two-thirds were compliant with these policies. Agencies can improve how they grant, change and end user access to their systems.

Recommendation

Agencies should strengthen user access administration to prevent inappropriate access to sensitive systems. Agencies should:

establish and enforce clear policies and procedures
review user access regularly
remove user access for terminated staff promptly
change user access for transferred staff promptly.

Privileged access

Sixty-eight per cent of agencies do not adequately manage who can access their information systems, and many do not sufficiently monitor or restrict privileged access.

Recommendation

Agencies should tighten privileged user access to protect their information systems and reduce the risks of data misuse and fraud. Agencies should ensure they:

only grant privileged access in line with the responsibilities of a position
review the level of access regularly
limit privileged access to necessary functions and data
monitor privileged user account activity on a regular basis.

Password controls

Forty-one per cent of agencies did not meet either their own standards or minimum standards for password controls.

Recommendation

Agencies should review and enforce password controls to strengthen security over sensitive systems. As a minimum, password parameters should include:

minimum password lengths and complexity requirements
limits on the number of failed log-in attempts
password history (such as the number of passwords remembered)
maximum and minimum password ages.

2.2 Cyber Security

Cyber security framework

Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat.

Recommendation

The Department of Finance, Services and Innovation should revisit its existing framework to develop a shared cyber security terminology and strengthen the current reporting requirements for cyber incidents.

Cyber security strategies

While 82 per cent of agencies have dedicated resources to address cyber security, they can strengthen their strategies, expertise and staff awareness.

Recommendations

The Department of Finance, Services and Innovation should:

mandate minimum standards and require agencies to regularly assess and report on how well they mitigate cyber security risks against these standards
develop a framework that provides for cyber security training.

Agencies should ensure they adequately resource staff dedicated to cyber security.

2.3 Other IT systems

Change control processes

Some agencies need to improve change control processes to avoid unauthorised or inaccurate system changes.

Recommendation

Agencies should consistently perform user acceptance testing before system upgrades and changes. They should also properly approve and document changes to IT systems.

Disaster recovery planning

Agencies can do more to adequately assess critical business systems to enforce effective disaster recovery plans. This includes reviewing and testing their plans on a timely basis.

Recommendation

Agencies should complete business impact analyses to strengthen disaster recovery plans, then regularly test and update their plans.

Agency service delivery relies on developing and renewing infrastructure assets such as schools, hospitals, roads, or public housing. Agencies are currently investing significantly in new assets. Agencies need to manage the scale and volume of current capital projects in order to deliver new infrastructure on time, on budget and realise the intended benefits. We found agencies can improve how they:

manage their major capital projects
dispose of existing assets.

Issues

Recommendations or conclusions

3.1 Capital investment

Capital asset investment ratios

Most agencies report high capital investment ratios, but one-third of agencies’ capital investment ratios are less than one.

Recommendation

Agencies with high capital asset investment ratios should ensure their project management and delivery functions have the capacity to deliver their current and forward work programs.

Volume of capital spending

Most agencies have significant forward spending commitments for capital projects. However, agencies’ actual capital expenditure has been below budget for the last three years.

Conclusion

The significant increase in capital budget underspends warrant investigation, particularly where this has resulted from slower than expected delivery of projects from previous years.

3.2 Capital projects

Major capital projects

Agencies’ major capital projects were underspent by 13 percent against their budgets.

Conclusion

The causes of agency budget underspends warrant investigation to ensure the NSW Government’s infrastructure commitment is delivered on time.

Capital project governance

Agencies do not consistently prepare business cases or use project steering committees to oversee major capital projects.

Conclusion

Agencies that have project management processes that include robust business cases and regular updates to their steering committees (or equivalent) are better able to provide those projects with strategic direction and oversight.

3.3. Asset disposals

Asset disposal procedures

Agencies need to strengthen their asset disposal procedures.

Recommendations

Agencies should have formal processes for disposing of surplus properties.

Agencies should use Property NSW to manage real property sales unless, as in the case for State owned corporations, they have been granted an exemption.

Governance refers to the high-level frameworks, processes and behaviours that help an organisation to achieve its objectives, comply with legal and other requirements, and meet a high standard of probity, accountability and transparency.

This chapter sets out the governance lighthouse model the Audit Office developed to help agencies reach best practice. It then focuses on two key areas: continuous disclosure and shared services arrangements. The following two chapters look at findings related to ethics and risk management.

Issues

Recommendations or conclusions

4.1 Governance arrangements

Continuous disclosure

Continuous disclosure promotes improved performance and public trust and aides better decision-making. Continuous disclosure is only mandatory for NSW Government Businesses such as State owned corporations.

Conclusion

Some agencies promote transparency and accountability by publishing on their websites a continuous disclosure policy that provides for, and encourages:

regular public disclosure of key performance information
disclosure of both positive and negative information
prompt reporting of significant issues.

4.2 Shared services

Service level agreements

Some agencies do not have service level agreements for their shared service arrangements.

Many of the agreements that do exist do not adequately specify controls, performance or reporting requirements. This reduces the effectiveness of shared services arrangements.

Conclusion

Agencies are better able to manage the quality and timeliness of shared service arrangements where they have a service level agreement in place. Ideally, the terms of service should be agreed before services are transferred to the service provider and:

specify the controls a provider must maintain
specify key performance targets
include penalties for non-compliance.

Shared service performance

Some agencies do not set performance standards for their shared service providers or regularly review performance results.

Conclusion

Agencies can achieve better results from shared service arrangements when they regularly monitor the performance of shared service providers using key measures for the benefits realised, costs saved and quality of services received.

Before agencies extend or renegotiate a contract, they should comprehensively assess the services received and test the market to maximise value for money.

All government sector employees must demonstrate the highest levels of ethical conduct, in line with standards set by The Code of Ethics and Conduct for NSW government sector employees.

This chapter looks at how well agencies are managing these requirements, and where they can improve their policies and processes.

We found that agencies mostly have the appropriate codes, frameworks and policies in place. But we have highlighted opportunities to improve the way they manage those systems to reduce the risks of unethical conduct.

Issues

Recommendations or conclusions

5.1 Ethical framework

Code of conduct

All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour.

Recommendation

Agencies should regularly review their code-of-conduct policies and ensure they keep their codes of conduct up-to-date.

Statement of business ethics

Most agencies maintain an ethical framework, but some can enhance their related processes, particularly when dealing with external clients, customers, suppliers and contractors.

Conclusion

Agencies can enhance their ethical frameworks by publishing a Statement of Business Ethics, which communicates their values and culture.

5.2 Potential conflicts of interest

Conflicts of interest

All agencies have a conflicts-of-interest policy, but most can improve how they identify, manage and avoid conflicts of interest.

Recommendation

Agencies should improve the way they manage conflicts of interest, particularly by:

requiring senior executives to make a conflict-of-interest declaration at least annually
implementing processes to identify and address outstanding declarations
providing annual training to staff
maintaining current registers of conflicts of interest.

Gifts and benefits

While all agencies already have a formal gifts-and-benefits policy, we found gaps in the management of gifts and benefits by some that increase the risk of unethical conduct.

Recommendation

Agencies should improve the way they manage gifts and benefits by promptly updating registers and providing annual training to staff.

Risk management is an integral part of effective corporate governance. It helps agencies to identify, assess and prioritise the risks they face and in turn minimise, monitor and control the impact of unforeseen events. It also means agencies can respond to opportunities that may emerge and improve their services and activities.

This year we looked at the overall maturity of the risk management frameworks that agencies use, along with two important risk management elements: risk culture and risk registers.

Issues

Recommendations or conclusions

6.1 Risk management maturity

All agencies have implemented risk management frameworks, but with varying levels of maturity in their application.

Agencies’ averaged a score of 3.1 out of five across five critical assessment criteria for risk management. While strategy and governance fared best, the areas that most need to improve are risk culture, and systems and intelligence.

Conclusion

Agencies have introduced risk management frameworks and practices as required by the Treasury’s:

'Risk Management Toolkit for the NSW Public Sector'
'Internal Audit and Risk Management Policy for the NSW Public Sector'.

However, more can be done to progress risk management maturity and embed risk management in agency culture.

6.2 Risk management elements

Risk culture

Most agencies have started to embed risk management into the culture of their organisation. But only some have successfully done so, and most agencies can improve their risk culture.

Conclusion

Agencies can improve their risk culture by:

setting an appropriate tone from the top
training all staff in effective risk management
ensuring desired risk behaviours and culture are supported, monitored, and reinforced through business plans, or the equivalent and employees' performance assessments.

Risk registers and reporting

Some agencies do not report their significant risks to their lead agency, which may impair the way resources are allocated in their cluster. Some agencies do not integrate risk registers at a divisional and whole-of-enterprise level.

Conclusion

Agencies not reporting significant risks at the cluster level increases the likelihood that significant risks are not being mitigated appropriately.

Effective risk management can improve agency decision-making, protect reputations and lead to significant efficiencies and cost savings. By embedding risk management directly into their operations, agencies can also derive extra value for their activities and services.

15 December 2017

Published

Transport 2017

Transport

Asset valuation

Information technology

Internal controls and governance

Project management

The following report focuses on key observations and findings from the most recent financial statement audits of agencies in the Transport cluster.

Unqualified audit opinions were issued for all agencies' financial statements. However, the report notes the agencies can improve their asset revaluation processes.

1. Financial reporting and controls

Audit opinions	Unqualified audit opinions were issued for all agencies' financial statements.
Early close	Early close procedures continue to facilitate timely preparation of financial statements and completion of audits, but agencies can improve their asset revaluation processes. The revaluations were not completed by the early close deadline.
Key audit matters	The cluster corrected the value of rail tunnels and earthworks by recording an additional $8.5 billion in infrastructure assets.
Passenger revenue and patronage	Revenue increased by seven per cent at a similar rate to patronage. Opal fare structure changes came into effect on 5 September 2016. Continued rises in patronage can increase pressure on public transport punctuality.
Negative balances on Opal Cards	There was $2.6 million in revenue not collected during 2016–17 financial year through negative balance Opal Cards. This represents 0.2 per cent of total annual passenger revenue. Transport advise the cumulative balance of negative balance Opal Cards is $4.2 million as at 30 June 2017. Recommendation: Transport for NSW (TfNSW) should implement measures to prevent loss of revenue from passengers tapping off with negative balance Opal Cards.
Investment in infrastructure	Agencies spent $8.5 billion on assets in 2016–17 and have contractual capital commitments of $11.3 billion over the next five years.
Internal controls	IT systems user access administration remains an area of weakness.

2. Service Delivery

Punctuality	According to Transport data, average punctuality is above target for Sydney Trains, Ferries and Light Rail, but below target for NSW Trains services. State Transit Authority of NSW (STA) is not meeting punctuality targets. STA continued working with TfNSW on delivering improved punctuality.
Public transport capacity	Passenger crowding is above benchmark for many morning peak suburban rail services, as indicated by Transport data. Eleven of the 14 bus contract regions had full buses.
Bus crowding	There are no target measures on crowding for bus operators in any contract region. Recommendation: TfNSW should develop target measures on crowding for bus operators in all contract regions and publish the results.
Customer satisfaction	Surveys conducted by Transport indicate customer satisfaction exceeded target for all modes of public transport.

Confidence in public sector decision-making and transparency is enhanced when financial reporting is accurate and timely. Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies.

This chapter outlines our audit observations, conclusions or recommendations related to financial reporting and controls of Transport cluster agencies for 2016–17.

Observation	Conclusion or recommendation
Quality of financial reporting
Unqualified opinions were issued for all agencies’ financial statements.	Unqualified audit opinions were issued on the 2016–17 financial statements of all agencies in the Transport cluster. Agencies complied with the new disclosure requirements required under accounting standard AASB 124 'Related Party Disclosures'.
Old tunnels and earthworks valued.	The cluster corrected the value of rail tunnels and earthworks by recording an additional $8.5 billion in infrastructure assets.
Timeliness of financial reporting
Most agencies complied with the statutory timeframes for completion of early close procedures and preparation and audit of financial statements.	Early close procedures continue to facilitate timely preparation of financial statements and completion of audits, but agencies can make further improvement in the revaluation process.
TfNSW and RailCorp completed asset revaluations after the early close deadline.	While all revaluation matters were resolved and corrected, completing the revaluation process earlier would enable more timely review, identification and resolution of matters.
Passenger revenue, patronage and cost recovery
Revenue increased by 7 per cent at a similar rate to patronage.	Public transport passenger revenue increased by $93 million (seven per cent) in 2016–17, and patronage increased by 49 million (seven per cent) across all modes of transport. There were some changes in the method of calculating reported patronage between 2015–16 and 2016–17. If the methods had been consistent, the patronage increase would be 6.5 per cent. Opal fare structure changes came into effect on 5 September 2016.
Value of negative balance Opal Cards doubled since last year.	There was $2.6 million in revenue not collected during 2016–17 financial year through negative balance Opal Cards. This represents 0.2 per cent of total annual passenger revenue. Transport advise the cumulative balance of negative balance Opal Cards is $4.2 million as at 30 June 2017. Recommendation: TfNSW should implement measures to prevent the loss of revenue from passengers tapping off with negative balance Opal cards.
The overall cost recovery from users of public transport increased slightly to 21.3 per cent.	Cost of service per passenger journey for buses and ferries decreased. Revenue per passenger journey for all modes remained fairly stable.
Investment in infrastructure
There was a significant investment in transport assets in 2016–17.	Agencies spent $8.5 billion on assets in 2016–17, including $3.8 billion on rail systems and $3.8 billion on road and maritime infrastructure systems.
Transport cluster have capital commitment of $11.3 billion over the next five years.	The transport cluster has significant contractual commitments over the next five years on rail and road infrastructure projects.
Internal controls
User access administration over systems remains an area of weakness.	We identified six moderate and eight low risk issues related to user systems access administration across four agencies. This included review of highly privileged/super user account transactions not performed effectively and user access reviews not performed. These weaknesses increase the risk of users having excessive or unauthorised access to critical financial systems and information.

Achievement of government outcomes can be improved through effective delivery of the right mix of services, whether from the public, private or not‑for‑profit sectors. Service delivery reform will be most successful if there is clear accountability for service delivery outcomes, decisions are aligned to strategic direction and performance is monitored and evaluated.

This chapter outlines our audit observations, conclusions or recommendations related to service delivery in the Transport cluster agencies for 2016–17.

Observations	Conclusion or recommendation
Punctuality
Average punctuality is above target for Sydney Trains, but below target for NSW Trains services. Punctuality targets are not met by all bus operators.	Meeting punctuality targets is a continuing challenge for NSW Trains’ and STA bus services.
The 2017 performance audit 'Passenger Rail Punctuality' reported that based on forecast patronage increases, rail agencies will find it hard to maintain punctuality after 2019 unless the capacity of the network to carry trains and people is increased significantly.	The 2017 performance audit found that given the likely lead times involved with major infrastructure projects, there remains a significant risk of poor punctuality after 2019. Transport advised it is currently either delivering or planning rail network upgrades to address current growth and longer-term future demand. This includes investments such as procurement of suburban and intercity trains, Sydney Metro services and further timetable planning into the 2020s.
After reaching its punctuality target in 2015–16 for the first time in 13 years, NSW Trains regional services was below the target in 2016–17.	NSW Trains regional services achieved an average of 75 per cent punctuality in 2016–17, four per cent less than 2015–16.
The bus contracts do not have an option to impose financial penalties on STA for poor punctuality performance.	In 2015–16, we recommended TfNSW should consider including financial penalties for not meeting each punctuality KPI in future contracts with bus operators. An opportunity to implement the recommendation requires a contract renewal process to be finalised with STA, which did not occur during 2016–17.
Public transport capacity
There are no target measures on crowding for bus operators in any contract region.	Recommendation: TfNSW should develop target measures on crowding for bus operators in all contract regions and publish the results.
Customer Satisfaction
Customers on ferries continued to be most satisfied, followed by those on light rail. Sydney Trains and NSW Trains had fewer complaints in 2016–17.	Customer satisfaction exceeded target for all modes of transport.
Project management
Transport cluster manages many of the State high profile/high risk projects.	Major Transport projects include WestConnex, Sydney Metro Northwest, Sydney Metro City and Southwest, Woolgoolga to Ballina - Pacific Highway upgrade, NorthConnex, CBD and South East Light Rail and Newcastle Light Rail.
Safety performance
Road fatalities decreased by eight per cent between July 2016 and June 2017, from 390 to 359 deaths.	Road fatalities mainly involved speed, fatigue and vehicle occupants not wearing available restraints.
Maintenance
RMS’ maintenance backlog of $3.7 billion is higher than the $3.4 billion reported in 2016.	Transport cluster agencies manage $134 billion in property, plant and equipment. The total backlog maintenance of $4.1 billion at 30 June 2017 represents 3.1 per cent of those assets.

14 December 2017

Published

Report on Education 2017

Education

Financial reporting

Internal controls and governance

Management and administration

Procurement

Project management

Workforce and capability

The Auditor-General, Margaret Crawford released her report on the results of the financial audits of agencies in the Education cluster. The report focuses on key observations and findings from the most recent audits of these agencies.

'I am pleased to report that unqualified audit opinions were issued on the financial statements for all agencies in the Education cluster', the Auditor-General said. 'The quality and timeliness of financial reporting remains strong'.

8 December 2017

Published

Family and Community Services 2017

Community Services

Asset valuation

Compliance

Financial reporting

Information technology

Internal controls and governance

Procurement

Project management

The following report focuses on key observations and findings from the most recent audits of agencies in the Family and Community Services cluster.

The report includes a range of findings on service delivery. The Department of Family and Community Services' data indicates that family preservation programs are having a positive impact on children and young people entering statutory care. On the other hand, waiting times for social housing applicants increased in 2016-17.

1. Financial reporting and controls

Quality of financial reporting	Unqualified audit opinions were issued for all cluster agencies' financial statements.
Timeliness of financial reporting	Agencies completed mandatory early close procedures and all but one agency submitted financial statements by the statutory deadline.
Internal controls	The 2016–17 audits reported 29 internal control improvements to cluster agencies’ management. None of these findings were high risk. Eleven related to information technology control weaknesses in key financial business systems.

2. Service Delivery

Commissioning	Non-government organisations (NGOs) received $2.6 billion in 2016–17 to deliver services.
Children and young people	The Department of Family and Community Services data indicates that family preservation programs are reducing the number of children and young people entering statutory care. The Department's data shows 86 per cent of children and young people in statutory care had their placements reviewed in the 12 months to 30 June 2017. Legislation requires all placements are reviewed at least every 12 months.
Social Housing	The Department's data shows waiting times for social housing applicants are longer than last year.
People with disability	Under the current timetable for implementing the National Disability Insurance Scheme, the Department plans to transfer direct disability services to NGOs by 30 June 2018.

This report provides Parliament and others with the audit results, observations, conclusions and recommendations for Family and Community Services cluster agencies. The report has been structured into two chapters focusing on financial reporting and controls and service delivery.

The Family and Community Services cluster works with children, adults, families and communities to improve lives and help people realise their potential.

This chapter outlines audit observations, conclusions and recommendations related to the financial reporting and controls of agencies in the Family and Community Services cluster for 2016–17.

Financial reporting is an important element of good governance. Confidence in public sector decision making and transparency is enhanced when financial reporting is accurate and timely.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

Observation	Conclusion or recommendation
2.1 Quality of financial reporting
Unqualified audit opinions were issued for all cluster agencies' financial statements.	The quality of financial reporting remains high across the cluster.
2.2 Timeliness of financial reporting
Agencies completed mandatory early close procedures and all but one submitted financial statements by the deadline.	Early close procedures continue to allow issues and financial reporting risk areas to be addressed early in the audit process. There are opportunities to improve effectiveness of early close procedures.
2.3 Internal controls
The 2016–17 audits reported 29 internal control weaknesses. While none were high risk, the Department had five repeat issues.	Management accepted the audit findings and advised they are actioning recommendations. Timely action is important to ensure internal controls operate effectively.
Eleven of these internal control weaknesses were related to IT system user access administration and security over financial systems.	Controls weaknesses may compromise the integrity and security of financial data. Recommendation Agencies should: ensure policies for creating, modifying and deactivating user access are documented enhance the current user access review process log and monitor highly privileged user account activity ensure timely removal of access to business systems for terminated and casual employees ensure password parameters comply with internal policies.

Government outcomes can be improved by delivering the right mix of services, whether from the public, private or not for profit sectors. Service delivery reform will be most successful if there is clear accountability for service delivery outcomes, decisions are aligned to strategic direction and performance is monitored and evaluated.

This chapter outlines our audit observations, conclusions and recommendations related to service delivery by agencies in the Family and Community Services cluster for 2016–17.

Observation	Conclusion or recommendation
3.1 Commissioning
Non-government organisations (NGOs) received $2.6 billion funding in 2016–17 to deliver services.	Commissioning of service delivery can change the profile of risks that need to be managed. The Department has established a Commissioning Division and developed its ‘Commissioning for Better Outcomes Framework’.
3.2 Children and young people
All the Department's Districts are accredited to provide out-of-home care services. The Department's data indicates 66 more children and young people were in statutory care at 30 June 2017 compared to 30 June 2016. This contrasts to the previous year where 1,150 more children were in statutory care at 30 June 2016 than at 30 June 2015.	The Department is complying with out-of-home care service standards, but one District has an additional condition attached to its accreditation. Department’s data indicates that family preservation programs are having a positive impact..
The Department's data shows 86 per cent of children and young people in statutory care had their placement reviewed at 30 June 2017. The Department’s data shows, at 30 June 2017, 41 per cent of children and young people with closed case plans for the 12 months ended 30 June 2016 were re-reported at risk of significant harm.	The Department did not meet the legislative requirement to review the placement of all children and young people in statutory care annually. The number of children being re-reported at risk of significant harm is above the Premier’s Priority target of 34 per cent by June 2019.
3.3. Social Housing
Waiting time for priority and non-priority social housing applicants increased in 2016–17, by 19 per cent and 3 per cent respectively.	Some factors impacting waiting time for social housing applicants are outside the control of the Department.
3.4 People with disability
A Bilateral Agreement between the Australian and NSW Governments sets out how eligible persons access the National Disability Insurance Scheme (NDIS) between 1 July 2016 and 30 June 2018.	Under the timetable for the NDIS, the Department plans to transfer direct disability services to NGOs.

Appendix one - Status of 2015 and 2016 recommendations

Appendix two - Summary financial information

Appendix three - Cluster information

28 November 2017

Published

Justice 2017

Justice

Asset valuation

Compliance

Financial reporting

Fraud

The following report focuses on key observations and findings from the most recent audits of law and order and emergency services agencies in the Justice cluster.

No qualified audit opinions were issued on Justice agencies' financial statements. However, agencies that used the Department of Justice as their service provider experienced difficulties finalising their accounts. This was due to issues with the department’s implementation of a new financial accounting and reporting system and the continued establishment of its Business Support Centre. The Department is working to remediate the new finance system.

Financial reporting	Unqualified audit opinions were issued for all agencies' 30 June 2017 financial statements. However, some agencies' year end financial reporting procedures were impacted by the implementation of a new finance system and processes at the Department.
Early Close	Early close procedures continue to help agencies present audited financial statements on time, but there is room for further improvement.
NSW Police Force Death and Disability Scheme	The cost of the NSW Police Force Death and Disability Scheme was higher than the statutory target.
Fire and Rescue NSW Death and Disability Scheme	The Fire and Rescue NSW Death and Disability Scheme liability was $179 million, but is projected to reach $257 million by 30 June 2022.
Internal Controls	The Department experienced significant, but avoidable internal control issues in its payroll and finance functions following implementation of a new IT finance system (Justice SAP) and continued establishment of its Business Support Centre. We found 94 internal controls issues, including 28 findings repeated from the previous year.
Human Resources	Agencies have not met State targets for managing annual leave balances.

2. Service Delivery

Domestic violence reoffending	The Department reports decreases in domestic violence reoffending rates, but they remain above the Premier's target
Rates of reoffending	Adult reoffending rates remain above the State's priority target. Last year, more than half had returned to prison or Corrective Services within two years of release. The Department has introduced initiatives to reduce reoffending, but their impact will not be known for several years
Road Fatalities	New South Wales' road fatalities decreased slightly in 2016–17, but remains slightly above the State priority target..
NSW crime trends	NSW Bureau of Crime statistics and Research data shows the trend in most crime categories in New South Wales has been better than national trends over the last five years.
Adult inmate numbers	Departmental data shows that NSW prisons remained overcrowded in 2016–17, but the rate of growth in inmate numbers slowed.
Adult inmate resources	Data from the Department and the Justice Heath and Forensic Mental Health Network shows inmate access to some resources and services has not kept pace with increases in prison populations.
NSW District Court case backlog	After falling last year, the backlog of cases in the NSW District Court again increased but the age of backlog cases decreased, according to Departmental data.
Hazard Reduction works	The Office of the NSW Rural Fire Service advise adverse weather conditions reduced the total hectares of completed hazard reduction works by 50.7 per cent in 2016–17 compared to 2015–16.

Financial reporting is an important element of good governance. Confidence in public sector decision making and transparency is enhanced when financial reporting is accurate and timely. Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines audit observations, conclusions and recommendations for financial reporting and controls of Justice cluster agencies.

Observation	Conclusion or recommendation
2.1 Financial reporting
Unqualified audit opinions were issued for all agencies' financial statements.	Unqualified audit opinions were issued for all agencies' 30 June 2017 financial statements. The Department and agencies that used the Department as their service provider, were impacted by the Department's Justice SAP, and Business Support Centre implementations.
2.2 Timeliness of financial reporting
Most agencies complied with the statutory timeframes for completion of early close procedures and preparation and audit of financial statements.	Early close procedures continue to facilitate the timely preparation of financial statements and completion of audits. Early close procedures for some agencies was diminished by the Department's Justice SAP and Business Support Centre implementations.
2.3 Death and disability schemes
The cost of the NSW Police Blue Ribbon scheme reportedly decreased, but remains above the statutory target of 4.6 per cent of total NSW Police Officer's remuneration. The Fire and Rescue Death and Disability Scheme liability has almost doubled over the past five years.	The Blue Ribbon Scheme cost $12.7 million or 10.4 per cent less in 2016–17 following an improvement in claims' experience. The was reflected in the cost of the scheme, which decreased from 6 per cent to 5.45 per cent of total NSW Police Officers’ remuneration. The Scheme’s liability was $179 million at 30 June 2017, almost double the $92 million recorded at 30 June 2013. A five-year period has been used due to the sensitivity of annual movements in the liability to changes in discount rates. According to Fire and Rescue NSW projections the liability will reach $257 million by 30 June 2022.
2.5 Internal Controls
There were significant payroll and general finance related issues resulting from the Department's Justice SAP system implementation and establishment of the Business Support Centre.	Recommendation: The Department should reinstate controls over financial information as soon as possible, and capture and apply lessons learned from recent project implementations, including LifeLink, in any relevant future implementations.
2.7 Human Resources
More than a third of Justice cluster employees have annual leave balances above the State's target.	Recommendation: Cluster agencies with annual leave balances above the State's target should proactively manage their leave balances. Particular focus should be given to employees who have taken little or no leave in the last 12 months.

Achievement of government outcomes can be improved through effective delivery of the right mix of services, whether from the public, private or not for profit sectors. Service delivery reform will be most successful if there is clear accountability for service delivery outcomes, decisions are aligned to strategic direction and performance is monitored and evaluated.

The Justice cluster is an integrated cluster with key service delivery inter-dependencies. Achieving State priorities and ensuring communities are safe requires both upstream and downstream agencies to be adequately resourced. This is a delicate balance. Increases in frontline policing can subsequently impact the court system. Court backlogs can in turn increase prison overcrowding, and limit the opportunities for inmate rehabilitation. Failure to successfully rehabilitate prisoners and prevent reoffending could impact future police resourcing.

This chapter outlines our audit observations, conclusions and recommendations related to service delivery by agencies in the Justice cluster for 2016–17.

Observation	Conclusion or recommendation
Data from the NSW Bureau of Crime Statistics and Research shows that domestic violence reoffending decreased from 15.9 per cent in 2014–15 to 15.5 per cent in 2015–16, but remains 4.8 percentage points above the Premier's target.	Reducing domestic violence reoffending is challenging. While there was a marginal improvement in 2015–16, the Justice cluster needs to continue efforts to reduce reoffending rates, if the Premier's priority target is to be met by 2019.
Productivity Commission data shows that in the year to 30 June 2016, 50.7 per cent of released prisoners had returned to prison and 55.1 per cent to Corrective Services, within two years of release.	There has been a consistent increase in reoffending rates over the last five years. Recommendation: The Department should reassess the sufficiency and effectiveness of measures aimed at reducing reoffending, including the recently announced initiatives, if the State priority target is to be met by 2019. A $237 million program to reduce reoffending was announced in August 2016. While new initiatives were introduced in 2016–17, their impact on reoffending rates will not be known for several years.
New South Wales' road fatalities per 100,000 people slightly exceeded the 2016–17 target.	Statistics from the NSW Centre for Road Safety shows that New South Wales' road fatalities decreased to 4.6 deaths per 100,000 people in 2016–17, slightly above the State priority target of 4.3 deaths. This is better than the 5.1 deaths recorded in 2015–16, but worse than the 4.0 deaths in 2014–15.
Between 31 December 2012 and 31 December 2016, the number of crimes has trended down in most crime categories, except for sexual assault, which has increased in each of the last five years.	The downward trend in most crime categories indicates the cluster is effectively achieving the State’s priority to prevent and reduce crime. However, the Department should assess whether the mix of offered programs is consistent with crime trends.
Department data shows that the NSW prison system remained overcrowded in 2016–17. Overcrowding of correctional centres can negatively impact all aspects of custodial life, and ultimately higher reoffending rates.	Data from the Department shows that the inmate population reached 13,253, compared to an operational capacity of 13,402 beds on 27 August 2017. This equates to an operational vacancy rate of 1.1 per cent, which is significantly less than the recommended 5.0 per cent buffer. However, the rate of inmate growth slowed to 5.1 per cent, from 11.8 per cent in 2015–16. The Department should ensure that measures aimed at reducing reoffending are not compromised by continued overcrowding. Reoffending, will in the long term contribute to further overcrowding.
Adult inmate resources.	Inmate access to some resources and services has not kept pace with increases in prison populations, such as the ratio of nurses to inmates. In addition, Productivity Commission information on out-of-cell hours in 2015–16 shows New South Wales prisoners' average time out-of-cell of 7.8 hours was the lowest of any Australian jurisdiction.
After falling in 2015–16, the backlog of cases in the NSW District Court increased again in 2016–17. The age of cases however decreased in 2016–17 compared to 2015–16.	A working group which includes the Department and the Chief Judge of the District Court has identified a number of new measures to address the backlog. The Department needs to assess whether these measures will be sufficient, given that the backlog increased again in 2016–17. As noted in financial reporting and controls chapter, staffing levels in a number of just cluster agencies increased in 2016–17, in response to the backlog.
Department data shows the annual cost of a juvenile detainee decreased from $355,444 to $335,840 (5.5 per cent) in the three-year period between 2014–15 and 2016–17.	The Department has been analysing the Juvenile Justice division's operating costs in the context of declining custodial numbers, and has achieved some cost savings. The savings in part reflect decreases in the number of detainees.
The Office of the NSW Rural Fire Service data shows that completed hazard reduction works decreased in 2016–17.	The total hectares of completed hazard reduction works decreased 50.7 per cent in 2016–17 compared to 2015–16. The Office of the NSW Rural Fire Service attributes the decrease to adverse weather conditions during the peak burning period