Reports
Education 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the results of the financial audits of agencies in the Education cluster. The report focuses on key observations and findings from the most recent financial audits of these agencies. 'I am pleased to report that unqualified audit opinions were issued on the financial statements of both agencies in the Education cluster', the Auditor-General said. Statements were submitted and audited within statutory deadlines.
This report analyses the results of our audits of financial statements of the Education cluster for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the Education cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- service delivery.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster for 2017–18.
| Observation | Conclusions and recommendations |
| 2.1 Quality of financial reporting | |
| Unqualified audit opinions were issued on the financial statements of both cluster agencies. | Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement. |
| 2.2 Timeliness of financial reporting | |
| Both cluster agencies met the statutory deadlines for completing early close procedures and submitting financial statements. | Early close procedures continue to facilitate the timely preparation of cluster agencies’ financial statements and completion of audits, but scope exists to improve outcomes by resolving issues and supplying supporting documentation earlier. |
| 2.3 Key issues from financial audits | |
| Inconsistencies in the Department’s annual leave and long service leave data, identified over the past three audits, remain unresolved. This issue impacts the Department’s liability estimates for annual leave and long service leave, including associated on-costs. It also on-flows to the Crown Entity, which assumes the Department's liability for long service leave. | Recommendation: The Department should confirm leave data and review assumptions following deployment of the new HR/Payroll system to better estimate the liability for employee benefits and the amount to be assumed by the Crown Entity. |
| 2.4 Key financial information | |
| Cluster agencies recorded net deficits in 2017–18. |
The Department recorded a net deficit of $30.7 million in 2017–18 against a budgeted surplus of $122 million. The NSW Education Standards Authority recorded a net deficit of $4.1 million against a budgeted deficit of $4.7 million. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Education cluster for 2018
- the areas of focus identified in the Audit Office work program.
The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
| Observation | Conclusions and recommendations |
| 3.1 Internal controls | |
| Twenty internal control deficiencies were identified during our audits of cluster agencies. We assessed one as a high risk finding. | |
| Eight internal control weaknesses were repeat issues from previous financial audits that had not been fully addressed by management. | Recommendation: Management should prioritise and action recommendations to address internal control weaknesses. |
| 3.2 Information technology | |
| Delivery of the Learning Management and Business Reform (LMBR) program is complete. |
The LMBR program has been a major project for the Department since it was established in 2006. A staged approach was adopted for implementing the Department’s new HR/Payroll system to manage the risks associated with this large-scale roll-out. |
| 3.3 Valuation of the Department’s land and buildings | |
| The Department completed a revaluation of land and building assets during 2017–18. |
A market approach was used to revalue the Department’s land, resulting in a revaluation increment of $2.3 billion. A current replacement cost approach was used to revalue the Department’s school buildings, resulting in an increment of $6.2 billion. |
| 3.4 Maintenance of school facilities | |
| The Department regularly assesses the condition of school buildings and uses Life Cycle Costing to predict maintenance and capital renewal, and to prioritise maintenance activities. | The Life Cycle Costing assessment conducted by the Department in 2017–18 rated 70 per cent of school buildings as being in either as new or good condition. No school buildings were rated as being in end-of-life condition. |
| 3.4 School asset delivery | |
| The Department’s School Assets Strategic Plan is designed to ensure that there are sufficient fit-for-purpose places for students up to 2031. | The Department created a new division, School Infrastructure NSW, to oversee the planning, supply and maintenance of schools and implement major school infrastructure projects. |
This chapter provides service delivery outcomes for the Education cluster for 2017–18. It provides important contextual information about the cluster's operation, but the data on achievement of these outcomes is not audited. The Audit Office does not have a specific mandate to audit performance information.
Industry 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the Industry cluster. The report focuses on key observations and findings from the most recent financial audits of agencies in the cluster. Cluster agencies received unqualified audit opinions for 41 out of the 47 financial statements presented for audit for 30 June 2018. Six audits remain incomplete. 'While it is pleasing to note that unqualified audit opinions have been issued, the timeliness of financial reporting needs to be improved through better oversight, prompt resolution of issues, and an increased focus on early close procedures', the Auditor-General said.
This report analyses the results of our audits of financial statements of the Industry cluster for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the Industry cluster agencies' financial statements with the results of our audits, including our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- service delivery.
The Department of Industry (the Department) is the lead agency in a cluster of 50 agencies. Other significant agencies in the cluster include Local Land Services, New South Wales Rural Assistance Authority, Technical and Further Education Commission (TAFE NSW), various sporting agencies, Forestry Corporation NSW and Water NSW.
The cluster:
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Industry cluster for 2018.
| Observation | Conclusions and recommendations |
| 2.1 Quality of financial reporting | |
| Unqualified audit opinions were issued for 41 out of 47 financial statement audits. Six audits are continuing. The number of misstatements identified in financial statements submitted for audit increased from 73 in 2016–17 to 92 in 2017–18. |
Conclusion: Agencies continue to address financial reporting issues and ensure significant matters that may impact the audit opinion are appropriately dealt with. The increase in the number of misstatements indicates a renewed focus on quality is required. |
| 2.2 Timeliness of financial reporting | |
| Nineteen out of 37 audit opinions were issued within the statutory deadline. Delays occurred due to the time required to resolve issues identified during the audit, or to obtain appropriate evidence to support balances or disclosures in the financial statements. There were also delays in receiving the signed certification from the agency, required before we can issue an audit opinion. We reviewed the conduct of early close procedures at 17 agencies. Fifteen of these agencies were assessed as not fully addressing mandatory early close procedures. |
Recommendation: Timeliness of financial reporting should be improved through better oversight of the preparation of financial statements, prompt resolution of issues, and an increased focus on early close procedures. |
| 2.3 Key financial reporting issues | |
| Information system limitations continue at TAFE NSW. TAFE NSW implemented additional processes to verify the accuracy and completeness of revenue from student fees. | Conclusion: Procedures to address system limitations are costly, causing delays in financial reporting and increased resource commitments for staff, contractors and audit. |
| Misstatements and internal control issues continue to be identified in accounting for Crown land. | The information system used to record Crown land was not designed to facilitate efficient financial reporting. These limitations and other control weaknesses impacted the completeness and accuracy of the Department's financial statements. Recommendation: The Department should address system limitations and control weaknesses to ensure complete and accurate reporting for Crown land. |
| Unprocessed Aboriginal land claims continue to increase. | Recommendation (repeat issue): The Department should reduce unprocessed Aboriginal land claims. |
| 2.4 Financial information and sustainability | |
| Cluster agencies recorded a combined surplus of $58.0 million compared to a combined deficit of $86.0 million in the previous year. |
|
| We identified five agencies with potential sustainability issues such as low liquidity or negative net assets. | Conclusion: Adequate arrangements are in place to mitigate potential sustainability issues. These arrangements include a commitment from the Department to provide financial support if required. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Industry cluster for 2018
- the areas of focus identified in the Audit Office work program.
The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
| Observation | Conclusions and recommendations |
| 3.1 Internal control | |
| Almost one in three internal control issues identified in 2017–18 were repeat issues. | Recommendation (repeat issue): Recommendations to management to address internal control issues from prior years should be addressed promptly to reduce risks and improve processes. |
| 3.2 Information technology controls | |
| User access administration over financial systems remains an area of weakness. Two high risk and 18 moderate risk issues related to user access administration across nine agencies were identified. | Recommendation (repeat issue): Agencies' controls over administration of user access to critical systems should:
|
| 3.3 Annual work program | |
| Errors continue to be identified in the Crown land database. Instances were identified where Crown land was not recognised by the appropriate entity, or was recognised by more than one entity. |
Recommendation: The Department should ensure the Crown land database is complete and accurate so state agencies and local government councils are better informed about the Crown land they control. |
| Approximately 700 managers of Crown land do not submit financial statements required by the Public Finance and Audit Act 1983. | NSW Treasury and the Department are continuing work to clarify reporting arrangements for these entities. |
| 3.4 Managing maintenance | |
| Some cluster agencies do not monitor their backlog maintenance. Consequently, the total backlog maintenance in the Industry cluster is unknown. This impacts the reliability and consistency of information about assets and their condition. | When backlog maintenance is unknown, it is difficult for agencies to develop an accurate and effective maintenance plan that focuses on areas of highest need. It also means agencies' maintenance plans are reactive rather than preventative. Effective maintenance planning helps agencies to:
|
| Maintenance budgets in some cluster agencies are not set based on actual maintenance needs. | Recommendation: Cluster agencies should set their maintenance budgets based on identified maintenance needs to more accurately budget and prioritise expenditure. |
Agencies in the Industry cluster provide services across a wide variety of areas. This chapter outlines certain service delivery outcomes for 2017–18 for the Industry cluster. It provides important contextual information about the cluster's operation, but the data on activity levels and performance is provided by Cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited.
In our recent performance audit, Progress and measurement of Premier's Priorities, we identified 12 limitations of performance measurement and performance data. We recommended that the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all agency data sources.
Internal Controls and Governance 2018
The Auditor-General for New South Wales Margaret Crawford found that as NSW state government agencies’ digital footprint increases they need to do more to address new and emerging information technology (IT) risks. This is one of the key findings to emerge from the second stand-alone report on internal controls and governance of the 40 largest NSW state government agencies.
This report analyses the internal controls and governance of the 40 largest agencies in the NSW public sector for the year ended 30 June 2018.
This report covers the findings and recommendations from our 2017–18 financial audits that relate to internal controls and governance at the 40 largest agencies (refer to Appendix three) in the NSW public sector.
This report offers insights into internal controls and governance in the NSW public sector
This is our second report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. The way agencies deliver services increasingly relies on contracts and partnerships with the private sector. Many of these arrangements deliver front line services, but others provide less visible back office support. For example, an agency may rely on an IT service provider to manage a key system used to provide services to the community. The contract and service level agreements are only truly effective where they are actively managed to reduce risks to continuous quality service delivery, such as interruptions caused by system outages, cyber security attacks and data security breaches.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures, and report on those that present heightened risks for agencies to mitigate. This report divides these into the following five areas:
- Internal control trends
- Information technology (IT), including IT vendor management
- Transparency and performance reporting
- Management of purchasing cards and taxis
- Fraud and corruption control.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2018 cluster financial audit reports, which will be tabled in Parliament from November to December 2018.
The focus of the report has changed since last year
Last year's report topics included asset management, ethics and conduct, and risk management. We are reporting on new topics this year. We plan to introduce new topics and re-visit our previous topics in subsequent reports on a cyclical basis. This will provide a baseline against which to measure the NSW public sectors’ progress in implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Agencies selected for the volume account for 95 per cent of the state's expenditure
While we have covered only 40 agencies in this report, those selected are a large enough group to identify common issues and insights. They represent about 95 per cent of total expenditure for all NSW public sector agencies.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume presents this year’s controls and governance findings in more detail.
| Observation | Conclusions and recommendations |
|---|---|
| 2.1 High risk findings | |
| We found six high risk findings (seven in 2016–17), one of which was repeated from both last year and 2015–16. | Recommendation: Agencies should reduce risk by addressing high risk internal control deficiencies as a priority. |
| 2.2 Common findings | |
| We found several internal controls and governance findings common to multiple agencies. | Conclusion: Central agencies or the lead agency in a cluster can play a lead role in helping ensure agency responses to common findings are consistent, timely, efficient and effective. |
| 2.3 New and repeat findings | |
| Although internal control deficiencies decreased over the last four years, this year has seen a 42 per cent increase in internal control deficiencies. | The increase in new IT control deficiencies and repeat IT control deficiencies signifies an emerging risk for agencies. |
| IT control deficiencies feature in this increase, having risen by 63 per cent since last year. The number of repeat IT control deficiencies has doubled and is driven by the increasing digital footprint left by agencies as government prioritises on-line interfaces with citizens, and the number of transactions conducted through digital channels increases |
Recommendation: Agencies should reduce IT risks by:
|
Government agencies’ financial reporting is now heavily reliant on information technology (IT). IT is also increasingly important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our audits reviewed whether agencies have effective controls in place to manage both key financial systems and IT service contracts.
| Observation | Conclusions and recommendations |
|---|---|
| 3.1 Management of IT vendors | |
| Contract management framework Although 87 per cent of agencies have a contract management policy to manage IT vendors, one fifth require review. |
Conclusion: Agencies can more effectively manage IT vendor contracts by developing policies and procedures to ensure vendor management frameworks are kept up to date, plans are in place to manage vendor performance and risk, and compliance with the framework is monitored by:
|
| Contract risk management Forty-one per cent of agencies are not using contract management plans and do not assess contract risks. Half of the agencies that did assess contract risks, had not updated the risk assessments since the commencement of the contract. |
Conclusion: Instead of applying a 'set and forget' approach in relation to management of contract risks, agencies should assess risk regularly and develop a plan to actively manage identified risks throughout the contract lifecycle - from negotiation and commencement, to termination. |
|
Performance management Only 24 per cent of agencies sought assurance about the accuracy of vendor reporting against KPIs, yet sixty-seven per cent of the IT contracts allow agencies to determine performance based payments and/or penalise underperformance. |
Conclusion: Agencies are monitoring IT vendor performance, but could improve outcomes and more effectively manage under-performance by:
|
|
Transitioning services Where IT vendor contracts do make provision for transitioning-out, only 28 per cent of agencies have developed a transitioning-out plan with their IT vendor. |
Conclusion: Contract transition/phase out clauses and plans can mitigate risks to service disruption, ensure internal controls remain in place, avoid unnecessary costs and reduce the risk of 'vendor lock-in'. |
| Contract Registers Eleven out of forty agencies did not have a contract register, or have registers that are not accurate and/or complete. |
Conclusion: A contract register helps to manage an agency’s compliance obligations under the Government Information (Public Access) Act 2009 (the GIPA Act). However, it also helps agencies more effectively manage IT vendors by:
Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations. |
| 3.2 IT general controls | |
| Governance Ninety-five per cent of agencies have established policies to manage key IT processes and functions within the agency, with ten per cent of those due for review. |
Conclusion: Regular review of IT policies ensures risks are considered and appropriate strategies and procedures are implemented to manage these risks on a consistent basis. An absence of policies can lead to ad-hoc responses to risks, and failure to consider emerging IT risks and changes to agency IT environments. |
|
User access administration
|
Recommendation: Agencies should strengthen the administration of user access to prevent inappropriate access to key systems. |
| Privileged access Forty per cent of agencies do not periodically review logs of the activities of privileged users to identify suspicious or unauthorised activities. |
Recommendation: Agencies should:
|
| Password controls Twenty-three per cent of agencies did not comply with their own policy on password parameters. |
Recommendation: Agencies should ensure IT password settings comply with their password policies. |
| Program changes Fifteen per cent of agencies had deficient IT program change controls mainly related to segregation of duties and authorisation and testing of IT program changes prior to deployment. |
Recommendation: Agencies should maintain appropriate segregation of duties in their IT functions and test system changes before they are deployed. |
This chapter outlines our audit observations, conclusions and recommendations from our review of how agencies reported their performance in their 2016–17 annual reports. The Annual Reports (Statutory Bodies) Regulation 2015 and Annual Reports (Departments) Regulation 2015 (annual reports regulation) currently prescribes the minimum requirements for agency annual reports.
| Observation | Conclusion or recommendation |
| 4.1 Reporting on performance | |
|
Only 57 per cent of agencies linked reporting on performance to their strategic objectives. The use of targets and reporting performance over time was limited and applied inconsistently. |
Conclusion: There is significant disparity in the quality and consistency of how agencies report on their performance in their annual reports. This limits the reliability and transparency of reported performance information. Agencies could improve performance reporting by clearly linking strategic objectives to reported outcomes, and reporting on performance against targets over time. NSW Treasury may need to provide more guidance to agencies to support consistent and high-quality performance reporting in annual reports. |
|
There is no independent assurance that the performance metrics agencies report in their annual reports are accurate. Prior performance audits have noted issues related to the collection of performance information. For example, our 2016 Report on Red Tape Reduction highlighted inaccuracies in how the dollar-value of red tape reduction had been reported. |
Conclusion: The ability of Parliament and the public to rely on reported information as a relevant and accurate reflection of an agency's performance is limited. The relevance and accuracy of performance information is enhanced when:
|
| 4.2 Reporting on reports | |
|
Agency reporting on major projects does not meet the requirements of the annual reports regulation. Forty-seven per cent of agencies did not report on costs to date and estimated completion dates for major works in progress. Of the 47 per cent of agencies that reported on major works, only one agency reported detail about significant cost overruns, delays, amendments, deferments or cancellations. |
NSW Treasury produce an annual report checklist to help agencies comply with their annual report obligations. Recommendation: Agencies should comply with the annual reports regulation and report on all mandatory fields, including significant cost overruns and delays, for their major works in progress. |
|
The information the annual reports regulation requires agencies to report deals only with major works in progress. There is no requirement to report on completed works. Sixteen of 30 agencies reported some information on completed major works. |
Conclusion: Agencies could improve their transparency if they reported, or were required to report:
|
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency preventative and detective controls over purchasing card and taxi use for 2017–18.
| Observation | Conclusion or recommendation |
| 5.1 Management of purchasing cards | |
| Volume of credit card spend Purchasing card expenditure has increased by 76 per cent over the last four years in response to a government review into the cost savings possible from using purchasing cards for low value, high volume procurement. |
Conclusion: The increasing use of purchasing cards highlights the importance of an effective framework for the use and management of purchasing cards. |
| Policy framework We found all agencies that held purchasing cards had a policy in place, but 26 per cent of agencies have not reviewed their purchasing card policy by the scheduled date, or do not have a scheduled revision date stated within their policy. |
Recommendation: Agencies should mitigate the risks associated with increased purchasing card use by ensuring policies and purchasing card frameworks remain current and compliant with the core requirements of TPP 17–09 'Use and Management of NSW Government Purchasing Cards'. |
| Preventative controls We found that:
|
Agencies have designed and implemented preventative controls aimed at deterring the potential misuse of purchasing cards. Conclusion: Further opportunities exist for agencies to better control the use of purchasing cards, such as:
|
|
Detective controls Major reviews, such as data analytics (29 per cent of agencies) and independent spot checks (49 per cent of agencies) are not widely used. |
Agencies have designed and implemented detective controls aimed at identifying potential misuse of purchasing cards. Conclusion: More effective monitoring using purchasing card data can provide better visibility over spending activity and can be used to:
|
| 5.2 Management of taxis | |
| Policy framework Thirteen per cent of agencies have not developed and implemented a policy to manage taxi use. In addition:
|
Conclusion: Agencies can promote savings and provide more options to staff where their taxi use policies:
|
| Detective controls All agencies approve taxi expenditure by expense reimbursement, purchasing card and Cabcharge, and have implemented controls around this approval process. However, beyond this there is minimal monitoring and review activity, such as data monitoring, independent spot checks or internal audit reviews. |
Conclusion: Taxi spend at agencies is not significant in terms of its dollar value, but it is significant from a probity perspective. Agencies can better address the probity risk by incorporating taxi use into a broader purchasing card or fraud monitoring program. |
Fraud and corruption control is one of the 17 key elements of our governance lighthouse. Recent reports from ICAC into state agencies and local government councils highlight the need for effective fraud control and ethical frameworks. Effective frameworks can help protect an agency from events that risk serious reputational damage and financial loss.
Our 2016 Fraud Survey found the NSW Government agencies we surveyed reported 1,077 frauds over the three year period to 30 June 2015. For those frauds where an estimate of losses was made, the reported value exceeded $10.0 million. The report also highlighted that the full extent of fraud in the NSW public sector could be higher than reported because:
- unreported frauds in organisations can be almost three times the number of reported frauds
- our 2015 survey did not include all NSW public sector agencies, nor did it include any NSW universities or local councils
- fraud committed by citizens such as fare evasion and fraudulent state tax self-assessments was not within the scope of our 2015 survey
- agencies did not estimate a value for 599 of the 1,077 (56 per cent) reported frauds.
Commissioning and outsourcing of services to the private sector and the advancement of digital technology are changing the fraud and corruption risks agencies face. Fraud risk assessments should be updated regularly and in particular where there are changes in agency business models. NSW Treasury Circular TC18-02 NSW Fraud and Corruption Control Policy now requires agencies develop, implement and maintain a fraud and corruption control framework, effective from 1 July 2018.
Our Fraud Control Improvement Kit provides guidance and practical advice to help organisations implement an effective fraud control framework. The kit is divided into ten attributes. Three key attributes have been assessed below; prevention, detection and notification systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency fraud and corruption controls for 2017–18.
| Observation | Conclusion or recommendation |
| 6.1 Prevention systems | |
|
Prevention systems Only 54 per cent of agencies have an employment screening policy and all agencies have IT security policies, but gaps in IT security controls could undermine their policies. |
Conclusion: Most agencies have implemented fraud prevention systems to reduce the risk of fraud. However poor IT security along with other gaps in agency prevention systems, such as employment screening practices heightens the risk of fraud and inappropriate use of data. Agencies can improve their fraud prevention systems by:
|
| Twenty-three per cent of agencies were not performing fraud risk assessments and some agency fraud risk assessments may not be as robust as they could be. | Conclusion: Agencies' systems of internal controls may be less effective where new and emerging fraud risks have been overlooked, or known weaknesses have not been rectified. |
| 6.2 Detection systems | |
| Detection systems Several agencies reported they were developing a data monitoring program, but only 38 per cent of agencies had already implemented a program. |
Studies have shown data monitoring, whereby entire populations of transactional data are analysed for indicators of fraudulent activity, is one of the most effective methods of early detection. Early detection decreases the duration a fraud remains undetected thereby limiting the extent of losses. Conclusion: Data monitoring is an effective tool for early detection of fraud and is more effective when informed by a comprehensive fraud risk assessment. |
| 6.3 Notification systems | |
| Notification system All agencies have notification systems for reporting actual or suspected fraud and corruption. Most agencies provide multiple reporting lines, provide training and publicise options for staff to report actual or suspected fraud and corruption. |
Conclusion: Training staff about their obligations and the use of fraud notification systems promotes a fraud-aware culture |
Procurement and reporting of consultancy services
NSW Government agencies engage consultants to provide professional advice to inform their decision‑making. The spend on consultants is measured and reported in different ways for different purposes and the absence of a consistently applied definition makes quantification difficult.
The NSW Government’s procurement principles aim to help agencies obtain value for money and be fair, ethical and transparent in their procurement activities. All NSW Government agencies, with the exception of State Owned Corporations, must comply with the NSW Procurement Board’s Direction when engaging suppliers of business advisory services. Business advisory services include consultancy services. NSW Government agencies must disclose certain information about their use of consultants in their annual reports. The table below illustrates the detailed procurement and reporting requirements.
| Relevant guidance | Requirements | |
|---|---|---|
| Procurement of consultancy services | PBD 2015 04 Engagement of major suppliers of consultancy and other services (the Direction) including the Standard Commercial Framework (revised on 31 January 2018, shortly before it was superseded by 'PBD 2018 01') |
Required agencies to seek the Agency Head or Chief Financial Officer's approval for engagements over $50,000 and report the engagements in the Major Suppliers' Portal (the Portal). |
| PBD 2018 01 Engagement of professional services suppliers (replaced 'PBD 2015 04' in May 2018) |
Requires agencies to seek the Agency Head or Chief Financial Officer's approval for engagements that depart from the Standard Commercial Framework and report the engagements in the Portal. Exhibit 3 in the report includes the key requirements of these three Directions. |
|
| Reporting of consultancy expenditure | Annual Reports (Departments) Regulation 2015 and Annual Reports (Statutory Bodies) Regulation 2015 | Requires agencies to disclose, in their annual reports, details of consultants engaged in a reporting year. |
| Premier's Memorandum 'M2002 07 Engagement and Use of Consultants' |
Outlines additional reporting requirements for agencies to describe the nature and purpose of consultancies in their annual reports. |
We examined how 12 agencies complied with their procurement and reporting obligations for consultancy services between 1 July 2016 and 31 March 2018. Participating agencies are listed in Appendix two. We also examined how NSW Procurement supports the functions of the NSW Procurement Board within the Department of Finance, Services and Innovation.
This audit assessed:
- agency compliance with relevant procurement requirements for their use of consultants
- agency compliance with disclosure requirements about consultancy expenditure in their annual reports
- the effectiveness of the NSW Procurement Board (the Board) in fulfilling its functions to oversee and support agency procurement of consultancy services.
Universities 2017
The Auditor-General, Margaret Crawford released her report today on the results of financial audits of NSW universities for the year ended 31 December 2017. No qualified audit opinions were issued for any university and the quality and timeliness of financial reporting continues to improve.
This report analyses the results of our audits of financial statements of the ten NSW universities and their controlled entities for the year ended 31 December 2017. The table below summarises our key observations.
This report focuses on our observations on the common issues identified in our audits of the financial statements of the ten NSW universities and their controlled entities in 2017. The universities and controlled entities are listed in Appendix three and four respectively.
The report provides our analysis of universities’ results and findings in the following areas:
- Financial reporting and performance
- Teaching and research
- Financial controls and governance.
Accurate and timely financial reporting is important for universities to make efficient and effective economic decisions. Sound financial performance provides the platform for universities to deliver high quality teaching and research outcomes.
This chapter outlines our audit observations on the financial reporting and performance of NSW universities for 2017.
| Observation | Conclusion or recommendation |
| 3.1 Financial reporting | |
| Audit results | |
| The financial statements of all ten NSW universities and 66 out of 69 of their controlled entities received unmodified audit opinions. | Two controlled entities did not fully comply with the financial reporting and audit requirements of the Public Finance and Audit Act 1983 as they did not submit their financial statements to the Auditor-General. One of these entities was audited under the requirements applicable in its foreign jurisdiction. A third controlled entity submitted financial statements, but only after the statutory due date. |
| Quality and timeliness of financial reporting | |
| The number of uncorrected misstatements continues to decrease. | The quality of financial statements of the universities improved in 2017. |
| Two universities simplified disclosures in their financial statements. | The financial statements of the University of Sydney and Macquarie University are more concise, readable and understandable than those of other universities. |
| Six universities finalised their financial statements earlier than in previous years. | Universities that performed aspects of early close procedures improved the timeliness of their financial reporting and helped us conclude our audits earlier. |
| Eight universities are yet to quantify the impact of new accounting standards applicable in future years. | The two universities that have assessed the impact of the new accounting standards believe the impact will be material. |
| An accounting issue was identified relating to the recognition and measurement of payroll tax liabilities on employees' defined benefit superannuation contributions payable to the superannuation funds. | Recommendation: NSW universities should clarify the recognition and measurement of their liability for payroll tax on their defined benefit superannuation obligations before 31 December 2018. |
| 3.2 Financial performance | |
| Sources of revenue from operations | |
| Government grants as a proportion of total revenue decreased over the past five years by 6.4 per cent. |
The Australian Government announced funding freezes to Australian Government grants revenue for the next two years. Universities are expanding other revenue streams to decrease their reliance on grant funding. The revenue stream that has increased the most significantly over the past five years is overseas student revenue. |
| Revenue from overseas student course fees increased by 23 per cent in the last year and contributed $2.8 billion to the NSW university sector in 2017. | Overseas student revenue exceeded domestic student revenue by 37 per cent, and comprised over a quarter of NSW universities' total revenues in 2017. The growth in overseas student revenue has not been shared equally in the sector. Some universities are more dependent on overseas student revenue than others. |
| Revenue from overseas students from four countries comprised 37 per cent of total student revenues for all NSW universities. | Recommendation: NSW universities should assess their student market concentration risk where they rely heavily on students from a single country of origin. This increases their sensitivity to economic or political changes in that country. Universities' data shows as much as 71 per cent of their overseas student revenue comes from a single country of origin. |
| Research income of NSW universities was $1.1 billion in 2016 and has grown by 9.8 per cent between 2012 and 2016. | Two universities attracted 65.2 per cent of the total research income received by all NSW universities. |
| Other revenues | |
| Total philanthropic revenue increased by 1.0 per cent to $151 million in 2017. |
Philanthropic revenue has been increasing for the past five years. Two universities attracted 76.8 per cent of the total philanthropic dollars received by all NSW universities. |
| Average investment returns fell from 7.0 per cent in 2013 to 5.8 per cent in 2017, while total investments grew to $5.4 billion in 2017 from $3.5 billion in 2013. |
Universities have structured their investment portfolios between fixed and non-fixed income assets, seeking to optimise their returns in a low interest rate environment within the limits of their risk management strategies. Investment income is a significant source of revenue for some, but not all universities. Two universities' investment funds represented 52.3 per cent of the total investment funds of all NSW universities combined. |
| Low interest rates have made investment in fixed income assets less attractive for universities. Over the last five years universities have increased their investment in non-fixed income (or market based) assets by 67.1 per cent. | |
| Most NSW universities have established investment governance frameworks. | |
| Financial sustainability indicators | |
| Operating expenditure per equivalent full-time student load (EFTSL) increased by 3.0 per cent in 2017. | The universities that have been able to attract international students to grow their operational revenues have been able to leverage economies of scale to maximise their average margin per EFTSL. Other universities have had to rely on containing costs to achieve higher EFTSL margins. |
| For six universities, the growth in operating expenditure has exceeded the growth in operating revenue, reducing operating margins. The risk associated with narrowing margins is compounded where universities have a high reliance on student revenues from a single source. Sudden changes in demand can challenge the ability of those universities to adjust their cost structures. |
As the margin between operating revenue and operating expenditure decreases, operational results are more at risk from unexpected fluctuations, such as Australian Government higher education reforms and reduced overseas student enrolments. Smaller operating margins reduce the funds available to invest in upgrading infrastructure and implement corporate strategies to meet future challenges. |
| Eight universities have current ratios greater than one in 2017. | |
| Controlled entities | |
| Sixteen of the universities' 58 controlled entities that operate business activities reported losses in 2017 (15 in 2016). | Overall, the financial performance of controlled entities operating business activities was positive, but results in 2017 were lower than in 2016. |
| The total profit of controlled entities operating business activities decreased 5.5 per cent to $77.5 million in 2017 ($82.6 million in 2016). | Universities may be able to improve their overall performance by reassessing the viability of business ventures that continue to make losses and/or rely on them for financial support. |
| Eighteen controlled entities relied on guarantees of financial support from their parent entity in 2017 (19 in 2016). | |
Teaching and research are key objectives of universities and they invest most of their resources in achieving high quality academic and research outcomes to maintain or advance their reputations and rankings in Australia and abroad. Universities have also committed to achieving certain government objectives.
This chapter outlines teaching and research outcomes for NSW universities for 2017.
| Observation | Conclusion or recommendation |
| 4.1 Teaching outcomes | |
| Achieving Australian Government target | |
| NSW universities met the Australian Government target of having 40 per cent of 25 to 34 year-olds with bachelor degrees ten years earlier than the original target date of 2025. |
The proportion of 25 to 34 year-olds in NSW holding a bachelor degree increased to 43.4 per cent in 2017. In 2009, when the target was originally set, only 35.5 per cent of 25 to 34 year-olds held a bachelor degree. |
| Graduate employment rates | |
|
Seven universities exceeded the national average of 71.8 per cent for the proportion of their undergraduates who obtain full-time employment. Four universities achieved better than the national average of 86.1 per cent for the proportion of their postgraduates who obtain full-time employment. |
Most NSW universities' employment outcomes are better than the national average. |
| Student enrolments by field of education | |
| NSW universities have increased enrolments in fields of study that align with known skills shortages in NSW identified by the Australian Government for 2016 and 2017. | Alignment of student intake with identified shortages helps ensure graduates secure timely employment on completion of their studies. |
| Achieving diversity outcomes | |
|
NSW universities agreed to targets set by the Australian Government for enrolments of students from low socio economic status (SES) and Aboriginal or Torres Strait Islander backgrounds. |
NSW universities can improve outcomes for these students by implementing policies to increase enrolments and support students to graduation. |
|
Three universities exceeded the target of 20 per cent of low SES student enrolments in 2017. Six universities met their Indigenous student enrolment target in 2017. The target is having a growth rate in the enrolment of Indigenous students that is more than 50 per cent higher than the growth rate of non-Indigenous student enrolments. |
At the current rate, it is unlikely most universities will reach the agreed low SES target by 2020. |
Appropriate financial controls help ensure efficient and effective use of resources, and the implementation and monitoring of university policies. Governance consists of frameworks, processes and behaviours that enable the universities to operate effectively and comply with relevant laws and policies.
This chapter outlines our audit observations on the financial control and governance of NSW universities for 2017.
| Observation | Conclusion or recommendation |
| 5.1 Internal controls | |
| Internal control findings | |
|
Eighty-three internal control deficiencies were identified during our audits, of which 40 related to Information Technology (IT). |
Recommendation: NSW universities should ensure controls, including information technology controls, are properly designed and operate effectively to protect intellectual property, staff and student data, and assets. Universities should rectify identified deficiencies in a timely manner. |
| Repeat findings Twenty-four findings were repeat internal control deficiencies, of which 18 related to IT. |
IT issues can take some time to rectify because specialist skill and/or partnering with software suppliers is often required to implement new controls. However, until rectified, the vulnerabilities those control deficiencies present can be significant. |
| Cyber security Our audits identified opportunities to improve cyber security controls and processes to reduce risks, including risks relating to financial loss, reputational damage and breaches of privacy laws. |
Recommendation: NSW universities should strengthen their cyber security frameworks to manage cyber security risks. This includes developing:
|
|
Use of credit card and work-related travel The risks of unauthorised use can be mitigated by regular monitoring, and reporting breaches for investigation and disciplinary action. |
Appropriately designed and implemented preventive and detective controls are most effective when enforcement and disciplinary activities are oversighted by university audit and risk committees. |
HealthRoster benefits realisation
The HealthRoster system is delivering some business benefits but Local Health Districts are yet to use all of its features, according to a report released today by the Auditor-General for New South Wales, Margaret Crawford. HealthRoster is an IT system designed to more effectively roster staff to meet the needs of Local Health Districts and other NSW health agencies.
The NSW public health system employs over 100,000 people in clinical and non-clinical roles across the state. With increasing demand for services, it is vital that NSW Health effectively rosters staff to ensure high quality and efficient patient care, while maintaining good workplace practices to support staff in demanding roles.
NSW Health is implementing HealthRoster as its single state-wide rostering system to more effectively roster staff according to the demands of each location. Between 2013–14 and 2016–17, our financial audits of individual LHDs had reported issues with rostering and payroll processes and systems.
NSW Health grouped all Local Health Districts (LHDs), and other NSW Health organisations, into four clusters to manage the implementation of HealthRoster over four years. Refer to Exhibit 4 for a list of the NSW Health entities in each cluster.
- Cluster 1 implementation commenced in 2014–15 and was completed in 2015–16.
- Cluster 2 implementation commenced in 2015–16 and was completed in 2016–17.
- Cluster 3 began implementation in 2016–17 and was underway during the conduct of the audit.
- Cluster 4 began planning for implementation in 2017–18.
Full implementation, including capability for centralised data and reporting, is planned for completion in 2019.
This audit assessed the effectiveness of the HealthRoster system in delivering business benefits. In making this assessment, we examined whether:
- expected business benefits of HealthRoster were well-defined
- HealthRoster is achieving business benefits where implemented.
The HealthRoster project has a timespan from 2009 to 2019. We examined the HealthRoster implementation in LHDs, and other NSW Health organisations, focusing on the period from 2014, when eHealth assumed responsibility for project implementation, to early 2018.
Business benefits identified for HealthRoster accurately reflect business needs.
NSW Health has a good understanding of the issues in previous rostering systems and has designed HealthRoster to adequately address these issues. Interviews with frontline staff indicate that HealthRoster facilitates rostering which complies with industrial awards. This is a key business benefit that supports the provision of quality patient care. We saw no evidence that any major business needs or issues with the previous rostering systems are not being addressed by HealthRoster.
In the period examined in this audit since 2015, NSW Health has applied appropriate project management and governance structures to ensure that risks and issues are well managed during HealthRoster implementation.
HealthRoster has had two changes to its budget and timeline. Overall, the capital cost for the project has increased from $88.6 million to $125.6 million (42 per cent) and has delayed expected project completion by four years from 2015 to 2019. NSW Health attributes the increased cost and extended time frame to the large scale and complexity of the full implementation of HealthRoster.
NSW Health has established appropriate governance arrangements to ensure that HealthRoster is successfully implemented and that it will achieve business benefits in the long term. During implementation, local steering committees monitor risks and resolve implementation issues. Risks or issues that cannot be resolved locally are escalated to the state-wide steering committee.
NSW Health has grouped local health districts, and other NSW Health organisations, into four clusters for implementation. This has enabled NSW Health to apply lessons learnt from each implementation to improve future implementations.
NSW Health has a benefits realisation framework, but it is not fully applied to HealthRoster.
NSW Health can demonstrate that HealthRoster has delivered some functional business benefits, including rosters that comply with a wide variety of employment awards.
NSW Health is not yet measuring and tracking the value of business benefits achieved. NSW Health did not have benefits realisation plans with baseline measures defined for LHDs in cluster 1 and 2 before implementation. Without baseline measures NSW Health is unable to quantify business benefits achieved. However, analysis of post-implementation reviews and interviews with frontline staff indicate that benefits are being achieved. As a result, NSW Health now includes defining baseline measures and setting targets as part of LHD implementation planning. It has created a benefits realisation toolkit to assist this process from cluster 3 implementations onwards.
NSW Health conducted post-implementation reviews for clusters 1 and 2 and found that LHDs in these clusters were not using HealthRoster to realise all the benefits that HealthRoster could deliver.
By September 2018, NSW Health should:
- Ensure that Local Health Districts undertake benefits realisation planning according to the NSW Health benefits realisation framework
- Regularly measure benefits realised, at state and local health district levels, from the statewide implementation of HealthRoster
- Review the use of HealthRoster in Local Health Districts in clusters 1 and 2 and assist them to improve their HealthRoster related processes and practices.
By June 2019, NSW Health should:
- Ensure that all Local Health Districts are effectively using demand based rostering.
Appendix one - Response from agency
Appendix two - About the audit
Appendix three - Performance auditing
Parliamentary reference - Report number #301 - released 7 June 2018
Internal Controls and Governance 2017
Agencies need to do more to address risks posed by information technology (IT).
Effective internal controls and governance systems help agencies to operate efficiently and effectively and comply with relevant laws, standards and policies. We assessed how well agencies are implementing these systems, and highlighted opportunities for improvement.
1. Overall trends
|
New and repeat findings |
The number of reported financial and IT control deficiencies has fallen, but many previously reported findings remain unresolved. |
|
High risk findings |
Poor systems implementations contributed to the seven high risk internal control deficiencies that could affect agencies. |
|
Common findings |
Poor IT controls are the most commonly reported deficiency across agencies, followed by governance issues relating to cyber security, capital projects, continuous disclosure, shared services, ethics and risk management maturity. |
2. Information Technology
|
IT security |
Only two-thirds of agencies are complying with their own policies on IT security. Agencies need to tighten user access and password controls. |
|
Cyber security |
Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
|
Other IT systems |
Agencies can improve their disaster recovery plans and the change control processes they use when updating IT systems. |
3. Asset Management
|
Capital investment |
Agencies report delays delivering against the significant increase in their budgets for capital projects. |
|
Capital projects |
Agencies are underspending their capital budgets and some can improve capital project governance. |
|
Asset disposals |
Eleven per cent of agencies were required to sell their real property through Property NSW but didn’t. And eight per cent of agencies can improve their asset disposal processes. |
4. Governance
|
Governance arrangements |
Sixty-four per cent of agencies’ disclosure policies support communication of key performance information and prompt public reporting of significant issues. |
|
Shared services |
Fifty-nine per cent of agencies use shared services, yet 14 per cent do not have service level agreements in place and 20 per cent can strengthen the performance standards they set. |
5. Ethics and Conduct
|
Ethical framework |
Agencies can reinforce their ethical frameworks by updating code‑of‑conduct policies and publishing a Statement of Business Ethics. |
|
Conflicts of interest |
All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
6. Risk Management
|
Risk management maturity |
All agencies have implemented risk management frameworks, but with varying levels of maturity. |
|
Risk management elements |
Many agencies can improve risk registers and strengthen their risk culture, particularly in the way that they report risks to their lead agency. |
This report covers the findings and recommendations from our 2016–17 financial audits related to the internal controls and governance of the 39 largest agencies (refer to Appendix three) in the NSW public sector. These agencies represent about 95 per cent of total expenditure for all NSW agencies and were considered to be a large enough group to identify common issues and insights.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2017 cluster financial audit reports tabled in Parliament from October to December 2017.
This new report offers strategic insight on the public sector as a whole
In previous years, we have commented on internal control and governance issues in the volumes we published on each ‘cluster’ or agency sector, generally between October and December. To add further value, we then commented more broadly about the issues identified for the public sector as a whole at the start of the following year.
This year, we have created this report dedicated to internal controls and governance. This will help Parliament to understand broad issues affecting the public sector, and help agencies to compare their own performance against that of their peers.
Without strong control measures and governance systems, agencies face increased risks in their financial management and service delivery. If they do not, for example, properly authorise payments or manage conflicts of interest, they are at greater risk of fraud. If they do not have strong information technology (IT) systems, sensitive and trusted information may be at risk of unauthorised access and misuse.
These problems can in turn reduce the efficiency of agency operations, increase their costs and reduce the quality of the services they deliver.
Our audits do not review every control or governance measure every year. We select a range of measures, and report on those that present the most significant risks that agencies should mitigate. This report divides these into the following six areas:
- Overall trends
- Information technology
- Asset management
- Governance
- Ethics and conduct
- Risk management.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume then illustrates this year’s controls and governance findings in more detail.
|
Issues |
Recommendations |
|
1.1 New and repeat findings |
|
|
The number of internal control deficiencies reduced over the past three years, but new higher-risk information technology (IT) control deficiencies were reported in 2016–17. Deficiencies repeated from previous years still make up a sizeable proportion of all internal control deficiencies. |
Recommendation Agencies should focus on emerging IT risks, but also manage new IT risks, reduce existing IT control deficiencies, and address repeat internal control deficiencies on a more timely basis. |
|
1.2 High risk findings |
|
|
We found seven high risk internal control deficiencies, which might significantly affect agencies. |
Recommendation Agencies should rectify high risk internal control deficiencies as a priority |
|
1.3 Common findings |
|
|
The most common internal control deficiencies related to poor or absent IT controls. We found some common governance deficiencies across multiple agencies. |
Recommendation Agencies should coordinate actions and resources to help rectify common IT control and governance deficiencies. |
Information technology (IT) has become increasingly important for government agencies’ financial reporting and to deliver their services efficiently and effectively. Our audits reviewed whether agencies have effective controls in place over their IT systems. We found that IT security remains the source of many control weakness in agencies.
| Issues | Recommendations |
2.1 IT security |
|
|
User access administration While 95 per cent of agencies have policies about user access, about two-thirds were compliant with these policies. Agencies can improve how they grant, change and end user access to their systems. |
Recommendation Agencies should strengthen user access administration to prevent inappropriate access to sensitive systems. Agencies should:
|
|
Privileged access Sixty-eight per cent of agencies do not adequately manage who can access their information systems, and many do not sufficiently monitor or restrict privileged access. |
Recommendation Agencies should tighten privileged user access to protect their information systems and reduce the risks of data misuse and fraud. Agencies should ensure they:
|
|
Password controls Forty-one per cent of agencies did not meet either their own standards or minimum standards for password controls. |
Recommendation Agencies should review and enforce password controls to strengthen security over sensitive systems. As a minimum, password parameters should include:
|
2.2 Cyber Security |
|
|
Cyber security framework Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
Recommendation The Department of Finance, Services and Innovation should revisit its existing framework to develop a shared cyber security terminology and strengthen the current reporting requirements for cyber incidents. |
|
Cyber security strategies While 82 per cent of agencies have dedicated resources to address cyber security, they can strengthen their strategies, expertise and staff awareness. |
Recommendations The Department of Finance, Services and Innovation should:
Agencies should ensure they adequately resource staff dedicated to cyber security. |
2.3 Other IT systems |
|
|
Change control processes Some agencies need to improve change control processes to avoid unauthorised or inaccurate system changes. |
Recommendation Agencies should consistently perform user acceptance testing before system upgrades and changes. They should also properly approve and document changes to IT systems. |
|
Disaster recovery planning Agencies can do more to adequately assess critical business systems to enforce effective disaster recovery plans. This includes reviewing and testing their plans on a timely basis. |
Recommendation Agencies should complete business impact analyses to strengthen disaster recovery plans, then regularly test and update their plans. |
Agency service delivery relies on developing and renewing infrastructure assets such as schools, hospitals, roads, or public housing. Agencies are currently investing significantly in new assets. Agencies need to manage the scale and volume of current capital projects in order to deliver new infrastructure on time, on budget and realise the intended benefits. We found agencies can improve how they:
- manage their major capital projects
- dispose of existing assets.
| Issues | Recommendations or conclusions |
3.1 Capital investment |
|
|
Capital asset investment ratios Most agencies report high capital investment ratios, but one-third of agencies’ capital investment ratios are less than one. |
Recommendation Agencies with high capital asset investment ratios should ensure their project management and delivery functions have the capacity to deliver their current and forward work programs. |
|
Volume of capital spending Most agencies have significant forward spending commitments for capital projects. However, agencies’ actual capital expenditure has been below budget for the last three years. |
Conclusion The significant increase in capital budget underspends warrant investigation, particularly where this has resulted from slower than expected delivery of projects from previous years. |
3.2 Capital projects |
|
|
Major capital projects Agencies’ major capital projects were underspent by 13 percent against their budgets. |
Conclusion The causes of agency budget underspends warrant investigation to ensure the NSW Government’s infrastructure commitment is delivered on time. |
|
Capital project governance Agencies do not consistently prepare business cases or use project steering committees to oversee major capital projects. |
Conclusion Agencies that have project management processes that include robust business cases and regular updates to their steering committees (or equivalent) are better able to provide those projects with strategic direction and oversight. |
3.3. Asset disposals |
|
|
Asset disposal procedures Agencies need to strengthen their asset disposal procedures. |
Recommendations Agencies should have formal processes for disposing of surplus properties. Agencies should use Property NSW to manage real property sales unless, as in the case for State owned corporations, they have been granted an exemption. |
Governance refers to the high-level frameworks, processes and behaviours that help an organisation to achieve its objectives, comply with legal and other requirements, and meet a high standard of probity, accountability and transparency.
This chapter sets out the governance lighthouse model the Audit Office developed to help agencies reach best practice. It then focuses on two key areas: continuous disclosure and shared services arrangements. The following two chapters look at findings related to ethics and risk management.
| Issues | Recommendations or conclusions |
4.1 Governance arrangements |
|
|
Continuous disclosure Continuous disclosure promotes improved performance and public trust and aides better decision-making. Continuous disclosure is only mandatory for NSW Government Businesses such as State owned corporations. |
Conclusion Some agencies promote transparency and accountability by publishing on their websites a continuous disclosure policy that provides for, and encourages:
|
4.2 Shared services |
|
|
Service level agreements Some agencies do not have service level agreements for their shared service arrangements. Many of the agreements that do exist do not adequately specify controls, performance or reporting requirements. This reduces the effectiveness of shared services arrangements. |
Conclusion Agencies are better able to manage the quality and timeliness of shared service arrangements where they have a service level agreement in place. Ideally, the terms of service should be agreed before services are transferred to the service provider and:
|
|
Shared service performance Some agencies do not set performance standards for their shared service providers or regularly review performance results. |
Conclusion Agencies can achieve better results from shared service arrangements when they regularly monitor the performance of shared service providers using key measures for the benefits realised, costs saved and quality of services received. Before agencies extend or renegotiate a contract, they should comprehensively assess the services received and test the market to maximise value for money. |
All government sector employees must demonstrate the highest levels of ethical conduct, in line with standards set by The Code of Ethics and Conduct for NSW government sector employees.
This chapter looks at how well agencies are managing these requirements, and where they can improve their policies and processes.
We found that agencies mostly have the appropriate codes, frameworks and policies in place. But we have highlighted opportunities to improve the way they manage those systems to reduce the risks of unethical conduct.
| Issues | Recommendations or conclusions |
5.1 Ethical framework |
|
|
Code of conduct All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
Recommendation Agencies should regularly review their code-of-conduct policies and ensure they keep their codes of conduct up-to-date. |
|
Statement of business ethics Most agencies maintain an ethical framework, but some can enhance their related processes, particularly when dealing with external clients, customers, suppliers and contractors. |
Conclusion Agencies can enhance their ethical frameworks by publishing a Statement of Business Ethics, which communicates their values and culture. |
5.2 Potential conflicts of interest |
|
|
Conflicts of interest All agencies have a conflicts-of-interest policy, but most can improve how they identify, manage and avoid conflicts of interest. |
Recommendation Agencies should improve the way they manage conflicts of interest, particularly by:
|
|
Gifts and benefits While all agencies already have a formal gifts-and-benefits policy, we found gaps in the management of gifts and benefits by some that increase the risk of unethical conduct. |
Recommendation Agencies should improve the way they manage gifts and benefits by promptly updating registers and providing annual training to staff. |
Risk management is an integral part of effective corporate governance. It helps agencies to identify, assess and prioritise the risks they face and in turn minimise, monitor and control the impact of unforeseen events. It also means agencies can respond to opportunities that may emerge and improve their services and activities.
This year we looked at the overall maturity of the risk management frameworks that agencies use, along with two important risk management elements: risk culture and risk registers.
| Issues | Recommendations or conclusions |
6.1 Risk management maturity |
|
|
All agencies have implemented risk management frameworks, but with varying levels of maturity in their application. Agencies’ averaged a score of 3.1 out of five across five critical assessment criteria for risk management. While strategy and governance fared best, the areas that most need to improve are risk culture, and systems and intelligence. |
Conclusion Agencies have introduced risk management frameworks and practices as required by the Treasury’s:
However, more can be done to progress risk management maturity and embed risk management in agency culture. |
6.2 Risk management elements |
|
|
Risk culture Most agencies have started to embed risk management into the culture of their organisation. But only some have successfully done so, and most agencies can improve their risk culture.
|
Conclusion Agencies can improve their risk culture by:
|
|
Risk registers and reporting Some agencies do not report their significant risks to their lead agency, which may impair the way resources are allocated in their cluster. Some agencies do not integrate risk registers at a divisional and whole-of-enterprise level. |
Conclusion Agencies not reporting significant risks at the cluster level increases the likelihood that significant risks are not being mitigated appropriately. |
Effective risk management can improve agency decision-making, protect reputations and lead to significant efficiencies and cost savings. By embedding risk management directly into their operations, agencies can also derive extra value for their activities and services.
Report on Education 2017
The Auditor-General, Margaret Crawford released her report on the results of the financial audits of agencies in the Education cluster. The report focuses on key observations and findings from the most recent audits of these agencies.
'I am pleased to report that unqualified audit opinions were issued on the financial statements for all agencies in the Education cluster', the Auditor-General said. 'The quality and timeliness of financial reporting remains strong'.
Managing demand for ambulance services 2017
NSW Ambulance has introduced several initiatives over the past decade to better manage the number of unnecessary ambulance responses and transports to hospital emergency departments. However, there is no overall strategy to guide the development of these initiatives nor do NSW Ambulance's data systems properly monitor their impact. As a result, the Audit Office was unable to assess whether NSW Ambulance's approach to managing demand is improving the efficiency of ambulance services.
NSW Ambulance uses a telephone referral system to manage triple zero calls from people with medical issues that do not require an ambulance. This has the potential to achieve efficiency improvements but there are weaknesses in NSW Ambulance's use and monitoring of this system. Paramedics are now able to make decisions about whether patients need transport to a hospital emergency department. NSW Ambulance does not routinely measure or monitor the decisions paramedics make, so it does not know whether these decisions are improving efficiency. Extended Care Paramedics who have additional skills in diagnosing and treating patients with less urgent medical issues were introduced in 2007. NSW Ambulance analysis indicates that these paramedics have the potential to improve efficiency, but have not been used as effectively as possible.
Our 2013 audit of NSW Ambulance found that accurate monitoring of activity and performance was not being conducted. More than four years later, this remains the case.
NSW Ambulance has recognised the need to change the way it manages demand and has developed initiatives that have the potential to improve efficiency. However, there are significant weaknesses in the strategy for and implementation of its demand management initiatives.
NSW Ambulance has identified the goal of moving from an emergency transport provider to a mobile health service and developed several initiatives to support this. Its demand management initiatives have the potential to contribute to the broader policy directions for the health system in New South Wales. However, there is no clear overall strategy guiding these initiatives and their implementation has been poor.
NSW Ambulance's reasons for changing its approach to demand management have not been communicated proactively to the community. Demand management initiatives that have been operating for over a decade still do not have clear performance measures or targets. Project management of new initiatives has been inadequate, with insufficient organisational resources to oversee them and inadequate engagement with other healthcare providers.
NSW Ambulance uses an in-house Vocational Education and Training course to recruit some paramedics, as well as recruiting paramedics who have completed a university degree. No other Australian ambulance services continue to provide their own Vocational Education and Training qualifications. Paramedics will need more support in several key areas to be able to fulfil their expanded roles in providing a mobile health service. Performance and development systems for paramedics are not used effectively. Up to date technology would help paramedics make better decisions and improve NSW Ambulance's ability to monitor demand management activity.
There are gaps in NSW Ambulance's oversight of the risks of some of the initiatives it has introduced, particularly its lack of information on the outcomes for patients who are not transported to hospital. Weaknesses in the way NSW Ambulance uses its data limit its ability to properly assess the risks of the demand management initiatives it has introduced.
Parliamentary reference - Report number #295 - released 13 December 2017
Industry 2017
The following report highlights the results of the financial audits of NSW Government entities in the Industry cluster. The report focuses on key observations and findings from the most recent audits of these entities.
The report notes that TAFE NSW will continue to incur extra costs each year to produce reliable financial information due to deficiencies in its student administration system. TAFE NSW plans to replace its Student Administration and Learning Management system in 2018-19 at an estimated cost of $89 million.
1. Financial reporting and controls
|
Financial reporting |
Unqualified audit opinions were issued for 44 out of 48 financial statement audits with four audits incomplete. Early close procedures continue to promote earlier and better quality financial reporting. |
| Financial performance | The cluster recorded a net deficit of $107 million in 2016–17 ($78.0 million in 2015–16). Contributing to the overall cluster net deficit was the Department's $226 million net deficit offset by net surpluses at Water NSW and the Forestry Corporation of New South Wales. |
| TAFE NSW continues to experience system issues | TAFE NSW incurs extra costs each year to produce reliable financial information due to deficiencies in its student administration system. TAFE NSW plans to replace its Student Administration and Learning Management system in 2018–19 at an estimated cost of $89 million. |
| Internal controls |
We identified 180 internal control issues, including 61 repeat issues across the cluster. We rated four of these issues as 'high' risk, 98 as ‘moderate’ risk and 78 as ‘low’ risk. Of the 180 issues raised, 37 related to financial reporting and 52 related to controls over processes such as procurement and fixed assets. Some internal control issues and recommendations identified in previous years, have been repeated and should be addressed promptly to reduce risks and improve processes. |
| Deficient user administration access | Agencies need to strengthen user access administration to critical financial systems. |
2. Service delivery
| Premier and State Priorities |
Australian Bureau of Statistics data shows the Premier's priority for job creation has been achieved. While performance has declined for the State priority to increase the proportion of people completing apprenticeships and traineeships, the Department advises it has initiatives in place to achieve this State priority, and the State priority for New South Wales to lead Australia in business confidence. |
| Crown land | The Department is working to respond to the recommendations from a Parliamentary Inquiry into Crown Land and to implement the revised framework contained in the Crown Land Management Act 2016. |
| Aboriginal land claims |
Despite a continued focus, the Department has been unsuccessful in reducing the number of unprocessed Aboriginal land claims. The Department should continue to implement measures to reduce the backlog of unprocessed Aboriginal land claims. |
This report focuses on agencies in the Industry cluster. The report focuses on audit results, observations, conclusions and recommendations for financial reporting and controls, and service delivery.
This cluster leads the State's promotion of New South Wales as the place to invest and produce goods and services. Significant cluster agencies deliver services in the following areas:
Confidence in public sector decision-making and transparency is enhanced when financial reporting is accurate and timely. Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies.
This chapter outlines audit observations, conclusions and recommendations for the financial reporting and controls of agencies in the cluster for 2016–17.
| Observation | Conclusion or recommendation |
| 2.1 Quality of financial reporting | |
| Unqualified audit opinions were issued for 44 out of 48 financial statement audits. Four audits are continuing. | Ongoing improvements in the preparation of financial statements helped identify and resolve material issues. |
| The number of misstatements within the cluster fell from 104 in 2015–16 to 70 in 2016–17. | The ‘early close procedures’ initiative introduced by the Treasury in 2011–12 has reduced the number of misstatements each year. |
| 2.2 Timeliness of financial reporting | |
| Most agencies complied with the Treasury’s early close procedures and the timetable for the preparation and audit of financial statements. | Greater focus on financial reporting and effective early close procedures has improved the timeliness of financial reporting, but further improvements are required. |
| 2.3 Key financial issues from cluster agencies | |
| The Department of Industry completed a revaluation of Crown land and continues work on improving the accounting for Crown land. | The value of Crown land recognised in the Department's financial statements at 30 June 2017 was $5.3 billion. The revaluation was carried out using a revised mass valuation approach which reduced complexity and subjectivity and improved transparency. |
| There is no process in place to ensure agencies recognise all the Crown land they manage and control. | Recommendation: The Department should confirm the completeness and accuracy of the Crown land database with other organisations that manage and control Crown land to improve the reliability of its records. |
| TAFE NSW incurred approximately $6 million of direct costs to deal with issues in its student administration system and establish the integrity of its financial data for 2016–17. | TAFE NSW will continue to incur extra costs each year to produce reliable financial information. TAFE NSW advises it intends to replace the Student Administration and Learning Management system it jointly implemented with the Department of Education three years ago at a cost $40.2 million. TAFE plans to implement the new system in 2018–19 at an estimated cost of $89 million. |
| 2.4 Key financial information | |
| The cluster recorded a net deficit of $107 million in 2016–17 ($78.0 million in 2015–16). | The overall cluster net deficit included the Department's $226 million net deficit which was partly offset by net surpluses in a number of other agencies, including Water NSW and the Forestry Corporation of New South Wales. Most agencies in the cluster, including the Department, but excluding the State owned corporations, are dependent on the NSW Government for the majority of their revenue. |
| 2.5 Financial performance and sustainability | |
| We assessed the performance of certain agencies against key financial sustainability indicators. This identified four agencies with adjusted net deficits and two agencies with liquidity ratios below one. | Overall, based on our analysis these agencies are not at high risk of sustainability concerns. |
| 2.6 Internal controls | |
| A significant number of repeat internal control issues were again raised with management for certain agencies in the cluster. |
Recommendation (repeat issue): Internal control issues and recommendations from previous years should be addressed promptly to reduce risks and improve processes. |
| User access administration over financial systems needs to be improved. 17 moderate risk issues related to user access administration across nine agencies were identified. |
Recommendation: Agencies should ensure administration of user access to critical systems
|
Government outcomes can be achieved by delivering services through a mix of the public, private or not-for-profit sectors. Service delivery reform is most successful if there is clear accountability for service delivery outcomes, decisions are aligned to the government's strategic direction, and performance and value for money are monitored and evaluated.
This chapter outlines our audit observations, conclusions and recommendations for the service delivery of agencies in the cluster for 2016–17.
| Issues | Conclusion or recommendation |
|
3.1 Measuring and reporting on performance |
|
| The Department is responsible for two State priorities (increasing apprenticeships and business confidence) and the Premier's priority of creating jobs. The Department also supports four state priorities. | Australian Bureau of Statistics data shows the Premier's priority for job creation continues to be achieved. The Department reported that the number of people completing apprenticeships and traineeships had declined to 59 per cent against a 2019 target of 65 per cent, while the State was ranked first or second on a range of business confidence indicators. |
|
3.2 Improvements required in the administration of Crown land |
|
| The Department faces many challenges in the administration of Crown land. These challenges range from inadequate systems and processes through to satisfying competing commercial, environmental, and community interests. |
The Department has implemented, or is implementing the recommendations from a performance audit on the Sale and Lease of Crown land and the Parliamentary Inquiry into Crown land. It is also implementing the revised framework for Crown land contained in the Crown Land Management Act 2016. |
|
3.3 Aboriginal land claims over Crown land |
|
| The number of unprocessed Aboriginal land claims continues to increase. Work on finalising Aboriginal Land Agreements, which may help address the claims backlog, is continuing. | Recommendation (repeat Issue): The Department should continue to implement measures to reduce the number of unprocessed Aboriginal land claims. |
|
3.4 Skills development |
|
| Eleven contracted Smart and Skilled service providers had their contracts cancelled for quality issues. There were 391 providers of Smart and Skilled qualifications as at October 2017. | The Department of Industry spent $1.4 billion on the provision of vocational education and training. The Department has controls in place to monitor the performance of contracted service providers to ensure quality delivery of training. |
