Reports
Actions for Audit Insights 2018-2022
Audit Insights 2018-2022
What the report is about
In this report, we have analysed the key findings and recommendations from our audit reports over the past four years.
This analysis includes financial audits, performance audits, and compliance audits of state and local government entities that were tabled in NSW Parliament between July 2018 and February 2022.
The report is framed by recognition that the past four years have seen significant challenges and emergency events.
The scale of government responses to these events has been wide-ranging, involving emergency response coordination, service delivery, governance and policy.
The report is a resource to support public sector agencies and local government to improve future programs and activities.
What we found
Our analysis of findings and recommendations is structured around six key themes:
- Integrity and transparency
- Performance and monitoring
- Governance and oversight
- Cyber security and data
- System planning for disruption
- Resource management.
The report draws from this analysis to present recommendations for elements of good practice that government agencies should consider in relation to these themes. It also includes relevant examples from recent audit reports.
In this report we particularly call out threats to the integrity of government systems, processes and governance arrangements.
The report highlights the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit.
A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.
Fast facts
- 72 audits included in the Audit Insights 2018–2022 analysis
- 4 years of audits tabled by the Auditor-General for New South Wales
- 6 key themes for Audit Insights 2018–2022.
I am pleased to present the Audit Insights 2018–2022 report. This report describes key findings, trends and lessons learned from the last four years of audit. It seeks to inform the New South Wales Parliament of key risks identified and to provide insights and suggestions to the agencies we audit to improve performance across the public sector.
The report is framed by a very clear recognition that governments have been responding to significant events, in number, character and scale, over recent years. Further, it acknowledges that public servants at both state and council levels generally bring their best selves to work and diligently strive to deliver great outcomes for citizens and communities. The role of audit in this context is to provide necessary assurance over government spending, programs and services, and make suggestions for continuous improvement.
A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.
However, in this report we particularly call out threats to the integrity of government systems, processes and governance arrangements. We highlight the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit. Arguably, these considerations are never more important than in an increasingly complex environment and in the face of significant emergency events and they will be key areas of focus in our future audit program.
While we have acknowledged the challenges of the last few years have required rapid responses to address the short-term impacts of emergency events, there is much to be learned to improve future programs. I trust that the insights developed in this report provide a helpful resource to public sector agencies and local government across New South Wales. I would be pleased to receive any feedback you may wish to offer.
Margaret Crawford
Auditor-General for New South Wales
Integrity and transparency | Performance and monitoring | Governance and oversight | Cyber security and data | System planning | Resource management |
Insufficient documentation of decisions reduces the ability to identify, or rule out, misconduct or corruption. | Failure to apply lessons learned risks mistakes being repeated and undermines future decisions on the use of public funds. | The control environment should be risk-based and keep pace with changes in the quantum and diversity of agency work. | Building effective cyber resilience requires leadership and committed executive management, along with dedicated resourcing to build improvements in cyber security and culture. | Priorities to meet forecast demand should incorporate regular assessment of need and any emerging risks or trends. Absence of an overarching strategy to guide decision-making results in project-by-project decisions lacking coordination. | Governments must weigh up the cost of reliance on consultants at the expense of internal capability, and actively manage contracts and conflicts of interest. |
Government entities should report to the public at both system and project level for transparency and accountability. | Government activities benefit from a clear statement of objectives and associated performance measures to support systematic monitoring and reporting on outcomes and impact. | Management of risk should include mechanisms to escalate risks, and action plans to mitigate risks with effective controls. | In implementing strategies to mitigate cyber risk, agencies must set target cyber maturity levels, and document their acceptance of cyber risks consistent with their risk appetite. | Service planning should establish future service offerings and service levels relative to current capacity, address risks to avoid or mitigate disruption of business and service delivery, and coordinate across other relevant plans and stakeholders. | Negotiations on outsourced services and major transactions must maintain focus on integrity and seeking value for public funds. |
Entities must provide balanced advice to decision-makers on the benefits and risks of investments. | Benefits realisation should identify responsibility for benefits management, set baselines and targets for benefits, review during delivery, and evaluate costs and benefits post-delivery. | Active review of policies and procedures in line with current business activities supports more effective risk management. | Governments hold repositories of valuable data and data capabilities that should be leveraged and shared across government and non-government entities to improve strategic planning and forecasting. | Formal structures and systems to facilitate coordination between agencies is critical to more efficient allocation of resources and to facilitate a timely response to unexpected events. | Transformation programs can be improved by resourcing a program management office. |
Clear guidelines and transparency of decisions are critical in distributing grant funding. | Quality assurance should underpin key inputs that support performance monitoring and accounting judgements. | Governance arrangements can enable input into key decisions from both government and non-government partners, and those with direct experience of complex issues. | Workforce planning should consider service continuity and ensure that specialist and targeted roles can be resourced and allocated to meet community need. | ||
Governments must ensure timely and complete provision of information to support governance, integrity and audit processes. | |||||
Read more | Read more | Read more | Read more | Read more | Read more |
This report brings together a summary of key findings arising from NSW Audit Office reports tabled in the New South Wales Parliament between July 2018 and February 2022. This includes analysis of financial audits, performance audits, and compliance audits tabled over this period.
- Financial audits provide an independent opinion on the financial statements of NSW Government entities, universities and councils and identify whether they comply with accounting standards, relevant laws, regulations, and government directions.
- Performance audits determine whether government entities carry out their activities effectively, are doing so economically and efficiently, and in accordance with relevant laws. The activities examined by a performance audit may include a selected program or service, all or part of an entity, or more than one government entity. Performance audits can consider issues which affect the whole state and/or the local government sectors.
- Compliance audits and other assurance reviews are audits that assess whether specific legislation, directions, and regulations have been adhered to.
This report follows our earlier edition titled 'Performance Audit Insights: key findings from 2014–2018'. That report sought to highlight issues and themes emerging from performance audit findings, and to share lessons common across government. In this report, we have analysed the key findings and recommendations from our reports over the past four years. The full list of reports is included in Appendix 1. The analysis included findings and recommendations from 58 performance audits, as well as selected financial and compliance reports tabled between July 2018 and February 2022. The number of recommendations and key findings made across different areas of activity and the top issues are summarised at Exhibit 1.
The past four years have seen unprecedented challenges and several emergency events, and the scale of government responses to these events has been wide-ranging involving emergency response coordination, service delivery, governance and policy. While these emergencies are having a significant impact today, they are also likely to continue to have an impact into the future. There is much to learn from the response to those events that will help the government sector to prepare for and respond to future disruption. The following chapters bring together our recommendations for core elements of good practice across a number of areas of government activity, along with relevant examples from recent audit reports.
This 'Audit Insights 2018–2022' report does not make comparative analysis of trends in public sector performance since our 2018 Insights report, but instead highlights areas where government continues to face challenges, as well as new issues that our audits have identified since our 2018 report. We will continue to use the findings of our Insights analysis to shape our future audit priorities, in line with our purpose to help Parliament hold government accountable for its use of public resources in New South Wales.
Appendix one – Included reports, 2018–2022
Appendix two – About this report
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Procurement and reporting of consultancy services
Procurement and reporting of consultancy services
NSW Government agencies engage consultants to provide professional advice to inform their decision‑making. The spend on consultants is measured and reported in different ways for different purposes and the absence of a consistently applied definition makes quantification difficult.
The NSW Government’s procurement principles aim to help agencies obtain value for money and be fair, ethical and transparent in their procurement activities. All NSW Government agencies, with the exception of State Owned Corporations, must comply with the NSW Procurement Board’s Direction when engaging suppliers of business advisory services. Business advisory services include consultancy services. NSW Government agencies must disclose certain information about their use of consultants in their annual reports. The table below illustrates the detailed procurement and reporting requirements.
Relevant guidance | Requirements | |
---|---|---|
Procurement of consultancy services | PBD 2015 04 Engagement of major suppliers of consultancy and other services (the Direction) including the Standard Commercial Framework (revised on 31 January 2018, shortly before it was superseded by 'PBD 2018 01') |
Required agencies to seek the Agency Head or Chief Financial Officer's approval for engagements over $50,000 and report the engagements in the Major Suppliers' Portal (the Portal). |
PBD 2018 01 Engagement of professional services suppliers (replaced 'PBD 2015 04' in May 2018) |
Requires agencies to seek the Agency Head or Chief Financial Officer's approval for engagements that depart from the Standard Commercial Framework and report the engagements in the Portal. Exhibit 3 in the report includes the key requirements of these three Directions. |
|
Reporting of consultancy expenditure | Annual Reports (Departments) Regulation 2015 and Annual Reports (Statutory Bodies) Regulation 2015 | Requires agencies to disclose, in their annual reports, details of consultants engaged in a reporting year. |
Premier's Memorandum 'M2002 07 Engagement and Use of Consultants' |
Outlines additional reporting requirements for agencies to describe the nature and purpose of consultancies in their annual reports. |
We examined how 12 agencies complied with their procurement and reporting obligations for consultancy services between 1 July 2016 and 31 March 2018. Participating agencies are listed in Appendix two. We also examined how NSW Procurement supports the functions of the NSW Procurement Board within the Department of Finance, Services and Innovation.
This audit assessed:
- agency compliance with relevant procurement requirements for their use of consultants
- agency compliance with disclosure requirements about consultancy expenditure in their annual reports
- the effectiveness of the NSW Procurement Board (the Board) in fulfilling its functions to oversee and support agency procurement of consultancy services.
Actions for Performance audit insights: key findings from 2014-2018
Performance audit insights: key findings from 2014-2018
A report released today by the Auditor-General for New South Wales, Margaret Crawford, presents key findings from four years of performance audits. The report findings are presented around six areas of government activity including planning for the future, meeting community expectations for key services, investment in infrastructure, managing natural resources, ensuring good governance and digital disruption.
In this report, we present common findings and lessons from the past four years of performance audits, and offer insights to the public sector on elements of effective performance. We have analysed the key findings and recommendations from 61 performance audits tabled in the NSW Parliament between July 2014 and June 2018, spanning varied areas of government activity. We will also use this report to help determine areas of unaddressed risk across all parts of government, and to shape our future audit priorities.
Governments play an important stewardship role. Their decisions need to consider intergenerational equity by ensuring that investment strategies are sustainable. Governments also need to consider the impact of their decisions on different parts of the community. We recognise that governments face challenges in delivering programs and services, targeting complex social issues with finite resources.
Governments are changing how they deliver services to respond to citizen needs and deliver greater value for money. In this section, we reflect on audits that looked at how government entities are planning their activities to meet the needs of the community into the future.
State and local government exist to provide services to citizens, and citizens are playing a greater role in defining what services they want or need. Expectations about consultation, ease of access, timeliness, and customisation of services are rising. Governments face challenges to continually improve the way they plan and deliver services to meet these expectations. Governments also need to provide quality services for a growing and ageing population whilst working within a constrained financial environment.
Over the past four years, our performance audits have assessed aspects of State and local government services, including education, health services, disability support, corrective services, and many others. In this section, we draw together common findings that government entities should reflect on when providing services to the community.
The NSW Government’s 2018–19 Budget forecasts an $87.2 billion infrastructure investment program over the next four years. Infrastructure investment of this size carries significant opportunities and risks. Competition for resources is high and maintaining the capability to manage and deliver projects effectively is challenging. Governments also need to plan effectively to ensure infrastructure built today will meet future needs.
Over the past four years, we have looked at some of the ways NSW Government agencies justify and prioritise projects for funding, work with contractors to deliver projects, and track and report on progress. In this section, we draw together common findings from our audits that government entities should consider when planning future infrastructure projects.
Governments face challenges in balancing the use of natural resources to meet diverse interests, while supporting a sustainable natural environment for the future. They need to supply communities with water, produce energy, protect natural habitats, and support farming, industry, and economic development.
Some of our recent audits have considered how government agencies are managing natural resources and protecting the environment for future generations. In this section, we have drawn together common findings across our audits that government entities should consider in managing the environment and natural resources.
A range of checks and balances is needed to support public confidence in government decision making. To maintain trust, government agencies should act transparently, and in accordance with relevant legislation and policy. This is particularly important as the public sector increasingly engages with external partners to deliver services and provide a more contestable environment.
Good governance arrangements should result in improved service delivery and more effective and efficient use of resources. Our audits have looked at many different elements of governance, including making sure the necessary processes and workplace cultures are in place to help government entities achieve their aims. In this section, we have drawn together various aspects of governance that government entities should consider.
The global increase in digital technology provides governments with opportunities to interact with citizens in more immediate and responsive ways than was previously possible. Data can be used in powerful ways such as predicting future demand for services, targeting interventions, responding to crises, and evaluating outcomes. Governments face challenges in doing this while maintaining secure digital environments that protect citizen interests, privacy, and autonomy.
Our audits have assessed some of the ways that government entities are incorporating digital change into their work. In this section, we draw together common themes that governments could consider in protecting their digital assets, or expanding their digital capabilities.
Actions for 2016 - An overview
2016 - An overview
This report focuses on key observations and findings from 2016 audits and highlights key areas of focus for financial and performance audits in 2017.
Financial reporting | |
Observation | Conclusion |
Only one qualified audit opinion was issued on the 2015–16 financial statements of NSW public sector agencies, compared to two in 2014–15. | The quality of financial reporting continued to improve across the NSW public sector. |
More 2015–16 financial statements and audit opinions were signed within three months of the year end. | Timely financial reporting was facilitated by more agencies resolving significant accounting issues early, completing asset valuations on time and compiling sufficient evidence to support financial statement balances. |
NSW Treasury’s early close procedures in 2015–16 were again successful in improving the quality and timeliness of financial reporting, largely facilitated by the early resolution of accounting issues. For 2016–17, NSW Treasury has narrowed the scope of mandatory early close procedures. |
The narrowed scope of mandatory early close procedures may diminish the good performance in ensuring the quality and timeliness of financial reporting achieved in recent years. To mitigate this risk, NSW Treasury has mandated that agencies perform non-financial asset valuations and prepare proforma financial statements in their early close procedures. It also encourages them to continue with the good practices embedded in recent years. |
Although most agencies complied with NSW Treasury’s early close asset revaluation procedures we identified areas where they can improve. | Asset revaluations need to commence early enough to ensure all assets are identified and the results are analysed, recorded and reflected accurately in the early close financial statements. |
Number of misstatements | |||||
Year ended 30 June | 2015-16 | 2014-15 | 2013-14 | 2012-13 | 2011-12 |
Total reported misstatements | 298 | 396 | 459 | 661 | 1,077 |
All material misstatements identified by agencies and audit teams were corrected before the financial statements and audit opinions were signed. A material misstatement relates to an incorrect amount, classification, presentation or disclosure in the financial statements that could reasonably be expected to influence the economic decisions of users.
Significant matters reported to the portfolio Minister, Treasurer and Agency Head
In 2015–16, we reported the following significant matters to the portfolio Minister, Treasurer and agency head in our Statutory Audit Reports:
Appropriate financial controls help ensure the efficient and effective use of resources and the implementation and administration of agency policies. They are essential for quality and timely decision making.
In 2015–16, our audit teams made the following key observations on the financial controls of NSW public sector agencies.
Financial controls | |
Observation | Conclusion |
More needs to be done to implement audit recommendations on a timely basis. We found 212 internal control issues identified in previous audits had not been adequately addressed by 30 June 2016. |
Delays in implementing audit recommendations can impact the quality of financial information and the effectiveness of decision making. Agencies need to ensure they have action plans, timeframes and assigned responsibilities to address recommendations in a timely manner. |
Agencies continue to face challenges managing information security. Most information technology issues we identified related to poor IT user administration in areas like password controls and inappropriate access. | Agencies should review the design and effectiveness of information security controls to ensure data is adequately protected. |
We found shared service provider agreements did not always adequately address information security requirements. |
Where agencies use shared service providers they should consider whether the service level arrangements adequately address information security. |
Thirteen of 108 agencies required to attest to having a minimum set of information security controls did not do so in their 2015 annual reports. | The 'NSW Government Digital Information Security Policy' recognises the growing need for effective information security. With cyber security threats continuing to increase as digital services expand we plan to look at cyber security as part of our 2017–18 performance audit program. |
We identified instances where service level agreements with shared service providers were outdated, signed too late or did not exist. | Corporate and shared service arrangements are more effective when service level arrangements are negotiated and signed in time, clearly detail rights and responsibilities and include meaningful KPIs, fee arrangements and dispute resolution processes. |
Internal controls at GovConnect, the private sector provider of transactional and information technology services to many NSW public sector agencies were ineffective in 2015–16. We found mitigating actions taken to manage transition risks from ServiceFirst to GovConnect were ineffective in ensuring effective control over client transactions and data. | The Department of Finance, Services and Innovation should ensure GovConnect addresses the control deficiencies. It should also examine the breakdowns in the transition of the shared service arrangements and apply the learnings to other services being transitioned to the private sector. |
Maintenance backlogs exist in several NSW public sector agencies, including Roads and Maritime Services, Sydney Trains, NSW Health, the Department of Education and the Department of Justice. | To address backlog maintenance it is important for agencies to have asset lifecycle planning strategies that ensure newly built and existing assets are funded and maintained to a desired service level. |