Reports
Coordination of the response to COVID-19 (June to November 2021)
What the report is about
This audit assessed the effectiveness of NSW Government agencies’ coordination of the response to COVID-19, with a focus on the Delta variant outbreak in the Dubbo and Fairfield Local Government Areas (LGA) between June and November 2021. We audited five agencies - the Department of Premier and Cabinet, NSW Health, the NSW Police Force, Resilience NSW and the Department of Customer Service.
The audit also considered relevant planning and preparation activities that occurred prior to June 2021 to examine how emergency management and public health responses learned from previous events.
What we found
Prior to Delta, agencies developed capability to respond to COVID-19 related challenges.
However, lessons learned from prior reviews of emergency management arrangements, and from other jurisdictions, had not been implemented when Delta emerged in June 2021. As a result, agencies were not as fully prepared as they could have been to respond to the additional challenges presented by Delta.
Gaps in emergency management plans affected agencies' ability to support individuals, families and businesses impacted by restrictions to movement and gathering such as stay-at-home orders. In LGAs of concern, modest delays of a few days had a significant impact on people, especially those most vulnerable.
On 23 July 2021, the NSW Government established a cross-government coordinating approach, the Delta Microstrategy, which complemented existing emergency management arrangements, improved coordination between NSW Government agencies and led to more effective local responses.
Where possible, advice provided to government was supported by cross-government consultation, up-to-date evidence and insights. Public Health Orders were updated as the response to Delta intensified or to address unintended consequences of previous orders. The frequency of changes hampered agencies' ability to effectively communicate changes to frontline staff and the community in a rapidly evolving situation.
The NSW Government could provide greater transparency and accountability over decisions to apply Public Health Orders during a pandemic.
What we recommended
The audit made seven recommendations intended to improve transparency, accountability and preparedness for future emergency events.
This audit assessed the effectiveness of NSW Government agencies’ coordination (focused on the Department of Premier and Cabinet, NSW Health, the NSW Police Force, Resilience NSW and the Department of Customer Service) of the COVID-19 response in selected Local Government Areas (Fairfield City Council and Dubbo Regional Council) between June and November 2021.
As noted in this report, Resilience NSW was responsible for the coordination of welfare services as part of the emergency management arrangements. On 16 December 2022, the NSW Government abolished Resilience NSW.
During the audited period, Resilience NSW was tasked with supporting the needs of communities subject to stay-at-home orders or stricter restrictions and it provided secretariat support to the State Emergency Management Committee (SEMC). The SEMC was, and remains, responsible for the coordination and oversight of emergency management policy and preparedness.
Our work for this performance audit was completed on 15 November 2022, when we issued the final report to the five audited agencies. While the audit report does not make specific recommendations to Resilience NSW, it does include five recommendations to the State Emergency Management Committee. On 8 December 2022, the then Commissioner of Resilience NSW provided a response to the final report, which we include as it is the formal response from the audited entity at the time the audit was conducted.
The community of New South Wales has experienced significant emergency events during the past three years. COVID-19 first emerged in New South Wales after bushfire and flooding emergencies in 2019–20. The pandemic is now into its third year, and there have been further extreme weather and flooding events during 2021 and 2022.
Lessons taken from the experience of these events are important to informing future responses and reducing future risks to the community from emergencies.
This audit focuses on the NSW Government's response to the COVID-19 pandemic, and in particular, the Delta variant (Delta) that occurred between June and November 2021. The response to the Delta represents six months of heightened challenges for the NSW Government.
Government responses to emergencies are guided by legislation. The State Emergency and Rescue Management Act 1989 (SERM Act) establishes emergency management arrangements in New South Wales and covers:
- coordination at state, regional and local levels through emergency management committees
- emergency management plans, supporting plans and functional areas including the State Emergency Management Plan (EMPLAN)
- operations centres and controllers at state, regional and local levels.
This audit focuses on the activities of five agencies during the audit period:
- The NSW Police Force led the emergency management response and was responsible for coordinating agencies across government in providing the tactical and operational elements that supported and enhanced the health response to the pandemic. The NSW Police Force also led the compliance response which enforced Public Health Orders and included household checks on those required to isolate at home after testing positive to COVID-19. In some parts of NSW, they were supported by the Australian Defence Force in this role.
- NSW Health was responsible for leading the health response which coordinated all parts of the health system, initially to prevent, and then to manage, the pandemic.
- Resilience NSW coordinated welfare services as part of the emergency management arrangements and provided secretariat support to the State Emergency Management Committee (SEMC). The SEMC is responsible for the coordination and oversight of emergency management policy and preparedness. Resilience NSW was also tasked with supporting the needs of communities subject to stay-at-home orders or stricter restrictions.
- The Department of Customer Service (DCS) was responsible for the statewide strategic communications response.
- The Department of Premier and Cabinet (DPC) held a key role in providing policy and legal services, as well as supporting the coordination of activity across a range of functional areas and decision-making by our State’s leaders.
This audit assessed the effectiveness of NSW Government agencies’ coordination (focused on the Department of Premier and Cabinet, NSW Health, the NSW Police Force, Resilience NSW and the Department of Customer Service) of the COVID-19 response in selected Local Government Areas (LGA) (Fairfield City Council and Dubbo Regional Council) after June 2021.
The audit investigated whether:
- government decisions to apply LGA-specific Public Health Orders were supported by effective crisis management governance and planning frameworks
- agencies effectively coordinated in the communication (and enforcement) of Public Health Orders.
While focusing on the coordination of NSW Government agencies’ response to the Delta variant in June through to November 2021, the audit also considered relevant planning and preparation activities that occurred prior to June 2021 to examine how emergency management and public health responses learned from previous events.
This audit does not assess the effectiveness of other specific COVID-19 responses such as business support. It refers to the preparedness, planning and delivery of these activities in the context of supporting communities in selected LGAs. NSW Health's contribution to the Australian COVID-19 vaccine rollout was also subject to a separate audit titled 'New South Wales COVID-19 vaccine rollout' tabled in NSW Parliament on 7 December 2022.
This audit is part of a series of audits which have been completed, or are in progress, regarding the New South Wales COVID-19 emergency response. The Audit Office of New South Wales '2022–2025 Annual Work Program' details the ongoing focus our audits will have on providing assurance on the effectiveness of emergency responses.
In this document Aboriginal refers to the First Nations peoples of the land and waters now called Australia, and includes Aboriginal and Torres Strait Islander peoples.
Conclusion
Prior to June 2021, agencies worked effectively together to adapt and refine pre-existing emergency management arrangements to respond to COVID-19. However, lessons learned from prior reviews of emergency management arrangements, and from other jurisdictions, had not been implemented when Delta emerged in June 2021. As a result, agencies were not as fully prepared as they could have been to respond to the additional challenges presented by Delta.
In the period March 2020 to June 2021, the State's Emergency Management (EM) arrangements coordinated the New South Wales emergency response to COVID-19 with support from the Department of Premier and Cabinet (DPC) which led the cross-government COVID-19 Taskforce. NSW Government agencies enhanced the EM arrangements, which until then had typically been activated in response to natural disasters, to meet the specific circumstances of the pandemic.
However, the State Emergency Management Committee (SEMC), supported by Resilience NSW, did not address relevant recommendations arising from the 2020 Bushfires Inquiry before June 2021 and agencies did not always integrate lessons learned from other jurisdictions or scenario training exercises into emergency management plans or strategies before Delta. As a result, deficiencies in the EM arrangements, including representation of vulnerable communities on EM bodies, well-being support for multicultural communities in locked down environments and cross-agency information sharing, persisted when Delta emerged in June 2021.
It should be noted that for the purposes of this audit there is no benchmark, informed by precedent, that articulates what level of preparation would have been sufficient or proportionate. However, the steps required to address these gaps were reasonable and achievable, and the failure to do so meant that agencies were not as fully prepared as they could have been for the scale and escalation of Delta’s spread across the State.
The Delta Microstrategy complemented the EM arrangements to support greater coordination and agencies are working to improve their capability for future events
The Delta Microstrategy (the Microstrategy) led to innovations in information sharing and collaboration across the public service. Agencies involved in the response have completed, or are completing, reviews of their contribution to the response. That said, none of these reviews includes a focus on whole-of-government coordination.
On 23 July 2021, the NSW Government approved the establishment of the Microstrategy to respond to the additional challenges presented by Delta including the need to support communities most impacted by restrictions to movement and gathering in the LGAs of concern. An extensive range of government agencies were represented across eight Microstrategy workstreams, which coordinated with the existing EM arrangements to deliver targeted strategies to communities in high-risk locations and improve data and information sharing across government. This enhanced the public health, compliance, income and food support, communications and community engagement aspects of the response.
Agencies also leveraged learnings from early weeks of the Delta wave and were able to replicate those lessons in other locations. The use of pre-staging hubs in Fairfield to support food and personal hamper distribution was used a month later in Dubbo which acted as a central hub for more remote parts of the State.
Emergency management plans did not enable government to respond immediately to support vulnerable communities in high-risk LGAs or regional NSW
There are gaps in the emergency management plans relating to the support for individuals, families and businesses impacted by the stay-at-home orders and other restrictions to movement and gathering. These gaps affected agencies' ability to respond immediately when the need arose during Delta.
Emergency management plans and supporting instruments did not include provision for immediate relief for households, which meant arrangements for isolation income support and food security measures had to be designed in the early stages of Delta before it could be approved and deployed.
There were delays – sometimes only days, on occasion, weeks - in providing support to affected communities. In particular, there were delays to the provision of income support and in scaling up efforts to coordinate food and grocery hampers to households in isolation. In LGAs of concern, modest delays of a few days had a significant impact on people, especially those most vulnerable.
Although government issued stricter restrictions for workers in the Fairfield LGA on 14 July 2021, it only approved targeted income support for people in LGAs of concern on 16 August 2021.
Overall, agencies coordinated effectively to provide advice to government but there are opportunities to learn lessons to improve preparedness for future events
Agencies coordinated in providing advice to government. The advice was supported by timely public health information, although this was in the context of a pandemic, where data and information about the virus and its variants was changing regularly. However, agencies did not always consider the impact on key industries or supply chains when they provided advice to government, which meant that Public Health Orders would sometimes need to be corrected.
Public Health Orders were also updated as the response to Delta intensified or to address unintended consequences of previous orders. The frequency of changes hampered agencies' ability to effectively communicate changes to frontline staff and the community in a rapidly evolving situation.
The audit identified several occasions where there were delays, ranging from three to 21 days, between the provision of advice to government and subsequent decision-making (which we have not detailed due to the confidentiality of Cabinet deliberations). Agency officers advised of instances where they were not provided sufficient notice of changes to Public Health Orders to organise local infrastructure (such as traffic support for testing clinics) to support compliance with new requirements.
The COVID-19 pandemic arrived in Australia in late January 2020 as the bushfire and localised flooding emergencies were in their final stages. Between 2020 and mid-2021, agencies responded to the initial variants of COVID-19, managed a border closure with Victoria that lasted nearly four months and dealt with localised ‘flare-ups’ that required postcode-based restrictions on mobility in northern parts of Sydney and regional New South Wales. During this period, New South Wales had the opportunity to learn from events in Victoria which imposed strict restrictions on mobility across the State and the growing emergence of the Delta variant (Delta) across the Asia Pacific.
This section of the report assesses how emergency management and public health responses adapted to these lessons and determined preparedness for, and responses to, widespread community transmission of Delta in New South Wales.
The previous chapter discusses how agencies had refined the existing emergency management arrangements to suit the needs of a pandemic and describes some gaps that were not addressed. This chapter explores the first month of Delta (mid-June to mid-July 2021). It explores the areas where agencies were prepared and responses in place for the outbreak. It also discusses the impact of the gaps that were not addressed in the period prior to Delta and other issues that emerged.
NSW Health provided advice on the removal of restrictions based on up-to-date advice
The NSW Government discussed the gradual process for removing restrictions using the Doherty Institute modelling provided to National Cabinet on 10 August 2021. NSW Health highlighted the importance of maintaining a level of public health and safety measure bundles to further suppress case numbers. This was based on additional modelling from the Doherty Institute.
The Department of Regional NSW led discussion and planning around reopening with a range of proposal through August and September 2021. The Department of Premier and Cabinet and NSW Health jointly developed a paper to provide options on the restrictions when the State reached a level of 70% double dose vaccinations.
The roadmap to reopening was originally published on 9 September 2021. However, by 11 October 2021, the restrictions were relaxed when the 70% double dose threshold was reached to allow:
- up to ten fully vaccinated visitors to a home (increased from five)
- up to 30 fully vaccinated people attending outdoor gatherings (increased from 20)
- weddings and funerals limits increased to 100 people (from 50)
- the reopening of indoor pools for training, exercise and learning purposes only.
On the same day, the NSW Government announced further relaxation of restrictions once the 80% double dose threshold was reached. These restrictions were further relaxed on 8 November 2021. This included the removal of capacity restrictions to the number of visitors to a private residence, indoor pools to reopen for all purposes and density limits of one person for every two square metres, dancing allowed in nightclubs and 100% capacity in major stadia.
The NSW Government allowed workers in regional areas who received one vaccination dose to return to their workplace from 11 October 2021.
The Premier extended the date of easing of restrictions for unvaccinated people aged over 16 from 1 December to 15 December 2021.
Many agencies have undertaken reviews of their response to the Delta outbreak but a whole-of-government review has yet to be conducted
Various agencies and entities associated with the response to the Delta outbreak conducted after-action review processes. These processes assessed the achievements delivered, lessons learned and opportunities for improvement. However, a whole-of-government level review has not been conducted. This limits the New South Wales public service's ability to improve how it coordinates responses in future emergencies.
The agencies/entities that conducted reviews included:
- South West Metropolitan region, Western NSW region, Fairfield Local Emergency Management Committee (LEMC), Dubbo Local Emergency Operations Controller (LEOCON), which were collated centrally by the State Emergency Operations Centre (SEOC)
- Aboriginal Affairs NSW assessed representation and relevance of the emergency management arrangements for Aboriginal communities following the 2019 bushfires
- Resilience NSW developed case studies to capture improved practice with regard to food security and supply chains
- a community support and empowerment-focused after-action review undertaken by the Pillar 5 workstream of the Microstrategy.
Key lessons collated from the after-action reviews include:
- the impact of variation in capability across agencies on the management of key aspects of the response including welfare support and logistics
- issues with boundary differences between NSW Police Force regions, local government areas (LGA and local health districts (LHD) caused issues in delivering and coordinating services in an emergency situation
- the need to improve relationships between state and local Government outside of acute emergency responses to improve service delivery
- issues arising from impediments to information sharing between agencies and jurisdictions, such as:
- timeliness and accuracy of data used to direct compliance activities
- the impact of insufficient advance notice on changes to Public Health Orders
- timely access to data across public sector agencies and other jurisdictions to inform decision-making, analysis and communications
- gaps in data around ethnicity, geolocation of recent positive cases and infection/vaccination rates in Aboriginal communities.
- the lack of Aboriginal community representation on many LEMCs
- compared with the response to COVID-19 in 2020, improved coordination of communications with Culturally and Linguistically Diverse (CALD) populations with a reduction in overlapping messages and over-communication
- improved attendance from agency representatives in LEMCs, and regional emergency operations centres (REOC) to improve interagency communications, planning, capability development and community engagement issues
- deficiencies in succession planning and fatigue management practices
- the potential for REOC Welfare/Well-being subgroups to be included as part of the wider efforts to community needs during emergencies.
NSW Health commenced a whole of system review of its COVID-19 response in May 2022. At the time of writing, the completion due date for the debrief is 7 November 2022. This debrief is expected to explore:
- governance
- engagement
- innovation and technology
- community impact
- workforce impact
- system impact and performance.
NSW Health is also undertaking a parallel Intra-Action Review that is focused on the public health aspects of the response with finalisation estimated for the end of November 2022. At the time of completing this performance audit report, NSW Health had not finalised these reviews and, as a result, we cannot validate their findings against our own observations.
Recent inquiries are likely to impact the governance of emergency management in New South Wales
In March 2022, the NSW Government established an independent inquiry to examine and report on the causes of, preparedness for, response to and recovery from the 2022 floods. The Flood Inquiry report made 28 recommendations, which the NSW Government supported in full or in principle. Some of the recommendations relate directly to the governance and leadership of emergency management arrangements in New South Wales.
The State Emergency Management Committee (SEMC) will likely be involved in, and impacted by, the recommendations arising from the Flood Inquiry with potential changes to its membership and reshaping of functional areas and agencies. At the same time, the SEMC may have a role in overseeing the changes that emerge from the SEOC consolidated after-action reviews. This can also extend to ensuring local and regional bodies have incorporated the required actions. There is a risk that the recommendations from the pandemic-based after-action reviews may not be considered due to the priority of action resulting from the Flood Inquiry.
Furthermore, there is potential for the SEMC to work with NSW Health during its system-wide review. Such an approach is likely to improve preparedness for future events.
Appendix one – Response from agencies
Appendix two – Chronology 2020–2021
Appendix three – About the audit
Appendix four – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #371 - released 20 December 2022
Stronger Communities 2022
What the report is about
Results of the Stronger Communities cluster agencies' financial statement audits for the year ended 30 June 2022.
What we found
Unqualified audit opinions were issued on all completed 30 June 2022 financial statement audits. One audit is ongoing.
All 13 cluster agencies that have accommodation arrangements with Property NSW derecognised right-of-use assets and lease liabilities of $917 million and $1 billion respectively. The agencies also collectively recorded a gain on derecognition of $136 million.
The Department of Communities and Justice (the department) assumed the responsibility for delivery of the Process and Technology Harmonisation program from the Department of Customer Service. In 2021–22, the department incurred costs of $42.8 million in relation to the project, which remains ongoing.
The number of monetary misstatements identified during the audits decreased from 50 in 2020–21 to 48 in 2021–22.
What the key issues were
Six of the 15 cluster agencies required to submit 2021–22 mandatory early close procedures did not meet the statutory deadlines. One agency did not complete all mandatory procedures.
Five high-risk findings were identified in 2021–22. They related to deficiencies in:
- user access administration at the department, NSW Rural Fire Service and New South Wales Aboriginal Land Council (NSWALC)
- segregation of duties at the NSW Trustee and Guardian and NSWALC.
Recommendations were made to those agencies to address these control deficiencies.
This report provides Parliament and other users of the Stronger Communities cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster (the cluster) for 2022.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.
Section highlights
|
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Education 2022
What the report is about
Result of the Education cluster financial statement audits for the year ended 30 June 2022.
What we found
Unmodified audit opinions were issued for Education cluster agencies.
An 'other matter' paragraph was included in the TAFE Commission's independent auditor's report as it did not have a delegation or sub-delegation from the Minister for Education and Early Learning to incur expenditure from cluster grants.
What the key issues were
Annual fair value assessments of land and buildings showed material differences in their carrying values. As a result, the Department of Education and the TAFE Commission completed desktop revaluations of land and buildings, collectively increasing the value of these assets by $1.2 billion and $4.7 billion respectively.
The Department of Education and the NSW Education Standards Authority accepted changes to their office leasing arrangements managed by Property NSW. These changes resulted in the collective derecognition of $270.6 million of right-of-use assets and $382.9 million in lease liabilities.
What we recommended
A high-risk matter was reported in the management letter for the TAFE Commission highlighting non-compliance with policies and procedures guiding appropriate use of purchasing cards.
We recommended cluster agencies prioritise and address internal control deficiencies.
This report provides Parliament and other users of the Education cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster (the cluster) for 2022.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Education cluster.
Section highlights
|
The number of findings reported to management has increased, and 31% were repeat issues
Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.
In 2021–22, there were 29 findings raised across the cluster (28 in 2020–21). Thirty-one per cent of all issues were repeat issues (50% in 2020–21).
The most common new and repeat issues related to internal control deficiencies in agencies’ information technology general controls, application controls, and procurement and payroll practices.
A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.
A high-risk matter was reported at the TAFE Commission highlighting instances of non-compliance with policies and procedures guiding appropriate purchasing card use
As part of our audit of the TAFE Commission, we integrated the use of data analytics into the audit approach. We performed data analytics over aspects of payroll, procurement and accounts payable activities. This helped us to highlight anomalies or risks in those data sets that are relevant to the audit of the TAFE Commission and plan testing procedures to address those risks. Data analytics also assisted us in providing an insight into the internal control environment of the TAFE Commission, highlighting areas where key controls are not in place or are not operating as management intended.
Our analysis over purchasing card data supplied by the TAFE Commission for the period July 2021 to March 2022 found deficiencies in the provisioning, use and cancellation of purchasing cards. This included identified instances of:
- controls effectively bypassed when a purchasing card surrendered by a former employee had been used by another employee
- split payments, circumventing delegation / cardholder limits
- delays in the submission and approval of purchasing card transactions.
The table below describes the common issues identified across the cluster by category and risk rating:
| Risk rating | Issue |
| Information technology | |
|
High: 0 new, 0 repeat 1 Moderate: 5 new, 3 repeat 2 Low: 2 new, 1 repeat 3 |
The financial audits identified areas for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of note were deficiencies identified in:
|
| Internal control deficiencies or improvements | |
|
High: 1 new, 0 repeat 1 Moderate: 5 new, 3 repeat 2 Low: 4 new, 1 repeat 3 |
The financial audits identified internal control weaknesses across key business processes relevant to financial reporting. Of note were deficiencies identified in:
|
| Financial reporting | |
|
High: 0 new, 0 repeat 1 Moderate: 1 new, 1 repeat 2 Low: 2 new, 0 repeat 3 |
The financial audits identified:
|
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
3 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Recommendation
We recommend cluster agencies prioritise and action recommendations to address the internal control deficiencies outlined above.
Audit Insights 2018-2022
What the report is about
In this report, we have analysed the key findings and recommendations from our audit reports over the past four years.
This analysis includes financial audits, performance audits, and compliance audits of state and local government entities that were tabled in NSW Parliament between July 2018 and February 2022.
The report is framed by recognition that the past four years have seen significant challenges and emergency events.
The scale of government responses to these events has been wide-ranging, involving emergency response coordination, service delivery, governance and policy.
The report is a resource to support public sector agencies and local government to improve future programs and activities.
What we found
Our analysis of findings and recommendations is structured around six key themes:
- Integrity and transparency
- Performance and monitoring
- Governance and oversight
- Cyber security and data
- System planning for disruption
- Resource management.
The report draws from this analysis to present recommendations for elements of good practice that government agencies should consider in relation to these themes. It also includes relevant examples from recent audit reports.
In this report we particularly call out threats to the integrity of government systems, processes and governance arrangements.
The report highlights the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit.
A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.
Fast facts
- 72 audits included in the Audit Insights 2018–2022 analysis
- 4 years of audits tabled by the Auditor-General for New South Wales
- 6 key themes for Audit Insights 2018–2022.
I am pleased to present the Audit Insights 2018–2022 report. This report describes key findings, trends and lessons learned from the last four years of audit. It seeks to inform the New South Wales Parliament of key risks identified and to provide insights and suggestions to the agencies we audit to improve performance across the public sector.
The report is framed by a very clear recognition that governments have been responding to significant events, in number, character and scale, over recent years. Further, it acknowledges that public servants at both state and council levels generally bring their best selves to work and diligently strive to deliver great outcomes for citizens and communities. The role of audit in this context is to provide necessary assurance over government spending, programs and services, and make suggestions for continuous improvement.
A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.
However, in this report we particularly call out threats to the integrity of government systems, processes and governance arrangements. We highlight the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit. Arguably, these considerations are never more important than in an increasingly complex environment and in the face of significant emergency events and they will be key areas of focus in our future audit program.
While we have acknowledged the challenges of the last few years have required rapid responses to address the short-term impacts of emergency events, there is much to be learned to improve future programs. I trust that the insights developed in this report provide a helpful resource to public sector agencies and local government across New South Wales. I would be pleased to receive any feedback you may wish to offer.
Margaret Crawford
Auditor-General for New South Wales
| Integrity and transparency | Performance and monitoring | Governance and oversight | Cyber security and data | System planning | Resource management |
| Insufficient documentation of decisions reduces the ability to identify, or rule out, misconduct or corruption. | Failure to apply lessons learned risks mistakes being repeated and undermines future decisions on the use of public funds. | The control environment should be risk-based and keep pace with changes in the quantum and diversity of agency work. | Building effective cyber resilience requires leadership and committed executive management, along with dedicated resourcing to build improvements in cyber security and culture. | Priorities to meet forecast demand should incorporate regular assessment of need and any emerging risks or trends. Absence of an overarching strategy to guide decision-making results in project-by-project decisions lacking coordination. | Governments must weigh up the cost of reliance on consultants at the expense of internal capability, and actively manage contracts and conflicts of interest. |
| Government entities should report to the public at both system and project level for transparency and accountability. | Government activities benefit from a clear statement of objectives and associated performance measures to support systematic monitoring and reporting on outcomes and impact. | Management of risk should include mechanisms to escalate risks, and action plans to mitigate risks with effective controls. | In implementing strategies to mitigate cyber risk, agencies must set target cyber maturity levels, and document their acceptance of cyber risks consistent with their risk appetite. | Service planning should establish future service offerings and service levels relative to current capacity, address risks to avoid or mitigate disruption of business and service delivery, and coordinate across other relevant plans and stakeholders. | Negotiations on outsourced services and major transactions must maintain focus on integrity and seeking value for public funds. |
| Entities must provide balanced advice to decision-makers on the benefits and risks of investments. | Benefits realisation should identify responsibility for benefits management, set baselines and targets for benefits, review during delivery, and evaluate costs and benefits post-delivery. | Active review of policies and procedures in line with current business activities supports more effective risk management. | Governments hold repositories of valuable data and data capabilities that should be leveraged and shared across government and non-government entities to improve strategic planning and forecasting. | Formal structures and systems to facilitate coordination between agencies is critical to more efficient allocation of resources and to facilitate a timely response to unexpected events. | Transformation programs can be improved by resourcing a program management office. |
| Clear guidelines and transparency of decisions are critical in distributing grant funding. | Quality assurance should underpin key inputs that support performance monitoring and accounting judgements. | Governance arrangements can enable input into key decisions from both government and non-government partners, and those with direct experience of complex issues. | Workforce planning should consider service continuity and ensure that specialist and targeted roles can be resourced and allocated to meet community need. | ||
| Governments must ensure timely and complete provision of information to support governance, integrity and audit processes. | |||||
| Read more | Read more | Read more | Read more | Read more | Read more |
This report brings together a summary of key findings arising from NSW Audit Office reports tabled in the New South Wales Parliament between July 2018 and February 2022. This includes analysis of financial audits, performance audits, and compliance audits tabled over this period.
- Financial audits provide an independent opinion on the financial statements of NSW Government entities, universities and councils and identify whether they comply with accounting standards, relevant laws, regulations, and government directions.
- Performance audits determine whether government entities carry out their activities effectively, are doing so economically and efficiently, and in accordance with relevant laws. The activities examined by a performance audit may include a selected program or service, all or part of an entity, or more than one government entity. Performance audits can consider issues which affect the whole state and/or the local government sectors.
- Compliance audits and other assurance reviews are audits that assess whether specific legislation, directions, and regulations have been adhered to.
This report follows our earlier edition titled 'Performance Audit Insights: key findings from 2014–2018'. That report sought to highlight issues and themes emerging from performance audit findings, and to share lessons common across government. In this report, we have analysed the key findings and recommendations from our reports over the past four years. The full list of reports is included in Appendix 1. The analysis included findings and recommendations from 58 performance audits, as well as selected financial and compliance reports tabled between July 2018 and February 2022. The number of recommendations and key findings made across different areas of activity and the top issues are summarised at Exhibit 1.
The past four years have seen unprecedented challenges and several emergency events, and the scale of government responses to these events has been wide-ranging involving emergency response coordination, service delivery, governance and policy. While these emergencies are having a significant impact today, they are also likely to continue to have an impact into the future. There is much to learn from the response to those events that will help the government sector to prepare for and respond to future disruption. The following chapters bring together our recommendations for core elements of good practice across a number of areas of government activity, along with relevant examples from recent audit reports.
This 'Audit Insights 2018–2022' report does not make comparative analysis of trends in public sector performance since our 2018 Insights report, but instead highlights areas where government continues to face challenges, as well as new issues that our audits have identified since our 2018 report. We will continue to use the findings of our Insights analysis to shape our future audit priorities, in line with our purpose to help Parliament hold government accountable for its use of public resources in New South Wales.
Appendix one – Included reports, 2018–2022
Appendix two – About this report
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Universities 2021
What the report is about
Results of the financial statement audits of the public universities in NSW for the year ended 31 December 2021.
What we found
Financial reporting
Unmodified audit opinions were issued for all ten universities.
The University of Wollongong reported the retrospective correction of a prior period error relating to a $169 million contract termination liability.
All universities reported positive net results in 2021 (four in 2020) and each showed improvement from 2020. This was mainly due to expenditure decreasing by a combined $644 million (5.8%) from 2020. Universities implemented redundancy programs in response to the COVID-19 pandemic, which resulted in a decrease of nearly 2,300 full-time equivalent staff in 2021.
All universities held an investment in Education Australia Limited, which paid to its shareholders a fully franked dividend comprising cash and shares in IDP Education Limited. This increased the combined investment revenues of the universities by $515 million in 2021. However, it affected each university's net result differently depending on elections made in their historical accounting treatment.
Government grants increased by $442 million from 2020, of which $297 million related to the Commonwealth's 2021 additional Research Support Program funding to the NSW universities which was a COVID-19 support measure to the sector.
Over 43% of universities' course fees revenue comes from three countries (39% in 2020). Students from China now represent over half of all overseas student enrolments. A high level of reliance on student revenue from a single country poses a concentration risk for universities.
Internal controls
We reported 105 findings to universities on internal control deficiencies (110 in 2020).
Four high-risk findings were identified (three in 2020), relating to:
- the status of one university's work in assessing its liability for underpayment of staff
- IT control deficiencies over privileged user access
- control deficiencies that resulted in non-recognition of a liability in one university's prior year's financial statements
- a detailed review of payroll compliance for casual staff, which remains outstanding at one university.
There were 45 repeat findings of control deficiencies in 2021 (45 in 2020).
All universities have drafted or implemented a cybersecurity policy and established a governance committee accountable for cybersecurity. However, improvements could be made in:
- recording and monitoring of attempted cyber incidents
- assessing cyber risks relating to IT vendors
- implementation of cybersecurity control measures for key systems.
Four out of 13 entities experienced a significant cyber incident during 2021.
What we recommended
- Universities should prioritise actions to address repeat findings on internal control deficiencies, particularly where the issue has been repeated for a number of years.
- Universities and controlled entities should prioritise improvements to their cybersecurity and resilience.
Fast facts
There are ten public universities in NSW, with 52 controlled entities in Australia and 22 overseas controlled entities.
- $12b total combined adjusted revenue in 2021, an increase of $1.1 billion (10.5%) from 2020
- $10.4b total combined expenditure in 2021, a decrease of $644 million (5.8%) from 2020
- 79,134 overseas student enrolments in 2021, a decrease of 3,138 students (3.8%) from 2020
- 209,018 domestic student enrolments in 2021, an increase of 1,622 students (0.8%) from 2020
- 4 high-risk management letter findings were identified (3 in 2020)
- 43% of reported issues were repeat issues.
This report provides Parliament with the results of our financial audits of universities in New South Wales and their controlled entities in 2021, including our analysis, observations and recommendations in the following areas:
- financial reporting
- internal controls and governance
- teaching and research.
Financial reporting is an important element of governance. Confidence and transparency in university sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations on the financial reporting of universities in NSW for 2021.
Section highlights
|
Appropriate and robust internal controls help produce reliable financial reports and reduce risks associated with managing finances, compliance and administration of universities.
This chapter outlines the internal controls related observations and insights across universities in NSW for 2021, including overall trends in findings, level of risk and implications.
Our audits do not review all aspects of internal controls and governance every year. The more significant issues and risks are included in this chapter. These along with the less significant matters are reported to universities for management to address.
Section highlights
|
Universities' primary objectives are teaching and research. They invest most of their resources aiming to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and their standing in international and Australian rankings.
This chapter outlines teaching and research outcomes for universities in NSW for 2021.
Section highlights
|
Appendix one – List of 2021 recommendations
Appendix two – Status of 2020 recommendations
Appendix three – Universities' controlled entities
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
COVID-19: response, recovery and impact
What the report is about
This report draws together the financial impact of COVID-19 on the agencies integral to responses across the state government sector of New South Wales.
What we found
Since the COVID-19 pandemic hit NSW in January 2020, and until 30 June 2021, $7.5 billion was spent by state government agencies for health and economic stimulus. The response was largely funded by borrowings.
The key areas of spending since the start of COVID-19 in NSW to 30 June 2021 were:
- direct health response measures – $2.2 billion
- personal protective equipment – $1.4 billion
- small business grants – $795 million
- quarantine costs – $613 million
- increases in employee expenses and cleaning costs across most agencies
- vaccine distribution, including vaccination hubs – $71 million.
The COVID-19 pandemic significantly impacted the financial performance and position of state government agencies.
Decreases in revenue from providing goods and services were offset by increases in appropriations, grants and contributions, for health and economic stimulus funding in response to the pandemic.
Most agencies had expense growth, due to additional operating requirements to manage and respond to the pandemic along with implementing new or expanded stimulus programs and initiatives.
Response measures for COVID-19 have meant the NSW Government is unlikely to meet targets in the Fiscal Responsibility Act 2012 being:
- annual expense growth kept below long-term average revenue growth
- elimination of State’s unfunded superannuation liability by 2030.
Fast facts
- First COVID-19 case in NSW on 25 January 2020
- COVID-19 vaccinations commenced on 21 February 2021
- By 31 December 2021, 25.2 million PCR tests had been performed in NSW and 13.6 million vaccines administered, with 93.6% of the 16 and over population receiving two doses
- During 2020–21, NSW Health employed an extra 4,893 full-time staff and incurred $28 million in overtime mainly in response to COVID-19
- During 2020–21, $1.2 billion was spent on direct health COVID-19 response measures and $532 million was spent on quarantine for incoming international travellers
Section highlights
|
Section highlights
|
Internal Controls and Governance 2017
Agencies need to do more to address risks posed by information technology (IT).
Effective internal controls and governance systems help agencies to operate efficiently and effectively and comply with relevant laws, standards and policies. We assessed how well agencies are implementing these systems, and highlighted opportunities for improvement.
1. Overall trends
|
New and repeat findings |
The number of reported financial and IT control deficiencies has fallen, but many previously reported findings remain unresolved. |
|
High risk findings |
Poor systems implementations contributed to the seven high risk internal control deficiencies that could affect agencies. |
|
Common findings |
Poor IT controls are the most commonly reported deficiency across agencies, followed by governance issues relating to cyber security, capital projects, continuous disclosure, shared services, ethics and risk management maturity. |
2. Information Technology
|
IT security |
Only two-thirds of agencies are complying with their own policies on IT security. Agencies need to tighten user access and password controls. |
|
Cyber security |
Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
|
Other IT systems |
Agencies can improve their disaster recovery plans and the change control processes they use when updating IT systems. |
3. Asset Management
|
Capital investment |
Agencies report delays delivering against the significant increase in their budgets for capital projects. |
|
Capital projects |
Agencies are underspending their capital budgets and some can improve capital project governance. |
|
Asset disposals |
Eleven per cent of agencies were required to sell their real property through Property NSW but didn’t. And eight per cent of agencies can improve their asset disposal processes. |
4. Governance
|
Governance arrangements |
Sixty-four per cent of agencies’ disclosure policies support communication of key performance information and prompt public reporting of significant issues. |
|
Shared services |
Fifty-nine per cent of agencies use shared services, yet 14 per cent do not have service level agreements in place and 20 per cent can strengthen the performance standards they set. |
5. Ethics and Conduct
|
Ethical framework |
Agencies can reinforce their ethical frameworks by updating code‑of‑conduct policies and publishing a Statement of Business Ethics. |
|
Conflicts of interest |
All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
6. Risk Management
|
Risk management maturity |
All agencies have implemented risk management frameworks, but with varying levels of maturity. |
|
Risk management elements |
Many agencies can improve risk registers and strengthen their risk culture, particularly in the way that they report risks to their lead agency. |
This report covers the findings and recommendations from our 2016–17 financial audits related to the internal controls and governance of the 39 largest agencies (refer to Appendix three) in the NSW public sector. These agencies represent about 95 per cent of total expenditure for all NSW agencies and were considered to be a large enough group to identify common issues and insights.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2017 cluster financial audit reports tabled in Parliament from October to December 2017.
This new report offers strategic insight on the public sector as a whole
In previous years, we have commented on internal control and governance issues in the volumes we published on each ‘cluster’ or agency sector, generally between October and December. To add further value, we then commented more broadly about the issues identified for the public sector as a whole at the start of the following year.
This year, we have created this report dedicated to internal controls and governance. This will help Parliament to understand broad issues affecting the public sector, and help agencies to compare their own performance against that of their peers.
Without strong control measures and governance systems, agencies face increased risks in their financial management and service delivery. If they do not, for example, properly authorise payments or manage conflicts of interest, they are at greater risk of fraud. If they do not have strong information technology (IT) systems, sensitive and trusted information may be at risk of unauthorised access and misuse.
These problems can in turn reduce the efficiency of agency operations, increase their costs and reduce the quality of the services they deliver.
Our audits do not review every control or governance measure every year. We select a range of measures, and report on those that present the most significant risks that agencies should mitigate. This report divides these into the following six areas:
- Overall trends
- Information technology
- Asset management
- Governance
- Ethics and conduct
- Risk management.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume then illustrates this year’s controls and governance findings in more detail.
|
Issues |
Recommendations |
|
1.1 New and repeat findings |
|
|
The number of internal control deficiencies reduced over the past three years, but new higher-risk information technology (IT) control deficiencies were reported in 2016–17. Deficiencies repeated from previous years still make up a sizeable proportion of all internal control deficiencies. |
Recommendation Agencies should focus on emerging IT risks, but also manage new IT risks, reduce existing IT control deficiencies, and address repeat internal control deficiencies on a more timely basis. |
|
1.2 High risk findings |
|
|
We found seven high risk internal control deficiencies, which might significantly affect agencies. |
Recommendation Agencies should rectify high risk internal control deficiencies as a priority |
|
1.3 Common findings |
|
|
The most common internal control deficiencies related to poor or absent IT controls. We found some common governance deficiencies across multiple agencies. |
Recommendation Agencies should coordinate actions and resources to help rectify common IT control and governance deficiencies. |
Information technology (IT) has become increasingly important for government agencies’ financial reporting and to deliver their services efficiently and effectively. Our audits reviewed whether agencies have effective controls in place over their IT systems. We found that IT security remains the source of many control weakness in agencies.
| Issues | Recommendations |
2.1 IT security |
|
|
User access administration While 95 per cent of agencies have policies about user access, about two-thirds were compliant with these policies. Agencies can improve how they grant, change and end user access to their systems. |
Recommendation Agencies should strengthen user access administration to prevent inappropriate access to sensitive systems. Agencies should:
|
|
Privileged access Sixty-eight per cent of agencies do not adequately manage who can access their information systems, and many do not sufficiently monitor or restrict privileged access. |
Recommendation Agencies should tighten privileged user access to protect their information systems and reduce the risks of data misuse and fraud. Agencies should ensure they:
|
|
Password controls Forty-one per cent of agencies did not meet either their own standards or minimum standards for password controls. |
Recommendation Agencies should review and enforce password controls to strengthen security over sensitive systems. As a minimum, password parameters should include:
|
2.2 Cyber Security |
|
|
Cyber security framework Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
Recommendation The Department of Finance, Services and Innovation should revisit its existing framework to develop a shared cyber security terminology and strengthen the current reporting requirements for cyber incidents. |
|
Cyber security strategies While 82 per cent of agencies have dedicated resources to address cyber security, they can strengthen their strategies, expertise and staff awareness. |
Recommendations The Department of Finance, Services and Innovation should:
Agencies should ensure they adequately resource staff dedicated to cyber security. |
2.3 Other IT systems |
|
|
Change control processes Some agencies need to improve change control processes to avoid unauthorised or inaccurate system changes. |
Recommendation Agencies should consistently perform user acceptance testing before system upgrades and changes. They should also properly approve and document changes to IT systems. |
|
Disaster recovery planning Agencies can do more to adequately assess critical business systems to enforce effective disaster recovery plans. This includes reviewing and testing their plans on a timely basis. |
Recommendation Agencies should complete business impact analyses to strengthen disaster recovery plans, then regularly test and update their plans. |
Agency service delivery relies on developing and renewing infrastructure assets such as schools, hospitals, roads, or public housing. Agencies are currently investing significantly in new assets. Agencies need to manage the scale and volume of current capital projects in order to deliver new infrastructure on time, on budget and realise the intended benefits. We found agencies can improve how they:
- manage their major capital projects
- dispose of existing assets.
| Issues | Recommendations or conclusions |
3.1 Capital investment |
|
|
Capital asset investment ratios Most agencies report high capital investment ratios, but one-third of agencies’ capital investment ratios are less than one. |
Recommendation Agencies with high capital asset investment ratios should ensure their project management and delivery functions have the capacity to deliver their current and forward work programs. |
|
Volume of capital spending Most agencies have significant forward spending commitments for capital projects. However, agencies’ actual capital expenditure has been below budget for the last three years. |
Conclusion The significant increase in capital budget underspends warrant investigation, particularly where this has resulted from slower than expected delivery of projects from previous years. |
3.2 Capital projects |
|
|
Major capital projects Agencies’ major capital projects were underspent by 13 percent against their budgets. |
Conclusion The causes of agency budget underspends warrant investigation to ensure the NSW Government’s infrastructure commitment is delivered on time. |
|
Capital project governance Agencies do not consistently prepare business cases or use project steering committees to oversee major capital projects. |
Conclusion Agencies that have project management processes that include robust business cases and regular updates to their steering committees (or equivalent) are better able to provide those projects with strategic direction and oversight. |
3.3. Asset disposals |
|
|
Asset disposal procedures Agencies need to strengthen their asset disposal procedures. |
Recommendations Agencies should have formal processes for disposing of surplus properties. Agencies should use Property NSW to manage real property sales unless, as in the case for State owned corporations, they have been granted an exemption. |
Governance refers to the high-level frameworks, processes and behaviours that help an organisation to achieve its objectives, comply with legal and other requirements, and meet a high standard of probity, accountability and transparency.
This chapter sets out the governance lighthouse model the Audit Office developed to help agencies reach best practice. It then focuses on two key areas: continuous disclosure and shared services arrangements. The following two chapters look at findings related to ethics and risk management.
| Issues | Recommendations or conclusions |
4.1 Governance arrangements |
|
|
Continuous disclosure Continuous disclosure promotes improved performance and public trust and aides better decision-making. Continuous disclosure is only mandatory for NSW Government Businesses such as State owned corporations. |
Conclusion Some agencies promote transparency and accountability by publishing on their websites a continuous disclosure policy that provides for, and encourages:
|
4.2 Shared services |
|
|
Service level agreements Some agencies do not have service level agreements for their shared service arrangements. Many of the agreements that do exist do not adequately specify controls, performance or reporting requirements. This reduces the effectiveness of shared services arrangements. |
Conclusion Agencies are better able to manage the quality and timeliness of shared service arrangements where they have a service level agreement in place. Ideally, the terms of service should be agreed before services are transferred to the service provider and:
|
|
Shared service performance Some agencies do not set performance standards for their shared service providers or regularly review performance results. |
Conclusion Agencies can achieve better results from shared service arrangements when they regularly monitor the performance of shared service providers using key measures for the benefits realised, costs saved and quality of services received. Before agencies extend or renegotiate a contract, they should comprehensively assess the services received and test the market to maximise value for money. |
All government sector employees must demonstrate the highest levels of ethical conduct, in line with standards set by The Code of Ethics and Conduct for NSW government sector employees.
This chapter looks at how well agencies are managing these requirements, and where they can improve their policies and processes.
We found that agencies mostly have the appropriate codes, frameworks and policies in place. But we have highlighted opportunities to improve the way they manage those systems to reduce the risks of unethical conduct.
| Issues | Recommendations or conclusions |
5.1 Ethical framework |
|
|
Code of conduct All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
Recommendation Agencies should regularly review their code-of-conduct policies and ensure they keep their codes of conduct up-to-date. |
|
Statement of business ethics Most agencies maintain an ethical framework, but some can enhance their related processes, particularly when dealing with external clients, customers, suppliers and contractors. |
Conclusion Agencies can enhance their ethical frameworks by publishing a Statement of Business Ethics, which communicates their values and culture. |
5.2 Potential conflicts of interest |
|
|
Conflicts of interest All agencies have a conflicts-of-interest policy, but most can improve how they identify, manage and avoid conflicts of interest. |
Recommendation Agencies should improve the way they manage conflicts of interest, particularly by:
|
|
Gifts and benefits While all agencies already have a formal gifts-and-benefits policy, we found gaps in the management of gifts and benefits by some that increase the risk of unethical conduct. |
Recommendation Agencies should improve the way they manage gifts and benefits by promptly updating registers and providing annual training to staff. |
Risk management is an integral part of effective corporate governance. It helps agencies to identify, assess and prioritise the risks they face and in turn minimise, monitor and control the impact of unforeseen events. It also means agencies can respond to opportunities that may emerge and improve their services and activities.
This year we looked at the overall maturity of the risk management frameworks that agencies use, along with two important risk management elements: risk culture and risk registers.
| Issues | Recommendations or conclusions |
6.1 Risk management maturity |
|
|
All agencies have implemented risk management frameworks, but with varying levels of maturity in their application. Agencies’ averaged a score of 3.1 out of five across five critical assessment criteria for risk management. While strategy and governance fared best, the areas that most need to improve are risk culture, and systems and intelligence. |
Conclusion Agencies have introduced risk management frameworks and practices as required by the Treasury’s:
However, more can be done to progress risk management maturity and embed risk management in agency culture. |
6.2 Risk management elements |
|
|
Risk culture Most agencies have started to embed risk management into the culture of their organisation. But only some have successfully done so, and most agencies can improve their risk culture.
|
Conclusion Agencies can improve their risk culture by:
|
|
Risk registers and reporting Some agencies do not report their significant risks to their lead agency, which may impair the way resources are allocated in their cluster. Some agencies do not integrate risk registers at a divisional and whole-of-enterprise level. |
Conclusion Agencies not reporting significant risks at the cluster level increases the likelihood that significant risks are not being mitigated appropriately. |
Effective risk management can improve agency decision-making, protect reputations and lead to significant efficiencies and cost savings. By embedding risk management directly into their operations, agencies can also derive extra value for their activities and services.
Report on Education 2017
The Auditor-General, Margaret Crawford released her report on the results of the financial audits of agencies in the Education cluster. The report focuses on key observations and findings from the most recent audits of these agencies.
'I am pleased to report that unqualified audit opinions were issued on the financial statements for all agencies in the Education cluster', the Auditor-General said. 'The quality and timeliness of financial reporting remains strong'.
Justice 2017
The following report focuses on key observations and findings from the most recent audits of law and order and emergency services agencies in the Justice cluster.
No qualified audit opinions were issued on Justice agencies' financial statements. However, agencies that used the Department of Justice as their service provider experienced difficulties finalising their accounts. This was due to issues with the department’s implementation of a new financial accounting and reporting system and the continued establishment of its Business Support Centre. The Department is working to remediate the new finance system.
| Financial reporting | Unqualified audit opinions were issued for all agencies' 30 June 2017 financial statements. However, some agencies' year end financial reporting procedures were impacted by the implementation of a new finance system and processes at the Department. |
| Early Close | Early close procedures continue to help agencies present audited financial statements on time, but there is room for further improvement. |
| NSW Police Force Death and Disability Scheme | The cost of the NSW Police Force Death and Disability Scheme was higher than the statutory target. |
| Fire and Rescue NSW Death and Disability Scheme | The Fire and Rescue NSW Death and Disability Scheme liability was $179 million, but is projected to reach $257 million by 30 June 2022. |
| Internal Controls |
The Department experienced significant, but avoidable internal control issues in its payroll and finance functions following implementation of a new IT finance system (Justice SAP) and continued establishment of its Business Support Centre. We found 94 internal controls issues, including 28 findings repeated from the previous year. |
| Human Resources | Agencies have not met State targets for managing annual leave balances. |
2. Service Delivery
| Domestic violence reoffending | The Department reports decreases in domestic violence reoffending rates, but they remain above the Premier's target |
| Rates of reoffending | Adult reoffending rates remain above the State's priority target. Last year, more than half had returned to prison or Corrective Services within two years of release. The Department has introduced initiatives to reduce reoffending, but their impact will not be known for several years |
| Road Fatalities | New South Wales' road fatalities decreased slightly in 2016–17, but remains slightly above the State priority target.. |
| NSW crime trends | NSW Bureau of Crime statistics and Research data shows the trend in most crime categories in New South Wales has been better than national trends over the last five years. |
| Adult inmate numbers | Departmental data shows that NSW prisons remained overcrowded in 2016–17, but the rate of growth in inmate numbers slowed. |
| Adult inmate resources | Data from the Department and the Justice Heath and Forensic Mental Health Network shows inmate access to some resources and services has not kept pace with increases in prison populations. |
| NSW District Court case backlog | After falling last year, the backlog of cases in the NSW District Court again increased but the age of backlog cases decreased, according to Departmental data. |
| Hazard Reduction works | The Office of the NSW Rural Fire Service advise adverse weather conditions reduced the total hectares of completed hazard reduction works by 50.7 per cent in 2016–17 compared to 2015–16. |
Financial reporting is an important element of good governance. Confidence in public sector decision making and transparency is enhanced when financial reporting is accurate and timely. Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines audit observations, conclusions and recommendations for financial reporting and controls of Justice cluster agencies.
| Observation | Conclusion or recommendation |
| 2.1 Financial reporting | |
| Unqualified audit opinions were issued for all agencies' financial statements. | Unqualified audit opinions were issued for all agencies' 30 June 2017 financial statements. The Department and agencies that used the Department as their service provider, were impacted by the Department's Justice SAP, and Business Support Centre implementations. |
| 2.2 Timeliness of financial reporting | |
| Most agencies complied with the statutory timeframes for completion of early close procedures and preparation and audit of financial statements. | Early close procedures continue to facilitate the timely preparation of financial statements and completion of audits. Early close procedures for some agencies was diminished by the Department's Justice SAP and Business Support Centre implementations. |
| 2.3 Death and disability schemes | |
|
The cost of the NSW Police Blue Ribbon scheme reportedly decreased, but remains above the statutory target of 4.6 per cent of total NSW Police Officer's remuneration. The Fire and Rescue Death and Disability Scheme liability has almost doubled over the past five years. |
The Blue Ribbon Scheme cost $12.7 million or 10.4 per cent less in 2016–17 following an improvement in claims' experience. The was reflected in the cost of the scheme, which decreased from 6 per cent to 5.45 per cent of total NSW Police Officers’ remuneration. The Scheme’s liability was $179 million at 30 June 2017, almost double the $92 million recorded at 30 June 2013. A five-year period has been used due to the sensitivity of annual movements in the liability to changes in discount rates. According to Fire and Rescue NSW projections the liability will reach $257 million by 30 June 2022. |
| 2.5 Internal Controls | |
| There were significant payroll and general finance related issues resulting from the Department's Justice SAP system implementation and establishment of the Business Support Centre. | Recommendation: The Department should reinstate controls over financial information as soon as possible, and capture and apply lessons learned from recent project implementations, including LifeLink, in any relevant future implementations. |
| 2.7 Human Resources | |
| More than a third of Justice cluster employees have annual leave balances above the State's target. | Recommendation: Cluster agencies with annual leave balances above the State's target should proactively manage their leave balances. Particular focus should be given to employees who have taken little or no leave in the last 12 months. |
Achievement of government outcomes can be improved through effective delivery of the right mix of services, whether from the public, private or not for profit sectors. Service delivery reform will be most successful if there is clear accountability for service delivery outcomes, decisions are aligned to strategic direction and performance is monitored and evaluated.
The Justice cluster is an integrated cluster with key service delivery inter-dependencies. Achieving State priorities and ensuring communities are safe requires both upstream and downstream agencies to be adequately resourced. This is a delicate balance. Increases in frontline policing can subsequently impact the court system. Court backlogs can in turn increase prison overcrowding, and limit the opportunities for inmate rehabilitation. Failure to successfully rehabilitate prisoners and prevent reoffending could impact future police resourcing.
This chapter outlines our audit observations, conclusions and recommendations related to service delivery by agencies in the Justice cluster for 2016–17.
| Observation | Conclusion or recommendation |
| Data from the NSW Bureau of Crime Statistics and Research shows that domestic violence reoffending decreased from 15.9 per cent in 2014–15 to 15.5 per cent in 2015–16, but remains 4.8 percentage points above the Premier's target. | Reducing domestic violence reoffending is challenging. While there was a marginal improvement in 2015–16, the Justice cluster needs to continue efforts to reduce reoffending rates, if the Premier's priority target is to be met by 2019. |
| Productivity Commission data shows that in the year to 30 June 2016, 50.7 per cent of released prisoners had returned to prison and 55.1 per cent to Corrective Services, within two years of release. | There has been a consistent increase in reoffending rates over the last five years. Recommendation: The Department should reassess the sufficiency and effectiveness of measures aimed at reducing reoffending, including the recently announced initiatives, if the State priority target is to be met by 2019. A $237 million program to reduce reoffending was announced in August 2016. While new initiatives were introduced in 2016–17, their impact on reoffending rates will not be known for several years. |
| New South Wales' road fatalities per 100,000 people slightly exceeded the 2016–17 target. | Statistics from the NSW Centre for Road Safety shows that New South Wales' road fatalities decreased to 4.6 deaths per 100,000 people in 2016–17, slightly above the State priority target of 4.3 deaths. This is better than the 5.1 deaths recorded in 2015–16, but worse than the 4.0 deaths in 2014–15. |
| Between 31 December 2012 and 31 December 2016, the number of crimes has trended down in most crime categories, except for sexual assault, which has increased in each of the last five years. | The downward trend in most crime categories indicates the cluster is effectively achieving the State’s priority to prevent and reduce crime. However, the Department should assess whether the mix of offered programs is consistent with crime trends. |
| Department data shows that the NSW prison system remained overcrowded in 2016–17. Overcrowding of correctional centres can negatively impact all aspects of custodial life, and ultimately higher reoffending rates. |
Data from the Department shows that the inmate population reached 13,253, compared to an operational capacity of 13,402 beds on 27 August 2017. This equates to an operational vacancy rate of 1.1 per cent, which is significantly less than the recommended 5.0 per cent buffer. However, the rate of inmate growth slowed to 5.1 per cent, from 11.8 per cent in 2015–16. The Department should ensure that measures aimed at reducing reoffending are not compromised by continued overcrowding. Reoffending, will in the long term contribute to further overcrowding. |
| Adult inmate resources. | Inmate access to some resources and services has not kept pace with increases in prison populations, such as the ratio of nurses to inmates. In addition, Productivity Commission information on out-of-cell hours in 2015–16 shows New South Wales prisoners' average time out-of-cell of 7.8 hours was the lowest of any Australian jurisdiction. |
| After falling in 2015–16, the backlog of cases in the NSW District Court increased again in 2016–17. The age of cases however decreased in 2016–17 compared to 2015–16. | A working group which includes the Department and the Chief Judge of the District Court has identified a number of new measures to address the backlog. The Department needs to assess whether these measures will be sufficient, given that the backlog increased again in 2016–17. As noted in financial reporting and controls chapter, staffing levels in a number of just cluster agencies increased in 2016–17, in response to the backlog. |
| Department data shows the annual cost of a juvenile detainee decreased from $355,444 to $335,840 (5.5 per cent) in the three-year period between 2014–15 and 2016–17. | The Department has been analysing the Juvenile Justice division's operating costs in the context of declining custodial numbers, and has achieved some cost savings. The savings in part reflect decreases in the number of detainees. |
| The Office of the NSW Rural Fire Service data shows that completed hazard reduction works decreased in 2016–17. | The total hectares of completed hazard reduction works decreased 50.7 per cent in 2016–17 compared to 2015–16. The Office of the NSW Rural Fire Service attributes the decrease to adverse weather conditions during the peak burning period |
Agency compliance with NSW Government travel policies
Overall, agencies materially complied with NSW Government travel policies.
However, the Auditor-General found some agencies:
- did not always book official travel through the approved supplier
- had weaknesses in their travel approval processes
- had travel policies that were inconsistent with the NSW Government policy
- did not adequately manage their travel records.
We asked the 15 participating agencies to complete a self assessment of the processes they have implemented to comply with the new policy. The key observations are summarised below.
