Reports
Actions for Procurement management in Local Government
Procurement management in Local Government
The Auditor‑General for New South Wales, Margaret Crawford, released a report today examining procurement management in Local Government.
The audit assessed the effectiveness of procurement management practices in six councils. All six councils had procurement management policies that were consistent with legislative requirements, but the audit found compliance gaps in some councils. The audit also identified opportunities for councils to address risks to transparency and accountability, and to ensure value for money is achieved when undertaking procurement.
The Auditor‑General recommended that the Department of Planning, Industry and Environment review the Local Government (General) Regulation 2005 and publish updated and more comprehensive guidance on procurement management for the Local Government sector. The report also generated insights for the Local Government sector on opportunities to strengthen procurement practices.
Effective procurement is important in ensuring councils achieve their objectives, demonstrate value for money and deliver benefits to the community when purchasing goods and services. Procurement also comes with risks and challenges in ensuring the purchased goods and services deliver to expectations. The risks of fraud and conflicts of interest also need to be mitigated.
The legislative requirements related to procurement in the Local Government sector are focused on sourcing and assessing tender offers. These requirements are included in the Local Government Act 1993 (the Act), the Local Government Amendment Act 2019 (the Amendment), the Local Government (General) Regulation 2005 (the Regulation), the Tendering Guidelines for NSW Local Government 2009 (the Tendering Guidelines), the Government Information (Public Access) Act 2009 (the GIPA Act) and the State Records Act 1998.
General requirements and guidance relevant to councils are also available in the Model Code of Conduct for Local Councils in NSW 2018 (the Model Code), the NSW Government Procurement Policy Framework 2019 and in publications by the Independent Commission Against Corruption (ICAC).1
Individual councils have developed their own procurement policies and procedures to expand on the legislative requirements. Understandably, these vary to reflect each council’s location, size and procurement needs. Nevertheless, the general principles of effective procurement management (such as transparency and accountability) and risk-mitigating practices (such as segregation of duties and the provision of training) are relevant to all councils.
The Audit Office of New South Wales Report on Local Government 2018 provided a sector-wide summary of aspects of procurement management in Local Government (see Section 2.1 of this report). This audit builds on this state-wide view by examining in detail the effectiveness of procurement management practices in six councils. This report also provides insights on opportunities to strengthen procurement management in the sector.
The selected councils for this audit were Cumberland City Council, Georges River Council, Lockhart Shire Council, Tweed Shire Council, Waverley Council and Wollongong City Council. They were selected to provide a mix of councils of different geographical classifications, sizes, priorities and levels of resourcing.
All six councils had procurement management policies and procedures that were consistent with the legislative requirements for sourcing and assessing tender offers. Their policies and procedures also extended beyond the legislative requirements to cover key aspects of procurement, from planning to completion. In terms of how these policies were applied in practice, the six councils were mostly compliant with legislative requirements and their own policies and procedures, but we found some gaps in compliance in some councils and made specific recommendations on closing these gaps.
There were also opportunities for councils to improve procurement management to mitigate risks to transparency, accountability and value for money. Common gaps in the councils’ procurement management approaches included not requiring procurement needs to be documented at the planning stage, not providing adequate staff training on procurement, not requiring procurement outcomes to be evaluated, and having discrepancies in contract values between contract registers and annual reports. These gaps expose risks to councils’ ability to demonstrate their procurements are justified, well managed, delivering to expectations, and achieving value for money. Chapter three of this report provides insights for the audited councils and the Local Government sector on ways to address these risks
Recommendations
- By June 2022, the Department of Planning, Industry and Environment should:
- publish comprehensive and updated guidance on effective procurement practices – including electronic tender submissions and procurements below the tender threshold
- review and update the Local Government (General) Regulation 2005 to reflect the increasing use of electronic tender submissions rather than paper copies.
- By December 2021, the six audited councils should consider the opportunities to improve procurement management in line with the improvement areas outlined in chapter three of this report.
- Cumberland City Council should immediately:
- ensure contract values are consistent between the contract register and the annual report
- introduce procedures to ensure supplier performance reviews are conducted as per the council’s policy
- Georges River Council should immediately:
- ensure contract values are consistent between the contract register and the annual report
- introduce procedures to ensure all the steps up to the awarding of a contract are documented as per the council’s policy
- introduce procedures to ensure outcome evaluations are conducted as per the council’s policy.
- Lockhart Shire Council should immediately:
- include additional information in the council’s contract register to ensure compliance with Section 29(b), (f), (g), (h) and (i) of the GIPA Act
- ensure contract values are consistent between the contract register and the annual report.
- Waverley Council should immediately ensure contracts are disclosed in the annual report as per Section 217(1)(a2) of the Regulation.
While all six councils had procurement policies in place and were generally compliant with legislative requirements, this report has identified common gaps in processes and practices that expose risks to transparency, accountability and value for money.
This section discusses how councils can mitigate risks and ensure the best outcomes are achieved from their procurements.
Documented justification of procurement needs
The ICAC notes that determining what goods and services an agency requires is the first step of procurement, and the scope for corruption in how need is determined is significant. Without documenting how procurement needs have been justified, councils cannot demonstrate that they fulfill business needs, nor how the procurements may link to the councils’ strategic plans to deliver to the community.
This audit found that none of the six councils’ policies required them to document justification of procurement needs, and none did so consistently in practice. Councils can address this gap by building into their procurement planning process a requirement for staff to document the justification of procurement needs. For higher value procurements, this could be extended to include analysis of options, an assessment of risks and defining intended outcomes. Similarly, clearly establishing and documenting how relevant procurements relate to a council’s community strategic plans or operational plans helps ensure transparency.
Although a formal business case may not be required for many procurements (for example, low-value procurements or routine replacements), some form of documented justification for the expenditure should still be kept on record to demonstrate that the procurement relates to business purposes and is needed.
Segregation of duties
Segregation of duties is an effective control for reducing risks of error, fraud and corruption in procurement. It works on the principle that one person should not have end-to-end control of a procurement. Effective segregation of duties also often involves managerial or independent oversight that is built into the process. Four of the audited councils (Cumberland City Council, Georges River Council, Lockhart Shire Council and Wollongong City Council) appropriately addressed segregation of duties in their procurement frameworks. For example:
-
All procurements in Cumberland City Council required a delegated officer’s approval before commencing, and the requisitioning department is responsible for ensuring the completion of the goods, works or services associated with each contract. For contracts over $50,000, a specific ‘Authority to Procure’ form had to be completed by the requesting staff, signed by an approver and then forwarded to the procurement team.
- Reflecting its small size, all procurements in Lockhart Shire Council were managed by one senior staff member. Nevertheless, this staff member had to bring contract management plans to the rest of the Executive Leadership Team for review and discussion, with large contracts such as those above the tender threshold referred to Council for approval.
The ICAC notes that segregation of duties helps to control discretion, which has particular risk implications for some types of procurement.2 This includes those involving low-value and high-volume transactions, restricted tenders, long-standing procurements and ‘pet projects’ (projects advocated by individual staff members). In cases where corruption risks are low, ICAC notes that monitoring staff’s involvement in procurement may be a cost-effective alternative to total segregation of duties.
Assessment of supplier performance
Councils need to monitor and assess supplier performance to ensure suppliers deliver the goods and services as agreed. The audit found that all six councils consistently monitored progress in capital works and for externally funded projects. Contract monitoring in these cases included ensuring timelines, funding, and legislative requirements were met. This is positive, as capital works made up the bulk of procurements (in terms of volume) in all of the audited councils.
That said, in all six councils, the level of scrutiny was lower for other types of procurements, and there is scope for improvement. For instance, the approach to monitoring capital works or externally funded projects could be replicated across other procurements of a similar nature and value. Conducting assessments and keeping records of supplier performance on all procurements does not need to be onerous, but instead provides useful information to inform future decision-making—including by helping ensure supplier pricing remains competitive, and avoiding re-engaging underperforming suppliers.
The NSW Government Procurement Policy Framework requires that NSW Government agencies establish systems and processes jointly with the suppliers to ensure compliance with contract terms and performance requirements. It also advises that agencies should drive continuous improvement and encourage innovation in coordination with suppliers and key stakeholders.
Centralised contract register
Centrally registering a contract provides improved transparency of procurement activities and facilitates monitoring and compliance checks. While councils are already required to maintain a contract register for all contracts above the reporting threshold (as per the GIPA Act), given the threshold is set at a relatively high benchmark ($150,000), there is merit in councils extending the practice to procurements below the reporting threshold. A central and comprehensive register of contracts helps avoid duplication of procurements and re-contracting of underperforming suppliers.
Three of the audited councils (Georges River Council, Tweed Shire Council and Wollongong City Council) had contract register policies that applied to procurements below the reporting threshold during the audited period. For example, Georges River Council required contracts valued at $10,000 or above to be registered with the procurement team, and Tweed Shire Council had a threshold of $50,000.
Evaluation of community outcomes and value for money
Councils may be progressing procurements to fulfill their strategic and business plans, or using them to fulfill commitments to the community. In these instances, outcomes evaluation is an important way to demonstrate to the community that the intended benefits and value for money have been delivered.
Five of the six audited councils did not require evaluations of community outcomes and value for money. While Georges River Council required contracts valued at $50,000 or more to be monitored, evaluated and reported on at least annually throughout the contract and also at its conclusion, in the procurements we examined the only ‘outcome evaluations’ that the council had conducted were community surveys that did not refer to individual procurements. Councils can miss opportunities to understand the impact of their work on the local community if evaluations of procurement outcomes are not completed. Evaluation findings are also valuable in guiding future resource allocation decisions.
Value for money in the procurement of goods and services is more than just having the specified goods delivered or services carried out. The NSW Government Procurement Policy Framework requires that state government agencies track and report benefits to demonstrate how value for money is being delivered. The framework notes that value for money is not necessarily the lowest price, nor the highest quality good or service, but requires a balanced assessment of a range of financial and non-financial factors, such as: quality, cost, fitness for purpose, capability, capacity, risk, total cost of ownership or other relevant factors.
Procurement training
Effective procurement management relies on the capability of staff involved in various stages of the process. Guidance can be provided through training, which is an important element of any procurement management framework. It ensures that staff members are aware of the councils' policies and procedures. If structured appropriately and provided in a timely manner, training can help to standardise practices, ensure compliance, reduce chances of error, and mitigate risks of fraud or corruption.
The ICAC notes that effective procurement management depends on the competence of staff undertaking procurements and the competence of those who oversee procurement activities. As the public sector is characterised by varying levels of procurement expertise, the ICAC notes that the sector would benefit from a structured approach to training and the application of minimum standards.3
At the time of this audit, only Wollongong City Council addressed staff training requirements in its procurement management framework. Exhibit 8 details its approach.
|
|
|
|
Two of the audited councils have now also introduced procurement training:
- Georges River Council implemented online training, which is mandatory for new staff and serves as refresher training for existing staff. The council also provides in-person training for selected staff (covering contract management, contract specification writing and contractor relationship management) and has developed quick reference cards for all staff to increase awareness of the council's procurement processes.
- Tweed Shire Council implemented mandatory online training for all staff members. The training covers the council's procurement policy and protocol as well as relevant legislation. It is linked to relevant council documents such as the Procurement Toolkit on the council's intranet, and includes a quiz for which training participants must score at least 80 per cent to have the training marked as completed.
Appendix one – Responses from councils and the Department of Planning, Industry and Environment
Appendix two – Councils’ procurement contracts
Appendix three – About the audit
Appendix four – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #345 - released 17 December 2020
Actions for Transport 2020
Transport 2020
1. Financial Reporting |
|
Audit opinion | Unmodified audit opinions issued for the financial statements of all Transport cluster entities. |
Quality and timeliness of financial reporting | All cluster agencies met the statutory deadlines for completing the early close and submitting the financial statements. Transport cluster agencies continued to experience some challenges with accounting for land and infrastructure assets. The former Roads and Maritime Services and Sydney Metro recorded prior period corrections to property, plant and equipment balances. |
Impact of COVID-19 on passenger revenue and patronage | Total patronage and revenue for public transport decreased by approximately 18 per cent in 2019–20 due to COVID-19. The Transport cluster received additional funding from NSW Treasury during the year to support the reduced revenue and additional costs incurred such as cleaning on all modes of public transport and additional staff to manage physical distancing. |
Completion of the CBD and South East Light Rail | The CBD and South East Light Rail project was completed and commenced operations in this financial year. At 30 June 2020, the total cost of the project related to the CBD and South East Light Rail was $3.3 billion. Of this total cost, $2.6 billion was recorded as assets, whilst $700 million was expensed. |
2. Audit Observations |
|
Internal control | While internal controls issues raised in management letters in the Transport cluster have decreased compared to the prior year, control weaknesses continue to exist in access security for financial systems. We identified 56 management letter findings across the cluster and 43 per cent of all issues were repeat issues. The majority of the repeat issues relate to information technology controls around user access management. There were three high risk issues identified - two related to financial reporting of assets and one for implementation of TAHE (see below). |
Agency responses to emergency events | Transport for NSW established the COVID-19 Taskforce in March 2020 to take responsibility for the overall response of planning and coordination for the Transport cluster. It also implemented the COVIDSafe Transport Plan which incorporates guidance on physical distancing, increasing services to support social distancing and cleaning. |
RailCorp transition to TAHE | On 1 July 2020, RailCorp was renamed Transport Asset Holding Entity of New South Wales (TAHE) and converted to a for-profit statutory State-Owned Corporation. TAHE is a commercial for-profit Public Trading Entity with the intent to provide a commercial return to its shareholders. A plan was established by NSW Treasury to transition RailCorp to TAHE which covered the period 1 July 2015 to 1 July 2019. A large portion of the planned arrangements were not implemented by 1 July 2020. As at the time of this report, the TAHE operating model, Statement of Corporate Intent (SCI) and other key plans and commercial agreements are not finalised. The State Owned Corporations Act 1989 generally requires finalisation of an SCI three months after the commencement of each financial year. However, under the Transport Administration Act 1988, TAHE received an extension from the voting shareholders, the Treasurer and Minister for Finance and Small Business, to submit its first SCI by 31 December 2020. In accordance with the original plan, interim commercial access arrangements were supposed to be in place with RailCorp prior to commencement of TAHE. Under the transitional arrangements, TAHE is continuing to operate in accordance with the asset and safety management plans of RailCorp. The final operating model is expected to include considerations of safety, operational, financial and fiscal risks. This should include a consideration of the potential conflicting objectives of a commercial return, and maintenance and safety measures. This matter has been included as a high risk finding in our management letter due to the significance of the financial reporting impacts and business risks for TAHE. Recommendation: TAHE management should:
Resolution of the above matters are critical as they may significantly impact the financial reporting arrangements for TAHE for 2020–21, in particular, accounting policies adopted as well as measurement principles of its significant infrastructure asset base. |
Completeness and accuracy of contracts registers | Across the Transport cluster, contracts and agreements are maintained by the transport agencies using disparate registers. Recommendation (repeat): Transport agencies should continue to implement a process to centrally capture all contracts and agreements entered. This will ensure:
|
This report provides parliament and other users of the Transport cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- the impact of emergencies and the pandemic.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Transport cluster for 2020, including any financial implications from the recent emergency events.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our:
- observations and insights from our financial statement audits of agencies in the Transport cluster
- assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies.
Section highlights
|
Appendix one – List of 2020 recommendations
Appendix two – Status of 2019, 2018 and 2017 recommendations
Appendix three – Management letter findings
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Education 2020
Education 2020
The Auditor-General for New South Wales, Margaret Crawford, released a report today titled Education 2020. This report focuses on key observations and findings from the most recent audits of agencies in the Education cluster.
Unqualified audit opinions were issued for all cluster agencies’ financial statements. However, internal control deficiencies were identified across the cluster agencies, including deficiencies in the management of purchasing cards and 15 internal control issues that were repeated from the previous year.
The 2019–20 natural disasters caused widespread damage in both Northern and Southern NSW. The COVID‑19 pandemic further challenged agencies, requiring social distancing and other infection control measures which disrupted the traditional means of teaching students. Agencies have adjusted their operations to respond to these emergency events.
The TAFE Commission’s revenues 2019–20 were impacted by the pandemic. Lower enrolments and an increase in fee-free short courses offered during the year contributed to the result.
This report analyses the results of our audits of financial statements of entities within the Education cluster for the year ended 30 June 2020. The table below summarises our key observations and recommendations.
1. Financial reporting
Audit opinions | Unqualified audit opinions were issued for all cluster agencies' 30 June 2020 financial statements audits. |
New accounting standards |
Agencies implemented three new accounting standards during the year. Our financial statement audits of the Department of Education (the Department) and NSW Education Standards Authority (NESA) identified issues with the leasing information provided by Property NSW (PNSW). Despite the outsourcing arrangement, both the Department and NESA remain ultimately responsible for the completeness and accuracy of this information, which would have benefited from a more thorough quality assurance, validation and review process before they placed reliance upon it. Recommendation: We recommend the Department and NESA:
|
Changes were made to the financial reporting requirements this year to account for the impact of the pandemic |
Emergency legislation was enacted during the year in response to the COVID-19 pandemic. The legislation revised the statutory reporting deadlines for agencies to submit their financial statements and allowed the Treasurer to continue authorising payments from the consolidated fund until the enactment of the 2020–21 budget. All cluster agencies prepared their financial statements on a going concern basis and submitted their financial statements within the revised statutory deadlines. The State provided $159.0 million in stimulus funding to support the operations of cluster agencies during emergency events. Nearly half of this funding was to support cleaning activities by the Department and the Technical and Further Education Commission (the TAFE Commission) during the COVID-19 pandemic. |
Quality and timeliness of financial reporting |
The number of monetary misstatements identified in agencies' financial statements decreased to 14 (23 in 2018–19). While the number of corrections made to the financial statements after the submission date increased to eight (two in 2018–19), it is important to note these corrections provide parliament and other users of the financial statements increased confidence in the accuracy and presentation of agencies' performance and financial position. |
Sustainability of cluster agencies | The TAFE Commission's enrolments declined, and operating margins reduced, both being impacted by the COVID-19 pandemic. |
2. Audit observations
Internal control deficiencies |
We identified 33 internal control issues, including 15 findings that were repeated from previous years. A high-risk issue was reported at the Department relating to the inadequate monitoring and follow up of privileged user activity in its enterprise resource planning system – SAP. Repeat findings relate to ongoing deficiencies in information technology controls and management policies, practices and procedures. Recommendation: Cluster agencies should:
|
Agency responses to emergency events |
The Department established a separate bushfire relief directorate and COVID-19 Taskforce to assist and support school communities in response to recent emergencies. Other cluster agencies have established committees or response teams to oversee and address all aspects of the impact of COVID-19. |
Schools review 2019 | We continue to identify instances of non-compliance in relation to cash management and procurement at schools. |
Use of purchasing cards at the Department of Education |
Since 2015, the NSW Government has encouraged the use of purchasing cards by public sector agencies. Purchasing cards are efficient to transact low value, high volume procurement of goods and services, but the use must be effectively monitored. Our review of the Department's purchasing cards identified weaknesses in its oversight and monitoring controls, including the issue and cancellation of purchasing cards Opportunities exist for the Department to better monitor card use. Tools such as data analytics are an efficient and effective detective control to identify irregular activity or misuse by cardholders. Recommendation: The Department should:
|
This report provides parliament and other users of the Education cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- the impact of emergencies and the COVID-19 pandemic.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
The COVID-19 Legislation Amendment (Emergency Measures–Treasurer) Act 2020 amended legislation administered by the Treasurer to implement further emergency measures as a result of the COVID-19 pandemic. These amendments:
- allowed the Treasurer to authorise payments from the consolidated fund until the enactment of the 2020–21 budget – supporting the going concern assessments of cluster agencies
- revised budgetary, financial and annual reporting time frames – impacting the timeliness of financial reporting
- exempted certain statutory bodies and departments from preparing financial statements.
This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster for 2020, including any financial implications from the recent emergency events.
Section highlightsUnqualified audit opinions were issued on the financial statements of cluster agencies.
All cluster agencies met the revised statutory deadlines for completing early close procedures and submitting their financial statements. Emergency legislation allowing the Treasurer to continue authorising payments from the consolidated fund under the existing Appropriations Act enabled cluster agencies to prepare financial statements on a going concern basis.
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our:
- observations and insights from our financial statement audits of agencies in the Education cluster. It also comments on our review of elements of the financial control framework applied by schools in NSW whose financial results form part of the Department of Education's (the Department) financial statements.
- assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies.
Section highlights
|
Appendix one – List of 2020 recommendations
Appendix two – Status of 2019 and 2018 recommendations
Appendix three – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Internal controls and governance 2020
Internal controls and governance 2020
The Auditor-General for New South Wales, Margaret Crawford today released her report on the findings and recommendations from the 2019–20 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector.
The bushfire and flood emergencies and the COVID‑19 pandemic continue to have a significant impact on the people and public sector of New South Wales. The scale of the government response to these events has been significant. The report focuses on the effectiveness of internal controls and governance processes, including relevant agencies’ response to the emergencies. In particular, the report focuses on:
- financial and information technology controls
- business continuity and disaster recovery planning arrangements
- procurement, including emergency procurement
- delegations that support timely and effective decision-making.
Due to the ongoing impact of COVID‑19 agencies have not yet returned to a business‑as‑usual environment. ‘Agencies will need to assess their response to the recent emergencies and update their business continuity, disaster recovery and other business resilience frameworks to reflect the lessons learnt from these events’ the Auditor-General said.
The report noted that special procurement provisions were put in place to allow agencies to better respond to the COVID-19 pandemic. The Auditor-General recommended agencies update their procurement policies to reflect the current requirements of the NSW Procurement Framework and the emergency procurement requirements.
This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2020. These 40 agencies constitute an estimated 85 per cent of total expenditure for all NSW public sector agencies.
1. Internal control trends
New, repeat and high risk findings |
Internal control deficiencies increased by 13 per cent compared to last year. This is predominately due to a seven per cent increase in new internal control deficiencies and 24 per cent increase in repeat internal control deficiencies. There were ten high risk findings compared to four last year. The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies. Agencies should:
|
Common findings |
A number of findings remain common across multiple agencies over the last four years, including:
|
2. Information technology controls
IT general controls |
We found deficiencies in information security controls over key financial systems including:
The deficiencies above increase the risk of non-compliance with the NSW Cyber Security Policy, which requires agencies to have processes in place to manage user access, including privileged user access to sensitive information or systems and remove that access once it is not required or employment is terminated. |
3. Business continuity and disaster recovery planning
Assessing risks to business continuity and Scenario testing |
The response to the recent emergencies and the COVID-19 pandemic has encompassed a wide range of activities, including policy setting, on-going service delivery, safety and availability of staff, availability of IT and other systems and financial management. Agencies were required to activate their business continuity plans in response, and with the continued impact of COVID-19 have not yet returned to a business-as-usual environment. Our audits focused on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic. We identified deficiencies in agency business continuity and disaster recovery planning arrangements. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities. Agencies can also improve the content of their BIA. For example, ten per cent of agencies' BIAs did not include recovery time objectives and six per cent of agencies did not identify key IT systems that support critical business functions. Scenario testing improves the effectiveness with which a live crisis is handled, but 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. There were also opportunities to improve the effectiveness of scenario testing exercises by:
Agencies have responded to the recent emergencies but addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required. During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'. |
Responding to disruptions |
We found agencies' governance functions could have been better informed about responses to disruptive incidents that had activated a business continuity or disaster recovery response between 1 January 2019 to 31 December 2019. For instance: in 89 per cent of instances where a business continuity response was activated, a post-incident review had been performed. In 82 per cent of these instances, the outcomes were reported to a relevant governance or executive management committee in 95 per cent of instances where a disaster recovery response was activated, a post incident review had been performed. In 86 per cent of these instances, the outcomes were reported to a relevant governance committee or executive management committee. Examples of recorded incidents included extensive air quality issues and power outages due to bushfires, system and network outages, and infected and hijacked servers. Agencies should assess their response to the recent emergencies and the COVID-19 pandemic and update business continuity, disaster recovery and other business resilience frameworks to incorporate lessons learned. Agencies should report to those charged with governance on the results and planned actions. |
Management review and oversight | Eighty-two per cent and 86 per cent of agencies report to their audit and risk committees (ARC) on their business continuity and disaster recovery planning arrangements, respectively. Only 18 per cent and five per cent of ARCs are briefed on the results of respective scenario testing. Briefing ARCs on the results of scenario testing exercises helps inform their decisions about whether sound and effective business continuity and disaster recovery arrangements have been established. |
4. Procurement, including emergency procurement
Policy framework |
Agency procurement policies did not capture the requirements of several key NSW Procurement Board Directions (the Directions), increasing the risk of non-compliance with the Directions. We noted:
Recommendation: Agencies should review their procurement policies and guidelines to ensure they capture the key requirements of the NSW Government Procurement Policy Framework, including NSW Procurement Board Directions. |
Managing contracts |
Eighty-eight per cent of agencies maintain a central contract register to record all details of contracts above $150,000, which is a requirement of GIPA legislation. Of the agencies that maintained registers, 13 per cent did not capture all contracts and eight per cent did not include all relevant contract details. Sixteen per cent of agencies did not periodically review their contract register. Timely review increases compliance with GIPA legislation, and enhances the effectiveness with which procurement business units monitor contract end dates, contract extensions and commence new procurement. |
Training and support |
Ninety-three per cent of agencies provide training to staff involved in procurement processes, and a further 77 per cent of agencies provide this training on an on-going basis. Of the seven per cent of agencies that had not provided training to staff, we noted gaps in aspects of their procurement activity, including:
Training on procurement activities ensures there is effective management of procurement processes to support operational requirements, and compliance with procurement directions. |
Procurement activities | While agencies had implemented controls for tender activities above $650,000, 43 per cent of unaccredited agencies did not comply with the NSW Procurement Policy Framework because they had not had their procurement endorsed by an accredited agency within the cluster or by NSW Procurement. This endorsement aims to ensure the procurement is properly planned to deliver a value for money outcome before it commences. |
Emergency procurement |
As at 30 June 2020, agencies within the scope of this report reported conducting 32,239 emergency procurements with a total contract value of $316,908,485. Emergency procurement activities included the purchase of COVID-19 cleaning and hygiene supplies. The government, through NSW Procurement released the 'COVID-19 Emergency procurement procedure', which relaxed procurement requirements to allow agencies to make COVID-19 emergency procurements. Our review against the emergency procurement measures found most agencies complied with requirements. For example:
Complying with the procedure helps to ensure government resources are being efficiently, effectively, economically and in accordance with the law. Recommendation: Agency procurement frameworks should be reviewed and updated so they can respond effectively to emergency situations that may arise in the future. This includes:
|
5. Delegations
Instruments of delegation |
We found that agencies have established financial and human resources delegations, but some had not revisited their delegation manuals following the legislative and machinery of government changes. For those agencies impacted by machinery of government changes we noted:
Delegations manuals are not always complete; 16 per cent of agencies had no delegation for writing off bad debts and 26 per cent of agencies had no delegation for writing off capital assets. Recommendation: Agencies should ensure their financial and human resources delegation manuals contain regular set review dates and are updated to reflect the Government Sector Finance Act 2018, machinery of government changes and their current organisational structure and roles and responsibilities. |
Compliance with delegations |
Agencies did not understand or correctly apply the requirements of the Government Sector Finance Act 2018 (GSF Act), resulting in non-compliance with the Act. We found that 18 per cent of agencies spent deemed appropriations without obtaining an authorised delegation from the relevant Minister(s), as required by sections 4.6(1) and 5.5(3) of the GSF Act. Further detail on this issue will be included in our Auditor-General's Reports to Parliament on Central Agencies, Education, Health and Stronger Communities, which will be tabled throughout December 2020. Recommendation: Agencies should review financial and human resources delegations to ensure they capture all key functions of laws and regulations, and clearly specify the relevant power or function being conferred on the officer. |
6. Status of 2019 recommendations
Progress implementing last year's recommendations |
Recommendations were made last year to improve transparency over reporting on gifts and benefits and improve the visibility management and those charged with governance had over actions taken to address conflicts of interest that may arise. This year, we continue to note:
While we acknowledge the significance of the recent emergencies, which have consumed agency time and resources, we note limited progress has been made implementing these recommendations. Further detail on the status of implementing all recommendations is in Appendix 2. Recommendation: Agencies should re-visit the recommendations made in last year's report on internal controls and governance and action these recommendations. |
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.
Section highlights We identified ten high risk findings, compared to four last year with two findings repeated from the previous year. There was an overall increase of 13 per cent in the number of internal control deficiencies compared to last year due to a seven per cent increase in new internal control deficiencies, and a 24 per cent increase in repeat internal control deficiencies. The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies. We identified a number of findings that remain common across multiple agencies over the last four years. Some of these findings related to areas that are fundamental to good internal control environments and effective organisational governance. Examples include:
Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.
Section highlights Government agencies’ financial reporting is heavily reliant on information technology (IT). We continue to see a high number of deficiencies related to IT general controls, particularly those related to user access administration. These controls are key in adequately protecting IT systems from inappropriate access and misuse. IT is also important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our financial audits do not review all agency IT systems. For example, IT systems used to support agency service delivery are generally outside the scope of our financial audit. However, agencies should also consider the relevance of our findings to these systems. Agencies need to continue to focus on assessing the risks of inappropriate access and misuse and the implementation of controls to adequately protect their systems, focussing on the processes in place to grant, remove and monitor user access, particularly privileged user access. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency business continuity and disaster recovery planning arrangements.
Section highlights We identified deficiencies in agency business continuity and disaster recovery planning arrangements and opportunities for agencies to enhance their business continuity management and disaster recovery planning arrangements. This will better prepare them to respond to a disruption to their critical functions, resulting from an emergency or other serious event. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities and 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. Scenario testing improves the effectiveness with which a live crisis is handled. This section focusses on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic. While agencies have responded to the recent emergencies, proactively addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required. During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of procurement agency procurement policies and procurement activity.
Section highlights We found agencies have procurement policies in place to manage procurement activity, but the content of these policies was not sufficiently detailed to ensure compliance with NSW Procurement Board Directions (the Directions). The Directions aim to ensure procurement activity achieves value for money and meets the principles of probity and fairness. Agencies have generally implemented controls over their procurement process. In relation to emergency procurement activity, agencies reported conducting 32,239 emergency procurements with a total contract value of $316,908,485 up to 30 June 2020. Our review of emergency procurement activity conducted during 2019–20 identified areas where some agencies did not fully comply with the 'COVID-19 Emergency procurement procedure'. We also found not all agencies are maintaining complete and accurate contract registers. This not only increases the risk of non-compliance with GIPA legislation, but also limits the effectiveness of procurement business units to monitor contract end dates, contract extensions and commence new procurement in a timely manner. We noted instances where agencies renewed or extended contracts without going through a competitive tender process during the year. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency compliance with financial and human resources delegations.
Appendix one – List of 2020 recommendations
Appendix two – Status of 2019 recommendations
Appendix three – Cluster agencies
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Credit card management in Local Government
Credit card management in Local Government
The Auditor-General for New South Wales, Margaret Crawford, released a report today examining credit card management in Local Government.
The audit was in response to a letter from the then Minister for Local Government in November 2018. The audit assessed the effectiveness of credit card management practices in six councils, including in the areas of policies, procedures, compliance and monitoring.
The audit found that all six councils had gaps in their credit card policies and procedures. The Auditor-General recommended that the Department of Planning, Industry and Environment publish guidelines on credit card management for the Local Government sector. The report also generated insights for the Local Government sector with respect to credit card management.
In 2018–19, all councils responding to an Audit Office survey (representing over 90 per cent of the sector) indicated they issued credit cards to staff members to make work-related purchases. As there are no sector-wide requirements or policies for credit card use and management in Local Government, councils have developed their credit card management frameworks to suit their own needs. The quality of credit card policies and procedures may therefore vary across the sector.
Credit cards are an efficient means of payment, especially for low-value purchases. Compared to the use of petty cash, credit card transactions provide better transparency and accountability for expenditure. By using credit cards, councils only need to make one payment each month, which can reduce the time spent on paying separate vendors, as in the case of purchase orders.
This audit assessed the effectiveness of credit card management practices in six councils: Dubbo Regional Council, Junee Shire Council, Lane Cove Council, Nambucca Valley Council, Penrith City Council and Shellharbour City Council. The councils selected represent a mix of rural, regional and metropolitan councils. They were also among the top ten users of credit cards within their geographical classification, in terms of the number of credit cards issued or the number of transactions per credit card.
This audit referenced the NSW Treasury's Policy and Guidelines Paper TPP17–09 'Use and Management of NSW Government Purchasing Cards', as its principles and recommendations for NSW Government agencies are relevant for councils.
The Audit Office of New South Wales Report on Local Government 2019 provided a high-level overview of credit card management across the sector. While over 90 per cent of councils reported that they had a credit card policy and a credit card acquittal process, the quality of these policies and procedures may vary across the sector as there is no standardised or recommended approach to credit card management for Local Government. This audit complements the Report on Local Government 2019 by providing a detailed discussion of the effectiveness of credit card management practices in councils.
Audit conclusionAll six audited councils had important gaps in their credit card policies and procedures. Their reconciliation of credit card transactions needs to be enhanced to enable detection of potential misuse or fraud.
The audit found important gaps in each of the six audited councils' credit card management practices. Their policies and procedures covered the essential aspects of credit card use and management, but a lack of coverage or clarity in some areas could lead to inconsistent and inappropriate use of credit cards. These areas included: eligibility to hold a credit card, aligning credit card limits with financial delegations, and the reconciliation procedures.
While all six councils conducted reconciliations of credit card transactions, the processes need to be enhanced to enable detection of potential misuse or fraud. Reconciliations had focused solely on verifying receipts, and did not require evidence of business-related purposes, even for transactions such as alcohol purchases or spending at entertainment venues. Five of the six councils also did not include compliance checks in their reconciliation process, such as checking that purchases were not for restricted items.
The level of senior management involvement in monitoring credit card use varied across the six councils. Three of the six councils did not generate regular reports for management oversight. Five of the six councils had no plans for internal audits or targeted reviews of credit card management and use.
|
Council staff provided with a credit card can purchase from a wide range of businesses, including online transactions with overseas vendors. However, councils may limit the types of purchases that staff can make through their policies and procedures or by setting controls that block certain transaction types such as cash advances. To examine credit card usage, the audit obtained credit card transaction data from 1 July 2016 to 30 June 2019 for the six councils in this review. The data included:
- transaction date
- amount
- merchant category code (MCC)
- merchant name.
The audit analysed the number and value of transactions by each council, and the types of purchases made using credit cards.
The existence of a documented approach to managing credit cards ensures transparency and consistency of use within the council. A credit card management framework that contains preventative and detective controls can also minimise risks of fraud, misuse and wastage.
There is no prescribed credit card management framework for Local Government, but typical components of a credit card management framework include:
- policies and procedures
- guidance for staff
- monitoring and reporting.
With no detailed guidance notes similar to those in TPP17–09 for NSW Government, councils have developed their own credit card management framework based on their size, structure, resources and intended credit card usage. For instance, the size of a council has implications for the number of credit cards issued, which in turn influences the arrangements for training and guidance provided to cardholders and approvers.
The intended level of credit card usage may determine whether a council adopts a manual or electronic credit card management system and councils should identify the system that best meets their needs. For instance, a council with few credit cards may not be able to justify investment in an electronic system. On the other hand, a manual system may only be viable for councils with a low number of credit cards and a low number of transactions.
Among the six councils audited, the three councils with fewer cards and a lower number of transactions had a manual credit card management system, while the three councils with more cards and a higher number of transactions used an electronic system.
Exhibit 10 summarises the six councils' policies on use of credit cards.
Council | Audit Office classification | Number of staff (full-time equivalent) | Number of credit cards issued (current at August 2019) | Policy on credit card use |
Dubbo Regional Council | Regional | 453 | 77 | Purchase cards are used for official council business up to $5,000 and the policy allows cardholders to delegate the use of their purchase cards to other staff members. |
Junee Shire Council | Rural | 71 | 1 | Corporate credit cards are for council business activities and minor purchases where a purchase order is not accepted. Items that can be purchased via a purchase order should not be purchased on a corporate credit card. |
Lane Cove Council | Metropolitan | 192 | 6 | Corporate credit cards are for official council business, but should not be used when there is an alternative form of payment that aligns with the council's purchasing process. |
Nambucca Valley Council | Rural | 110 | 37 | Purchase cards are used for the payment of goods and services associated with council businesses. |
Penrith City Council | Metropolitan | 1,031 | 167 | Purchase cards are used for ‘low value and low risk procurement of goods and services’, while corporate cards are held by senior staff for ‘non-routine low value work related purchases’. |
Shellharbour City Council | Regional | 372 | 65 | Credit cards are for purchases up to $9,999 and the preferred payment method for transactions under $1,000. |
While it is important for councils to have an established credit card management framework, it is equally important that they ensure compliance in practice. This chapter examines councils' credit card management practices – how well staff members were complying with policies and procedures, and how effective their credit card controls were. The chapter is structured to cover:
- preventative controls (embedded in the issuance, use and cancellation of cards) that prevent fraud and misuse
- detective controls (embedded in reconciliation and record keeping) that assist in detecting fraud and misuse.
Where ineffective credit card management practices are identified, councils should reflect on whether they need to more closely monitor compliance, or whether there are fundamental deficiencies in their policies and procedures that need to be refined.
Dubbo Regional Council had gaps in its credit card policy and procedures. It allowed cardholders to share their credit card with other staff members, which complicated credit card management, increased the risk of misuse and fraud, and breached its agreement with the credit card issuer. The council's reconciliation of credit card transactions needs to be enhanced to ensure it can review compliance with policy and detect potential misuse or fraud.Dubbo Regional Council had 77 credit cards at the time of the audit. The council's policy on credit card sharing violated its agreement with the card issuer that each credit card should be for the respective cardholder's use only. Credit card sharing also increases the risk of misuse and fraud. The council's credit card policy and procedures lacked clarity in several areas. The eligibility criteria were broad and there was a risk of inconsistency in granting approvals, especially since the council gave approval delegations to multiple senior staff members. The policy and procedures also lacked guidance on the reconciliation of the general manager's credit card and the management of Cabcharge. The audit identified gaps in the council's credit card management practices. While the council had a clear policy on financial delegations, there was no evidence that credit card limits were monitored in line with financial delegations. The credit card register contained inaccurate information, and the council was also unable to provide records of certain transactions requested for review by the audit. The council's credit card reconciliation process needs to be enhanced to enable detection of potential misuse or fraud. It did not include compliance checks or reviewing the business-related purpose of transactions. Purchases of restricted items such as fuel, meals and entertainment were not accompanied by evidence of need or exemption. Travel expenses were not checked against travel pre-approval forms. The audit also identified instances of split transactions. The council provided no evidence of the finance team's involvement in the reconciliation of credit card transactions. Senior management oversight of credit card use was lacking, as the council did not produce reports on credit card use. There was also no evidence that the internal auditor had undertaken monitoring activities as required in the credit card policy. RecommendationsDubbo Regional Council should immediately: 1. amend its credit card policy to prevent cardholders from sharing their credit card with other staff. By December 2020, Dubbo Regional Council should: 2. clarify in the credit card policy and procedures:
3. ensure that credit card management practices include:
4. ensure reconciliation involves:
5. ensure there is ongoing senior management oversight of credit card use 6. ensure the internal auditor undertakes monitoring activities as specified in the credit card policy. |
Junee Shire Council had gaps in its credit card policy and procedures. The council's reconciliation of credit card transactions needs to be enhanced to ensure it can review compliance with policy and detect potential misuse or fraud. Junee Shire Council had only one credit card, held by the general manager, at the time of the audit. Staff members could seek approval from the general manager to purchase using the credit card. This raises concerns of credit card sharing, which would be a violation of the council's agreement with its credit card issuer. Credit card sharing also increases the risk of misuse and fraud. The council had fuel cards and store cards for use by staff members. However, its credit card policy and procedures did not cover the management of these types of cards. The lack of documented rules and guidance increases the risk of misuse and fraud. The audit identified other gaps in the council's credit card management practices:
The council's credit card reconciliation process needs to be enhanced to enable detection of potential misuse or fraud. It did not include reviewing the business-related purpose of transactions. The council also provided no evidence of the finance team's involvement in the reconciliation of credit card transactions. As the cardholder, the general manager reviewed all transactions every month. As the approver, the mayor (or deputy mayor) had to sign off on these transactions. Hence, there was sufficient management oversight of the council's credit card use. However, there was a lack of periodic review of the council's credit card use, as it was not included in the council's forward program of internal audits. RecommendationsJunee Shire Council should immediately: 1. amend its credit card policy to prevent cardholders from sharing their credit card with other staff. By December 2020, Junee Shire Council should: 2. clarify in the credit card policy and procedures:
3. ensure that credit card management practices include:
4. ensure reconciliation involves:
5. develop a plan for periodic reviews (e.g. internal audit) of credit card use and management 6. ensure its credit card policy and procedures are reviewed according to schedule. |
Lane Cove Council had gaps in its credit card policy and procedures. The council's reconciliation of credit card transactions needs to be enhanced to ensure it can review compliance with policy and detect potential misuse or fraud.Lane Cove Council had six credit cards, held by the most senior staff members, at the time of the audit. During our interviews, cardholders advised that they had shared their credit card with reporting staff. Credit card sharing is a violation of the council's agreement with its credit card issuer, and it also increases the risk of misuse and fraud. The council's credit card policy lacked clarity in several areas. While the general manager had delegation to authorise the issue of credit cards, the policy did not specify any eligibility criteria. The policy and procedures also lacked guidance on the reconciliation of the general manager's credit card and the management of fuel cards and store cards. The audit identified gaps in the council's credit card management practices. There was no evidence that credit card limits were monitored in line with financial delegations. The credit card register contained inaccurate information, and the council was also unable to provide records of certain transactions requested for review by the audit. The council's credit card reconciliation process needs to be enhanced to enable detection of potential misuse or fraud. The process also did not include compliance checks or reviewing the business-related purpose of transactions. Purchases of restricted items such as fuel and fine payments were not accompanied by adequate justification. There was a lack of targeted guidance for approvers in reconciliation, and the council only evidenced the finance team's involvement in an administrative capacity (i.e. entering data into the journals). Senior management oversight of credit card use was lacking. Although the credit card policy referred to management reporting, the council had not been producing such reports at the time of the audit. Management reporting was implemented in December 2019 following our discussions. There was a lack of periodic review of the council's credit card use, as it was not included in the council's forward program of internal audits. The council has adopted a new Management Directive in January 2020, which has clarified the eligibility criteria for credit cards. RecommendationsLane Cove Council should immediately: 1. amend its credit card policy to prevent cardholders from sharing their credit card with other staff. By December 2020, Lane Cove Council should: 2. clarify in the credit card policy and procedures:
3. ensure that credit card management practices include:
4. ensure reconciliation involves:
5. develop a plan for periodic reviews (e.g. internal audit) of credit card use and management. |
Nambucca Valley Council had gaps in its credit card policy and procedures. The council's reconciliation of credit card transactions needs to be enhanced to ensure it can review compliance with policy and detect potential misuse or fraud.Nambucca Valley Council had 37 credit cards at the time of the audit. During our interviews, cardholders described instances of credit card sharing within the council. Credit card sharing is a violation of the council's agreement with its credit card issuer, and it also increases the risk of misuse and fraud. The council's credit card policy lacked clarity in several areas. While the general manager had delegation to authorise the issue of credit cards, the policy did not specify any eligibility criteria. The policy and procedures lacked guidance on the management of fuel cards, store cards and Cabcharge. The policy also lacked coverage of the reconciliation arrangements for the general manager's credit card as the general manager did not hold a credit card. While the policy did not preclude the mayor and the general manager from holding a credit card, both opted not to do so. The audit identified gaps in the council's credit card management practices. There was no evidence that credit card limits were monitored in line with financial delegations. The credit card register contained inaccurate information, and there was insufficient control in handling staff departures, as the audit identified one incident where a credit card was returned after the staff member's last day. The council's credit card reconciliation process needs to be enhanced to enable detection of potential misuse or fraud. The process also did not include adequate compliance checks or reviewing the business-related purpose of transactions. Purchases of restricted items such as fuel and the use of third-party travel websites were not accompanied by adequate justification. Travel expenses were not checked against travel pre-approval forms. The audit also identified instances of split transactions. Senior management oversight of credit card use was insufficient, as the council had been producing reports for only one manager for his department at the time of the audit. Management reporting for the Chief Finance Officer was implemented following our discussions. There was a lack of periodic review of the council's credit card use, as it was not included in the council's forward program of internal audits. The audit acknowledges that the council had revised its credit card procedures following our discussions to address our preliminary findings. The council has also set additional credit card blocks in response to this audit. The recommendations below contain only the outstanding items. RecommendationsNambucca Valley Council should immediately: 1. ensure cardholders stop sharing their credit card with other staff. By December 2020, Nambucca Valley Council should: 2. clarify in the credit card policy and procedures:
3. ensure that credit card management practices include:
4. ensure reconciliation involves:
5. develop a plan for periodic reviews (e.g. internal audit) of credit card use and management. |
Penrith City Council had gaps in its credit card policy and procedures. The council's reconciliation of credit card transactions needs to be enhanced to ensure it can review compliance with policy and detect potential misuse or fraud.Penrith City Council had 167 credit cards at the time of the audit. During our interviews, cardholders described instances of credit card sharing within the council. Credit card sharing is a violation of the council's agreement with its credit card issuer, and it also increases the risk of misuse and fraud. The audit identified gaps in the council's credit card policy and procedures. There was no documented arrangement for the reconciliation of the general manager's credit card. There was also no guidance on the management of Cabcharge. The credit card register contained inaccurate information, and the council was also unable to provide records of certain transactions requested for review by the audit. The council's credit card reconciliation process needs to be enhanced to enable detection of potential misuse or fraud. The process did not include adequate compliance checks or reviewing the business-related purpose of transactions. The council's policy required prior approval for conferences, accommodation or meal expenses. However, there was no evidence that such approvals were checked during credit card reconciliation. The audit also identified instances of split transactions. The council implemented monthly reporting for managers in July 2019. There was a lack of periodic review of the council's credit card use, as it was not included in the council's forward program of internal audits. RecommendationsPenrith City Council should immediately: 1. ensure cardholders stop sharing their credit card with other staff. By December 2020, Penrith City Council should: 2. clarify in the credit card policy and procedures
3. ensure that credit card management practices include:
4. ensure reconciliation involves:
5. develop a plan for periodic reviews (e.g. internal audit) of credit card use and management. |
Shellharbour City Council had gaps in its credit card policy and procedures. The council's reconciliation of credit card transactions needs to be enhanced to ensure it can review compliance with policy and detect potential misuse or fraud.Shellharbour City Council had 65 credit cards at the time of the audit. During our interviews, cardholders described instances of credit card sharing within the council. Credit card sharing is a violation of the council's agreement with its credit card issuer, and it also increases the risk of misuse and fraud. The council's credit card policy lacked clarity in several areas. While the general manager had delegation to authorise the issue of credit cards, the policy did not specify any eligibility criteria. The council did not align credit card limits with financial delegations, and while blocking codes were used, there was no explanation in the policy or procedures. Although the mayor and general manager's credit card transactions were reviewed during the council's monthly Executive Leadership Team meetings, the policy and procedures lacked guidance on the reconciliation of their credit cards. The council also did not have sufficiently detailed documentation for the management of fuel cards. The audit identified gaps in the council's credit card management practices:
The council's credit card reconciliation process needs to be enhanced to enable detection of potential misuse or fraud. The process did not include compliance checks or reviewing the business-related purpose of transactions. Purchases of restricted items, such as fuel and fine payments, were not accompanied by adequate justification. The audit identified instances of split transactions, and travel or conference approval forms were also not checked during reconciliation. There was a lack of targeted guidance for approvers in reconciliation, and the council also provided no evidence of the finance team's involvement in the reconciliation of credit card transactions. The council's Executive Leadership Team was involved in the monthly review of credit card transactions, hence there was management oversight of credit card use. However, there was a lack of periodic review of the council's credit card use, as it was not included in the council's forward program of internal audits. RecommendationsShellharbour City Council should immediately: 1. ensure cardholders stop sharing their credit card with other staff. By December 2020, Shellharbour City Council should: 2. clarify in the credit card policy and procedures:
3. ensure that credit card management practices include:
4. ensure reconciliation involves:
5. develop a plan for periodic reviews (e.g. internal audit) of credit card use and management 6. ensure its credit card policy and procedures are reviewed according to schedule. |
Appendix one – Responses from councils and the Department of Planning, Industry and Environment
Appendix two – About the audit
Appendix three – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #340 - released 3 September 2020
Actions for CBD South East Sydney Light Rail: follow-up performance audit
CBD South East Sydney Light Rail: follow-up performance audit
This is a follow-up to the Auditor-General's November 2016 report on the CBD South East Sydney Light Rail project. This follow-up report assessed whether Transport for NSW has updated and consolidated information about project costs and benefits.
The audit found that Transport for NSW has not consistently and accurately updated project costs, limiting the transparency of reporting to the public.
The Auditor-General reports that the total cost of the project will exceed $3.1 billion, which is above the revised cost of $2.9 billion published in November 2019. $153.84 million of additional costs are due to omitted costs for early enabling works, the small business assistance package and financing costs attributable to project delays.
The report makes four recommendations to Transport for NSW to publicly report on the final project cost, the updated expected project benefits, the benefits achieved in the first year of operations and the average weekly journey times.
The CBD and South East Light Rail is a 12 km light rail network for Sydney. It extends from Circular Quay along George Street to Central Station, through Surry Hills to Moore Park, then to Kensington and Kingsford via Anzac Parade and Randwick via Alison Road and High Street.
Transport for NSW (TfNSW) is responsible for planning, procuring and delivering the Central Business District and South East Light Rail (CSELR) project. In December 2014, TfNSW entered into a public private partnership with ALTRAC Light Rail as the operating company (OpCo) responsible for delivering, operating and maintaining the CSELR. OpCo engaged Alstom and Acciona, who together form its Design and Construct Contractor (D&C).
On 14 December 2019, passenger services started on the line between Circular Quay and Randwick. Passenger services on the line between Circular Quay and Kingsford commenced on 3 April 2020.
In November 2016, the Auditor-General published a performance audit report on the CSELR project. The audit found that TfNSW would deliver the CSELR at a higher cost with lower benefits than in the approved business case, and recommended that TfNSW update and consolidate information about project costs and benefits and ensure the information is readily accessible to the public.
In November 2018, the Public Accounts Committee (PAC) examined TfNSW's actions taken in response to our 2016 performance audit report on the CSELR project. The PAC recommended that the Auditor-General consider undertaking a follow-up audit on the CSELR project. The purpose of this follow-up performance audit is to assess whether TfNSW has effectively updated and consolidated information about project costs and benefits for the CSELR project.
Conclusion
Transport for NSW has not consistently and accurately updated CSLER project costs, limiting the transparency of reporting to the public. In line with the NSW Government Benefits Realisation Management Framework, TfNSW intends to measure benefits after the project is completed and has not updated the expected project benefits since April 2015.Between February 2015 and December 2019, Transport for NSW (TfNSW) regularly updated capital expenditure costs for the CSELR in internal monthly financial performance and risk reports. These reports did not include all the costs incurred by TfNSW to manage and commission the CSELR project.
Omitted costs of $153.84 million for early enabling works, the small business assistance package and financing costs attributable to project delays will bring the current estimated total cost of the CSELR project to $3.147 billion.
From February 2015, TfNSW did not regularly provide the financial performance and risk reports to key CSELR project governance bodies. TfNSW publishes information on project costs and benefits on the Sydney Light Rail website. However, the information on project costs has not always been accurate or current.
TfNSW is working with OpCo partners to deliver the expected journey time benefits. A key benefit defined in the business plan was that bus services would be reduced owing to transfer of demand to the light rail - entailing a saving. However, TfNSW reports that the full expected benefit of changes to bus services will not be realised due to bus patronage increasing above forecasted levels.
Appendix one – Response from agency
Appendix two – Governance and reporting arrangements for the CSELR
Appendix three – 2018 CSELR governance changes
Appendix four – About the audit
Appendix five – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #335 - released 11 June 2020
Actions for Universities 2019 audits
Universities 2019 audits
This report contains findings on the results of financial audits of NSW universities for the year ended 31 December 2019.
All ten NSW universities received unqualified audit opinions. The 2019 financial results for universities are reported as at 31 December and reflect results from operations before the impact of the COVID‑19 pandemic.
The combined revenues for all NSW universities increased by $381 million to $11.4 billion in 2019, driven by increases in student revenues. Revenue from overseas students continued to grow faster than that from domestic students and contributed $3.6 billion in course fees to NSW universities in 2019.
Overseas students from the top three countries of origin, being China, India and Nepal, represented 72.4 per cent of all enrolments of overseas students and 65.4 per cent of all overseas student revenues for 2019. Revenue from students from these three countries comprised 40.9 per cent of total student revenues for all NSW universities, creating a considerable concentration risk for NSW universities.
The COVID‑19 pandemic may significantly impact the financial results of NSW universities in 2020. NSW universities provided data on COVID‑19 impacted student enrolments for semester one 2020. Overall numbers of student enrolments in semester one 2020 were 5.8 per cent beneath projections. Overseas student enrolments were 13.8 per cent beneath expectations and domestic student enrolments were 2.4 per cent below expectations.
The report makes recommendations to the NSW universities, aimed at strengthening controls over information technology, cyber security, validating published performance information, procurement practices and the oversight of their overseas controlled entities' legal and policy compliance functions.
This report analyses the results of our audits of the financial statements of the ten NSW universities for the year ended 31 December 2019. The table below summarises our key observations.
1. Financial reporting
Financial reporting |
The 2019 financial statements of all ten NSW universities received unmodified audit opinions. One controlled entity of the Western Sydney University received a qualified audit opinion. Five NSW universities finalised their audited financial statements this year on or before the date they did last year. New accounting standards, which changed how universities report income and treat operating leases, became effective from 1 January 2019. |
Sources of revenue from operations |
Government grants as a proportion of the total income of NSW universities continued to decrease. Fee revenue from overseas students continued to grow faster than fees from domestic students. Forty-one per cent of NSW universities' total student revenue came from overseas students from three countries. Five NSW universities increased the proportion of revenue they receive from overseas students from a single country. Two universities sourced over 73 per cent of their total overseas student revenue from students from a single country of origin in 2019. |
Other revenues | Two universities attracted over 69.5 per cent of the total philanthropic revenue of $174 million received by all NSW universities in 2019. |
Operating expenditures | Combined total operating expenditure for NSW universities increased to $9.9 billion in 2019, a rise of 5.2 per cent from 2018. |
Current ratio | At 31 December 2019, five NSW universities had a current ratio of less than one, meaning those universities need to actively manage their cash to meet current obligations. |
Controlled entities |
All six NSW universities with overseas controlled entities have devolved responsibility for governance and legislative compliance to their overseas controlled entities. Recommendation (repeat issue): NSW universities should strengthen their governance arrangements to oversight their overseas controlled entities' legal and policy compliance functions. |
COVID-19 impacts and responses |
The 2019 financial results for universities are reported as at 31 December. Consequently, the results for the 2019 year were unaffected by the impact of the COVID-19 pandemic. NSW universities provided data on the COVID-19 impacted student enrolments for semester one 2020. Overall numbers of student enrolments were 5.8 per cent beneath projections. Overseas student enrolments were 13.8 per cent beneath expectations and domestic student enrolments were 2.4 per cent beneath expectations. NSW universities are responding to the challenges presented by COVID-19 by moving course delivery online, expanding student support and introducing cost saving measures. |
2. Internal controls and governance
Internal control findings |
Our audits identified 108 internal control deficiencies in 2019 (99 in 2018). Gaps in information technology (IT) controls comprised the majority of these deficiencies. Deficiencies included a lack of sufficient user access reviews, inadequate review and approval of change management processes, and issues with password settings. We identified one high risk financial control deficiency at the University of New South Wales, which resulted in the University providing for a potential underpayment of casual staff salaries. NSW universities continue to implement recommendations arising from 35 findings raised in previous years. |
Performance reporting |
Five NSW universities still do not have formal processes to internally review and validate performance information published in their annual reports. Recommendation (repeat issue): NSW universities should strengthen processes to review and validate published performance information. |
Cyber security |
Two universities have not yet implemented a cyber risk policy and three universities have not formally trained staff in cyber awareness. Recommendation (repeat issue): NSW universities should strengthen cyber security frameworks and controls to protect sensitive data and prevent financial and reputational losses. |
Management of IT service providers | NSW universities have contracts with vendors to support their computer systems. Five universities have not formally established frameworks to manage these contracts. Poor contract management can compound risks associated with IT control deficiencies. |
Data breach management | Universities are required to maintain the privacy of sensitive data which, if disclosed or used inappropriately, could result in harm to individuals, financial loss, or loss of intellectual property. Two NSW universities have not established formal policies to manage data breaches. |
Procurement |
All universities have a procurement policy. Most universities have a documented procurement manual and contact management policy. Recommendation: NSW universities should review their procurement and contract management policies and procedures to ensure that they are relevant and effective in reducing risk and improving purchasing outcomes. |
3. Teaching and research
Graduate employment outcomes | Eight out of ten NSW universities exceeded the national average for full-time employment rates of their undergraduates in 2019. Six universities performed better than the national average for full-time employment outcomes of their postgraduates in 2019. |
Student enrolments by field of education | Enrolments at NSW universities increased the most in Management and Commerce courses in 2019. |
Achieving diversity outcomes |
Five universities in 2018 (five in 2017) met the target enrolment rate for students from low socio-economic status (SES) backgrounds. Eight universities increased enrolments of students from Aboriginal and Torres Strait Islander backgrounds in 2018. |
This report provides Parliament with the results of our financial audits of New South Wales universities and their controlled entities in 2019, including our analysis, observations and recommendations in the following areas:
- financial reporting
- internal controls and governance
- teaching and research.
Financial reporting is an important element of governance. Confidence and transparency in university sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations on the financial reporting of NSW universities for 2019.
Appropriate and robust internal controls help reduce risks associated with managing finances, compliance and administration of NSW universities.
This chapter outlines the internal controls related observations and insights across NSW universities for 2019, including overall trends in findings, level of risk and implications.
Our audits do not review all aspects of internal controls and governance every year. The more significant issues and risks are included in this chapter. These along with the less significant ones are reported to universities for them to address.
Universities' primary objectives are teaching and research. They invest most of their resources to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and international and Australian rankings.
This chapter outlines teaching and research outcomes for NSW universities for 2019.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – NSW universities’ controlled entities and associated entities
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Report on Local Government 2019
Report on Local Government 2019
I am pleased to present my third report to the Parliament on the 2019 audits of local government councils in New South Wales.
This report notes that unqualified audit opinions were issued on the 2018–19 financial statements of 134 councils and 11 joint organisations. The opinion for one council was disclaimed and three audits are yet to complete.
The report also highlights improvements I have seen in financial reporting and governance arrangements across councils. Fewer errors were identified. More councils have audit, risk and improvement committees and internal audit functions. Risk management practices, including fraud control systems, have also improved.
These are very pleasing indicators of the gradual strengthening of governance and financial oversight of the sector. I want to acknowledge the investment councils have made in working with the Audit Office to improve consistency of practice and accountability generally.
Of course there is more work to do, particularly to prepare for new accounting standards and to strengthen controls over information technology and cyber security management. Asset management practices can also be improved. This report provides some guidance to council on these matters and we will continue to partner with the Office of Local Government in the Department of Planning, Industry and Environment to support good practice.
Auditor-General
5 March 2020
This report focuses on key observations and findings from the 2018–19 financial audits of councils and joint organisations.
Unqualified audit opinions were issued on the financial statements for 134 councils and 11 joint organisations. The audit opinion for Bayside’s 2017–18 and 2018–19 financial statements were disclaimed. Three audits are still in progress and will be included in next year’s report.
The report highlights a number of areas where there has been improvement. There was a reduction in errors identified in council financial statements and high risk issues reported in audit management letters. More councils have audit, risk and improvement committees and internal audit functions. Risk management practices and fraud control systems have also improved.
The report also found that councils could do more to be better prepared for the new accounting standards, asset management practices could be strengthened, and information technology controls and cyber security management could be improved.
The Auditor-General recommended that the Office of Local Government within the Department of Planning, Industry and Environment develop a cyber security policy by 30 June 2021 to ensure a consistent response to cyber security risks across councils.
Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision making is enhanced when financial reporting is accurate and timely. Strong financial performance provides the platform for councils to deliver services and respond to community needs.
This chapter outlines our audit observations on the financial reporting and performance of councils and joint organisations.
Section highlights
- There was a reduction in the number and dollar value of errors identified in councils' financial statements.
- We continue to identify prior period errors, which are predominantly asset-related.
- Unqualified audit opinions were issued for 99 per cent of completed audits for councils and joint organisations.
- Three audits remain outstanding, with the outcomes to be reported in next year's Report to Parliament.
- Seventy-nine per cent of councils and joint organisations lodged their financial reports by 31 October 2019.
- Councils that performed some early reporting procedures achieved better outcomes in terms of the quality and timeliness of financial reporting.
- Councils are at various levels of preparedness to implement the new accounting standards for the 2019–20 financial year. Some have made the necessary modifications to systems and processes, but others are still assessing impacts.
- Most councils met the prescribed benchmarks for the liquidity and working capital performance measures over the past three years.
- More councils reported negative operating performance compared with the prior year, meaning their operating expenditure exceeded their operating revenue.
Strong governance systems and internal controls help councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations and support ethical government.
This chapter outlines the overall trends related to governance and internal control issues across councils and joint organisations for 2018–19.
Section highlights
- While the total number of issues reported in our management letters increased compared with the prior year, the total number of high risk issues have decreased. Of the high-risk issues, 41 per cent were deficiencies in information technology controls.
- More councils have established audit, risk and improvement committees and internal audit functions.
- Councils have improved risk management practices, with over 75 per cent of councils now having a risk management policy and register.
- While most councils have policies and processes to manage gifts and benefits, we identified some instances of non-compliance with the Model Code of Conduct.
- Most councils have policies and processes to manage the use of credit cards.
- Councils can strengthen policies and practices for managing fraud controls and legislative compliance.
- There are further opportunities for councils to improve internal controls over revenue, purchasing, payroll, cash, financial accounting and governance processes.
Councils rely on information technology (IT) to deliver services and manage information. While IT delivers considerable benefits, it also presents risks that council needs to address.
In prior years, we reported that councils need to improve IT governance and controls to manage key financial systems. This chapter outlines the progress made by councils in the management of key IT risks and controls, with an added focus on cyber security.
Section highlights
- We continue to report deficiencies in information technology controls, particularly around user access management. These controls are key to ensuring IT systems are protected from inappropriate access and misuse.
- Many councils do not have IT policies and procedures and others do not identify, monitor or report on IT risks.
- Cyber security management requires improvement, with some basic elements of governance not yet in place for many councils.
Councils are responsible for managing a significant range of assets to deliver services on behalf of the community.
This chapter outlines our asset management observations across councils and joint organisations.
Section highlights
- There was an increase in the total number of issues reported in our management letters for asset management processes.
- There were less high-risk issues reported compared to the previous year.
- We continue to identify discrepancies between the council's Crown land asset records and the Crown Land Information Database (CLID) managed by the former Department of Industry (DOI).
- Inconsistent practices remain across the Local Government sector in accounting for landfill sites.
Appendix one – Response from the Office of Local Government within the Department of Planning, Industry and Environment
Appendix two – Status of 2018 recommendations
Appendix three – Status of audits
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Education 2018
Education 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the results of the financial audits of agencies in the Education cluster. The report focuses on key observations and findings from the most recent financial audits of these agencies. 'I am pleased to report that unqualified audit opinions were issued on the financial statements of both agencies in the Education cluster', the Auditor-General said. Statements were submitted and audited within statutory deadlines.
This report analyses the results of our audits of financial statements of the Education cluster for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the Education cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- service delivery.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster for 2017–18.
Observation | Conclusions and recommendations |
2.1 Quality of financial reporting | |
Unqualified audit opinions were issued on the financial statements of both cluster agencies. | Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement. |
2.2 Timeliness of financial reporting | |
Both cluster agencies met the statutory deadlines for completing early close procedures and submitting financial statements. | Early close procedures continue to facilitate the timely preparation of cluster agencies’ financial statements and completion of audits, but scope exists to improve outcomes by resolving issues and supplying supporting documentation earlier. |
2.3 Key issues from financial audits | |
Inconsistencies in the Department’s annual leave and long service leave data, identified over the past three audits, remain unresolved. This issue impacts the Department’s liability estimates for annual leave and long service leave, including associated on-costs. It also on-flows to the Crown Entity, which assumes the Department's liability for long service leave. | Recommendation: The Department should confirm leave data and review assumptions following deployment of the new HR/Payroll system to better estimate the liability for employee benefits and the amount to be assumed by the Crown Entity. |
2.4 Key financial information | |
Cluster agencies recorded net deficits in 2017–18. |
The Department recorded a net deficit of $30.7 million in 2017–18 against a budgeted surplus of $122 million. The NSW Education Standards Authority recorded a net deficit of $4.1 million against a budgeted deficit of $4.7 million. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Education cluster for 2018
- the areas of focus identified in the Audit Office work program.
The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
Observation | Conclusions and recommendations |
3.1 Internal controls | |
Twenty internal control deficiencies were identified during our audits of cluster agencies. We assessed one as a high risk finding. | |
Eight internal control weaknesses were repeat issues from previous financial audits that had not been fully addressed by management. | Recommendation: Management should prioritise and action recommendations to address internal control weaknesses. |
3.2 Information technology | |
Delivery of the Learning Management and Business Reform (LMBR) program is complete. |
The LMBR program has been a major project for the Department since it was established in 2006. A staged approach was adopted for implementing the Department’s new HR/Payroll system to manage the risks associated with this large-scale roll-out. |
3.3 Valuation of the Department’s land and buildings | |
The Department completed a revaluation of land and building assets during 2017–18. |
A market approach was used to revalue the Department’s land, resulting in a revaluation increment of $2.3 billion. A current replacement cost approach was used to revalue the Department’s school buildings, resulting in an increment of $6.2 billion. |
3.4 Maintenance of school facilities | |
The Department regularly assesses the condition of school buildings and uses Life Cycle Costing to predict maintenance and capital renewal, and to prioritise maintenance activities. | The Life Cycle Costing assessment conducted by the Department in 2017–18 rated 70 per cent of school buildings as being in either as new or good condition. No school buildings were rated as being in end-of-life condition. |
3.4 School asset delivery | |
The Department’s School Assets Strategic Plan is designed to ensure that there are sufficient fit-for-purpose places for students up to 2031. | The Department created a new division, School Infrastructure NSW, to oversee the planning, supply and maintenance of schools and implement major school infrastructure projects. |
This chapter provides service delivery outcomes for the Education cluster for 2017–18. It provides important contextual information about the cluster's operation, but the data on achievement of these outcomes is not audited. The Audit Office does not have a specific mandate to audit performance information.
Actions for Planning and Environment 2018
Planning and Environment 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the NSW Planning and Environment cluster. The report focuses on key observations and findings from the most recent financial audits of these agencies. Unqualified audit opinions were issued for all agencies' financial statements. However, some cultural institutions had challenges valuing collection assets in 2017–18. These issues were resolved before the financial statements were finalised.
This report analyses the results of our audits of financial statements of the Planning and Environment cluster for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the Planning and Environment cluster agencies' financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- service delivery.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making is enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment cluster for 2018.
Observation | Conclusions and recommendations |
2.1 Quality of financial reporting | |
Unqualified audit opinions were issued for all agencies' financial statements. | The quality of financial reporting remains high across the cluster. |
2.2 Key accounting issues | |
There were errors in some cultural institutions' collection asset valuations. | Recommendation: Collection asset valuations could be improved by:
|
2.3 Timeliness of financial reporting | |
Except for two agencies, the audits of cluster agencies’ financial statements were completed within the statutory timeframe. | Issues with asset revaluations delayed the finalisation of two environment and heritage agencies' financial statement audits. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Planning and Environment cluster for 2018
- the areas of focus identified in the Audit Office work program.
The Audit Office annual work program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
Observation | Conclusions and recommendations |
3.1 Internal controls | |
One in five internal control weaknesses reported in 2017–18 were repeat issues. | Delays in implementing audit recommendations can prolong the risk of fraud and error. Recommendation (repeat issue): Management letter recommendations to address internal control weaknesses should be actioned promptly, with a focus on addressing repeat issues. |
One extreme risk was identified relating to the National Art School. The School does not have an occupancy agreement for the Darlinghurst campus. | Lack of formal agreement creates uncertainty over the School's continued occupancy of the Darlinghurst site. The School should continue to liaise with stakeholders to formalise the occupancy arrangement. |
3.2 Information technology controls | |
The controls and governance arrangements when migrating payroll data from the Aurion system to SAP HR system were effective. | Data migration from the Aurion system to SAP HR system had no significant issues. |
The Department can improve controls over user access to SAP system. | The Department needs to ensure the SAP user access controls are appropriate, including investigation of excess access rights and resolving segregation of duties issues. |
3.3 Annual work program | |
Agencies used different benchmarks to monitor their maintenance expenditure. | The cluster agencies under review operate in different industries. As a result, they do not use the same benchmarks to assess the adequacy of their maintenance spend. |
This chapter outlines certain service delivery outcomes for 2017–18. The data on activity levels and performance is provided by cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited.
We report this information on service delivery to provide additional context to understand the operations of the Planning and Environment cluster, and to collate and present service information for different segments of the cluster in one report.
In our recent performance audit, ‘Progress and measurement of Premier's Priorities’, we identified 12 limitations of performance measurement and performance data. We recommended the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all relevant agency data sources.