Reports
Education 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the results of the financial audits of agencies in the Education cluster. The report focuses on key observations and findings from the most recent financial audits of these agencies. 'I am pleased to report that unqualified audit opinions were issued on the financial statements of both agencies in the Education cluster', the Auditor-General said. Statements were submitted and audited within statutory deadlines.
This report analyses the results of our audits of financial statements of the Education cluster for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the Education cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- service delivery.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster for 2017–18.
| Observation | Conclusions and recommendations |
| 2.1 Quality of financial reporting | |
| Unqualified audit opinions were issued on the financial statements of both cluster agencies. | Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement. |
| 2.2 Timeliness of financial reporting | |
| Both cluster agencies met the statutory deadlines for completing early close procedures and submitting financial statements. | Early close procedures continue to facilitate the timely preparation of cluster agencies’ financial statements and completion of audits, but scope exists to improve outcomes by resolving issues and supplying supporting documentation earlier. |
| 2.3 Key issues from financial audits | |
| Inconsistencies in the Department’s annual leave and long service leave data, identified over the past three audits, remain unresolved. This issue impacts the Department’s liability estimates for annual leave and long service leave, including associated on-costs. It also on-flows to the Crown Entity, which assumes the Department's liability for long service leave. | Recommendation: The Department should confirm leave data and review assumptions following deployment of the new HR/Payroll system to better estimate the liability for employee benefits and the amount to be assumed by the Crown Entity. |
| 2.4 Key financial information | |
| Cluster agencies recorded net deficits in 2017–18. |
The Department recorded a net deficit of $30.7 million in 2017–18 against a budgeted surplus of $122 million. The NSW Education Standards Authority recorded a net deficit of $4.1 million against a budgeted deficit of $4.7 million. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Education cluster for 2018
- the areas of focus identified in the Audit Office work program.
The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
| Observation | Conclusions and recommendations |
| 3.1 Internal controls | |
| Twenty internal control deficiencies were identified during our audits of cluster agencies. We assessed one as a high risk finding. | |
| Eight internal control weaknesses were repeat issues from previous financial audits that had not been fully addressed by management. | Recommendation: Management should prioritise and action recommendations to address internal control weaknesses. |
| 3.2 Information technology | |
| Delivery of the Learning Management and Business Reform (LMBR) program is complete. |
The LMBR program has been a major project for the Department since it was established in 2006. A staged approach was adopted for implementing the Department’s new HR/Payroll system to manage the risks associated with this large-scale roll-out. |
| 3.3 Valuation of the Department’s land and buildings | |
| The Department completed a revaluation of land and building assets during 2017–18. |
A market approach was used to revalue the Department’s land, resulting in a revaluation increment of $2.3 billion. A current replacement cost approach was used to revalue the Department’s school buildings, resulting in an increment of $6.2 billion. |
| 3.4 Maintenance of school facilities | |
| The Department regularly assesses the condition of school buildings and uses Life Cycle Costing to predict maintenance and capital renewal, and to prioritise maintenance activities. | The Life Cycle Costing assessment conducted by the Department in 2017–18 rated 70 per cent of school buildings as being in either as new or good condition. No school buildings were rated as being in end-of-life condition. |
| 3.4 School asset delivery | |
| The Department’s School Assets Strategic Plan is designed to ensure that there are sufficient fit-for-purpose places for students up to 2031. | The Department created a new division, School Infrastructure NSW, to oversee the planning, supply and maintenance of schools and implement major school infrastructure projects. |
This chapter provides service delivery outcomes for the Education cluster for 2017–18. It provides important contextual information about the cluster's operation, but the data on achievement of these outcomes is not audited. The Audit Office does not have a specific mandate to audit performance information.
Planning and Environment 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the NSW Planning and Environment cluster. The report focuses on key observations and findings from the most recent financial audits of these agencies. Unqualified audit opinions were issued for all agencies' financial statements. However, some cultural institutions had challenges valuing collection assets in 2017–18. These issues were resolved before the financial statements were finalised.
This report analyses the results of our audits of financial statements of the Planning and Environment cluster for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the Planning and Environment cluster agencies' financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- service delivery.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making is enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment cluster for 2018.
| Observation | Conclusions and recommendations |
| 2.1 Quality of financial reporting | |
| Unqualified audit opinions were issued for all agencies' financial statements. | The quality of financial reporting remains high across the cluster. |
| 2.2 Key accounting issues | |
| There were errors in some cultural institutions' collection asset valuations. | Recommendation: Collection asset valuations could be improved by:
|
| 2.3 Timeliness of financial reporting | |
| Except for two agencies, the audits of cluster agencies’ financial statements were completed within the statutory timeframe. | Issues with asset revaluations delayed the finalisation of two environment and heritage agencies' financial statement audits. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Planning and Environment cluster for 2018
- the areas of focus identified in the Audit Office work program.
The Audit Office annual work program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
| Observation | Conclusions and recommendations |
| 3.1 Internal controls | |
| One in five internal control weaknesses reported in 2017–18 were repeat issues. | Delays in implementing audit recommendations can prolong the risk of fraud and error. Recommendation (repeat issue): Management letter recommendations to address internal control weaknesses should be actioned promptly, with a focus on addressing repeat issues. |
| One extreme risk was identified relating to the National Art School. The School does not have an occupancy agreement for the Darlinghurst campus. | Lack of formal agreement creates uncertainty over the School's continued occupancy of the Darlinghurst site. The School should continue to liaise with stakeholders to formalise the occupancy arrangement. |
| 3.2 Information technology controls | |
| The controls and governance arrangements when migrating payroll data from the Aurion system to SAP HR system were effective. | Data migration from the Aurion system to SAP HR system had no significant issues. |
| The Department can improve controls over user access to SAP system. | The Department needs to ensure the SAP user access controls are appropriate, including investigation of excess access rights and resolving segregation of duties issues. |
| 3.3 Annual work program | |
| Agencies used different benchmarks to monitor their maintenance expenditure. | The cluster agencies under review operate in different industries. As a result, they do not use the same benchmarks to assess the adequacy of their maintenance spend. |
This chapter outlines certain service delivery outcomes for 2017–18. The data on activity levels and performance is provided by cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited.
We report this information on service delivery to provide additional context to understand the operations of the Planning and Environment cluster, and to collate and present service information for different segments of the cluster in one report.
In our recent performance audit, ‘Progress and measurement of Premier's Priorities’, we identified 12 limitations of performance measurement and performance data. We recommended the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all relevant agency data sources.
Central Agencies 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the results of the financial audits of NSW Government central agencies. The report focuses on key observations and findings from the most recent financial statement audits of agencies in the Treasury, Premier and Cabinet, and Finance, Services and Innovation clusters. While clear audit opinions were issued on all agency financial statements, the report notes that some complex accounting requirements caused significant errors in agency financial statements submitted for audit, which were corrected before the financial statements were approved.
This report analyses the results of our audits of the Treasury, Premier and Cabinet and Finance, Services and Innovation cluster agencies for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the NSW Government's central agencies and their cluster agencies financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- liquidity risk management
- government financial services.
The central agencies and their key responsibilities are set out below.
| Central agencies | Key central agency responsibilities | Cluster responsibilities |
| The Treasury |
|
The cluster:
|
| Department of Premier and Cabinet |
|
The cluster:
|
| Department of Finance, Services and Innovation |
|
The cluster:
|
| Public Service Commission |
|
|
A full list of agencies that this report covers by relevant cluster is included in Appendix three.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Treasury, Premier and Cabinet and Finance, Services and Innovation clusters for 2018.
| Observation | Conclusions and recommendations |
| 2.1 Quality of financial reporting | |
| Unqualified opinions were issued for all agencies' financial statements submitted to the Audit Office. Complex accounting requirements caused significant errors in some agency financial statements, which were corrected before the financial statements were approved. |
Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement. Recommendation: Agencies should respond to key accounting issues when they are identified by preparing accounting papers and engaging with Treasury, the Audit Office and their Audit and Risk Committee when these matters are identified. |
| 2.2 Timeliness of financial reporting | |
| Most agencies complied with the statutory timeframe for completion of early close procedures, 48 agencies in the Treasury cluster did not comply with the statutory requirement to prepare financial statements, and the audits of nine agencies in the Treasury cluster were not completed within the statutory timeframe. All financial statement information of the 48 agencies that did not prepare financial statements has been captured in the consolidated financial statements of their parent entity, which was subject to audit. |
Early close procedures allow financial reporting issues and risks to be addressed early in the audit process. The timeliness of financial reporting can be improved by performing more robust early close procedures. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Treasury, Premier and Cabinet and Finance, Services and Innovation cluster for 2018
- the areas of focus identified in the Audit Office work program.
The Audit Office work program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
| Observation | Conclusions and recommendations |
| 3.1 Internal controls | |
| The 2017–18 audits found one high risk issue and 83 moderate risk issues across the agencies. Nineteen per cent of all issues were repeat issues. | Agencies should focus on rectifying repeat issues. |
| The high risk issue at Service NSW related to several deficiencies in procurement and contract management processes. | Service NSW may not be achieving value-for-money from their procurement and contract management activities. The high risk issue should be rectified as a matter of priority. This includes updating and implementing its procurement, vendor and contract management frameworks and delivering training to key staff involved in procurement and contract management activities. |
| Property NSW has implemented several controls during the year to rectify the high risk issue identified last year related to its transition to a new property and facility management service provider. However, the service providers performance remains below expectations and there are further opportunities to improve oversight and lift performance. | Property NSW can better define roles and accountabilities with the service provider and formalise policies and processes associated with its monitoring and oversight of the service provider. Implementing relevant KPIs, receiving timely reports and providing timely review and feedback to the service provider may help to lift performance. |
| GovConnect received unqualified opinions from their service auditor on all business process controls, except for information technology controls provided by Unisys, where a qualified opinion was received from the service auditor. A qualified opinion was received because of several deficiencies in user access controls. | These internal control deficiencies increase the risk of unauthorised access to key business systems, and increase audit effort and costs associated with addressing the risks arising from the deficiencies. |
| 3.2 Audit Office annual work program | |
|
Remediation of the Barangaroo site is now estimated to cost the Barangaroo Delivery Authority in excess of net $400 million. |
Measuring the remaining costs to remediate requires the use of estimation techniques and judgements, making the actual outcome inherently uncertain. We reviewed evidence to support the provision for remediation, including future costs estimates and this evidence supported management’s estimate. |
| The State Insurance Regulatory Authority have administered the refund of $138 million in Green slip refunds to policy holders through Service NSW during 2017–18. At 30 June 2018, $112 million in refunds are yet to be claimed. We reviewed the systems and processes supporting the refund process. While we found that this supports the disbursement of refunds to policyholders there were some deficiencies in Service NSW’s project controls when the program was being developed. |
Service NSW should apply the lessons learnt from this program to other programs it is delivering or will be delivering for agencies. |
| Revenue NSW recorded $30.4 billion from taxes, fines and fees in 2017–18 ($30.0 billion in 2016–17) to support the State’s finances. |
Crown revenue has steadily increased over the last five years predominately driven by rises in payroll tax and land tax and responsibility for collection of the Emergency Services Levy transferring to Revenue NSW under the Emergency Services Levy Act 2017 effective from July 2017. |
| 3.3 Managing maintenance | |
| Place Management NSW manages significant commercial and retail leases and maintains public domain spaces and other assets around the harbour foreshore. It has consistently underspent its asset maintenance budget. In 2017–18, asset maintenance expenses were only 34 per cent of budgeted maintenance expense. Currently, Place Management NSW does not use any ratios or benchmarks to determine the adequacy of its maintenance spend or to monitor whether it is achieving its budgeted maintenance program. |
This may be contributing to a high proportion of unplanned maintenance, which Place Management NSW reports was 38 per cent of total maintenance expense in 2017–18. Place Management NSW is outsourcing its property and facilities management function from 1 December 2018 to an external service provider. |
This chapter outlines our audit observations, conclusions and recommendations specific to NSW Government agencies providing financial services.
| Observation | Conclusions and recommendation |
| 5.1 Superannuation funds | |
| The SAS Trustee Corporation (STC) Pooled Fund and the Parliamentary Contributory Superannuation (PCS) Fund are not required to comply with the prudential and reporting standards issued by the Australian Prudential Regulation Authority (APRA). However, legislation allows the responsible Minister to prescribe prudential standards, reporting and audit requirements. |
Structured and comprehensive prudential oversight of these Funds is important as they operate in a volatile financial sector, have 103,000 members and manage investments of $43.3 billion. Recommendation: Treasury should consult with the Trustees of the STC Pooled Fund and PCS Fund to prescribe appropriate prudential standards and requirements, including oversight arrangements. |
| 5.2 Insurance and compensation | |
| Nominal Insurer and NSW Self Insurance Corporation investment performance marginally exceeded benchmark over the past five years. | Investment returns can impact on the premiums required to maintain an adequate funding ratio in addition to other factors such as claims experience and discount rates. |
| The Workers Compensation Nominal Insurer (Nominal Insurer) and NSW Self Insurance Corporation's net collected premiums and contributions decreased over the past five years. | The insurance schemes' investment performance and stable claim payments have enabled less reliance on net collected premiums and contributions as a source of funding, over the past five years. |
| Reforms were introduced to manage the Home Warranty Scheme's financial sustainability risks. | The Home Warranty Scheme has not collected sufficient premiums to fund expected claims costs, since commencing operations in 2011. In 2017–18, the Crown contributed $181 million for historical shortfalls. New reforms started on 1 January 2018 enabling the Scheme to price premiums based on risk. |
Internal Controls and Governance 2018
The Auditor-General for New South Wales Margaret Crawford found that as NSW state government agencies’ digital footprint increases they need to do more to address new and emerging information technology (IT) risks. This is one of the key findings to emerge from the second stand-alone report on internal controls and governance of the 40 largest NSW state government agencies.
This report analyses the internal controls and governance of the 40 largest agencies in the NSW public sector for the year ended 30 June 2018.
This report covers the findings and recommendations from our 2017–18 financial audits that relate to internal controls and governance at the 40 largest agencies (refer to Appendix three) in the NSW public sector.
This report offers insights into internal controls and governance in the NSW public sector
This is our second report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. The way agencies deliver services increasingly relies on contracts and partnerships with the private sector. Many of these arrangements deliver front line services, but others provide less visible back office support. For example, an agency may rely on an IT service provider to manage a key system used to provide services to the community. The contract and service level agreements are only truly effective where they are actively managed to reduce risks to continuous quality service delivery, such as interruptions caused by system outages, cyber security attacks and data security breaches.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures, and report on those that present heightened risks for agencies to mitigate. This report divides these into the following five areas:
- Internal control trends
- Information technology (IT), including IT vendor management
- Transparency and performance reporting
- Management of purchasing cards and taxis
- Fraud and corruption control.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2018 cluster financial audit reports, which will be tabled in Parliament from November to December 2018.
The focus of the report has changed since last year
Last year's report topics included asset management, ethics and conduct, and risk management. We are reporting on new topics this year. We plan to introduce new topics and re-visit our previous topics in subsequent reports on a cyclical basis. This will provide a baseline against which to measure the NSW public sectors’ progress in implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Agencies selected for the volume account for 95 per cent of the state's expenditure
While we have covered only 40 agencies in this report, those selected are a large enough group to identify common issues and insights. They represent about 95 per cent of total expenditure for all NSW public sector agencies.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume presents this year’s controls and governance findings in more detail.
| Observation | Conclusions and recommendations |
|---|---|
| 2.1 High risk findings | |
| We found six high risk findings (seven in 2016–17), one of which was repeated from both last year and 2015–16. | Recommendation: Agencies should reduce risk by addressing high risk internal control deficiencies as a priority. |
| 2.2 Common findings | |
| We found several internal controls and governance findings common to multiple agencies. | Conclusion: Central agencies or the lead agency in a cluster can play a lead role in helping ensure agency responses to common findings are consistent, timely, efficient and effective. |
| 2.3 New and repeat findings | |
| Although internal control deficiencies decreased over the last four years, this year has seen a 42 per cent increase in internal control deficiencies. | The increase in new IT control deficiencies and repeat IT control deficiencies signifies an emerging risk for agencies. |
| IT control deficiencies feature in this increase, having risen by 63 per cent since last year. The number of repeat IT control deficiencies has doubled and is driven by the increasing digital footprint left by agencies as government prioritises on-line interfaces with citizens, and the number of transactions conducted through digital channels increases |
Recommendation: Agencies should reduce IT risks by:
|
Government agencies’ financial reporting is now heavily reliant on information technology (IT). IT is also increasingly important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our audits reviewed whether agencies have effective controls in place to manage both key financial systems and IT service contracts.
| Observation | Conclusions and recommendations |
|---|---|
| 3.1 Management of IT vendors | |
| Contract management framework Although 87 per cent of agencies have a contract management policy to manage IT vendors, one fifth require review. |
Conclusion: Agencies can more effectively manage IT vendor contracts by developing policies and procedures to ensure vendor management frameworks are kept up to date, plans are in place to manage vendor performance and risk, and compliance with the framework is monitored by:
|
| Contract risk management Forty-one per cent of agencies are not using contract management plans and do not assess contract risks. Half of the agencies that did assess contract risks, had not updated the risk assessments since the commencement of the contract. |
Conclusion: Instead of applying a 'set and forget' approach in relation to management of contract risks, agencies should assess risk regularly and develop a plan to actively manage identified risks throughout the contract lifecycle - from negotiation and commencement, to termination. |
|
Performance management Only 24 per cent of agencies sought assurance about the accuracy of vendor reporting against KPIs, yet sixty-seven per cent of the IT contracts allow agencies to determine performance based payments and/or penalise underperformance. |
Conclusion: Agencies are monitoring IT vendor performance, but could improve outcomes and more effectively manage under-performance by:
|
|
Transitioning services Where IT vendor contracts do make provision for transitioning-out, only 28 per cent of agencies have developed a transitioning-out plan with their IT vendor. |
Conclusion: Contract transition/phase out clauses and plans can mitigate risks to service disruption, ensure internal controls remain in place, avoid unnecessary costs and reduce the risk of 'vendor lock-in'. |
| Contract Registers Eleven out of forty agencies did not have a contract register, or have registers that are not accurate and/or complete. |
Conclusion: A contract register helps to manage an agency’s compliance obligations under the Government Information (Public Access) Act 2009 (the GIPA Act). However, it also helps agencies more effectively manage IT vendors by:
Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations. |
| 3.2 IT general controls | |
| Governance Ninety-five per cent of agencies have established policies to manage key IT processes and functions within the agency, with ten per cent of those due for review. |
Conclusion: Regular review of IT policies ensures risks are considered and appropriate strategies and procedures are implemented to manage these risks on a consistent basis. An absence of policies can lead to ad-hoc responses to risks, and failure to consider emerging IT risks and changes to agency IT environments. |
|
User access administration
|
Recommendation: Agencies should strengthen the administration of user access to prevent inappropriate access to key systems. |
| Privileged access Forty per cent of agencies do not periodically review logs of the activities of privileged users to identify suspicious or unauthorised activities. |
Recommendation: Agencies should:
|
| Password controls Twenty-three per cent of agencies did not comply with their own policy on password parameters. |
Recommendation: Agencies should ensure IT password settings comply with their password policies. |
| Program changes Fifteen per cent of agencies had deficient IT program change controls mainly related to segregation of duties and authorisation and testing of IT program changes prior to deployment. |
Recommendation: Agencies should maintain appropriate segregation of duties in their IT functions and test system changes before they are deployed. |
This chapter outlines our audit observations, conclusions and recommendations from our review of how agencies reported their performance in their 2016–17 annual reports. The Annual Reports (Statutory Bodies) Regulation 2015 and Annual Reports (Departments) Regulation 2015 (annual reports regulation) currently prescribes the minimum requirements for agency annual reports.
| Observation | Conclusion or recommendation |
| 4.1 Reporting on performance | |
|
Only 57 per cent of agencies linked reporting on performance to their strategic objectives. The use of targets and reporting performance over time was limited and applied inconsistently. |
Conclusion: There is significant disparity in the quality and consistency of how agencies report on their performance in their annual reports. This limits the reliability and transparency of reported performance information. Agencies could improve performance reporting by clearly linking strategic objectives to reported outcomes, and reporting on performance against targets over time. NSW Treasury may need to provide more guidance to agencies to support consistent and high-quality performance reporting in annual reports. |
|
There is no independent assurance that the performance metrics agencies report in their annual reports are accurate. Prior performance audits have noted issues related to the collection of performance information. For example, our 2016 Report on Red Tape Reduction highlighted inaccuracies in how the dollar-value of red tape reduction had been reported. |
Conclusion: The ability of Parliament and the public to rely on reported information as a relevant and accurate reflection of an agency's performance is limited. The relevance and accuracy of performance information is enhanced when:
|
| 4.2 Reporting on reports | |
|
Agency reporting on major projects does not meet the requirements of the annual reports regulation. Forty-seven per cent of agencies did not report on costs to date and estimated completion dates for major works in progress. Of the 47 per cent of agencies that reported on major works, only one agency reported detail about significant cost overruns, delays, amendments, deferments or cancellations. |
NSW Treasury produce an annual report checklist to help agencies comply with their annual report obligations. Recommendation: Agencies should comply with the annual reports regulation and report on all mandatory fields, including significant cost overruns and delays, for their major works in progress. |
|
The information the annual reports regulation requires agencies to report deals only with major works in progress. There is no requirement to report on completed works. Sixteen of 30 agencies reported some information on completed major works. |
Conclusion: Agencies could improve their transparency if they reported, or were required to report:
|
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency preventative and detective controls over purchasing card and taxi use for 2017–18.
| Observation | Conclusion or recommendation |
| 5.1 Management of purchasing cards | |
| Volume of credit card spend Purchasing card expenditure has increased by 76 per cent over the last four years in response to a government review into the cost savings possible from using purchasing cards for low value, high volume procurement. |
Conclusion: The increasing use of purchasing cards highlights the importance of an effective framework for the use and management of purchasing cards. |
| Policy framework We found all agencies that held purchasing cards had a policy in place, but 26 per cent of agencies have not reviewed their purchasing card policy by the scheduled date, or do not have a scheduled revision date stated within their policy. |
Recommendation: Agencies should mitigate the risks associated with increased purchasing card use by ensuring policies and purchasing card frameworks remain current and compliant with the core requirements of TPP 17–09 'Use and Management of NSW Government Purchasing Cards'. |
| Preventative controls We found that:
|
Agencies have designed and implemented preventative controls aimed at deterring the potential misuse of purchasing cards. Conclusion: Further opportunities exist for agencies to better control the use of purchasing cards, such as:
|
|
Detective controls Major reviews, such as data analytics (29 per cent of agencies) and independent spot checks (49 per cent of agencies) are not widely used. |
Agencies have designed and implemented detective controls aimed at identifying potential misuse of purchasing cards. Conclusion: More effective monitoring using purchasing card data can provide better visibility over spending activity and can be used to:
|
| 5.2 Management of taxis | |
| Policy framework Thirteen per cent of agencies have not developed and implemented a policy to manage taxi use. In addition:
|
Conclusion: Agencies can promote savings and provide more options to staff where their taxi use policies:
|
| Detective controls All agencies approve taxi expenditure by expense reimbursement, purchasing card and Cabcharge, and have implemented controls around this approval process. However, beyond this there is minimal monitoring and review activity, such as data monitoring, independent spot checks or internal audit reviews. |
Conclusion: Taxi spend at agencies is not significant in terms of its dollar value, but it is significant from a probity perspective. Agencies can better address the probity risk by incorporating taxi use into a broader purchasing card or fraud monitoring program. |
Fraud and corruption control is one of the 17 key elements of our governance lighthouse. Recent reports from ICAC into state agencies and local government councils highlight the need for effective fraud control and ethical frameworks. Effective frameworks can help protect an agency from events that risk serious reputational damage and financial loss.
Our 2016 Fraud Survey found the NSW Government agencies we surveyed reported 1,077 frauds over the three year period to 30 June 2015. For those frauds where an estimate of losses was made, the reported value exceeded $10.0 million. The report also highlighted that the full extent of fraud in the NSW public sector could be higher than reported because:
- unreported frauds in organisations can be almost three times the number of reported frauds
- our 2015 survey did not include all NSW public sector agencies, nor did it include any NSW universities or local councils
- fraud committed by citizens such as fare evasion and fraudulent state tax self-assessments was not within the scope of our 2015 survey
- agencies did not estimate a value for 599 of the 1,077 (56 per cent) reported frauds.
Commissioning and outsourcing of services to the private sector and the advancement of digital technology are changing the fraud and corruption risks agencies face. Fraud risk assessments should be updated regularly and in particular where there are changes in agency business models. NSW Treasury Circular TC18-02 NSW Fraud and Corruption Control Policy now requires agencies develop, implement and maintain a fraud and corruption control framework, effective from 1 July 2018.
Our Fraud Control Improvement Kit provides guidance and practical advice to help organisations implement an effective fraud control framework. The kit is divided into ten attributes. Three key attributes have been assessed below; prevention, detection and notification systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency fraud and corruption controls for 2017–18.
| Observation | Conclusion or recommendation |
| 6.1 Prevention systems | |
|
Prevention systems Only 54 per cent of agencies have an employment screening policy and all agencies have IT security policies, but gaps in IT security controls could undermine their policies. |
Conclusion: Most agencies have implemented fraud prevention systems to reduce the risk of fraud. However poor IT security along with other gaps in agency prevention systems, such as employment screening practices heightens the risk of fraud and inappropriate use of data. Agencies can improve their fraud prevention systems by:
|
| Twenty-three per cent of agencies were not performing fraud risk assessments and some agency fraud risk assessments may not be as robust as they could be. | Conclusion: Agencies' systems of internal controls may be less effective where new and emerging fraud risks have been overlooked, or known weaknesses have not been rectified. |
| 6.2 Detection systems | |
| Detection systems Several agencies reported they were developing a data monitoring program, but only 38 per cent of agencies had already implemented a program. |
Studies have shown data monitoring, whereby entire populations of transactional data are analysed for indicators of fraudulent activity, is one of the most effective methods of early detection. Early detection decreases the duration a fraud remains undetected thereby limiting the extent of losses. Conclusion: Data monitoring is an effective tool for early detection of fraud and is more effective when informed by a comprehensive fraud risk assessment. |
| 6.3 Notification systems | |
| Notification system All agencies have notification systems for reporting actual or suspected fraud and corruption. Most agencies provide multiple reporting lines, provide training and publicise options for staff to report actual or suspected fraud and corruption. |
Conclusion: Training staff about their obligations and the use of fraud notification systems promotes a fraud-aware culture |
Performance audit insights: key findings from 2014-2018
A report released today by the Auditor-General for New South Wales, Margaret Crawford, presents key findings from four years of performance audits. The report findings are presented around six areas of government activity including planning for the future, meeting community expectations for key services, investment in infrastructure, managing natural resources, ensuring good governance and digital disruption.
In this report, we present common findings and lessons from the past four years of performance audits, and offer insights to the public sector on elements of effective performance. We have analysed the key findings and recommendations from 61 performance audits tabled in the NSW Parliament between July 2014 and June 2018, spanning varied areas of government activity. We will also use this report to help determine areas of unaddressed risk across all parts of government, and to shape our future audit priorities.
Governments play an important stewardship role. Their decisions need to consider intergenerational equity by ensuring that investment strategies are sustainable. Governments also need to consider the impact of their decisions on different parts of the community. We recognise that governments face challenges in delivering programs and services, targeting complex social issues with finite resources.
Governments are changing how they deliver services to respond to citizen needs and deliver greater value for money. In this section, we reflect on audits that looked at how government entities are planning their activities to meet the needs of the community into the future.
State and local government exist to provide services to citizens, and citizens are playing a greater role in defining what services they want or need. Expectations about consultation, ease of access, timeliness, and customisation of services are rising. Governments face challenges to continually improve the way they plan and deliver services to meet these expectations. Governments also need to provide quality services for a growing and ageing population whilst working within a constrained financial environment.
Over the past four years, our performance audits have assessed aspects of State and local government services, including education, health services, disability support, corrective services, and many others. In this section, we draw together common findings that government entities should reflect on when providing services to the community.
The NSW Government’s 2018–19 Budget forecasts an $87.2 billion infrastructure investment program over the next four years. Infrastructure investment of this size carries significant opportunities and risks. Competition for resources is high and maintaining the capability to manage and deliver projects effectively is challenging. Governments also need to plan effectively to ensure infrastructure built today will meet future needs.
Over the past four years, we have looked at some of the ways NSW Government agencies justify and prioritise projects for funding, work with contractors to deliver projects, and track and report on progress. In this section, we draw together common findings from our audits that government entities should consider when planning future infrastructure projects.
Governments face challenges in balancing the use of natural resources to meet diverse interests, while supporting a sustainable natural environment for the future. They need to supply communities with water, produce energy, protect natural habitats, and support farming, industry, and economic development.
Some of our recent audits have considered how government agencies are managing natural resources and protecting the environment for future generations. In this section, we have drawn together common findings across our audits that government entities should consider in managing the environment and natural resources.
A range of checks and balances is needed to support public confidence in government decision making. To maintain trust, government agencies should act transparently, and in accordance with relevant legislation and policy. This is particularly important as the public sector increasingly engages with external partners to deliver services and provide a more contestable environment.
Good governance arrangements should result in improved service delivery and more effective and efficient use of resources. Our audits have looked at many different elements of governance, including making sure the necessary processes and workplace cultures are in place to help government entities achieve their aims. In this section, we have drawn together various aspects of governance that government entities should consider.
The global increase in digital technology provides governments with opportunities to interact with citizens in more immediate and responsive ways than was previously possible. Data can be used in powerful ways such as predicting future demand for services, targeting interventions, responding to crises, and evaluating outcomes. Governments face challenges in doing this while maintaining secure digital environments that protect citizen interests, privacy, and autonomy.
Our audits have assessed some of the ways that government entities are incorporating digital change into their work. In this section, we draw together common themes that governments could consider in protecting their digital assets, or expanding their digital capabilities.
Fraud controls in local councils
Many local councils need to improve their fraud control systems, according to a report released today by the Auditor-General for New South Wales, Margaret Crawford. The report highlights that councils often have fraud control procedures and systems in place, but are not ensuring people understand them and how they work. There is also significant variation between councils in the quality of their fraud controls.
Fraud can directly influence councils’ ability to deliver services, and undermine community confidence and trust. ICAC investigations, such as the recent Operation Ricco into the former City of Botany Bay Council, show the financial and reputational damage that major fraud can cause. Good fraud control practices are critical for councils and the community.
The Audit Office of New South Wales 2015 Fraud Control Improvement Kit (the Kit) aligns with the Fraud and Corruption Control Standard AS8001-2008 and identifies ten attributes of an effective fraud control system. This audit used the Kit to assess how councils manage the risk of fraud. It identifies areas where fraud control can improve.
Fraud can disrupt the delivery and quality of services and threaten the financial stability of councils.
Recent reviews of local government in Queensland and Victoria identify that councils are at risk of fraud because they purchase large quantities of goods and services using devolved decision making arrangements. The Queensland Audit Office in its 2014–15 report 'Fraud Management in Local Government' found that ‘Councils are exposed to high-risks of fraud and corruption because of the high volume of goods and services they procure, often from local suppliers; and because of the high degree of decision making vested in councils'. They also highlight some common problems faced by councils including the absence of fraud control plans and failure to conduct regular reviews of their internal controls. Also, in 2008 and 2012 the Victorian Auditor-General identified the importance of up-to-date fraud control planning, clearly documented related policies, training staff to identify fraud risks and the importance of controls such as third party management.
Investigations into councils by the NSW Independent Commission Against Corruption (ICAC), such as the recent Operation Ricco, show the impact that fraud can have on councils. These impacts include significant financial loss, and negative public perceptions about how well councils manage fraud. The findings of these investigations also show the importance of good fraud controls for councils.
|
Operation Ricco In its report on Operation Ricco, the ICAC found that the Chief Financial Officer (CFO) of the City of Botany Bay Council and others dishonestly exercised official functions to obtain financial benefits for themselves and others by causing fraudulent payments from the Council for their benefit. It also identified the CFO received inducements for favourable treatment of contractors. The report noted that there were overwhelming failures in the council’s procedures and governance framework that created significant opportunities for corruption, of which the CFO and others took advantage. It found weaknesses across a wide variety of governance processes and functions, including those involving the general manager, the internal audit function, external audit, and the operation of the audit committee. |
The strength of fraud control systems varies significantly across New South Wales local councils, and many councils we surveyed need to improve significantly.
Most surveyed councils do not have fraud control plans that direct resources to mitigating the specific fraud risks they face. Few councils reported that they conduct regular risk assessments or health checks to ensure they respond effectively to the risks they identify.
There are sector wide weaknesses that impact on the strength of councils' fraud control practice. Less than one-third of councils that responded to the survey:
- communicate their expectations about ethical conduct and responsibility for fraud control to staff
- regularly train staff to identify and respond to suspected fraud
- inform staff or the wider community how to report suspected fraud and how reports made will be investigated.
The audit also identified a pattern of councils developing policies, procedures or systems without ensuring people understand them, or assessing that they work. This reduces the likelihood that staff will actually use them.
In general, metropolitan and regional councils surveyed have stronger fraud control systems than rural councils.
Newly amalgamated councils are operating with systems inherited from two or more pre-amalgamated councils. These councils are developing new systems for their changed circumstances.
Five councils surveyed reported that they did not comply with the Public Interest Disclosure Act 1994.
Observations for the sector:
Councils should improve their fraud controls by:
- tailoring fraud control plans to their circumstances and specific risks
- systematically and regularly reviewing their fraud risks and fraud control systems to keep their plans up to-date
- effectively communicating fraud risks, and how staff and the community can report suspected fraud
- ensuring that they comply with the Public Interest Disclosure Act 1994.
Recommendation:
That the Office of Local Government:
- work with councils to ensure they comply with the Public Interest Disclosure Act 1994.
That the Office of Local Government:
- work with state entities and councils to develop a common approach to how fraud complaints and incidences are defined and categorised so that they can:
- better use data to provide a clearer picture of the level of fraud within councils
- measure the effectiveness of, and drive improvement in councils' fraud controls systems
Appendix one – Response from agency
Appendix three – About the audit
Appendix four – Performance auditing
Parliamentary reference - Report number #303 - released 22 June 2018
Shared services in local government
Local councils need to properly assess the performance of their current services before considering whether to enter into arrangements with other councils to jointly manage back-office functions or services for their communities. This is one of the recommended practices for councils in a report released today by the Auditor-General for New South Wales, Margaret Crawford. ‘When councils have decided to jointly provide services, they do not always have a strong business case, which clearly identifies the expected costs, benefits and risks of shared service arrangements’, said the Auditor-General.
Councils provide a range of services to meet the needs of their communities. It is important that they consider the most effective and efficient way to deliver them. Many councils work together to share knowledge, resources and services. When done well, councils can save money and improve access to services. This audit assessed how efficiently and effectively councils engage in shared service arrangements. We define ‘shared services’ as two or more councils jointly managing activities to deliver services to communities or perform back-office functions.
The information we gathered for this audit included a survey of all general-purpose councils in NSW. In total 67 councils (52 per cent) responded to the survey from 128 invited to participate. Appendix two outlines in more detail some of the results from our survey.
First, not all surveyed councils are assessing the performance of their current services before deciding on the best service delivery model. Where they have decided that sharing services is the best way to deliver services, they do not always build a business case which outlines the costs, benefits and risks of the proposed shared service arrangement before entering into it.
The Office of Local Government should, by April 2019:
Develop guidance which outlines the risks and opportunities of governance models that councils can use to share services. This should include advice on legal requirements, transparency in decisions, and accountability for effective use of public resources.
Appendix one – Response from agency
Appendix two – Survey findings
Appendix three – About the audit
Appendix four – Performance auditing
Parliamentary reference - Report number #302 - released 21 June 2018
Grants to non-government schools
The NSW Department of Education could strengthen its management of the $1.2 billion provided to non-government schools annually. This would provide greater accountability for the use of public funds, according to a report released today by the Auditor-General for New South Wales, Margaret Crawford.
Non‑government schools educate 418,000 school children each year, representing 35 per cent of all students in NSW. The NSW Department of Education administers several grant schemes to support these schools, with the aim of improving student learning outcomes and supporting parent choice. To be eligible for NSW Government funding, non‑government schools must be registered with the NSW Education Standards Authority (NESA) and not operate 'for profit' as per section 83C of the NSW Education Act 1990 (the Act). Non‑government schools can either be registered as independent or part of a System Authority.
In 2017–18, non‑government schools in NSW will receive over $1.2 billion from the NSW Government, as well as $3.4 billion from the Australian Government. Recently, the Australian Government has changed the way it funds schools. The NSW Government is assessing how these changes will impact State funding for non‑government schools.
This audit assessed how effectively and efficiently NSW Government grants to non‑government schools are allocated and managed. This audit did not assess the use of NSW Government grants by individual non‑government schools or System Authorities because the Auditor‑General of New South Wales does not have the mandate to assess how government funds are spent by non‑government entities.
Conclusion
The Department of Education effectively and efficiently allocates grants to non‑government schools. Clarifying the objectives of grants, monitoring progress towards these objectives, and improving oversight, would strengthen accountability for the use of public funds by non‑government schools.
We tested a sample of grants provided to non‑government schools under all major schemes, and found that the Department of Education consistently allocates and distributes grants in line with its methodology. The Department has clear processes and procedures to efficiently collect data from schools, calculate the level of funding each school or System should receive, obtain appropriate approvals, and make payments.
We identified three areas where the Department could strengthen its management of grants to provide greater accountability for the use of public funds. First, the Department’s objectives for providing grants to non‑government schools are covered by legislation, intergovernmental agreements and grant guidelines. The Department could consolidate these objectives to allow for more consistent monitoring. Second, the Department relies on schools or System Authorities to engage a registered auditor to certify the accuracy of information on their enrolments and usage of grants. Greater scrutiny of the registration and independence of the auditors would increase confidence in the accuracy of this information. Third, the Department does not monitor how System Authorities reallocate grant funding to their member schools. Further oversight in this area would increase accountability for the use of public funds.
The Department effectively and efficiently allocates grants to non‑government schools. Strengthening its processes would provide greater assurance that the information it collects is accurate.
The Department provides clear guidelines to assist schools to provide the necessary census information to calculate per capita grants. Schools must get an independent external auditor, registered with ASIC, to certify their enrolment figures. The Department checks a sample of the auditors to ensure that they are registered with ASIC. Some other jurisdictions perform additional procedures to increase confidence in the accuracy of the census (for example, independently checking a sample of schools’ census data).
The Department accurately calculates and distributes per capita grants in accordance with its methodology. The previous methodology, used prior to 2018, was not updated frequently enough to reflect changes in schools' circumstances. Over 2014 to 2017, the Department provided additional grants to non‑government schools under the National Education Reform Agreement (NERA), to bring funding more closely in line with the Australian Department of Education and Training's Schooling Resource Standard (SRS). From 2018, the Department has changed the way it calculates per capita grants to more closely align with the Australian Department of Education and Training's approach.
The Department determines eligibility for grants by checking a school's registration status with NESA. However, NESA's approach to monitoring compliance with the registration requirements prioritises student learning and wellbeing requirements over the requirement for policies and procedures for proper governance. Given their importance to the appropriate use of government funding, NESA could increase its monitoring of policies and procedures for proper governance through its program of random inspections. Further, the Department and NESA should enter into a formal agreement to share information to more accurately determine the level of risk of non‑compliance at each school. This may help both agencies more effectively target their monitoring to higher‑risk schools.
By December 2018, the NSW Department of Education should:
- Strengthen its processes to provide greater assurance that the enrolment and expenditure information it collects from non‑government schools is accurate. This should build on the work the Australian Government already does in this area.
- Establish formal information‑sharing arrangements with the NSW Education Standards Authority to more effectively monitor schools' eligibility to receive funding.
By December 2018, the NSW Education Standards Authority should:
- Extend its inspection practices to increase coverage of the registration requirement for policies and procedures for the proper governance of schools.
- Establish formal information‑sharing arrangements with the NSW Department of Education to more effectively monitor schools' continued compliance with the registration requirements.
The Department’s current approach to managing grants to non‑government schools could be improved to provide greater confidence that funds are being spent in line with the objectives of the grant schemes.
The NSW Government provides funding to non‑government schools to improve student learning outcomes, and to support schooling choices by parents, but does not monitor whether these grants are achieving this. In addition, each grant program has specific objectives. The main objectives for the per capita grant program is to increase the rate of students completing Year 12 (or equivalent), and to improve education outcomes for students. While non‑government schools publicly report on some educational measures via the MySchool website, these measures do not address all the objectives. Strengthened monitoring and reporting of progress towards objectives, at a school level, would increase accountability for public funding. This may require the Department to formalise its access to student level information.
The Department has listed five broad categories of acceptable use for per capita grants, however, provides no further guidance on what expenditure would fit into these categories. Clarifying the appropriate use of grants would increase confidence that funding is being used as intended. Schools must engage an independent auditor, registered with ASIC, to certify that the funding has been spent. The Department could strengthen this approach by improving its processes to check the registration of the auditor, and to verify their independence.
The Department has limited oversight of funding provided to System Authorities (Systems). The Department provides grants to Systems for all their member schools. The Systems can distribute the grants to their schools according to their own methodology. Systems are not required to report to the Department how much of their grant was retained for administrative or centralised expenses. Increased oversight over how the Systems distribute this grant could provide increased transparency for the use of public funds by systems.
By December 2018, the NSW Department of Education should:
- Establish and communicate funding conditions that require funded schools to:
- adhere to conditions of funding, such as the acceptable use of grants, and accounting requirements to demonstrate compliance
- report their progress towards the objectives of the scheme or wider Government initiatives
- allow the Department to conduct investigations to verify enrolment and expenditure of funds
- provide the Department with access to existing student level data to inform policy development and analysis.
- Increase its oversight of System Authorities by requiring them to:
- re‑allocate funds across their system on a needs basis, and report to the Department on this
- provide a yearly submission with enough detail to demonstrate that each System school has spent their State funding in line with the Department's requirements.
Appendix one - Response from agencies
Appendix two - NESA's risk-based compliance monitoring
Appendix three - About the audit
Appendix four - Performance auditing
Parliamentary reference - Report number #299 - released 3 May 2018
Managing risks in the NSW public sector: risk culture and capability
The Ministry of Health, NSW Fair Trading, NSW Police Force, and NSW Treasury Corporation are taking steps to strengthen their risk culture, according to a report released today by the Auditor-General, Margaret Crawford. 'Senior management communicates the importance of managing risk to their staff, and there are many examples of risk management being integrated into daily activities', the Auditor-General said.
We did find that three of the agencies we examined could strengthen their culture so that all employees feel comfortable speaking openly about risks. To support innovation, senior management could also do better at communicating to their staff the levels of risk they are willing to accept.
Effective risk management is essential to good governance, and supports staff at all levels to make informed judgements and decisions. At a time when government is encouraging innovation and exploring new service delivery models, effective risk management is about seizing opportunities as well as managing threats.
Over the past decade, governments and regulators around the world have increasingly turned their attention to risk culture. It is now widely accepted that organisational culture is a key element of risk management because it influences how people recognise and engage with risk. Neglecting this ‘soft’ side of risk management can prevent institutions from managing risks that threaten their success and lead to missed opportunities for change, improvement or innovation.
This audit assessed how effectively NSW Government agencies are building risk management capabilities and embedding a sound risk culture throughout their organisations. To do this we examined whether:
- agencies can demonstrate that senior management is committed to risk management
- information about risk is communicated effectively throughout agencies
- agencies are building risk management capabilities.
The audit examined four agencies: the Ministry of Health, the NSW Fair Trading function within the Department of Finance, Services and Innovation, NSW Police Force and NSW Treasury Corporation (TCorp). NSW Treasury was also included as the agency responsible for the NSW Government's risk management framework.
In assessing an agency’s risk culture, we focused on four key areas:
Executive sponsorship (tone at the top)
In the four agencies we reviewed, senior management is communicating the importance of managing risk. They have endorsed risk management frameworks and funded central functions tasked with overseeing risk management within their agencies.
That said, we found that three case study agencies do not measure their existing risk culture. Without clear measures of how employees identify and engage with risk, it is difficult for agencies to tell whether employee's behaviours are aligned with the 'tone' set by the executive and management.
For example, in some agencies we examined we found a disconnect between risk tolerances espoused by senior management and how these concepts were understood by staff.
Employee perceptions of risk management
Our survey of staff indicated that while senior leaders have communicated the importance of managing risk, more could be done to strengthen a culture of open communication so that all employees feel comfortable speaking openly about risks. We found that senior management could better communicate to their staff the levels of risk they should be willing to accept.
Integration of risk management into daily activities and links to decision-making
We found examples of risk management being integrated into daily activities. On the other hand, we also identified areas where risk management deviated from good practice. For example, we found that corporate risk registers are not consistently used as a tool to support decision-making.
Support and guidance to help staff manage risks
Most case study agencies are monitoring risk-related skills and knowledge of their workforce, but only one agency has addressed the gaps it identified. While agencies are providing risk management training, surveyed staff in three case study agencies reported that risk management training is not adequate.
NSW Treasury provides agencies with direction and guidance on risk management through policy and guidelines. In line with better practice, NSW Treasury's principles-based policy acknowledges that individual agencies are in a better position to understand their own risks and design risk management frameworks that address those risks. Nevertheless, there is scope for NSW Treasury to refine its guidance material to support a better risk culture in the NSW public sector.
Recommendation
By May 2019, NSW Treasury should:
- Review the scope of its risk management guidance, and identify additional guidance, training or activities to improve risk culture across the NSW public sector. This should focus on encouraging agency heads to form a view on the current risk culture in their agencies, identify desirable changes to that risk culture, and take steps to address those changes.
Appendix one - Response from agencies
Appendix three - About the audit
Appendix four - Performance auditing
Parliamentary reference - Report number #298 - released 23 April 2018
Report on Local Government 2017
Under section 421C of the Local Government Act 1993, I am pleased to present our first report on the statutory financial audits of councils, to NSW Parliament.
My appointment as the auditor of local government in New South Wales is the most significant change to the Auditor-General's mandate in nearly three decades.
Moving to the new audit arrangements over the past 18 months has been challenging but rewarding. It has confirmed my appreciation of local government – a sector passionate about the community and focused on delivering local services.
The unique relationship each council has with its community differentiates it from other tiers of government.
Our audits
I am pleased to report that we completed 139 out of 140 financial statement audits for the 2016–17 audit cycle. The remaining council received an extension to lodge its financial statements.
We have also released a performance audit report on council reporting on service delivery. We will soon release another report on fraud controls in local councils and a report on council shared services later this year.
- While the new audit mandate brings immense responsibility, my office has embraced the challenges involved and the objectives that NSW Parliament gave us:
- strengthening governance and financial oversight in local government
- providing greater consistency in external audit
- ensuring reliable financial information is available to assess council performance
- improving financial management, fiscal responsibility and public accountability in how councils use citizens’ funds.
This report
This report is rich in data extracted from the results of the 2016–17 financial audits. For the first time, it presents a consistent view of financial performance across the New South Wales local government landscape. The report also provides guidance and includes recommendations to councils and the Office of Local Government aimed at strengthening financial reporting, asset management, governance and internal controls.
The report will help NSW Parliament understand the common challenges that councils face. It provides points of comparison for councils and signposts matters that will be the focus of future audits. Importantly, this report and the data visualisation that accompanies it, provides comprehensive and accessible information to citizens regarding the management and performance of their councils.
I would like to acknowledge the cooperation of councils throughout the audit process and our partnerships with the contract audit firms that helped us to deliver the audits. Together we can learn from each other and work towards improving outcomes for the community.
| 1. Introduction | |
| Local government sector | NSW has 140 councils: 128 local councils serving a geographic area and 12 county councils formed for a specific purpose. We completed audits of 139 councils' 2016–17 financial statements and eight councils' 2015–16 financial statements. Bayside Council received a lodgement extension from the Office of Local Government (OLG) and has not yet presented their 2016–17 financial statements for audit. |
| Service delivery | Each council provides a range of services, influenced by population density, demographics, the local economy, geographic and climatic characteristics. These differences influence the financial profile of councils. |
| 2. Financial reporting | |
| Quality of financial reporting |
The overall quality of financial reporting needs to improve:
OLG guidance for council year-end financial reporting needs to align with Australian Accounting Standards and be issued earlier. |
| Timeliness of financial reporting | Timeliness of financial reporting needs to improve. Forty councils required lodgement extensions past the 31 October 2017 statutory reporting deadline. |
| 3. Financial performance and sustainability | |
| Operating revenue | Eighteen councils operating expenses exceed current operating revenue. Fifty-nine councils do not meet OLG’s target of 60 per cent for own source operating revenue. |
| Liquidity and working capital | Most councils have sufficient liquidity and working capital. However, there are indicators that:
|
| Asset management measures | Reporting against OLG’s asset management performance measures highlights that councils need to consider whether spending on existing infrastructure assets is sufficient to ensure they continue to meet service delivery standards:
|
| 4. Asset management | |
| High risk issues | We reported ten high risk issues relating to councils’ asset management and accounting practices. |
| Asset reporting | The accuracy of asset registers requires improvement and all assets need to be reported in the financial statements. At 30 June 2017, 62 councils did not record all rural fire-fighting equipment in their financial statements. A large proportion of rural fire-fighting equipment is not reported in either State government or local government financial statements. |
| Asset valuation | We reported seven high risk matters related to asset valuations, including two that resulted in qualified audit opinions. |
| Asset useful life estimates | We identified that accounting for the useful lives of similar assets varied across councils, resulting in variable depreciation expense for these assets. In addition, the useful lives of assets need to be reviewed annually. This review should be supported by current condition assessments. |
| Asset policy and planning | Thirteen councils do not have an asset management strategy, policy and plan, as required by the Office of Local Government’s Integrated Planning and Reporting Framework. |
| 5. Governance and internal controls | |
| High risk issues | We reported 17 high risk issues relating to governance, financial accounting, purchasing and payables and payroll matters. |
| Governance | There is currently no requirement for councils to have an audit, risk and improvement committee and internal audit function. Consequently, 53 councils do not have an audit committee and 52 councils do not have an internal audit function. The Office of Local Government has incomplete information on the number of entities established by councils. There is no financial reporting framework for the variety of entities established by councils. Councils can strengthen policies and procedures to support critical business processes, practices for risk management and compliance with key laws and regulations. |
| Internal controls | Councils can improve internal controls over manual journals, reconciliations, purchasing and payables and payroll. |
| 6. Information technology | |
| High risk issues | We reported nine high risk issues relating to information technology. |
| Access to IT systems | Controls over user access to IT systems need to be strengthened. |
| Information Technology governance | IT governance benefits from appropriate policies, standards and guidelines across all critical IT processes. We identified that:
|
Accurate and timely financial statements are an important element of sound financial management. They bring accountability and transparency to the way councils use public resources. Our financial audits assessed the following aspects of councils’ financial reporting:
- quality of financial reporting
- timeliness of financial reporting.
| Observation | Conclusion or recommendation |
| 2.1 Quality of financial reporting | |
|
Qualified audit opinions
|
The councils that received unmodified audit opinions prepared financial statements that fairly present their financial position and results. |
|
We issued modified (qualified) opinions on the:
|
Councils with modified opinions should address the issues that give rise to the audit qualification. |
| Significant audit matters We reported 39 significant matters in 29 councils. They included material accounting issues and significant deficiencies in internal controls. Seventy-seven per cent of the matters related to assets. |
Significant issues with the quality of financial reporting delayed the completion of a number of audits. Improving the reporting on assets should be a priority. |
| Prior period errors We found 33 material errors worth $9.1 billion in the previous audited financial statements of 22 councils. These all required prior-year audited balances to be corrected. Eighty eight per cent of these were asset related. |
The high number of asset-related prior-period errors reinforces the need for councils to improve the way they value and account for assets. |
| Financial statements We reported 43 moderate risk findings where councils can improve the way they complete their financial statements. |
Recommendation Councils can improve the quality of financial reporting by reviewing their financial statements close processes to identify areas for improvements. |
| Of the councils that had an audit, risk and improvement committee, 55 per cent of these did not review the financial statements before audit. | Recommendation Councils can improve the quality of financial reporting by involving an audit, risk and improvement committee in the review of financial statements. |
| OLG guidance To support councils in preparing 30 June 2017 financial statements, OLG issued guidance documents in June 2017 and September 2017. This limited the time councils had to prepare financial statements in the prescribed form and resolve financial reporting and audit issues. |
Recommendation The Office of Local Government should release the Local Government Code of Accounting Practice and Financial Reporting and the End of Year Financial Reporting Circular earlier in the audit cycle, ideally by 30 April each year. |
| The Code applicable for the 2016–17 financial reporting period provided options and guidance that in some instances did not fully align with Australian Accounting Standards. | Recommendation The Local Government Code of Accounting Practice and Financial Reporting should align with Australian Accounting Standards. |
| 2.2 Timeliness of financial reporting | |
| Statutory deadlines One hundred councils submitted audited financial statements to OLG by the statutory deadline of 31 October 2017. Thirty-nine councils received reporting extensions up to 28 February, including 16 of the 20 newly amalgamated councils. Bayside Council received a reporting extension to 31 May 2018 and has not yet presented their financial statements for audit. |
Councils need to improve their financial reporting processes in order to lodge their financial statements by the statutory reporting deadline. |
| Early close procedures Councils currently do not use early close procedures to resolve accounting issues before the end of the financial year. |
Recommendation The Office of Local Government should introduce early close procedures with an emphasis on asset valuations. |
3 The Auditor‑General was appointed statutory auditor of eight councils for the 2015–16 reporting period at the specific request of councils, due to the failure by councils to appoint an auditor, or the inability of the previous auditor to complete the audit due to external investigation or auditor retirement.
Strong and sustainable financial performance provides the platform for councils to deliver services and respond to the needs of their community. This chapter outlines our audit observations on the performance of councils against the Office of Local Government's (OLG) performance indicators, grouped in three areas:
- operating revenue performance measures
- liquidity and working capital performance measures
- asset management performance measures.
Our analysis indicates that some councils face challenges in meeting these performance and sustainability measures.
| Observations | Conclusions |
| 3.1 Operating revenue performance measures | |
|
Operating performance Another 20 councils would not have met OLG’s operating performance benchmark without the receipt of 2017–18 financial assistance grants which was recorded as revenue during 2016–17. Eleven councils have not met OLG’s operating performance benchmark for the last three years. |
It is important that councils have financial management strategies that support their financial sustainability and ability to meet OLG’s operating performance benchmark over the long term. |
| Operating performance measures how well councils contain operating expenses within operating revenue. OLG has prescribed a benchmark of greater than zero. | |
|
Own source operating revenue |
Rural councils have high-value infrastructure assets that cover large areas with smaller populations and less capacity to raise revenue from alternative sources compared with metropolitan councils. |
| Own source operating revenue measures a council’s fiscal flexibility and the degree to which it can generate revenue from own sources compared with total revenue from all sources. OLG has prescribed a benchmark of more than 60 per cent of total revenue. | |
| 3.2 Liquidity and working capital performance measures | |
|
Unrestricted current ratio |
Most councils can meet short-term obligations as they fall due. |
| The unrestricted current ratio represents a council’s ability to meet its short-term obligations as they fall due. OLG has prescribed a benchmark of greater than 1.5 times. | |
|
Debt service cover ratio Regional councils have 56 per cent of the value of all borrowings in the sector. |
Most councils have sufficient operating cash available to service their borrowings. Regional councils borrow more heavily than metropolitan councils to deliver water and sewerage infrastructure. Metropolitan councils do not have the responsibility to provide water and sewerage infrastructure. |
| The debt service cover ratio measures the operating cash available to service debt including interest, principal and lease payments. OLG has prescribed a benchmark of greater than two times. | |
|
Rates and annual charges outstanding These councils also did not meet the infrastructure backlog ratio. |
Most councils are collecting rates and annual charges levied. Councils with higher levels of uncollected rates and charges can experience increased pressure on the working capital available to fund operations. |
| The rates and annual charges outstanding measure assesses the impact of uncollected rates and annual charges on a council’s liquidity and the adequacy of debt recovery efforts. OLG has prescribed a benchmark of less than five per cent for metropolitan and less than ten per cent for other councils. | |
|
Cash expense cover ratio |
Most councils have the capacity to cover more than three months of operating expenses. |
| The cash expense cover ratio indicates the number of months a council can continue paying its expenses without additional cash inflows. OLG has prescribed a benchmark of greater than three months. | |
|
This measure does not exclude externally and internally restricted funds. If externally restricted funds are excluded, all councils would still meet OLG’s benchmark. If both externally and internally restricted funds are excluded:
|
Councils with a higher proportion of restricted funds may have less flexibility to pay operational expenses than the cash expense cover ratio suggests. However, councils can resolve to lift internal restriction if required. |
|
3.3. Asset management performance measures (not audited) |
|
|
Building and infrastructure renewals ratio Most councils included expenditure related to work-in-progress in calculating this ratio. OLG are of the view that work-in-progress should be excluded and as a result identified that a further 23 councils do not meet the benchmark. |
These councils appear to not be renewing assets in line with the rate they are depreciating them. This raises questions as to whether council asset management plans are adequate to determine whether assets are being kept up to agreed standards. Uncertainty on the inclusion of work-in-progress assets does need to be is clarified in order to ensure consistency in determining whether councils are adequately renewing their assets. |
| The building and infrastructure renewals ratio represents the rate at which assets are being renewed relative to the rate at which they are depreciating. OLG has prescribed a benchmark of greater than 100 per cent. | |
|
Infrastructure backlog ratio |
These councils may not be maintaining their infrastructure backlog at a manageable level. |
| The infrastructure backlog ratio represents the proportion of infrastructure backlog relative to the total net book value of a council's infrastructure assets. OLG has prescribed a benchmark of less than two per cent. | |
|
Asset maintenance ratio |
These councils’ maintenance expenditure may be insufficient to sustain their assets in a functional state so they reach their predicted useful life. |
| The asset maintenance ratio represents the rate at which assets are being maintained relative to the rate at which they are required to be maintained. OLG has prescribed a benchmark of greater than 100 per cent. | |
|
Costs to bring assets to agreed service level |
There is variability between councils in the amount of outstanding renewal works to be completed. |
| This ratio represents the estimated cost to renew or rehabilitate existing infrastructure assets that have reached the condition-based interval level adopted by a council, relative to the gross replacement cost of all infrastructure assets. OLG has not prescribed a benchmark for this performance measure. | |
OLG’s benchmarks for financial performance and sustainability
Each local council has unique characteristics such as its size, location and services provided to their communities. These differences affect the nature of each council's assets and liabilities, revenue and expenses, and in turn the financial performance measures against which it reports.
The Office of Local Government prescribes performance indicators for council reporting
The analysis in this chapter is based on performance measures prescribed in OLG’s Code of Accounting Practice and Financial Reporting (the Code). Councils report against these measures in their annual report, which includes the audited financial statements and other unaudited information. In the audited financial statements, councils report performance against six financial sustainability measures:
- operating performance
- own source operating revenue
- unrestricted current ratio
- debt service cover ratio
- rates and annual charges outstanding percentage
- cash expense cover ratio.
Councils also include the unaudited Special Schedule 7 'Report on Infrastructure Assets' in their annual reports. In this schedule, councils report to OLG on performance against four further measures:
- building and infrastructure renewals ratio
- infrastructure backlog ratio
- asset maintenance ratio
- cost to bring assets to agreed service level.
Each audited measure and three of the four unaudited measures has a prescribed benchmark. OLG’s benchmarks are the same for metropolitan, regional, rural and county councils, with the exception of the rates and annual charges outstanding percentage. Regional, rural and county councils have a different benchmark to metropolitan councils for this measure.
Three rural councils did not meet three of the audited OLG benchmarks
Most councils met OLG’s benchmarks for at least five or all of the six audited performance measures. Eight rural, four regional, four metropolitan and two county councils did not meet OLG’s benchmarks for two out of the six audited performance measures. Three rural councils did not meet OLG’s benchmarks for three out of the six audited performance measures.
The following table summarises how the councils performed across the six audited performance measures.
| Number of OLG benchmarks met by councils | Number of councils | |||
| Metropolitan | Regional | Rural | County | |
| 6 | 12 | 12 | 29 | 5 |
| 5 | 17 | 21 | 17 | 5 |
| 4 | 4 | 4 | 8 | 2 |
| 3 | -- | -- | 3 | -- |
| Not available* | 1 | -- | -- | -- |
| Total | 34 | 37 | 57 | 12 |
Source: Audited Financial Statements for 2016–17.
Appendix ten lists the performance of each council against all performance measures.
NSW councils own and manage a significant range of assets, including infrastructure, property, plant and equipment with a total value of $136 billion.
Many of the issues that our local government audits identified related to asset management. This chapter discusses some of the asset accounting issues we found, focusing on five areas:
- overall asset management issues
- asset registers
- asset valuation
- recognition and asset useful life estimates
- asset policy and planning.
| Observations | Conclusion or recommendation |
| 4.1 High risk issues | |
|
Significant matters reported to those charged with council governance |
High risk issues affect council’s ability to maintain their assets in the condition required to deliver essential services. |
| 4.2 Asset reporting | |
|
Accuracy of asset registers |
Maintaining accurate asset records is important as it enables councils to manage their assets effectively and report on finances appropriately. |
|
Unrecorded land and infrastructure assets |
Assets not captured in council records is at risk of not being subject to their care and control, nor recorded in the financial statements. |
|
Rural fire-fighting equipment |
Recommendation In doing so, the Office of Local Government should work with NSW Treasury to ensure there is a whole‑of‑government approach. |
|
4.3 Asset valuation |
|
|
Restricted assets Nine councils corrected the land values in their 2016–17 financial statements, reducing the reported value of community land and land under roads by $12.1 billion. |
The valuation of community land and land under roads should reflect the physical and legislative restrictions on these assets as required by Australian Accounting Standards. The impact of restrictions can be significant. Councils should consider engaging experts to assist with the determination of asset fair values, as necessary. |
| Asset revaluations Our audits found many cases where councils did not review valuation results, comply with applicable codes, or work effectively with valuers to obtain accurate asset valuations. |
Valuing large infrastructure assets is a complex process. Councils would benefit if the process is started earlier and there is a clear plan to ensure valuations are appropriately managed and documented. |
|
4.4 Asset useful life estimates |
|
|
Asset useful life estimates In some cases, the useful lives of assets are not reviewed annually or supported by regular condition assessment. |
Depreciation is a significant expense for councils and therefore impacts on reported financial results and key performance indicators. To comply with Australian Accounting Standards, councils need to reassess the useful lives of all assets annually. Regular condition assessments are essential to identify maintenance requirements and maintain service delivery. |
|
4.5 Asset policy and planning |
|
| Asset management strategy Thirteen councils do not have an asset management policy, strategy and plan, as required by OLG's Integrated Planning and Reporting Framework. Newly amalgamated councils have until 30 June 2018 to implement this. |
An effective asset management strategy, policy and plan helps councils to manage their assets appropriately over their life cycle and to make informed decisions on the allocation of resources. |
Asset overview
NSW councils own and manage a significant range of assets, including infrastructure, property, plant and equipment.
At 30 June 2017, the combined carrying value of NSW council assets was as follows.
Good governance systems help councils to operate effectively and comply with relevant laws and standards. Internal controls assist councils to operate reliably and produce effective financial statements.
This chapter highlights the high risk issues we found and reports on a range of governance and control areas. Governance and control issues relating to asset management and information technology are covered in separate chapters.
| Observation | Conclusion or recommendation |
| 5.1 High risk issues | |
| Significant matters reported to those charged with council governance | |
| Our 2016–17 audits identified 36 high risk governance and internal control deficiencies across 17 councils. | Asset practices accounted for the highest number of high risk issues and information technology accounted for the largest overall number of control deficiencies. These matters are covered in chapters four and six respectively. |
We reported:
|
High risk issues affect council’s ability to achieve their objectives and increase the risk of fraud and error. |
| 5.2 Governance | |
| Audit committees | |
| Councils are currently not required to have an audit, risk and improvement committee. Consequently, 53 councils do not have an audit committee. |
Proposed legislative changes will require councils to establish an audit, risk and improvement committee by March 2021. Recommendation |
|
Internal audit |
Recommendation |
|
Council entities |
Recommendation |
| The Local Government Act 1993 does not stipulate a financial reporting framework for council entities. |
Recommendation |
|
Policies and procedures |
It is important there are current policies, standards and guidelines available to staff and contractors across all critical business processes. |
|
Legislative compliance frameworks |
Councils can improve practices in monitoring compliance with key laws and regulations. This includes implementing a legislative compliance framework, register and policy. |
|
Risk management |
Council risk management practices are enhanced when there is a fit-for-purpose risk management framework, register and policy to outline how risks are identified, managed and monitored. |
| 5.3 Internal controls | |
|
Financial accounting We identified 51 high and moderate risk issues across 39 councils where reconciliation processes need to improve to support the preparation of accurate financial statements |
Sound financial accounting processes include controls to ensure:
|
| Purchasing and payables We found 102 high and moderate risk deficiencies in purchasing and payable controls across 64 councils. Sound purchasing controls are important to minimise error, unauthorised purchases, fraud and waste. |
As councils spend a substantial amount each year to procure goods and services, strong controls over purchasing and payment practices are critical. These include:
|
|
Payroll Managing excess annual leave balances was a challenge for 32 councils. |
Effective payroll controls are important because employee expenses represent a large portion of council expenditure. These controls include segregation of duties in the review of payroll master file data, timesheets, leave forms, payroll exception reports and termination payments. Excessive annual leave balances can have implications on employee costs, disrupts service delivery and affect work, health and safety. Excess annual leave balances should be continuously monitored and managed. |
Like most public sector agencies, councils increasingly rely on information technology (IT) to deliver services and manage sensitive information. While IT delivers considerable benefits, it also presents risks that councils need to address.
Our review of council IT systems focused on understanding the processes and controls that support the integrity, availability and security of the data used to prepare financial statements. This chapter outlines issues in three broad areas:
- high risk issues
- access to IT systems
- IT governance.
| Issues | Conclusion |
| 6.1 High risk issues | |
| Significant matters reported to those charged with council governance | |
| Our 2016–17 audits identified nine high risk IT control deficiencies across seven councils. The issues related to user access controls, privileged access controls and user developed applications. | High risk issues affect council’s ability to achieve their objectives and increase the risk of fraud and error. |
| 6.2 Access to IT systems | |
| User access controls We identified 107 issues across 56 councils where user access controls could be strengthened. |
Inadequate IT policies and controls around user access, including privileged access, increases the risk of individuals having excessive or unauthorised access to critical financial systems and data. |
|
Privileged access |
|
|
User developed applications Our audits found 22 councils using spreadsheets for business operations, decision making and financial reporting that were not adequately secured, with changes that were not tracked, tested or reviewed. We also identified five councils where finance staff and senior management use database query tools to directly modify financial data, circumventing system-based business process controls. |
It is important councils are aware of all circumstances they are relying on UDAs to limit the risk of errors and potential misuse. This allows councils to:
|
| 6.3 IT Governance | |
|
Strategy, policies and procedures Sixty-six councils do not have an adequate information security policy. |
IT governance is enhanced where there is:
|
|
Disaster recovery and business continuity The ability to restore data from backups is critical to ensure business continuity in the face of a system disaster. We also found that 15 councils do not periodically test their ability to restore backups of data relevant to financial reporting. |
Sound management of disaster recovery and business continuity includes:
We expect to focus on these areas in our future audits. |
Appendix one - Response from the Office of Local Government
Appendix two - List of recommendations
Appendix three - Sources of information and council classifications
Appendix four - Councils amalgamated in 2016
Appendix five - Status of audits
Appendix seven - OLG’s performance indicators from the audited financial statement - Descriptions
Appendix eight - OLG’s performance indicators from the unaudited special schedule 7 - Descriptions
Appendix nine - Financial information
