Reports
Internal Controls and Governance 2019
This report covers the findings and recommendations from the 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector. The 40 agencies selected for this report constitute around 84 per cent of total expenditure for all NSW public sector agencies.
The report provides insights into the effectiveness of controls and governance processes across the NSW public sector. It evaluates how agencies identify, mitigate and manage risks related to:
- financial controls
- information technology controls
- gifts and benefits
- internal audit
- contingent labour
- sensitive data.
The Auditor-General recommended that agencies do more to prioritise and address vulnerabilities in their internal controls and governance. The Auditor-General also recommended agencies increase the transparency of their management of gifts and benefits by publishing their registers on their websites.
This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2019.
1. Internal control trends
| New, repeat and high risk findings |
There was an increase in internal control deficiencies of 12 per cent compared to last year. The increase is predominately due to a 100 per cent increase in repeat financial and IT control deficiencies. Some agencies attributed the delay in actioning repeat findings to the diversion of staff from their regular activities to implement and operationalise the recent Machinery of Government changes. As a result, actions to address audit recommendations have been deferred or re prioritised, as the changes are implemented. Agencies need to ensure they are actively managing the risks associated with having these vulnerabilities in internal control systems unaddressed for extended periods of time. |
| Common findings |
A number of findings were common to multiple agencies. These findings often related to areas that are fundamental to good internal control environments and effective organisational governance, such as:
|
2. Information technology controls
| IT general controls |
We examined information security controls over key financial systems that support the preparation of agency financial statements. We found:
We also found 20 per cent of agencies had deficient IT program change controls, mainly related to segregation of duties in approval and authorisation processes, and user acceptance testing of program changes prior to deployment into production environments. User acceptance testing helps identify potential issues with software incompatibility, operational workflows, absent controls and software issues, as well as areas where training or user support may be required. |
3. Gifts and benefits
| Gifts and benefits registers |
All agencies had a gifts and benefits policy and 90 per cent of agencies maintain a gifts and benefits register. However, 51 per cent of the gifts and benefits registers we examined contained incomplete declarations, such as missing details for the approving officer, value of the gift and/or benefit offered and reasons supporting the decision. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate, compliant with policy and were not direct or indirect inducements to the recipients to favour suppliers or service providers. Agencies should ensure their gifts and benefits register includes all key fields specified in the Public Service Commission's minimum standards for gifts and benefits. Agencies should also perform regular reviews of the register to ensure completeness and ensure any gift or benefit accepted by a staff member meets the public's expectations for ethical behaviour. |
| Managing gifts and benefits |
We found opportunities to improve gifts and benefits processes and enhance transparency. For example, only three per cent of agencies publish their gifts and benefits registers on their websites. Agencies can improve management of gifts and benefits by:
|
| Reporting and monitoring |
Only 35 per cent of agencies reported trends in the number and nature of gifts and benefits recorded in their registers to the agency's senior executive management and/or a governance committee. Agencies should regularly report to the agency executive or other governance committee on trends in the offer and acceptance of gifts and benefits. |
4. Internal audit
| Obtaining value from the internal audit function |
Agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value. For example, only 73 per cent of CAEs regularly attend meetings of the agency board or executive management committee. Internal audit functions can add greater value by involving the CAE more extensively in executive forums as an observer. Internal audit functions should also consider producing an annual report on internal audit. An annual report allows the internal audit function to report on their performance and add value by drawing to the attention of audit and risk committees and senior management strategic issues, thematic trends and emerging risks. |
| Role of the Chief Audit Executive |
Forty-five per cent of agencies assigned responsibilities to the Chief Audit Executive (CAE) that were broader than internal audit, but 17 per cent of these had not documented safeguards to protect the independence of the CAE. The reporting lines and status of the CAE at some agencies also needs review. At two agencies, the CAE reported to the CFO. Agencies should ensure:
|
| Quality assurance and improvement program |
Thirty-five per cent of agencies did not have a documented quality assurance and improvement program for its internal audit function. The policy and the International Standards for the Professional Practice of Internal Auditing require agencies to have a documented quality assurance and improvement program. The results of this program should be reported annually. Agencies should ensure there is a documented and operational Quality Assurance and Improvement Program for the internal audit function that covers both internal and external assessments. |
5. Managing contingent labour
| Obtaining value for money from contingent labour |
According to NSW Procurement data, spend on contingent labour has increased by 75 per cent over the last five years, to $1.5 billion in 2018–19. Improvements in internal processes and a renewed focus on agency monitoring and oversight of contingent labour can help ensure agencies get the best value for money from their contingent workforces. Agencies can improve their management of contingent labour by:
We also found 57 per cent of the 23 agencies we examined with contingent labour spend of more than $5 million in 2018–19 have implemented the government's vendor management system and service provider 'Contractor Central'. |
6. Managing sensitive data
| Identifying and assessing sensitive data |
Sixty-eight per cent of agencies maintain an inventory of their sensitive data and where it resides. However, these inventories are not always complete and risks may be overlooked. Agencies can improve processes to manage sensitive data by:
|
| Managing data breaches |
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents. Agencies should maintain a data breach register to effectively manage the actions undertaken to contain, evaluate and remediate each data breach. |
This report covers the findings and recommendations from our 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies (refer to Appendix three) in the NSW public sector. The 40 agencies selected for this volume constitute around 84 per cent of total expenditure for all NSW public sector agencies.
Although the report includes several agencies that have changed as a result of the Machinery of Government changes that were effective from 1 July 2019, its focus on sector wide issues and insights means that its findings remain relevant to NSW public sector agencies, including newly formed agencies that have assumed the functions of abolished agencies.
This report offers insights into internal controls and governance in the NSW public sector
This is the third report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. For example, if they do not have strong information technology controls, sensitive information may be at risk of unauthorised access and misuse.
Areas of specific focus of the report have changed since last year
Last year's report topics included transparency and performance reporting, management of purchasing cards and taxi use, and fraud and corruption control. We are reporting on new topics this year and re-visiting agency management of gifts and benefits, which we first covered in our 2017 report. Re-visiting topics from prior years provides a baseline to show the NSW public sectors’ progress implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures and report on those that present heightened risks for agencies to mitigate. This year the report focusses on:
- internal control trends
- information technology controls, including access to agency systems
- protecting sensitive information held within agencies
- managing large and diverse workforces (controls around employing and managing contingent workers)
- maintaining an ethical culture (management of gifts and benefits)
- effectiveness of internal audit function and its oversight by Audit and Risk Committees.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, internal controls and audit observations are included in the individual 2019 cluster financial audit reports, which will be tabled in parliament from November to December 2019.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.
Key conclusions and sector wide learnings
- out of date policies or an absence of policies to guide appropriate decisions
- poor record keeping and document retention
- incomplete or inaccurate centralised registers or gaps in these registers.
Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage gifts and benefits.
Key conclusions and sector wide learnings
We found most agencies have implemented the Public Service Commission's minimum standards for gifts and benefits. All agencies had a gifts and benefits policy and 90 per cent of agencies maintained a gifts and benefits register and provided some form of training to employees on the treatment of gifts and benefits.
Based on our analysis of agency registers, we found some areas where opportunities existed to make processes more effective. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate and compliant with policy. Fifty-one per cent of the gifts and benefits registers reviewed contained declarations where not all fields of information had been completed. Seventy-seven per cent of agencies that maintained a gifts and benefits register did not include all key fields suggested by the minimum standards.
Areas where agencies can improve their management of gifts and benefits include:
- ensuring agency policies comprehensively cover the elements necessary to make it effective in an operational environment, such as identifying risks specific to the agency and actions that will be taken in the event of a policy breach
- establishing and publishing a statement of business ethics on the agency's website to clearly communicate expected behaviours to clients, customers,suppliers and contractors
- updating gifts and benefits registers to include all key fields suggested by the minimum standards, as well as performing regular reviews of the register to ensure completeness
- providing on-going training, awareness activities and support to employees, not just at induction
- regularly reporting gifts and benefits to executive management and/or a governance committee such as the audit and risk committee, focussing on trends in the number and types of gifts and benefits offered to and accepted by agency staff
- publishing their gifts and benefits registers on their websites to demonstrate a commitment to a transparently ethical environment.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency internal audit functions.
Key conclusions and sector wide learnings
We found agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems as required by TPP15-03 'Internal Audit and Risk Management Policy for the NSW Public Sector'. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value, including:
- documenting and implementing safeguards to address conflicting roles performed by the Chief Audit Executive (CAE)
- ensuring the reporting lines for the CAE comply with the NSW Treasury policy, and the CAE reports neither functionally or administratively to the finance function or other significant recipients of internal audit services
- involving the CAE more extensively in executive forums as an observer
- documenting a Quality Assurance and Improvement Program for the internal audit function and performing both internal and external performance assessments to identify opportunities for continuous improvement
- reporting against key performance indicators or a balanced scorecard and producing an annual report on internal audit to bring to the attention of the audit and risk committee and senior management strategic issues, thematic trends and emerging risks that may require further attention or resources.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to on-board, manage and off-board contingent labour.
Key conclusions and sector wide learnings
Agencies have implemented controls to manage contingent labour and most agencies have some level of reporting and oversight of contingent labour at an executive level. However, the increasing trend in spend on contingent labour warrants a renewed focus on agency monitoring and oversight of their use of contingent labour. Over the last five years spend on contingent labour has increased by 75 per cent, to $1.5 billion in 2018–19.
There are also some key gaps that limit the ability of agencies to effectively manage contingent labour. Key areas where agencies can improve their management of contingent labour include:
- preparing workforce plans to inform their resourcing strategy, and confirm prior to engaging contingent labour, that this solution aligns with the strategy and best meets business needs
- involving agency human resources units in decisions about engaging contingent labour
- regularly reporting on contingent labour use to agency executive teams, particularly in terms of trends in agency spend, tenure and compliance with policies and procedures
- strengthening on-boarding and off-boarding processes, including establishing checklists to on-board and off-board contingent labour, making provisions for knowledge transfer, and assessing, documenting and capturing performance information.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of governance and processes in relation to the management of sensitive data.
Key conclusions and sector wide learnings
Information technology risks are rapidly increasing. More interfaces between agencies and greater connectivity means the amounts of data agencies generate, access, store and share continue to increase. Some of this information is sensitive information, which is protected by the Privacy Act 1988.
It is important that agencies understand what sensitive data they hold, the risks associated with the inadvertent release of this information and how they are mitigating those risks. We found that agencies need to continue to identify and record their sensitive data, as well as expand the methods they use to identify sensitive data. This includes data held in unstructured repositories, such as network shared drives and by agency service providers.
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents.
Key areas where agencies can improve their management of sensitive data include:
- identifying sensitive data, based on a comprehensive and structured process and maintaining an inventory of the data
- assessing the criticality and sensitivity of the data so that the protection of high risk data can be prioritised
- developing comprehensive data breach management policies to ensure data breaches are appropriately managed
- maintaining a data breach incident register to record key information in relation to identified data breaches incidents, including the estimated cost of the breach
- providing on-going training and awareness activities to employees in relation to sensitive data and managing data breaches.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – In-scope agencies
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Ensuring teaching quality in NSW public schools
The Auditor-General for New South Wales, Margaret Crawford, has released a report on how the New South Wales Education and Standards Authority (NESA) and the Department of Education (the Department) ensure teaching quality in NSW public schools.
Around 2,200 NSW public school principals are responsible for accrediting their teachers in line with the Australian Professional Standards for Teachers. The report found that NESA does not oversight principals’ decisions to ensure that minimum standards for teaching quality are consistently met.
The Department does not effectively monitor teaching quality across the state. With limited data, it is difficult for the Department to ensure its strategies to improve teaching quality are appropriately targeted to improve teaching quality.
The Department’s Performance and Development Framework does not adequately support principals and supervisors to effectively manage and improve teacher performance or actively improve teaching quality. The Department manages those teachers formally identified as underperforming through teacher improvement programs. Only 53 of over 66,000 teachers employed by the Department were involved in these programs in 2018.
The report makes three recommendations towards NESA to improve accreditation processes, and four recommendations to the Department to improve its systems and processes for ensuring teaching quality across the State.
Australian research has shown that quality teaching is the greatest in-school influence on student engagement and outcomes, accounting for 30 per cent of the variance in student performance. An international comparative study of 15-year-old students showed the performance of New South Wales students in reading, mathematics and science has declined between 2006 and 2015.
The Australian Professional Standards for Teachers (the Standards) describe the knowledge, skills and understanding expected of effective teachers at different career stages. Teachers must be accredited against the Standards to be employed in NSW schools. The NSW Education Standards Authority (NESA) is responsible for ensuring all teachers in NSW schools are accredited. As part of the accreditation process the NSW Department of Education (The Department) assesses whether public school teachers meet proficient accreditation standards and advises NESA of its decisions.
The School Excellence Framework provides a method for the Department to monitor teaching quality at a school level across four elements of effective teaching practice. The Performance and Development Framework provides a method for teachers and their supervisors to monitor and improve teaching quality through setting professional goals to guide their performance and development.
The Department has a strategic goal that every student, every teacher, every leader and every school improves every year. In line with this goal, the Department has a range of strategies targeted to improving teaching quality at different career stages. These include additional resources to support new teachers, a program to support teachers to gain higher-level accreditation, support for principals to manage underperforming teachers, and a professional learning program where teachers observe and discuss each other's practice.
The objective of this audit was to assess the effectiveness of the NSW Department of Education's and the NSW Education Standards Authority's arrangements to ensure teaching quality in NSW public schools. To address this objective, the audit examined whether:
- agencies effectively monitor the quality of teaching in NSW public schools
- strategies to improve the quality of teaching are planned, communicated, implemented and monitored well.
Appendix one – Response from agencies
Appendix two – About the audit
Appendix three – Performance auditing
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary Reference: Report number #327 - released 26 September 2019
Ensuring contract management capability in government - Department of Education
This report examines whether the Department of Education has the required contract management capability to effectively manage high-value goods and services contracts (over $250,000). In 2017–18, the department managed high-value goods and services contracts worth $3.08 billion, with most of the contracts running over multiple years.
NSW government agencies are increasingly delivering services and projects through contracts with third parties. These contracts can be complex and governments face challenges in negotiating and implementing them effectively.
Contract management capability is a broad term, which can include aspects of individual staff capability as well as organisational capability (such as policies, frameworks and processes).
In 2017–18, the Department of Education (the Department) managed high-value (over $250,000) goods and services contracts worth $3.08 billion, with most of the contracts running over multiple years. The Department delivers, funds and regulates education services for NSW students from early childhood to secondary school.
This audit examined whether the Department has the required capability to effectively manage high-value goods and services contracts.
We did not examine infrastructure, construction or information communication and technology contracts. We assessed the Department against the following criteria:
- The Department’s policies and procedures support effective contract management and are consistent with relevant frameworks, policies and guidelines.
- The Department has capable personnel to effectively conduct the monitoring activities throughout the life of the contract.
The NSW Public Service Commission and the Department of Finance, Services and Innovation are included as auditees as they administer policies which directly affect contract management capability, including:
- NSW Procurement Board Directions and policies
- NSW Procurement Agency Accreditation Scheme
- NSW Public Sector Capability Framework.
The Department of Finance, Services and Innovation's responsibility for NSW Procurement will transfer to NSW Treasury on 1 July 2019 as part of changes to government administrative arrangements announced on 2 April 2019 and amended on 1 May 2019.
|
Conclusion The Department of Education's procedures and policies for goods and services contract management are consistent with relevant guidance. It also has a systemic approach to defining the capability required for contract management roles. That said, there are gaps in how well the Department uses this capability to ensure its contracts are performing. We also found one program (comprising 645 contracts) that was not compliant with the Department's policies. The Department has up-to-date policies and procedures that are consistent with relevant guidance. The Department also communicates changes to procurement related policies, monitors compliance with policies and conducts regular reviews aiming to identify non-compliance. The Department uses the NSW Public Service Commission's capability framework to support its workforce management and development. The capability framework includes general contract management capability for all staff and occupation specific capabilities for contract managers. The Department also provides learning and development for staff who manage contracts to improve their capability. The Department provides some guidance on different ways that contract managers can validate performance information provided by suppliers. However, the Department does not provide guidance to assist contract managers to choose the best validation strategy according to contract risk. This could lead to inconsistent practice and contracts not delivering what they are supposed to. We found that none of the 645 contracts associated with the Assisted Schools Travel Program (estimated value of $182 million in 2018–19) have contract management plans. This is contrary to the Department's policies and increases the risk that contract managers are not effectively reviewing performance and resolving disputes. |
Appendix one - Response from agencies
Appendix two - About the audit
Appendix three - Performance auditing
Parliamentary Reference: Report number #325 - released 28 June 2019
Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Development assessment: pre-lodgement and lodgement in Camden Council and Randwick City Council
The report found that both councils could do more to monitor and assess the effectiveness of their pre-lodgement and lodgement stages. The audit highlighted that Randwick City Council closely follows guidance designed to encourage good practice in these initial stages of its development assessments. It also demonstrated it was timely when processing lodgements. Camden Council is partially following the guidance and could not demonstrate that its lodgement stage was timely.
A development application is a formal application for development that requires consent under the NSW Environmental Planning and Assessment Act 1979. It is usually lodged with the local council for processing and determination, and consists of standard application forms, supporting technical reports and plans.
In March 2017, the NSW Department of Planning and Environment (DPE)1 released the ‘Development Assessment Best Practice Guide' designed to help councils assess development applications in a timely manner and provide a better experience for applicants.
DPE's guide describes the development assessment process in five stages.
According to the Guidance, councils should systematically measure, monitor and review development assessment outcomes and timeframes against performance targets to ensure the process is transparent, accountable and outcome-focused.
Appendix one – Response from agencies
Appendix two – Council's alignment with the guidance
Appendix three – About the audit
Appendix four – Performance auditing
Parliamentary Reference: Report number #322 - released 20 June 2019
Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Domestic waste management in Campbelltown City Council and Fairfield City Council
The Auditor-General for New South Wales, Margaret Crawford, today released a report on Domestic waste management in Campbelltown City Council and Fairfield City Council.The report found that both Councils collect and transport domestic kerbside waste effectively and process it at a low cost. The Councils also effectively process waste placed in green-lid and yellow-lid bins, but neither Council has been able to enforce their contracts for processing red-lid bin waste. As a result, almost all such waste goes straight to landfill.
Local councils provide waste management services to their residents. They collect domestic waste primarily through kerbside services, but also at council drop off facilities. Waste management is one of the major services local councils deliver. Each year, councils collectively manage an estimated 3.5 million tonnes of waste generated by New South Wales residents.
Waste disposed of in landfills attracts a NSW Government waste levy. Councils’ kerbside services help residents to separate recyclable and non recyclable waste. This reduces the cost of waste disposed to landfill. These services typically provide yellow-lid bins for dry recyclables, green-lid bins for garden organics and red-lid bins for residual waste. To increase the level of recycling, some councils deliver residual waste to alternative waste treatment facilities for processing. This can involve composting and the recovery of resources, including plastics and metals, which can be recycled.
Appendix one - Responses from local councils
Appendix two - About the audit
Appendix three - Performance auditing
Parliamentary Reference: Report number #320 - released 5 June 2019
Engagement of probity advisers and probity auditors
Three key agencies are not fully complying with the NSW Procurement Board’s Direction for engaging probity practitioners, according to a report released today by the Acting Auditor-General for New South Wales, Ian Goodwin. They also do not have effective processes to achieve compliance or assure that probity engagements achieved value for money.
Probity is defined as the quality of having strong moral principles, honesty and decency. Probity is important for NSW Government agencies as it helps ensure decisions are made with integrity, fairness and accountability, while attaining value for money.
Probity advisers provide guidance on issues concerning integrity, fairness and accountability that may arise throughout asset procurement and disposal processes. Probity auditors verify that agencies' processes are consistent with government laws and legislation, guidelines and best practice principles.
According to the NSW State Infrastructure Strategy 2018-2038, New South Wales has more infrastructure projects underway than any state or territory in Australia. The scale of the spend on procuring and constructing new public transport networks, roads, schools and hospitals, the complexity of these projects and public scrutiny of aspects of their delivery has increased the focus on probity in the public sector.
A Procurement Board Direction, 'PBD-2013-05 Engagement of probity advisers and probity auditors' (the Direction), sets out the requirements for NSW Government agencies' use and engagement of probity practitioners. It confirms agencies should routinely take into account probity considerations in their procurement. The Direction also specifies that NSW Government agencies can use probity advisers and probity auditors (probity practitioners) when making decisions on procuring and disposing of assets, but that agencies:
- should use external probity practitioners as the exception rather than the rule
- should not use external probity practitioners as an 'insurance policy'
- must be accountable for decisions made
- cannot substitute the use of probity practitioners for good management practices
- not engage the same probity practitioner on an ongoing basis, and ensure the relationship remains robustly independent.
The scale of probity spend may be small in the context of the NSW Government's spend on projects. However, government agencies remain responsible for probity considerations whether they engage external probity practitioners or not.
The audit assessed whether Transport for NSW, the Department of Education and the Ministry of Health:
- complied with the requirements of ‘PBD-2013-05 Engagement of Probity Advisers and Probity Auditors’
- effectively ensured they achieved value for money when they used probity practitioners.
These entities are referred to as 'participating agencies' in this report.
We also surveyed 40 NSW Government agencies with the largest total expenditures (top 40 agencies) to get a cross sector view of their use of probity practitioners. These agencies are listed in Appendix two.
Conclusion
We found instances where each of the three participating agencies had not fully complied with the requirements of the NSW Procurement Board Direction ‘PBD-2013-05 Engagement of Probity Advisers and Probity Auditors’ when they engaged probity practitioners. We also found they did not have effective processes to achieve compliance or assure the engagements achieved value for money.
In the sample of engagements we selected, we found instances where the participating agencies did not always:
- document detailed terms of reference
- ensure the practitioner was sufficiently independent
- manage probity practitioners' independence and conflict of interest issues transparently
- provide practitioners with full access to records, people and meetings
- establish independent reporting lines reporting was limited to project managers
- evaluate whether value for money was achieved.
We also found:
- agencies tend to rely on only a limited number of probity service providers, sometimes using them on a continuous basis, which may threaten the actual or perceived independence of probity practitioners
- the NSW Procurement Board does not effectively monitor agencies' compliance with the Direction's requirements. Our enquiries revealed that the Board has not asked any agency to report on its use of probity practitioners since the Direction's inception in 2013.
There are no professional standards and capability requirements for probity practitioners
NSW Government agencies use probity practitioners to independently verify that their procurement and asset disposal processes are transparent, fair and accountable in the pursuit of value for money.
Probity practitioners are not subject to regulations that require them to have professional qualifications, experience and capability. Government agencies in New South Wales have difficulty finding probity standards, regulations or best practice guides to reference, which may diminish the degree of reliance stakeholders can place on practitioners’ work.
The NSW Procurement Board provides direction for the use of probity practitioners
The NSW Procurement Board Direction 'PBD-2013-15 for engagement of probity advisers and probity auditors' outlines the requirements for agencies' use of probity practitioners in the New South Wales public sector. All NSW Government agencies, except local government, state owned corporations and universities, must comply with the Direction when engaging probity practitioners. This is illustrated in Exhibit 1 below.
Wellbeing of secondary school students
The Department of Education has a strong focus on supporting secondary school students’ wellbeing. However, it is difficult to assess how well the Department is progressing as it is yet to measure or report on the outcomes of this work at a whole-of-state level.
The Department of Education’s (the Department) purpose is to prepare young people for rewarding lives as engaged citizens in a complex and dynamic society. The Department commits to creating quality learning opportunities for children and young people, including a commitment to student wellbeing, which is seen as directly linked to positive learning outcomes. Wellbeing is defined broadly by the Department as “the quality of a person’s life…It is more than the absence of physical or psychological illness”. Student wellbeing can be supported by everything a school does to enhance a student's learning—from curriculum to teacher quality to targeted policies and programs to whole-school approaches to wellbeing.
Several reforms have aimed to support student wellbeing in recent years. 'Local Schools, Local Decisions' gave NSW schools more local authority to make decisions, including schools' approaches to support student wellbeing. In 2016, the 'Supported Students, Successful Students' initiative provided $167 million over four years to support the wellbeing of students. From 2018, the 'Every Student is Known, Valued and Cared For' initiative provides a principal led mentoring program, and a website with policies, procedures and resources to support student wellbeing.
This audit assessed how well the Department of Education supports secondary schools to promote and support the wellbeing of their students and how well secondary schools are promoting and supporting the wellbeing of their students.
Conclusion
The Department has implemented a range of programs and reforms aimed at supporting student wellbeing. However, the outcomes of this work have yet to be measured or reported on at a system level, making it difficult to assess the Department's progress in improving student wellbeing.
Secondary schools have generally adopted a structured approach to deliver wellbeing support and programs, using both Department and localised resources. The approaches have been tailored to meet the needs of their school community. That said, public reporting on wellbeing improvement measures via annual school reports is of variable quality and needs to improve.
The Department’s wellbeing initiatives are supported by research and consultation, but outcomes have not been reported on
The Department’s development of wellbeing policy, guidance, tools and resources has been transparent, consultative and well researched. It has drawn on international and domestic evidence to support its aim to deliver a fundamental shift from welfare to wellbeing at the school and system level.
However, the key performance indicator to monitor and track progress in wellbeing has yet to be reported on despite the strategic plan including this as a priority for the period 2018 to 2022. This includes not yet reporting a baseline for the target, nor how it will be measured.
The Department’s wellbeing resources are mostly well targeted but there is room for improvement
The Department’s allocation of resources to deliver wellbeing initiatives in schools is mostly well targeted, reflects a needs basis and supports current strategic directions. This could be improved with some changes to formula allocations and clearer definitions of the resourcing required for identified wellbeing positions in schools. The workforce modelling for forecasting supply and demand, specifically for school counsellors and psychologists, needs to separately identify these positions as they are currently subsumed in general teacher numbers.
Schools' reporting on wellbeing improvement measures is of variable quality and needs to improve
Schools we visited demonstrated a variety of approaches to wellbeing depending on their local circumstances and student populations. They make use of Department policies, guidelines, and resources, particularly mandatory policies and data collections, which have good compliance and take-up at school level. Professional learning supports specific wellbeing initiatives and online systems for monitoring and reporting have contributed to schools’ capacity and capabilities.
Schools report publicly on wellbeing improvement measures through annual school reports but this reporting is of variable quality. The Department plans to improve the capability of schools in data analysis and we recommend that this include the setting and evaluation of improvement targets for wellbeing.
The implementation of the 2015 Wellbeing Framework in schools is incomplete and the Department has not effectively prioritised and consolidated tools, systems and reporting for wellbeing
Schools' take up of the 2015 Wellbeing Framework is hindered by it not being linked to the school planning and reporting policy and tools—the School Excellence Framework. At some schools we visited, this disconnect has led to a lack of knowledge and confidence in using it in schools. The Department has identified the need to improve alignment of policies, frameworks and plans and has commenced work on this.
We found evidence of overburdening in schools for addressing student wellbeing—in the number of tools, online systems for information collection, and duplication in reporting. Following the significant reforms of recent years, the Department should consolidate its efforts by reinforcing existing effective programs and systems and addressing identified gaps and equity issues, rather than introducing further change for schools. In particular, methods and processes for complex case coordination need improvement.
The NSW Department of Education commits to creating quality learning opportunities for students. This includes strengthening students’ physical, social, emotional and spiritual development. The Department sets out to enable students to be healthy, happy, engaged and successful.
Welfare and wellbeing
The Department’s approach has significantly shifted from student welfare to wellbeing of the whole child and young person. Wellbeing is defined in departmental policy and strategy documents broadly, and as directly linked to learning and positive learning outcomes. “Wellbeing can be described as the quality of a person’s life…It is more than the absence of physical or psychological illness…Wellbeing, or the lack of it, can affect a student’s engagement and success in learning…”
Student wellbeing can be supported by everything a school does to enhance a student's learning—from curriculum to teacher quality to targeted policies and programs to whole-school approaches to wellbeing. Distinctions between wellbeing and welfare in the school context are outlined below.
| Welfare | Wellbeing |
|---|---|
| Operates from a basis of student need and doesn't always take into account a whole child view. | For all students. |
| Rather than building on the strengths of students, operates from a deficit model of individual student problems or negative behaviours. | Goes beyond just welfare needs of a few students and aims for all students to be healthy, happy, successful and productive individuals who are active and positive contributors to the school and society in which they live. |
Appendix one - Response from agency
Appendix two - Key policies, guidance, and systems
Appendix three - Funding and resources for schools
Appendix four - Measuring wellbeing
Appendix five - About the audit
Appendix six - Performance auditing
Parliamentary Reference: Report number #318 - released 23 May 2019
Supply of secondary teachers in STEM-related disciplines
The NSW Department of Education’s plans and strategies to respond to the demand for secondary teachers in STEM-related disciplines are limited by incomplete data and underperforming scholarship and sponsorship program. The Department does not collect sufficient information to monitor what disciplines teachers actually teach nor does it predict supply and demand for teachers by discipline and location. This restricts the Department’s ability to track and forecast the supply and demand for secondary teachers in STEM-related disciplines.
In recent years, Australian and international education policy has focused on improving outcomes in Science, Technology, Engineering and Mathematics (STEM) subjects. However, research has identified a shortage of qualified secondary teachers in STEM-related disciplines 1. This is projected to worsen due to a combination of student population increases, an ageing workforce, and fewer people going into teaching. Shortfalls are likely to be more acute in rural and remote areas, and areas of low socio-economic status.
The Department of Education (the Department) has a variety of strategies to encourage teachers to practise in locations or disciplines of need. These include scholarships for tertiary students going into teaching, sponsorships for teachers seeking approval to teach additional disciplines, and incentives to attract teachers to rural and remote locations.
This audit assessed the effectiveness of the Department's workforce plans and strategies in responding to the demand for secondary teachers in STEM-related disciplines. We assessed:
- how well the Department tracks the supply and demand for secondary teachers in STEM-related disciplines across NSW
- whether the Department has effective strategies to attract and retain secondary teachers in STEM-related disciplines.
There are two key shortcomings that fundamentally limit the effectiveness of the Department's plans and strategies to respond to the demand for secondary teachers in STEM-related disciplines. First, the Department is not accurately tracking the supply and demand for secondary teachers by discipline due to incomplete data. Second, not all scholarship and sponsorship places are allocated and many scholars withdraw from the programs before completion. The Department has recognised and started to address these problems with a new workforce model, revised incentives and scholarship programs.
The Department’s current workforce planning model does not provide the information needed to target workforce plans and strategies to areas of need. This is because it does not predict supply and demand for teachers by discipline and location. An internal review in 2017 acknowledged the limitations of this model. In response the Department developed a new model, which it is currently enhancing, to predict supply and demand for teachers by discipline and location. For this to be successful, the Department needs to monitor the level of out-of-field teaching and improve data on the willingness of teachers to work in particular locations.
The Department does not allocate all available scholarship and sponsorship places and around 30 per cent of recipients do not complete the term of their agreement. An internal review in 2017 highlighted that some programs were not targeting workforce need and that there were no key performance indicators to determine the overall effectiveness of these programs. However, scholarship programs and incentives are promoted well through social media and face-to-face events at Universities. Further, the Department has used findings from internal reviews of incentives and scholarships in 2016 and 2017 to inform recent changes to programs.
The Department has little oversight of access to practicum placements for pre-service teachers in areas of need. Professional experience agreements were established with each University in 2015 to improve the placement process for disciplines of need. Initial teacher education students must complete several ‘practicum placements’ before they can be qualified to teach in a school. Several universities we consulted reported difficulties finding practicum placements for pre-service teachers specialising in STEM-related disciplines. The Department is now revising the agreements to improve the quality of data it collects on the number, location and subject area of practicum placements.
The Department is not accurately tracking the supply and demand for secondary teachers by discipline due to incomplete data.
The Department’s current workforce planning model does not accurately predict supply and demand for teachers by discipline and location. An internal review in 2017 acknowledged the limitations of this model. In response the Department developed a new model which it is currently enhancing to address the findings of the review. For this model to be successful, the Department needs to monitor the level of out-of-field teaching and improve data on the willingness of teachers to work in particular locations. Further work also needs to be undertaken to refine the assumptions that underpin the Department’s workforce planning models as it starts to predict the need for teachers by discipline.
The Department has not publicly reported on the supply and demand for teachers by discipline since 2015. While it does report annually on its current workforce profile, this information is not detailed enough to inform future strategies or programs. More detailed public reporting may help the Department to influence the future supply of teachers by communicating its projected areas of need. Planned improvements to the Department's workforce planning model, as relayed to us, will add to the data available on areas of need. Once available, this should be reported publicly.
Recommendations
By December 2019, the Department of Education should:
- Improve its workforce planning model to better understand and communicate supply and demand for teachers by:
- determining the extent, and analysing the impact, of out-of-field teaching by permanent and temporary teachers in each school
- sourcing additional data to more accurately reflect teacher location preferences
- projecting supply and demand by subject level and geographic area
- regularly reporting on the supply and demand for secondary teachers in each discipline to communicate future areas of need to future teacher education students.
The Department's current scholarship and sponsorship programs are not allocating all available places and many scholars withdraw from the programs before completion. An internal review in 2017 raised several issues with the effectiveness of programs and the Department has started to revise its scholarship, sponsorship and incentive programs.
An internal review in 2017 highlighted that scholarship and sponsorship programs were not targeting workforce need, and that there were no key performance indicators to determine the overall effectiveness of these strategies. In addition, the review found that only 79 per cent of available scholarship placements are allocated each year, and 31 per cent of scholarship recipients withdraw prior to completing their required service period. The Department recently announced changes to its scholarship programs from 2019 onwards.
The Department has incentives to encourage teachers to work in rural and remote areas, including teachers in STEM-related disciplines. Incentives include access to priority transfers, rental subsidies and other allowances. Research conducted in 2016 examined the influence of incentives in encouraging teachers to work in rural and remote areas. The Department used findings of this research when updating its set of rural and remote incentives in 2017.
The Department promotes its scholarship and sponsorship programs through the teach.NSW website. It uses social media to direct applicants to this website. It also promotes its programs through careers fairs, University open days, and professional events. Past applicants have reported that the website clearly communicates eligibility criteria and the terms of agreement for all scholarship programs.
The Department could strengthen its relationship with universities to attract teachers to areas of need by collecting and analysing data on practicum placements, facilitating placements for scholarship recipients, and communicating predicted teacher needs by discipline.
Recommendations
By December 2019, the Department of Education should:
2. Implement changes to address the findings of the 'Teacher Scholarship Realignment' report, including by:
- testing a range of program designs with target candidates to determine the best options to attract more suitable applicants
- establishing key performance indicators, and setting targets, to better monitor the effectiveness of the programs
- reducing the number of scholars appointed to over-establishment positions
- increasing the proportion of scholars appointed to priority locations
- further analysing scholarship recipients career paths to inform future improvements to the scholarship programs.
3. Review its role in the practicum placement process of pre-service teachers by:
- analysing how many students each school accommodates per year, to ensure there are appropriate placements available for students in high needs disciplines
- working with universities to facilitate practicum placements for scholarship recipients
- establishing mechanisms for ongoing monitoring of its partnerships with universities to ensure they are meeting their aims.
Appendix one - Response from agency
Appendix two - About the audit
Appendix three - Performance auditing
Parliamentary Reference - Report number #313 - released 29 January 2019.
Education 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the results of the financial audits of agencies in the Education cluster. The report focuses on key observations and findings from the most recent financial audits of these agencies. 'I am pleased to report that unqualified audit opinions were issued on the financial statements of both agencies in the Education cluster', the Auditor-General said. Statements were submitted and audited within statutory deadlines.
This report analyses the results of our audits of financial statements of the Education cluster for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the Education cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- service delivery.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster for 2017–18.
| Observation | Conclusions and recommendations |
| 2.1 Quality of financial reporting | |
| Unqualified audit opinions were issued on the financial statements of both cluster agencies. | Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement. |
| 2.2 Timeliness of financial reporting | |
| Both cluster agencies met the statutory deadlines for completing early close procedures and submitting financial statements. | Early close procedures continue to facilitate the timely preparation of cluster agencies’ financial statements and completion of audits, but scope exists to improve outcomes by resolving issues and supplying supporting documentation earlier. |
| 2.3 Key issues from financial audits | |
| Inconsistencies in the Department’s annual leave and long service leave data, identified over the past three audits, remain unresolved. This issue impacts the Department’s liability estimates for annual leave and long service leave, including associated on-costs. It also on-flows to the Crown Entity, which assumes the Department's liability for long service leave. | Recommendation: The Department should confirm leave data and review assumptions following deployment of the new HR/Payroll system to better estimate the liability for employee benefits and the amount to be assumed by the Crown Entity. |
| 2.4 Key financial information | |
| Cluster agencies recorded net deficits in 2017–18. |
The Department recorded a net deficit of $30.7 million in 2017–18 against a budgeted surplus of $122 million. The NSW Education Standards Authority recorded a net deficit of $4.1 million against a budgeted deficit of $4.7 million. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Education cluster for 2018
- the areas of focus identified in the Audit Office work program.
The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
| Observation | Conclusions and recommendations |
| 3.1 Internal controls | |
| Twenty internal control deficiencies were identified during our audits of cluster agencies. We assessed one as a high risk finding. | |
| Eight internal control weaknesses were repeat issues from previous financial audits that had not been fully addressed by management. | Recommendation: Management should prioritise and action recommendations to address internal control weaknesses. |
| 3.2 Information technology | |
| Delivery of the Learning Management and Business Reform (LMBR) program is complete. |
The LMBR program has been a major project for the Department since it was established in 2006. A staged approach was adopted for implementing the Department’s new HR/Payroll system to manage the risks associated with this large-scale roll-out. |
| 3.3 Valuation of the Department’s land and buildings | |
| The Department completed a revaluation of land and building assets during 2017–18. |
A market approach was used to revalue the Department’s land, resulting in a revaluation increment of $2.3 billion. A current replacement cost approach was used to revalue the Department’s school buildings, resulting in an increment of $6.2 billion. |
| 3.4 Maintenance of school facilities | |
| The Department regularly assesses the condition of school buildings and uses Life Cycle Costing to predict maintenance and capital renewal, and to prioritise maintenance activities. | The Life Cycle Costing assessment conducted by the Department in 2017–18 rated 70 per cent of school buildings as being in either as new or good condition. No school buildings were rated as being in end-of-life condition. |
| 3.4 School asset delivery | |
| The Department’s School Assets Strategic Plan is designed to ensure that there are sufficient fit-for-purpose places for students up to 2031. | The Department created a new division, School Infrastructure NSW, to oversee the planning, supply and maintenance of schools and implement major school infrastructure projects. |
This chapter provides service delivery outcomes for the Education cluster for 2017–18. It provides important contextual information about the cluster's operation, but the data on achievement of these outcomes is not audited. The Audit Office does not have a specific mandate to audit performance information.
Internal Controls and Governance 2018
The Auditor-General for New South Wales Margaret Crawford found that as NSW state government agencies’ digital footprint increases they need to do more to address new and emerging information technology (IT) risks. This is one of the key findings to emerge from the second stand-alone report on internal controls and governance of the 40 largest NSW state government agencies.
This report analyses the internal controls and governance of the 40 largest agencies in the NSW public sector for the year ended 30 June 2018.
This report covers the findings and recommendations from our 2017–18 financial audits that relate to internal controls and governance at the 40 largest agencies (refer to Appendix three) in the NSW public sector.
This report offers insights into internal controls and governance in the NSW public sector
This is our second report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. The way agencies deliver services increasingly relies on contracts and partnerships with the private sector. Many of these arrangements deliver front line services, but others provide less visible back office support. For example, an agency may rely on an IT service provider to manage a key system used to provide services to the community. The contract and service level agreements are only truly effective where they are actively managed to reduce risks to continuous quality service delivery, such as interruptions caused by system outages, cyber security attacks and data security breaches.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures, and report on those that present heightened risks for agencies to mitigate. This report divides these into the following five areas:
- Internal control trends
- Information technology (IT), including IT vendor management
- Transparency and performance reporting
- Management of purchasing cards and taxis
- Fraud and corruption control.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2018 cluster financial audit reports, which will be tabled in Parliament from November to December 2018.
The focus of the report has changed since last year
Last year's report topics included asset management, ethics and conduct, and risk management. We are reporting on new topics this year. We plan to introduce new topics and re-visit our previous topics in subsequent reports on a cyclical basis. This will provide a baseline against which to measure the NSW public sectors’ progress in implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Agencies selected for the volume account for 95 per cent of the state's expenditure
While we have covered only 40 agencies in this report, those selected are a large enough group to identify common issues and insights. They represent about 95 per cent of total expenditure for all NSW public sector agencies.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume presents this year’s controls and governance findings in more detail.
| Observation | Conclusions and recommendations |
|---|---|
| 2.1 High risk findings | |
| We found six high risk findings (seven in 2016–17), one of which was repeated from both last year and 2015–16. | Recommendation: Agencies should reduce risk by addressing high risk internal control deficiencies as a priority. |
| 2.2 Common findings | |
| We found several internal controls and governance findings common to multiple agencies. | Conclusion: Central agencies or the lead agency in a cluster can play a lead role in helping ensure agency responses to common findings are consistent, timely, efficient and effective. |
| 2.3 New and repeat findings | |
| Although internal control deficiencies decreased over the last four years, this year has seen a 42 per cent increase in internal control deficiencies. | The increase in new IT control deficiencies and repeat IT control deficiencies signifies an emerging risk for agencies. |
| IT control deficiencies feature in this increase, having risen by 63 per cent since last year. The number of repeat IT control deficiencies has doubled and is driven by the increasing digital footprint left by agencies as government prioritises on-line interfaces with citizens, and the number of transactions conducted through digital channels increases |
Recommendation: Agencies should reduce IT risks by:
|
Government agencies’ financial reporting is now heavily reliant on information technology (IT). IT is also increasingly important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our audits reviewed whether agencies have effective controls in place to manage both key financial systems and IT service contracts.
| Observation | Conclusions and recommendations |
|---|---|
| 3.1 Management of IT vendors | |
| Contract management framework Although 87 per cent of agencies have a contract management policy to manage IT vendors, one fifth require review. |
Conclusion: Agencies can more effectively manage IT vendor contracts by developing policies and procedures to ensure vendor management frameworks are kept up to date, plans are in place to manage vendor performance and risk, and compliance with the framework is monitored by:
|
| Contract risk management Forty-one per cent of agencies are not using contract management plans and do not assess contract risks. Half of the agencies that did assess contract risks, had not updated the risk assessments since the commencement of the contract. |
Conclusion: Instead of applying a 'set and forget' approach in relation to management of contract risks, agencies should assess risk regularly and develop a plan to actively manage identified risks throughout the contract lifecycle - from negotiation and commencement, to termination. |
|
Performance management Only 24 per cent of agencies sought assurance about the accuracy of vendor reporting against KPIs, yet sixty-seven per cent of the IT contracts allow agencies to determine performance based payments and/or penalise underperformance. |
Conclusion: Agencies are monitoring IT vendor performance, but could improve outcomes and more effectively manage under-performance by:
|
|
Transitioning services Where IT vendor contracts do make provision for transitioning-out, only 28 per cent of agencies have developed a transitioning-out plan with their IT vendor. |
Conclusion: Contract transition/phase out clauses and plans can mitigate risks to service disruption, ensure internal controls remain in place, avoid unnecessary costs and reduce the risk of 'vendor lock-in'. |
| Contract Registers Eleven out of forty agencies did not have a contract register, or have registers that are not accurate and/or complete. |
Conclusion: A contract register helps to manage an agency’s compliance obligations under the Government Information (Public Access) Act 2009 (the GIPA Act). However, it also helps agencies more effectively manage IT vendors by:
Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations. |
| 3.2 IT general controls | |
| Governance Ninety-five per cent of agencies have established policies to manage key IT processes and functions within the agency, with ten per cent of those due for review. |
Conclusion: Regular review of IT policies ensures risks are considered and appropriate strategies and procedures are implemented to manage these risks on a consistent basis. An absence of policies can lead to ad-hoc responses to risks, and failure to consider emerging IT risks and changes to agency IT environments. |
|
User access administration
|
Recommendation: Agencies should strengthen the administration of user access to prevent inappropriate access to key systems. |
| Privileged access Forty per cent of agencies do not periodically review logs of the activities of privileged users to identify suspicious or unauthorised activities. |
Recommendation: Agencies should:
|
| Password controls Twenty-three per cent of agencies did not comply with their own policy on password parameters. |
Recommendation: Agencies should ensure IT password settings comply with their password policies. |
| Program changes Fifteen per cent of agencies had deficient IT program change controls mainly related to segregation of duties and authorisation and testing of IT program changes prior to deployment. |
Recommendation: Agencies should maintain appropriate segregation of duties in their IT functions and test system changes before they are deployed. |
This chapter outlines our audit observations, conclusions and recommendations from our review of how agencies reported their performance in their 2016–17 annual reports. The Annual Reports (Statutory Bodies) Regulation 2015 and Annual Reports (Departments) Regulation 2015 (annual reports regulation) currently prescribes the minimum requirements for agency annual reports.
| Observation | Conclusion or recommendation |
| 4.1 Reporting on performance | |
|
Only 57 per cent of agencies linked reporting on performance to their strategic objectives. The use of targets and reporting performance over time was limited and applied inconsistently. |
Conclusion: There is significant disparity in the quality and consistency of how agencies report on their performance in their annual reports. This limits the reliability and transparency of reported performance information. Agencies could improve performance reporting by clearly linking strategic objectives to reported outcomes, and reporting on performance against targets over time. NSW Treasury may need to provide more guidance to agencies to support consistent and high-quality performance reporting in annual reports. |
|
There is no independent assurance that the performance metrics agencies report in their annual reports are accurate. Prior performance audits have noted issues related to the collection of performance information. For example, our 2016 Report on Red Tape Reduction highlighted inaccuracies in how the dollar-value of red tape reduction had been reported. |
Conclusion: The ability of Parliament and the public to rely on reported information as a relevant and accurate reflection of an agency's performance is limited. The relevance and accuracy of performance information is enhanced when:
|
| 4.2 Reporting on reports | |
|
Agency reporting on major projects does not meet the requirements of the annual reports regulation. Forty-seven per cent of agencies did not report on costs to date and estimated completion dates for major works in progress. Of the 47 per cent of agencies that reported on major works, only one agency reported detail about significant cost overruns, delays, amendments, deferments or cancellations. |
NSW Treasury produce an annual report checklist to help agencies comply with their annual report obligations. Recommendation: Agencies should comply with the annual reports regulation and report on all mandatory fields, including significant cost overruns and delays, for their major works in progress. |
|
The information the annual reports regulation requires agencies to report deals only with major works in progress. There is no requirement to report on completed works. Sixteen of 30 agencies reported some information on completed major works. |
Conclusion: Agencies could improve their transparency if they reported, or were required to report:
|
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency preventative and detective controls over purchasing card and taxi use for 2017–18.
| Observation | Conclusion or recommendation |
| 5.1 Management of purchasing cards | |
| Volume of credit card spend Purchasing card expenditure has increased by 76 per cent over the last four years in response to a government review into the cost savings possible from using purchasing cards for low value, high volume procurement. |
Conclusion: The increasing use of purchasing cards highlights the importance of an effective framework for the use and management of purchasing cards. |
| Policy framework We found all agencies that held purchasing cards had a policy in place, but 26 per cent of agencies have not reviewed their purchasing card policy by the scheduled date, or do not have a scheduled revision date stated within their policy. |
Recommendation: Agencies should mitigate the risks associated with increased purchasing card use by ensuring policies and purchasing card frameworks remain current and compliant with the core requirements of TPP 17–09 'Use and Management of NSW Government Purchasing Cards'. |
| Preventative controls We found that:
|
Agencies have designed and implemented preventative controls aimed at deterring the potential misuse of purchasing cards. Conclusion: Further opportunities exist for agencies to better control the use of purchasing cards, such as:
|
|
Detective controls Major reviews, such as data analytics (29 per cent of agencies) and independent spot checks (49 per cent of agencies) are not widely used. |
Agencies have designed and implemented detective controls aimed at identifying potential misuse of purchasing cards. Conclusion: More effective monitoring using purchasing card data can provide better visibility over spending activity and can be used to:
|
| 5.2 Management of taxis | |
| Policy framework Thirteen per cent of agencies have not developed and implemented a policy to manage taxi use. In addition:
|
Conclusion: Agencies can promote savings and provide more options to staff where their taxi use policies:
|
| Detective controls All agencies approve taxi expenditure by expense reimbursement, purchasing card and Cabcharge, and have implemented controls around this approval process. However, beyond this there is minimal monitoring and review activity, such as data monitoring, independent spot checks or internal audit reviews. |
Conclusion: Taxi spend at agencies is not significant in terms of its dollar value, but it is significant from a probity perspective. Agencies can better address the probity risk by incorporating taxi use into a broader purchasing card or fraud monitoring program. |
Fraud and corruption control is one of the 17 key elements of our governance lighthouse. Recent reports from ICAC into state agencies and local government councils highlight the need for effective fraud control and ethical frameworks. Effective frameworks can help protect an agency from events that risk serious reputational damage and financial loss.
Our 2016 Fraud Survey found the NSW Government agencies we surveyed reported 1,077 frauds over the three year period to 30 June 2015. For those frauds where an estimate of losses was made, the reported value exceeded $10.0 million. The report also highlighted that the full extent of fraud in the NSW public sector could be higher than reported because:
- unreported frauds in organisations can be almost three times the number of reported frauds
- our 2015 survey did not include all NSW public sector agencies, nor did it include any NSW universities or local councils
- fraud committed by citizens such as fare evasion and fraudulent state tax self-assessments was not within the scope of our 2015 survey
- agencies did not estimate a value for 599 of the 1,077 (56 per cent) reported frauds.
Commissioning and outsourcing of services to the private sector and the advancement of digital technology are changing the fraud and corruption risks agencies face. Fraud risk assessments should be updated regularly and in particular where there are changes in agency business models. NSW Treasury Circular TC18-02 NSW Fraud and Corruption Control Policy now requires agencies develop, implement and maintain a fraud and corruption control framework, effective from 1 July 2018.
Our Fraud Control Improvement Kit provides guidance and practical advice to help organisations implement an effective fraud control framework. The kit is divided into ten attributes. Three key attributes have been assessed below; prevention, detection and notification systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency fraud and corruption controls for 2017–18.
| Observation | Conclusion or recommendation |
| 6.1 Prevention systems | |
|
Prevention systems Only 54 per cent of agencies have an employment screening policy and all agencies have IT security policies, but gaps in IT security controls could undermine their policies. |
Conclusion: Most agencies have implemented fraud prevention systems to reduce the risk of fraud. However poor IT security along with other gaps in agency prevention systems, such as employment screening practices heightens the risk of fraud and inappropriate use of data. Agencies can improve their fraud prevention systems by:
|
| Twenty-three per cent of agencies were not performing fraud risk assessments and some agency fraud risk assessments may not be as robust as they could be. | Conclusion: Agencies' systems of internal controls may be less effective where new and emerging fraud risks have been overlooked, or known weaknesses have not been rectified. |
| 6.2 Detection systems | |
| Detection systems Several agencies reported they were developing a data monitoring program, but only 38 per cent of agencies had already implemented a program. |
Studies have shown data monitoring, whereby entire populations of transactional data are analysed for indicators of fraudulent activity, is one of the most effective methods of early detection. Early detection decreases the duration a fraud remains undetected thereby limiting the extent of losses. Conclusion: Data monitoring is an effective tool for early detection of fraud and is more effective when informed by a comprehensive fraud risk assessment. |
| 6.3 Notification systems | |
| Notification system All agencies have notification systems for reporting actual or suspected fraud and corruption. Most agencies provide multiple reporting lines, provide training and publicise options for staff to report actual or suspected fraud and corruption. |
Conclusion: Training staff about their obligations and the use of fraud notification systems promotes a fraud-aware culture |
