Refine search Expand filter

Audit progress

- Any -

Sector

- Any -

Year

- Any -

Report type

- Any -

Topic

- Any -

Reports

Published

Service NSW's handling of personal information

Premier and Cabinet
Finance
Cyber security
Fraud
Information technology
Internal controls and governance
Management and administration
Risk
Service delivery

The Auditor-General for New South Wales, Margaret Crawford, released a report today examining the effectiveness of Service NSW’s handling of customers’ personal information to ensure its privacy.

The audit found that Service NSW is not effectively handling personal customer and business information to ensure its privacy. Service NSW continues to use business processes that pose a risk to the privacy of personal information. This includes the routine emailing of personal information between Service NSW service centres and other agencies, which is one of the processes that contributed to the data breach earlier this year. The audit found that previously identified risks and recommended solutions had not been implemented on a timely basis.

The Auditor-General made eight recommendations aimed at ensuring improved processes, technologies, and governance arrangements for how Service NSW handles customers’ personal information.

The Hon. Victor Dominello, MP, Minister for Customer Service, requested this audit under section 27(B)(3)(c) of the Public Finance and Audit Act 1983 following public reports in May 2020 of a cyber security attack which had led to a breach of Service NSW customer information. This audit also included the Department of Customer Service which supports Service NSW with privacy, risk and governance functions.

Service NSW was established in 2013 with the intention that it would, over time, 'become the primary interaction point for customers accessing New South Wales Government transaction services'.

Service NSW's functions are set out in the Service NSW (One stop Access to Government Services) Act 2013. This legislation allows for other NSW Government agencies to delegate to and enter into agreements with the Chief Executive Officer of Service NSW in order for Service NSW to undertake service functions for the agency.

Service NSW now has agreements with 36 NSW Government client agencies to facilitate over 1,200 types of interactions and transactions for the community.

The nature of each agreement between Service NSW and its client agencies varies. Some client agencies have delegated authority to allow Service NSW staff to conduct transactions on their behalf in the agencies' systems. Other arrangements do not include the same degree of delegation. In these cases, Service NSW provides services such as responding to enquiries and validating documents.

In addition, Service NSW conducts transactions for its own programs, such as the Seniors Card. Personal information for these programs, as well as information for customers' MyServiceNSW accounts, are stored by Service NSW on its Salesforce Customer Relationship Management (CRM) system.

In March 2020, Service NSW suffered two cyber security attacks in short succession. Technical analysis undertaken by the Department of Customer Service (DCS) concluded that these attacks resulted from a phishing exercise through which external threat actors gained access to the email accounts of 47 staff members. These attacks resulted in the breach of a large amount of personal customer information that was contained in these email accounts. See Section 1.1 for further details.

This audit is being conducted in response to a request from the Hon. Victor Dominello, Minister for Customer Service, under section 27B(3)(c) of the Public Finance and Audit Act 1983. Minister Dominello requested that the Auditor General conduct a performance audit in relation to Service NSW's handling of sensitive customer and business information.

This audit assessed how effectively Service NSW handles personal customer and business information to ensure its privacy.

It addressed the following:

  • Does Service NSW have processes and governance in place to identify and manage risks to the privacy of personal customer and business information?
  • Does Service NSW have policies, processes and systems in place that support the effective handling of personal customer and business information to ensure its privacy?
  • Has Service NSW effectively implemented its policies, processes and systems for managing personal customer and business information?

Conclusion

Service NSW is not effectively handling personal customer and business information to ensure its privacy. It continues to use business processes that pose a risk to the privacy of personal information. These include routinely emailing personal customer information to client agencies, which is one of the processes that contributed to the March 2020 data breach. Previously identified risks and recommended solutions had not been implemented on a timely basis.

Service NSW identifies privacy as a strategic risk in both its Risk Management Guideline and enterprise risk register and sets out a zero level appetite for privacy risk in its risk appetite statement. That said, the governance, policies, and processes established by Service NSW to mitigate privacy risk are not effective in ensuring the privacy of personal customer and business information. While Service NSW had risk identification and management processes in place at the time of the March 2020 data breach, these did not prevent the breach occurring.

Some of the practices that contributed to the data breach are still being followed by Service NSW staff. For example, business processes still require Service NSW staff to scan and email personal information to some client agencies.

The lack of multi factor authentication has been identified as another key contributing factor to the March 2020 data breach as this enabled the external threat actors to gain access to staff email accounts once they had obtained the user account details through a phishing exercise. Service NSW had identified the lack of multi factor authentication on its webmail platform as a risk more than a year prior to the breach and had committed to addressing this by June 2019. It was not implemented until after the breach occurred.

There are weaknesses in the general IT and security controls implemented by Service NSW over its Salesforce Customer Relationship Management (CRM) system, which holds the personal information of over four million NSW residents.

Internal audits carried out by Service NSW, including one completed in August 2020, have identified significant weaknesses in the general IT and security controls implemented by Service NSW over its Salesforce CRM system. These include deficiencies in the management of role based access, monitoring and audit of user access, and partitioning of program specific transaction information. These deficiencies create an increased risk of unauthorised access to the personal information of over four million customers held in the system.

Lines of responsibility for meeting privacy obligations are not clearly drawn between Service NSW and its client agencies.

Service NSW has agreements in place with client agencies. However, the agreements lack detail and clarity about the roles and responsibilities of the agencies in relation to the collection, storage and security of customer's personal information. This lack of clarity raises the risk that privacy obligations will become confused and missed between the agencies.

Service NSW carries out privacy impact assessments for major new projects but does not routinely review existing processes and systems.

Service NSW carries out privacy impact assessments as part of its routine processes for implementing major new projects, ensuring that privacy management is considered as part of project design. Service NSW does not regularly undertake privacy impact assessments or reviews of existing or legacy processes and systems, which has resulted in some processes continuing despite posing significant risks to the privacy of personal information, such as the scanning, emailing, and storing of identification documents.

1. Key findings

Service NSW identifies privacy risks, but the controls and processes it put in place to mitigate these privacy risks were not adequate to prevent or limit the extent of the data breach that occurred in March 2020

Service NSW’s approach to risk management is framed by its Risk Management Guideline, which defines 'privacy and compliance' as one of the key types of risk for the agency. Service NSW's enterprise risk register identifies four strategic privacy related risks. Service NSW has set out a zero level appetite for privacy risk in its risk appetite statement.

Service NSW has assessed the adequacy of its controls for privacy risks as needing improvement. To be fully effective, the Risk Management Guideline says that these controls should have a focus that is ‘largely preventative and address the root causes’.

One of the business processes that was a key contributing factor to the data breach was the emailing of personal information by Service NSW staff to client agencies.

This process had been identified as a risk prior to the breach and some steps had been put in place to mitigate the risk. In particular, staff were required to manually delete emails that contained personal information. However, these measures were ineffective in preventing the breach, as the external threat actors still gained access to 47 staff email accounts that contained a large amount of personal information.

It is unclear why Service NSW did not effectively mitigate this risk prior to the breaches. However, Service NSW has advised that it implemented measures in June and October 2020 to automatically archive emails likely to contain personal information. This is expected to limit the quantity of information retained in email accounts for extended periods.

Service NSW has not put in place any technical or other solutions to avoid Service NSW staff having to scan and email personal information to some client agencies. Urgent action is needed to remove the requirement for staff to email personal information to client agencies, thereby mitigating the risk inherent in sending and storing this information using email.

There are weaknesses in the general IT and security controls implemented by Service NSW over its Salesforce CRM system, which holds the personal information of over four million customers

There are weaknesses in the general IT and security controls implemented by Service NSW over its Salesforce CRM system. These weaknesses include deficiencies in governance of role based access, monitoring and audit of staff access, and partitioning of program specific transaction information. These deficiencies create an increased risk of unauthorised access to the personal information of over four million customers which is stored in this system.

In addition, there is an absence of important controls to safeguard customers' privacy, such as multi factor authentication and reviewable logs of access history to their information. Such controls, when properly implemented, would enhance the control that customers are able to exercise over their personal information.

A privacy impact assessment conducted on Service NSW’s Salesforce CRM system in 2015 recommended that the system include the ability for customers to review access history to their personal information, as well as the option for customers to apply multi factor authentication to their accounts. While both these recommendations appeared positively received by Service NSW, neither have been implemented.

Since its inception, Service NSW’s use of Salesforce has extended to storing transaction data, particularly for transactions for which Service NSW is responsible, such as the Seniors Card. It also holds details of over four million MyServiceNSW account holders, including name, email address and phone number, and optional address details. It was not originally intended for the system to hold this volume and nature of customer information.

Lines of responsibility for meeting privacy obligations are unclear between Service NSW and its client agencies

Service NSW's privacy management plan does not clearly set out the privacy obligations of Service NSW and its client agencies. It sets out that 'compliance with the privacy principles will primarily be the responsibility of that [client] agency'. However, Service NSW has its own obligations under the security principles of the Privacy and Personal Information Protection Act 1998 (PPIP Act) to take reasonable steps to prevent unauthorised access to personal information, which is not made clear in the privacy management plan.

The agreements between Service NSW and client agencies reviewed for this audit only include general and high level references to privacy. Most do not include details of each parties' privacy responsibilities such as: which agency will provide the customer with a privacy notice explaining how their personal information will be handled, how personal information will be kept secure, how long Service NSW will retain information, what processes will be followed for internal reviews, and what specific planning is in place to respond to data breaches.

Service NSW's privacy management plan has not been updated to include new programs and governance changes

Service NSW's privacy management plan includes most of the matters required by law or good practice, with some exceptions. It does not explain any exemptions that the agency commonly relies on under the PPIP Act and does not address any health information that Service NSW may handle. It had also not been updated to reflect governance changes and the fact that, at the time this audit commenced, Service NSW was disclosing the content of internal review applications (the formal expression for 'complaints') to the Department of Customer Service (DCS). These governance changes were part of the centralisation of Service NSW's corporate support functions into DCS in late 2019, though internal review staff were seconded back into Service NSW during the course of this audit.

The current July 2019 privacy management plan has also not been updated since the rollout of a number of major new initiatives in 2020. These include 2019–20 bushfire emergency recovery initiatives (such as small business grants) and COVID 19 pandemic response initiatives (such as small business grants, border permits and the COVID safe check in app).

Service NSW routinely conducts privacy impact assessments for new initiatives, though privacy risks remain in legacy systems and processes

Service NSW routinely conducts privacy impact assessments for major new initiatives and the assessments reviewed for this audit largely accorded with good practice guidance.

Service NSW does not routinely review existing processes and systems to ensure that they are effective in ensuring the privacy of customer personal information. Business processes that create the highest risk to privacy, such as emailing of personal information, are more common in these longstanding legacy systems.

Service NSW's significant and rapid growth has outpaced the establishment of a robust control environment which has exacerbated privacy risks

Since it was established in 2013, Service NSW has experienced significant growth in the number and diversity of the types of transactions it provides, as well as the number of client agencies with which it works. The pace and extent of this growth has contributed to important controls not being properly implemented on a timely basis, which has heightened privacy risks, particularly in regard to existing, legacy systems and processes.

The pace of change and increasing demand for new program implementation has limited the opportunity for Service NSW, in collaboration with its client agencies, to revisit and redesign legacy business practices which pose a greater privacy risk. This includes the scanning and emailing of personal information.

While 2019–20 has seen additional demands placed on Service NSW in responding to the 2019–20 bushfire emergency and COVID 19 pandemic, it is the nature of the agency’s work that it operates in a fast paced and complex environment, where it is required to respond to multiple client agencies and stakeholders. Ensuring customer privacy should be integral to Service NSW’s business as usual operations.

2. Recommendations

Service NSW commissioned a number of external reviews and investigations stemming from the data breaches. The Auditor General's recommendations below have taken these other reviews into account. In order to offer assurance that it is appropriately protecting the privacy of its customers, Service NSW should address the full breadth of findings and recommendations made across all relevant reviews.

As a matter of urgency, Service NSW should:

1. in consultation with relevant client agencies and the Department of Customer Service, implement a solution for a secure method of transferring personal information between Service NSW and client agencies

2. review the need to store scanned copies of personal information and, if still required, implement a more secure method of storing this information and regular deletion of material.

By March 2021, Service NSW should:

3. ensure that all new agreements entered into with client agencies from 1 April 2021 address the deficiencies identified in this audit, including that they provide clarity on:

  • the content and provision of privacy collection notices
  • the terms by which personal information will be retained, stored, archived, and disposed of when no longer required
  • steps that will be taken by each agency to ensure that personal information is kept secure
  • the circumstances in which, and processes by which, applications for internal review will be referred by one agency to the other
  • how identified breaches of privacy will be handled between agencies

4. in collaboration with the Department of Customer Service, review its privacy management plan to address the deficiencies raised in this audit, including:

  • to clarify Service NSW's understanding of how responsibility for meeting privacy obligations are delineated between Service NSW and client agencies
  • to better reflect the full scope and complexity of personal information handled by Service NSW
  • to better explain how applications for internal review are handled between Service NSW and the Department of Customer Service
  • to ensure regular ongoing review, either according to a schedule or when Service NSW experiences substantial change to its programs and handling of personal information

5. in consultation with the Department of Customer Service, review its policies and processes for the management of privacy risks, including to:

  • ensure that there are appropriate mechanisms to escalate identified privacy risks from business units to the Executive Leadership Team
  • ensure that there are action plans to address strategic privacy risks that are assessed as having ineffective controls.
By June 2021, Service NSW should:

6. address deficiencies in the controls over, and security for, its Salesforce customer relationship management and related systems that hold customer personal information, including:

  • establish policies and processes for regular access reviews and monitoring of user activity in these systems, including for privileged users
  • enable partitioning and role based access restrictions to personal information collected for different programs
  • provide customers the choice to use multi factor authentication to further secure their MyServiceNSW accounts
  • enable customers to view the transaction history of their personal information to detect possible mishandling.
By December 2021, Service NSW should:

7. ensure that all existing agreements with client agencies address the deficiencies identified in this audit, including that they provide clarity on:

  • the content and provision of privacy collection notices
  • the terms by which personal information will be retained, stored, archived, and disposed of when no longer required
  • steps that will be taken by each agency to ensure that personal information is kept secure
  • the circumstances in which, and processes by which, applications for internal review will be referred by one agency to the other
  • how identified breaches of privacy will be handled between agencies

8. carry out a risk assessment of all processes, systems and transactions that involve the handling of personal information and undertake a privacy impact assessment for those that:

  • are identified as high risk and have not previously had a privacy impact assessment
  • have had major changes or updates since the privacy impact assessment was completed.

Appendix one – Responses from agencies

Appendix two – About the audit

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Transport 2020

Transport
Asset valuation
Cyber security
Financial reporting
Information technology
Infrastructure
Project management

1. Financial Reporting
Audit opinion Unmodified audit opinions issued for the financial statements of all Transport cluster entities.
Quality and timeliness of financial reporting All cluster agencies met the statutory deadlines for completing the early close and submitting the financial statements.

Transport cluster agencies continued to experience some challenges with accounting for land and infrastructure assets. The former Roads and Maritime Services and Sydney Metro recorded prior period corrections to property, plant and equipment balances.
Impact of COVID-19 on passenger revenue and patronage Total patronage and revenue for public transport decreased by approximately 18 per cent in 2019–20 due to COVID-19.

The Transport cluster received additional funding from NSW Treasury during the year to support the reduced revenue and additional costs incurred such as cleaning on all modes of public transport and additional staff to manage physical distancing.
Completion of the CBD and South East Light Rail The CBD and South East Light Rail project was completed and commenced operations in this financial year. At 30 June 2020, the total cost of the project related to the CBD and South East Light Rail was $3.3 billion. Of this total cost, $2.6 billion was recorded as assets, whilst $700 million was expensed.

2. Audit Observations
Internal control While internal controls issues raised in management letters in the Transport cluster have decreased compared to the prior year, control weaknesses continue to exist in access security for financial systems. We identified 56 management letter findings across the cluster and 43 per cent of all issues were repeat issues. The majority of the repeat issues relate to information technology controls around user access management.

There were three high risk issues identified - two related to financial reporting of assets and one for implementation of TAHE (see below).
Agency responses to emergency events Transport for NSW established the COVID-19 Taskforce in March 2020 to take responsibility for the overall response of planning and coordination for the Transport cluster. It also implemented the COVIDSafe Transport Plan which incorporates guidance on physical distancing, increasing services to support social distancing and cleaning.
RailCorp transition to TAHE On 1 July 2020, RailCorp was renamed Transport Asset Holding Entity of New South Wales (TAHE) and converted to a for-profit statutory State-Owned Corporation. TAHE is a commercial for-profit Public Trading Entity with the intent to provide a commercial return to its shareholders.

A plan was established by NSW Treasury to transition RailCorp to TAHE which covered the period 1 July 2015 to 1 July 2019. A large portion of the planned arrangements were not implemented by 1 July 2020. As at the time of this report, the TAHE operating model, Statement of Corporate Intent (SCI) and other key plans and commercial agreements are not finalised. The State Owned Corporations Act 1989 generally requires finalisation of an SCI three months after the commencement of each financial year. However, under the Transport Administration Act 1988, TAHE received an extension from the voting shareholders, the Treasurer and Minister for Finance and Small Business, to submit its first SCI by 31 December 2020. In accordance with the original plan, interim commercial access arrangements were supposed to be in place with RailCorp prior to commencement of TAHE.

Under the transitional arrangements, TAHE is continuing to operate in accordance with the asset and safety management plans of RailCorp. The final operating model is expected to include considerations of safety, operational, financial and fiscal risks. This should include a consideration of the potential conflicting objectives of a commercial return, and maintenance and safety measures.

This matter has been included as a high risk finding in our management letter due to the significance of the financial reporting impacts and business risks for TAHE.

Recommendation: TAHE management should:
  • establish an operating model in line with the original intent of a commercial return
  • finalise commercial agreements with the public rail operators
  • confirm forecast financial information to assess valuation of TAHE infrastructure
  • finalise asset and safety management plans.

Resolution of the above matters are critical as they may significantly impact the financial reporting arrangements for TAHE for 2020–21, in particular, accounting policies adopted as well as measurement principles of its significant infrastructure asset base.
Completeness and accuracy of contracts registers Across the Transport cluster, contracts and agreements are maintained by the transport agencies using disparate registers.

Recommendation (repeat): Transport agencies should continue to implement a process to centrally capture all contracts and agreements entered. This will ensure:
  • agencies are fully aware of contractual and other obligations
  • appropriate assessment of financial reporting implications
  • ongoing assessments of accounting standards, in particular AASB 16 ‘Leases’, AASB 15 'Revenue from Contract with Customers', AASB 1058 'Income of Not-for-Profit Entities' and new accounting standard AASB 1059 'Service Concession Arrangements: Grantors' are accurate and complete.

 

This report provides parliament and other users of the Transport cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations
  • the impact of emergencies and the pandemic.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Transport cluster for 2020, including any financial implications from the recent emergency events.

Section highlights

  • Total patronage and revenue for public transport decreased by approximately 18 per cent in 2019–20 due to COVID-19.
  • Unqualified audit opinions were issued on all Transport agencies' financial statements.
  • Transport cluster agencies continued to experience challenges with accounting of land and infrastructure assets.

 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our:

  • observations and insights from our financial statement audits of agencies in the Transport cluster
  • assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies.

Section highlights

  • While there was a decrease in findings on internal controls across the Transport cluster, 43 per cent of all issues were repeat issues. Many repeat issues related to information technology controls around user access management.
  • RailCorp transitioned to TAHE on 1 July 2020. TAHE's operating model and commercial arrangements with public rail operators has not been finalised despite government original plans to be operating from 1 July 2019. TAHE management should finalise its operating model and commercial agreements with public rail operators as they may significantly impact the financial reporting arrangements for TAHE for 2020–21.
  • Completeness and accuracy of contracts registers remains an ongoing issue for the Transport cluster.

Appendix one – List of 2020 recommendations

Appendix two – Status of 2019, 2018 and 2017 recommendations

Appendix three – Management letter findings

Appendix four – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Planning, Industry and Environment 2020

Planning
Environment
Industry
Asset valuation
Compliance
Financial reporting
Internal controls and governance
Management and administration

This report analyses the results of our audits of financial statements of the Planning, Industry and Environment cluster agencies for the year ended 30 June 2020. The table below summarises our key observations.

1. Financial reporting

Audit opinions

There are 45 separate entities in the cluster. Unqualified audit opinions were issued for 38 cluster agencies' 30 June 2020 financial statements audits. Four financial statements audits are still ongoing, and three agencies were not subject to audit due to NSW Treasury reporting exemptions.

Timeliness of financial reporting

The majority of cluster agencies subject to statutory reporting deadlines met the revised timeline for submitting financial statements. Twenty‑four of the 26 cluster agencies required to submit early close financial statements met the revised timeframe.

Due to issues identified during the audit, 13 financial statements audits were not completed and audit opinions not issued by the statutory deadline.

Implementation of AASB 16 'Leases'

Significant deficiencies were identified in Property NSW's lease data maintenance and lease calculations.

Recommendation (partially repeat):

Property NSW should:

  • review and document the accounting implications for each lease
  • ensure the accuracy and validity of lease data used for the lease calculations
  • review user access to the leasing system, including privileged users.

Our audits of the cluster agencies identified there was a lack of thorough quality assurance over the accuracy of lease information provided by Property NSW.

Recommendation:

The Department and cluster agencies should:

  • quality assure and validate the information provided by Property NSW
  • ensure changes made by Property NSW on lease data are supported and that assumptions and judgements applied are appropriate
  • document their review of the data supplied.

Unprocessed Aboriginal land claims continued to increase

In 2019–20, the Department resolved an additional 468 Aboriginal land claims compared to the prior year. However, the total number of unprocessed Aboriginal land claims increased by 914 to 36,769 at 30 June 2020. The number of claims remaining unprocessed for more than ten years after lodgement increased by 10.9 per cent from last year. Until claims are resolved, there is an uncertainty over who is entitled to the land and the uses and activities that can be carried out on the land.

Auditor-General's Reports to Parliament since 2007 have recommended action to address the increasing number of unprocessed claims. To date, the Department has not been able to resolve this issue.

During 2020–21, a performance audit will assess the effectiveness and efficiency of the administration of Aboriginal land claims.

Financial reporting of Crown land managers

The Department will need to provide additional support and guidance to help Crown land managers (CLMs) meet their financial reporting obligations.

Recommendation:

The Department should:

  • in consultation with NSW Treasury, develop an appropriate statutory reporting framework for CLMs
  • ensure sufficient resources are available to help CLMs meet their reporting obligations.

During 2019–20, NSW Treasury established the reporting exemption criteria for the CLMs. Based on available information, the Department determined 31 CLMs would not meet the exemption criteria and therefore are required to prepare annual financial statements.

2. Audit observations

Internal controls

Six high‑risk issues were identified across the cluster in 2019–20:

  • 5 of those were related to financial reporting issues identified in Property NSW, Wentworth Park Sporting Complex Land Manager, Lord Howe Island Board, Planning Ministerial Corporation and Hunter and Central Coast Development Corporation
  • 1 issue was related to Lord Howe Island Board's outdated business continuity plan.

One in three internal control issues identified and reported to management in 2019–20 were repeat issues.

Recommendation:

Management letter recommendations to address internal control weaknesses should be actioned promptly, with a focus on addressing high‑risk and repeat issues.

Agencies response to recent emergencies

The unprecedented bushfires and COVID‑19 pandemic presented challenges for the cluster. Agencies established taskforces or response teams to respond to these emergencies.

With more staff working from home, agencies implemented protocols and procedures to manage risks associated with the remote working arrangements, and also needed to address certain technology issues.

The Department is responsible for the new Planning System Acceleration Program, which aims to fast‑track planning assessments, boost the State's economy and keep people in jobs during COVID‑19 pandemic. Between April and October 2020, the Department announced and determined 101 major projects and planning proposals.

Recognition of Crown land

Crown land is an important asset of the State. Management and recognition of Crown land assets is weakened when there is confusion over who is responsible for a particular Crown land parcel.

Auditor-General's Reports to Parliament since 2017 have recommended that the Department should ensure the database of Crown land is complete and accurate. Whilst the Department has commenced actions to improve the database, this remained an issue in 2019–20.

Recommendation (repeat issue):

The Department should prioritise action to ensure the Crown land database is complete and accurate. This allows state agencies and local councils to be better informed about the Crown land they control.

Implementation of Machinery of Government (MoG) changes

Since its creation on 1 July 2019, the Department has largely established its governance arrangements, including setting up the Audit and Risk Committee and internal audit function for the Department and relevant cluster agencies.

The Department still operated three main financial reporting systems in 2019–20, and has commenced the process to consolidate some of the systems.

The recent Regional NSW MoG change led to the transfer of $446 million net assets and $284 million 2019–20 budget from the Department to the newly created Department of Regional NSW on 2 April 2020.

 

This report provides parliament and other users of the Planning, Industry and Environment cluster agencies’ financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations
  • the impact of emergencies and the pandemic.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

The COVID‑19 Legislation Amendment (Emergency Measures–Treasurer) Act 2020 amended legislation administered by the Treasurer to implement further emergency measures as a result of the COVID‑19 pandemic. These amendments:

  • allowed the Treasurer to authorise payments from the Consolidated fund until the enactment of the 2020–21 budget – impacting the going concern assessments of cluster agencies
  • revised budgetary, financial and annual reporting time frames – impacting the timeliness of financial reporting
  • exempted certain statutory bodies and departments from preparing financial statements.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning, Industry and Environment cluster for 2020, including any financial implications from the recent emergency events.

Section highlights

  • Unqualified audit opinions were issued for all completed 30 June 2020 financial statements audits. Timeliness of financial reporting remains an issue for 13 agencies.
  • Significant deficiencies were identified in Property NSW's lease data maintenance and lease calculations. Cluster agencies can also improve their management of lease information provided by Property NSW.
  • The number of unprocessed Aboriginal land claims continued to increase. During 2020–21, a performance audit will assess the effectiveness and efficiency of the administration of Aboriginal land claims.

The Department has not yet developed a statutory reporting framework for Crown land managers and will need to provide additional resources to help Crown land managers meet their financial reporting obligations.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our:

  • observations and insights from our financial statements audits of agencies in the Planning, Industry and Environment cluster
  • assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies
  • review of how the cluster agencies managed the increased risks associated with new programs aimed at stemming the spread of COVID-19 and stimulating the economy.

Cluster agencies experienced a range of control and governance related issues in recent years. An increased number of high risk issues and greater proportion of repeat issues were identified as part of our audits. It is important for cluster agencies to promptly address these issues.

Section highlights

  • Six high risk issues were identified during 2019–20 audits. One in three issues identified and reported to management in 2019–20 were repeat issues.
  • The Department has fast tracked the assessment and determination of 101 projects as a part of the Planning System Acceleration Program.
  • There continues to be significant deficiencies in Crown land records. The Department should ensure the Crown land database is complete and accurate.

Appendix one – List of 2020 recommendations

Appendix two – Status of 2019 recommendations

Appendix three – Financial data

Appendix four – Management letter findings

Appendix five – Timeliness of financial reporting

Appendix six – Selected agencies for review of response to emergency events

Published

Waste levy and grants for waste infrastructure

Planning
Environment
Management and administration
Regulation
Risk
Service delivery

The Auditor-General for New South Wales, Margaret Crawford, released a report today that examined the effectiveness of the waste levy and grants for waste infrastructure in minimising the amount of waste sent to landfill and increasing recycling rates.  

The audit found that the waste levy has a positive impact on diverting waste from landfill. However, while the levy rates increase each year in line with the consumer price index, the EPA has not conducted a review since 2009 to confirm whether they are set at the optimal level. The audit also found that there were no objective and transparent criteria for which local government areas should pay the levy, and the list of levied local government areas has not been reviewed since 2014. 

Grant funding programs for waste infrastructure administered by the EPA and the Environmental Trust have supported increases in recycling capacity. However, these grant programs are not guided by a clear strategy for investment in waste infrastructure. 

The Auditor-General made six recommendations aimed at ensuring the waste levy is as effective as possible at meeting its objectives and ensuring funding for waste infrastructure is contributing effectively to recycling and waste diversion targets.

 

Overall, waste generation in New South Wales (NSW) is increasing. This leads to an increasing need to manage waste in ways that reduce the environmental impact of waste and promote the efficient use of resources. In 2014, the NSW Government set targets relating to recycling rates and diversion of waste from landfill, to be achieved by 2021–22. The NSW Waste and Resource Recovery (WARR) Strategy 2014–21 identifies the waste levy, a strong compliance regime, and investment in recycling infrastructure as key tools for achieving these waste targets.

This audit assessed the effectiveness of the NSW Government in minimising waste sent to landfill and increasing recycling rates. The audit focused on the waste levy, which is paid by waste facility operators when waste is sent to landfill, and grant programs that fund infrastructure for waste reuse and recycling.

The waste levy is regulated by the Environment Protection Authority (EPA) and is generally paid when waste is disposed in landfill. The waste levy rates are set by the NSW Government and prescribed in the Protection of Environment Operations (Waste) Regulation 2014. As part of its broader role in reviewing the regulatory framework for managing waste and recycling, the EPA can provide advice to the government on the operation of the waste levy.

The purpose of the waste levy is to act as an incentive for waste generators to reduce, re-use or recycle waste by increasing the cost of sending waste to landfill. In 2019–20, around $750 million was collected through the waste levy in NSW. The government spends approximately one third of the revenue raised through the waste levy on waste and environmental programs.

One of the waste programs funded through the one third allocation of the waste levy is Waste Less, Recycle More (WLRM). This initiative funds smaller grant programs that focus on specific aspects of waste management. This audit focused on five grant programs that fund projects that provide new or enhanced waste infrastructure such as recycling facilities. Four of these programs were administered by the Environmental Trust and one by the EPA.

Conclusion

The waste levy has a positive impact on diverting waste from landfill. However, aspects of the EPA's administration of the waste levy could be improved, including the frequency of its modelling of the waste levy impact and coverage, and the timeliness of reporting. Grant funding programs have supported increases in recycling capacity but are not guided by a clear strategy for investment in waste infrastructure which would help effectively target them to where waste infrastructure is most needed. Data published by the EPA indicates that the NSW Government is on track to meet the recycling target for construction and demolition waste, but recycling targets for municipal solid waste and commercial and industrial waste are unlikely to be met.

Waste levy

The waste levy rate, including a schedule of annual increases to 2016, was set by the NSW Government in 2009. Since 2016, the waste levy rate has increased in line with the consumer price index (CPI). The EPA has not conducted recent modelling to test whether the waste levy is set at the optimal level to achieve its objectives. The waste levy operation was last reviewed in 2012, although some specific aspects of the waste levy have been reviewed more recently, including reviews of waste levy rates for two types of waste. The waste levy is applied at different rates across the state. Decisions about which local government areas (LGAs) are subject to the levy, and which rate each LGA pays, were made in 2009 and potential changes were considered but not implemented in 2014. Currently, there are no objective and transparent criteria for determining which LGAs pay the levy. The EPA collects waste data from waste operators. This data has improved since 2015, but published data is at least one year out of date which limits its usefulness to stakeholders when making decisions relating to waste management.

Grants for waste infrastructure

All state funding for new and enhanced waste infrastructure in NSW is administered through grants to councils and commercial waste operators. The government's Waste and Resource Recovery (WARR) Strategy 2014–21 includes few priorities for waste infrastructure and there is no other waste infrastructure strategy in place to guide investment. The absence of a formal strategy to guide infrastructure investment in NSW limits the ability of the State Government to develop a shared understanding between planners, councils and the waste industry about waste infrastructure requirements and priorities. The Department of Planning, Industry and Environment is currently developing a 20-year waste strategy and there is an opportunity for the government to take a more direct role in planning the type, location and timing of waste infrastructure needed in NSW.

The grants administration procedures used for the grant programs reviewed in this audit were well designed. However, we identified some gaps in risk management, record-keeping and consistency of information provided to applicants and assessment teams. In four of the five programs we examined, there was no direct alignment between program objectives and the NSW Government's overall waste targets.

Achievement of the 2014–21 state targets for waste and resource recovery (WARR targets) is reliant in part on the availability of infrastructure that supports waste diversion and recycling. The state WARR targets dependent on waste infrastructure are:

  • Increase recycling rates to 70 per cent for municipal solid waste and commercial and industrial waste, and 80 per cent for construction and demolition waste.
  • Increase waste diverted from landfill to 75 per cent.

A further target — manage problem waste better by establishing or upgrading 86 drop-off facilities or services for managing household problem wastes state-wide — is dependent on accessible community waste drop-off facilities across NSW.

Exhibit 7 identifies the five grant programs that provide funding for new or enhanced waste infrastructure to increase capacity for reuse or recycling of waste. All five of these programs were examined in the audit.
In addition to the grant programs shown in Exhibit 7, other programs provide funding for infrastructure, but at a smaller scale. Examples of these include:

  • Bin Trim which provides rebates to small businesses for small scale recycling equipment such as cardboard and soft plastic balers.
  • Litter grants which provide funding for litter bins.
  • Weighbridges grants for installation of a weighbridge at waste facilities.
  • Landfill consolidation and environmental improvement grants for rural councils to replace old landfills with transfer stations or to improve the infrastructure at landfill sites.

Appendix one – Responses from audited agencies

Appendix two – About the audit

Appendix three – Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #343 - released 26 November 2020

Published

Education 2020

Education
Asset valuation
Compliance
Financial reporting
Fraud
Information technology
Internal controls and governance
Management and administration
Procurement

The Auditor-General for New South Wales, Margaret Crawford, released a report today titled Education 2020. This report focuses on key observations and findings from the most recent audits of agencies in the Education cluster.

Unqualified audit opinions were issued for all cluster agencies’ financial statements. However, internal control deficiencies were identified across the cluster agencies, including deficiencies in the management of purchasing cards and 15 internal control issues that were repeated from the previous year.

The 2019–20 natural disasters caused widespread damage in both Northern and Southern NSW. The COVID‑19 pandemic further challenged agencies, requiring social distancing and other infection control measures which disrupted the traditional means of teaching students. Agencies have adjusted their operations to respond to these emergency events.

The TAFE Commission’s revenues 2019–20 were impacted by the pandemic. Lower enrolments and an increase in fee-free short courses offered during the year contributed to the result.

Read the PDF report

This report analyses the results of our audits of financial statements of entities within the Education cluster for the year ended 30 June 2020. The table below summarises our key observations and recommendations.

1. Financial reporting 

Audit opinions Unqualified audit opinions were issued for all cluster agencies' 30 June 2020 financial statements audits.
New accounting standards

Agencies implemented three new accounting standards during the year.

Our financial statement audits of the Department of Education (the Department) and NSW Education Standards Authority (NESA) identified issues with the leasing information provided by Property NSW (PNSW). Despite the outsourcing arrangement, both the Department and NESA remain ultimately responsible for the completeness and accuracy of this information, which would have benefited from a more thorough quality assurance, validation and review process before they placed reliance upon it.

Recommendation:

We recommend the Department and NESA:

  • quality assure and validate the information provided by PNSW
  • ensure changes made by PNSW to lease data are supported and that assumptions and judgements applied are appropriate
  • document their review of the data supplied.
Changes were made to the financial reporting requirements this year to account for the impact of the pandemic

Emergency legislation was enacted during the year in response to the COVID-19 pandemic. The legislation revised the statutory reporting deadlines for agencies to submit their financial statements and allowed the Treasurer to continue authorising payments from the consolidated fund until the enactment of the 2020–21 budget.

All cluster agencies prepared their financial statements on a going concern basis and submitted their financial statements within the revised statutory deadlines.

The State provided $159.0 million in stimulus funding to support the operations of cluster agencies during emergency events. Nearly half of this funding was to support cleaning activities by the Department and the Technical and Further Education Commission (the TAFE Commission) during the COVID-19 pandemic.
Quality and timeliness of financial reporting

The number of monetary misstatements identified in agencies' financial statements decreased to 14 (23 in 2018–19).

While the number of corrections made to the financial statements after the submission date increased to eight (two in 2018–19), it is important to note these corrections provide parliament and other users of the financial statements increased confidence in the accuracy and presentation of agencies' performance and financial position.
Sustainability of cluster agencies The TAFE Commission's enrolments declined, and operating margins reduced, both being impacted by the COVID-19 pandemic.

2. Audit observations

Internal control deficiencies

We identified 33 internal control issues, including 15 findings that were repeated from previous years.

A high-risk issue was reported at the Department relating to the inadequate monitoring and follow up of privileged user activity in its enterprise resource planning system – SAP.

Repeat findings relate to ongoing deficiencies in information technology controls and management policies, practices and procedures.

Recommendation:

Cluster agencies should:

  • prioritise and action recommendations to address internal control deficiencies
  • review and confirm the appropriateness of existing privileged user access accounts
  • implement a rigorous monitoring regime to ensure that any improper use of privileged user accounts can be detected in a timely manner.
Agency responses to emergency events

The Department established a separate bushfire relief directorate and COVID-19 Taskforce to assist and support school communities in response to recent emergencies.

Other cluster agencies have established committees or response teams to oversee and address all aspects of the impact of COVID-19.
Schools review 2019 We continue to identify instances of non-compliance in relation to cash management and procurement at schools.
Use of purchasing cards at the Department of Education

Since 2015, the NSW Government has encouraged the use of purchasing cards by public sector agencies. Purchasing cards are efficient to transact low value, high volume procurement of goods and services, but the use must be effectively monitored.

Our review of the Department's purchasing cards identified weaknesses in its oversight and monitoring controls, including the issue and cancellation of purchasing cards

Opportunities exist for the Department to better monitor card use. Tools such as data analytics are an efficient and effective detective control to identify irregular activity or misuse by cardholders.

Recommendation:

The Department should:

  • improve the accuracy and completeness of exit procedures for terminated employees to ensure cards are returned and cancelled
  • perform periodic reviews to ensure active cards are held only by current employees
  • set transaction limits that do not exceed the limits of the user’s financial delegation
  • establish a data analytics regime to help analyse and identify high risk patterns and anomalies in their purchasing card usage, augmenting their existing monitoring and detective controls.

 

This report provides parliament and other users of the Education cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations
  • the impact of emergencies and the COVID-19 pandemic.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

The COVID-19 Legislation Amendment (Emergency Measures–Treasurer) Act 2020 amended legislation administered by the Treasurer to implement further emergency measures as a result of the COVID-19 pandemic. These amendments:

  • allowed the Treasurer to authorise payments from the consolidated fund until the enactment of the 2020–21 budget – supporting the going concern assessments of cluster agencies
  • revised budgetary, financial and annual reporting time frames – impacting the timeliness of financial reporting
  • exempted certain statutory bodies and departments from preparing financial statements.

This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster for 2020, including any financial implications from the recent emergency events.

Section highlights 

Unqualified audit opinions were issued on the financial statements of cluster agencies.

All cluster agencies met the revised statutory deadlines for completing early close procedures and submitting their financial statements.
 
Emergency legislation allowing the Treasurer to continue authorising payments from the consolidated fund under the existing Appropriations Act enabled cluster agencies to prepare financial statements on a going concern basis.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our:

  • observations and insights from our financial statement audits of agencies in the Education cluster. It also comments on our review of elements of the financial control framework applied by schools in NSW whose financial results form part of the Department of Education's (the Department) financial statements.
  • assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies.

Section highlights

  • A high-risk issue regarding inadequate monitoring of privileged user access was identified at the Department.
  • We continue to observe issues by schools in relation to cash management and non-compliance with procurement guidelines and purchasing card use.
  • Opportunities exist for the Department and cluster agencies to enhance their monitoring and review of purchasing card activities. Tools such as data analytics procedures provide an efficient and effective detective control, particularly when used in conjunction with independent spot-checks.

Appendix one – List of 2020 recommendations

Appendix two – Status of 2019 and 2018 recommendations

Appendix three – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Governance and internal controls over local infrastructure contributions

Local Government
Planning
Environment
Compliance
Financial reporting
Infrastructure
Internal controls and governance
Management and administration
Service delivery

The Auditor-General for New South Wales, Margaret Crawford, released a report today on how well four councils managed their local infrastructure contributions during the 2017-18 and 2018-19 financial years. 

Local infrastructure contributions, also known as developer contributions, are collected from developers to pay for local infrastructure such as drainage, local roads, open space and community facilities. Controls over local infrastructure contributions help to ensure that all contributions owed are collected, funds are spent as intended, and any contributions paid in the form of works-in-kind or dedicated land are correctly valued.

The audit found that Blacktown City Council and City of Sydney Council provided effective governance over their local infrastructure contributions whereas Central Coast and Liverpool City Councils’ governance arrangements require improvement.

The audit found that three councils had spent local infrastructure contributions in accordance with approved contributions plans. Central Coast Council and the former Gosford City Council had spent $13.2 million on administration costs in breach of the Environmental Planning and Assessment Act 1979. These funds were repaid into the council’s local infrastructure fund during the course of the audit.

The Auditor-General made a number of recommendations for each council relating to improving controls over contributions and increasing transparency. 

Read full report (PDF)
 

This audit examined the effectiveness of governance and internal controls over local infrastructure contributions, also known as developer contributions, held by four councils during the 2017–18 and 2018–19 financial years.

This performance audit was conducted with reference to the legislative and regulatory planning framework that was in place during that period.

Our work for this performance audit was completed at the end of March 2020 when we issued the final report to the four audited councils and the Department of Planning, Industry and Environment. We received their respective formal responses to the report’s recommendations during April and May 2020.

Concurrently to this audit, we sought Crown Solicitor’s advice (the ‘Advice’) regarding the use of local infrastructure contributions collected by local councils under the Environmental Planning and Assessment Act 1979 (‘the EPA Act’) for our financial audit work. The Advice clarified the applicable legislative requirements with reference to the application, investment and pooling of local infrastructure contributions. The Advice is included in Appendix 2 of this report. The Advice has not impacted on the findings and recommendations of this report.

Councils collect Local Infrastructure Contributions (LICs) from developers under the Environmental Planning and Assessment Act (1979), the Local Government Act (1993) and the City of Sydney Act (2000) (EP&A Act, LG Act and City of Sydney Act) to fund infrastructure required to service and support new development. At 30 June 2018, councils across NSW collectively held more than $3.0 billion in LICs collected from developers. Just over $1.37 billion in total was held by ten councils. Councils collecting LICs must prepare a contributions plan, which outlines how LICs will be calculated and apportioned across different types of infrastructure. Councils that deliver water and sewer services prepare a development servicing plan (DSP) which allows them to collect contributions for water and sewer infrastructure.

Development timeframes are such that there is often several years between when LICs are collected and the infrastructure is required. Good governance and internal controls are needed over these funds to ensure they are available when needed and spent appropriately.

This audit assessed the effectiveness of governance and internal controls over LICs collected by four councils during the 2017–18 and 2018–19 financial years: Blacktown City Council, Central Coast Council, City of Sydney Council and Liverpool City Council. As at June 2018 these councils held the four highest LIC balances, each in excess of $140 million.

Audit Conclusion

Three of the four councils audited were currently compliant with legislation, regulations and Ministerial Directions regarding LICs. All had gaps in governance and controls over LICs which limited effective oversight.

Three of the councils included in the audit complied with legislation, regulations and Ministerial Directions relating to LICs. Central Coast Council breached the EP&A Act between 2001 and 2019 when it used LICs for administration costs. These funds were repaid in late 2019.

While controls over the receipt and expenditure of contributions funds were largely in place at all councils, there were some exceptions relating to valuing work and land delivered in lieu of cash. Three councils do not provide probity guidance in policies relating to LICs delivered through works-in-kind. Three of the councils had contributions plans that were more than five years old.

Staff at all four councils are knowledgeable about LICs but not all councils keep procedures up to date. Three councils' governance frameworks operate effectively with senior officers from across the council involved in decisions about spending LICs, entering into voluntary planning agreements (VPAs) and reviewing contributions plans.

Transparency over key information relating to LICs is important for senior management so they can make informed decisions, and for the community who pay LICs and expect infrastructure to be provided. During the period of the audit, none of the councils included in the audit provided sufficient information to senior management or their councillors about the projected financial status of contributions plans. This information would be valuable when making broader strategic and financial decisions. Information about LIC levies and intended infrastructure is available to the community but not always easy to find.

A strong governance framework is important at each council to ensure that the funds are managed well, available when needed and spent as intended. The audit examined the following features of each council's governance framework as they apply to LICs:

  • decision-making by councillors and council officers relating to LICs
  • monitoring delivery of contributions plans and DSPs including:
    • reviewing assumptions underlying the plans
    • monitoring projected status of plans.

Internal controls over LICs are important to promote accountability, prevent fraud and deliver infrastructure to the required standard at the best possible price. If financial controls are weak or are not implemented well, there is a risk that LICs are misspent or that councils pay too much for infrastructure.

Not all councils' internal controls adequately addressed risks associated with the administration of LICs

The audit examined a number of internal controls that manage risks related to LICs. These included:

  • financial controls over receipt and expenditure of LIC funds
  • management of conflicts-of-interest when dealing with developers
  • independent valuations of works-in-kind and dedicated land
  • ensuring delivery and quality of works-in-kind, and obtaining security from developers in the event of non-delivery or poor quality work
  • management of variations to VPAs and works-in-kind agreements.

We reviewed controls included in policies and procedures and then checked samples of work to ensure that controls were implemented. We found variation in the controls that councils implemented, and some weaknesses in controls. It is a matter for each council to assess their financial risk and develop internal controls that support the collection, management, and expenditure of LICs. However, councils must be able to assure their communities and developers that they are doing everything possible to collect all LICs owing and that work conducted by developers in lieu of cash payments is properly valued and carried out to the required standard.

Further information about audit findings in relation to internal controls for each council are included in chapters five to eight. The exhibit below demonstrates variation in several controls implemented in the audited councils.

In a 2018 report, the Independent Commission Against Corruption noted that 'the appetite for transparency is expanding in both the public and private sectors'.

The Practice Note and S64 Guidance refer to transparency, including the importance of transparency over:

  • calculation and apportionment of LICs
  • funding of infrastructure, including where and when infrastructure is delivered
  • arrangements made with developers through VPAs.

The LIC system is largely transparent for community members who know where to look

Contributions plans and DSPs are public documents, exhibited to the public before being adopted by council. Councils included in the audit publish their contributions plans and DSPs on their websites and meet statutory requirements with regard to reporting and accessibility of information.

However, other public information relating to the LIC system is fragmented across different websites and reports and varies in detail across councils.

Exhibit 10: Published information about LICs at the four audited councils
  Blacktown City Council Central Coast Council City of Sydney Council Liverpool City Council
Financial details about contributions collected and spent Financial statements Financial statements Financial statements Financial statements
Implementation plans for spending LICs Contribution plans S64 implementation plans in DSPs. S7.11 & S7.12 implementation plans developed annually within capital works plan Contribution plans Developed annually within capital works plan
Capital works underway or completed, funded by LICs Capital works plan and annual report Not published Not published Capital works plan
Source: Audit Office analysis.

The Practice Note states that councils are accountable for providing the infrastructure for which contributions are collected. Demonstrating that infrastructure has been provided is difficult with fragmented information. As an example of transparent reporting, Blacktown City Council's 2018–19 annual report includes information about infrastructure that has been delivered for every contributions plan, providing transparency over how LICs have been spent.

Use of LICs collected under VPAs is not always transparent

Contributions collected under VPAs are not required to demonstrate the same relationship to a development as LICs collected under section 7.11 of the EP&A Act. VPAs are often negotiated because a developer requests a change to a planning instrument, and it is important that these arrangements, and their outcomes, are transparent to the community.

The EP&A Regulation includes mechanisms to ensure that VPAs are partially transparent. VPAs are exhibited to the public and approved by the elected council. Councils must maintain a VPA Register and make the VPA Deeds of Agreement available on request. However, there is no obligation on council to report on the outcomes or delivery of developers' obligations under VPAs. The four audited councils vary in transparency and accessibility of information available about VPAs.

Exhibit 11: Published information about VPAs at the four audited councils
  Blacktown City Council Central Coast Council City of Sydney Council Liverpool City Council
VPA Register Council website and annual report Annual report Annual report Council website and annual report
VPA Deeds of Agreement Council website Available on request Available on request Council website
Intended use of LICs collected under VPAs In Deeds of Agreement In Deeds of Agreement In VPA Register and most Deeds of Agreement In VPA Register and most Deeds of Agreement
Completion of work funded by cash collected under VPAs Not published Not published Not published Not published
Delivery of works-in-kind or land negotiated under VPAs Not published Not published In VPA Register Not published
Source: Audit Office analysis.

The Practice Note suggests that councils incorporate the intended use of LICs collected under VPAs in the Deed of Agreement, but there is no guidance relating to transparency over where and when funds have actually been spent. There is merit in councils providing greater transparency over public benefits delivered through VPAs to give communities confidence in VPAs as a planning tool.

Credit arrangements with developers are not always well documented or monitored

When levying LICs, section 7.11(6) of the EP&A Act requires councils to take into account land, money, or works-in-kind that the developer has contributed on other development sites over and above their LIC obligations. This section of the EP&A Act allows a developer to offset a LIC owed on one site against land or works contributed on another. This leads to some developers carrying 'credits' for work delivered to councils, to be paid back by reduced LICs on a future development. Blacktown City Council and Central Coast Council allow developers to carry credits. Liverpool City Council and City of Sydney Council do not permit credits and instead pay the developers for any additional work undertaken.

Councils should formally document credit arrangements and have a robust process to validate and keep track of credit balances and report on them. Central Coast Council does not keep good track of credit arrangements and neither Blacktown City Council or Central Coast Council aggregate or report on outstanding credit balances.

Blacktown City Council manages the largest LIC fund in NSW and negotiates more VPAs than any other council. Overall, Blacktown City Council demonstrates effective governance over the LIC funds but there is scope for improved oversight of the projected financial status of contributions plans and credit arrangements with developers. Blacktown City Council also needs to update its operating procedures relating to LICs and improve security over key information.

Blacktown City Council is managing areas with high growth. There is a risk that Blacktown City Council will be unable to collect sufficient LICs to fund the infrastructure required to support that growth. However, Blacktown City Council does not assess and report to senior management or its Audit, Risk and Improvement Committee about the projected financial status of contributions plans.

Blacktown City Council has policies in place to guide the management of LICs although management of credit arrangements with developers requires greater oversight. Policies relating to works-in-kind agreements provide no guidance about probity in negotiations with developers and valuations of works-in-kind are not independent as they are paid for by the developer. Blacktown City Council's S7.11 committee structure could act as a model for other councils. Blacktown City Council is spending LICs according to its contributions plans. Staff managing LICs demonstrate good knowledge of the regulatory environment. However, a number of administrative processes need attention such as outdated procedures, lack of security over key spreadsheets, and inappropriate retention of sensitive personal data.

Recommendations

By December 2020, Blacktown City Council should:

  1. regularly report to senior management on the projected financial status of contributions plans
  2. update council's works-in-kind policy to address probity risks during negotiations with developers
  3. mitigate risks associated with lack of independence in valuations of works-in-kind
  4. improve public reporting about expenditure of cash collected under VPAs
  5. improve management oversight of credit arrangements with developers
  6. update procedures for managing LICs
  7. implement security measures over critical or personal information and spreadsheets. 

Central Coast Council's governance and internal controls over LICs were not fully effective. Between 2001 and 2019, more than $13.0 million in LICs was misspent on administration costs in breach of the EP&A Act. There is scope for improved oversight of the projected financial status of contributions plans and credit arrangements with developers. Policies and procedures from the two former councils are not aligned.

In May 2016, the newly amalgamated Central Coast Council inherited 53 contributions plans from the former Gosford City and Wyong Shire Councils. Managing this number of contributions plans fragments the available funds and increases complexity. Central Coast Council is currently working on consolidating these plans. Between June 2016 and June 2019, its LIC balance doubled from $90.0 million to $196 million. Central Coast Council does not assess and report to senior management or its Audit, Risk and Improvement Committee about the projected financial status of contributions plans. Central Coast Council has a LIC committee but it has no formal charter and senior officers do not regularly attend meetings. This limits the committee's effectiveness as a decision-making body. A draft policy relating to works-in-kind agreements provide no guidance about probity in negotiations with developers. Valuations of works-in-kind and land dedications are not independent as they are paid for by the developer.

Central Coast Council has adjusted its accounts in 2018–19 by $13.2 million to repay the LIC fund for administration expenses that were not provided for in 40 contributions plans.

Recommendations

By June 2020, Central Coast Council should:

1. obtain independent validation of the adjustment made to the restricted asset accounts and general fund to repay LICs spent on administration, and adjustments made to each infrastructure category within the contributions plans

2. publish current contributions plans from the former Gosford City Council on the Central Coast Council website.

By December 2020, Central Coast Council should:

3. regularly report to senior management on the projected financial status of contributions plans

4. increase transparency of information available to the public about LIC works planned and underway, including intended use of contributions collected under VPAs

5. consolidate existing plans, ensuring the new contributions plans includes a regular review cycle

6. develop a formal charter for the developer contributions committee and increase the seniority of membership

7. complete and adopt council's works-in-kind policy currently under development, ensuring it addresses probity risks during negotiations with developers

8. mitigate risks associated with lack of independence in valuations of works-in-kind and dedicated land

9. improve public reporting about expenditure of cash collected under VPAs

10. improve management oversight of credit arrangements with developers

11. implement security measures to ensure the integrity of key spreadsheets used to manage LICs

12. align policies and procedures relating to LICs across the amalgamated council including developing policies and procedures for the management of S64 LICs

13. update council's VPA policy to address increased or indexed bank guarantees to accommodate cost increases.

City of Sydney Council manages a complex development environment across the Sydney CBD and inner suburbs. Overall, governance and internal controls over LICs are effective although there is scope for improved oversight of the projected financial status of contributions plans.

City of Sydney Council maintains a large balance of LICs, although not excessive relative to the annual level of LIC expenditure. Unspent contributions are largely associated with open space infrastructure that cannot be delivered until suitable land is available. Thirty per cent of cash contributions are collected under VPAs and there is limited transparency over how these funds are spent. City of Sydney Council does not assess and report to management or its Audit, Risk and Compliance Committee about the projected financial status of contributions plans.

In 2017–18 and 2018–19, LICs were spent in accordance with the corresponding contributions plans. City of Sydney Council staff are knowledgeable about the regulatory environment and are supported by up-to-date policies and procedures.

Recommendations

By December 2020, City of Sydney Council should:

  1. regularly report to senior management on the projected financial status of contributions plans
  2. improve public reporting about expenditure of cash collected under VPAs
  3. periodically review the risk of unpaid LICs associated with complying development certificates and assess whether additional controls are required
  4. implement security measures to ensure the integrity of key spreadsheets used to manage LICs. 

During the audit period 2017–18 and 2018–19, Liverpool City Council did not have effective governance and internal controls over LICs. Liverpool City Council is addressing deficiencies and risks identified through an internal audit published in December 2018 although further work is required. There is scope for improved oversight of the projected financial status of contributions plans.

In the two years to 30 June 2019, the balance of unspent LICs increased by more than 60 per cent against a relatively low pattern of expenditure. Prior to an internal audit completed in late 2018, there was no regular reporting on the status of LICs and a lack of transparency when prioritising the expenditure of LIC funds. During 2019, and following the internal audit, Liverpool City Council engaged additional skilled resources to improve focus and accountability for LICs. A LIC committee has been established to manage contributions plans and support business units to initiate relevant infrastructure projects, although it is too early to assess whether this committee is operating effectively. From February 2019, Liverpool City Council commenced monthly reporting to its Chief Executive Officer (CEO) about the point-in-time status of LIC funds, and to its Audit, Risk and Improvement Committee about risks associated with LICs and the implementation of internal audit recommendations. There is limited reporting to senior management about the projected financial status of some contributions plans. Our audit found no evidence of misuse of funds during the audited period. Methods for valuing work and land are not aligned with policies and procedures and are implemented inconsistently. In addition, valuations of works-in-kind and land dedications are not independent as they are paid for by the developer. The policy relating to works-in-kind provides no guidance about managing probity risks when negotiating with developers.

Recommendations

By December 2020, Liverpool City Council should:

  1. regularly report to senior management on the projected financial status of contributions plans
  2. update council's policies and procedures to provide consistent guidance about how works and land offered by developers should be valued
  3. update council's Works-in-Kind and Land Acquisition Policy to address probity risks during negotiations with developers
  4. improve public reporting about expenditure of cash collected under VPAs
  5. mitigate risks associated with lack of independence in valuations of works-in-kind and dedicated land
  6. implement security measures over critical or private information. 

Appendix one – Responses from councils and the Department of Planning, Industry and Environment

Appendix two – Advice from the Crown Solicitor

Appendix three – About the audit

Appendix four – Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #339 - released 17 August 2020

Published

CBD South East Sydney Light Rail: follow-up performance audit

Transport
Infrastructure
Internal controls and governance
Management and administration
Procurement
Project management
Risk
Service delivery

This is a follow-up to the Auditor-General's November 2016 report on the CBD South East Sydney Light Rail project. This follow-up report assessed whether Transport for NSW has updated and consolidated information about project costs and benefits.

The audit found that Transport for NSW has not consistently and accurately updated project costs, limiting the transparency of reporting to the public.

The Auditor-General reports that the total cost of the project will exceed $3.1 billion, which is above the revised cost of $2.9 billion published in November 2019. $153.84 million of additional costs are due to omitted costs for early enabling works, the small business assistance package and financing costs attributable to project delays.

The report makes four recommendations to Transport for NSW to publicly report on the final project cost, the updated expected project benefits, the benefits achieved in the first year of operations and the average weekly journey times.

Read full report (PDF)

The CBD and South East Light Rail is a 12 km light rail network for Sydney. It extends from Circular Quay along George Street to Central Station, through Surry Hills to Moore Park, then to Kensington and Kingsford via Anzac Parade and Randwick via Alison Road and High Street.

Transport for NSW (TfNSW) is responsible for planning, procuring and delivering the Central Business District and South East Light Rail (CSELR) project. In December 2014, TfNSW entered into a public private partnership with ALTRAC Light Rail as the operating company (OpCo) responsible for delivering, operating and maintaining the CSELR. OpCo engaged Alstom and Acciona, who together form its Design and Construct Contractor (D&C).

On 14 December 2019, passenger services started on the line between Circular Quay and Randwick. Passenger services on the line between Circular Quay and Kingsford commenced on 3 April 2020.

In November 2016, the Auditor-General published a performance audit report on the CSELR project. The audit found that TfNSW would deliver the CSELR at a higher cost with lower benefits than in the approved business case, and recommended that TfNSW update and consolidate information about project costs and benefits and ensure the information is readily accessible to the public.

In November 2018, the Public Accounts Committee (PAC) examined TfNSW's actions taken in response to our 2016 performance audit report on the CSELR project. The PAC recommended that the Auditor-General consider undertaking a follow-up audit on the CSELR project. The purpose of this follow-up performance audit is to assess whether TfNSW has effectively updated and consolidated information about project costs and benefits for the CSELR project.

Conclusion

Transport for NSW has not consistently and accurately updated CSLER project costs, limiting the transparency of reporting to the public. In line with the NSW Government Benefits Realisation Management Framework, TfNSW intends to measure benefits after the project is completed and has not updated the expected project benefits since April 2015.

Between February 2015 and December 2019, Transport for NSW (TfNSW) regularly updated capital expenditure costs for the CSELR in internal monthly financial performance and risk reports. These reports did not include all the costs incurred by TfNSW to manage and commission the CSELR project.

Omitted costs of $153.84 million for early enabling works, the small business assistance package and financing costs attributable to project delays will bring the current estimated total cost of the CSELR project to $3.147 billion.

From February 2015, TfNSW did not regularly provide the financial performance and risk reports to key CSELR project governance bodies. TfNSW publishes information on project costs and benefits on the Sydney Light Rail website. However, the information on project costs has not always been accurate or current.

TfNSW is working with OpCo partners to deliver the expected journey time benefits. A key benefit defined in the business plan was that bus services would be reduced owing to transfer of demand to the light rail - entailing a saving. However, TfNSW reports that the full expected benefit of changes to bus services will not be realised due to bus patronage increasing above forecasted levels.

Appendix one – Response from agency

Appendix two – Governance and reporting arrangements for the CSELR

Appendix three – 2018 CSELR governance changes

Appendix four – About the audit

Appendix five – Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #335 - released 11 June 2020

Published

Train station crowding

Transport
Management and administration
Risk
Service delivery
Workforce and capability

This report focuses on how Transport for NSW and Sydney Trains manage crowding at selected metropolitan train stations.

The audit found that while Sydney Trains has identified platform crowding as a key strategic risk, it does not have an overarching strategy to manage crowding in the short to medium term. Sydney Trains 'do not have sufficient oversight to know if crowding is being effectively managed’, the Auditor-General said.

Sydney Trains' operational response to crowding involves restricting customer access to platforms or station entries before crowding reaches unsafe levels or when it impacts on-time running. Assuming rail patronage increases, it is likely that Sydney Trains will restrict more customers from accessing platforms or station entries, causing customer delay. ‘Restricting customer access to platforms or station entries is not a sustainable approach to manage station crowding’, said the Auditor-General.

The Auditor-General made seven recommendations to improve Transport for NSW and Sydney Trains' management of station crowding. Transport for NSW have accepted these recommendations on behalf of the Transport cluster.

Public transport patronage has been impacted by COVID-19. This audit was conducted before these impacts occurred.

Read full report (PDF)

Sydney Trains patronage has increased by close to 34 per cent over the last five years, and Transport for NSW (TfNSW) expects the growth in patronage to continue over the next 30 years. As patronage increases there are more passengers entering and exiting stations, moving within stations to change services, and waiting on platforms. As a result, some Sydney metropolitan train stations are becoming increasingly crowded.

There are three main causes of station crowding:

  • patronage growth exceeding the current capacity limits of the rail network
  • service disruptions
  • special events.

Crowds can inhibit movement, cause discomfort and can lead to increased health and safety risks to customers. In the context of a train service, unmanaged crowds can affect service operation as trains spend longer at platforms waiting for customers to alight and board services which can cause service delays. Crowding can also prevent customers from accessing services.

Our 2017 performance audit, ‘Passenger Rail Punctuality’, found that rail agencies would find it hard to maintain train punctuality after 2019 unless they significantly increased the capacity of the network to carry trains and people. TfNSW and Sydney Trains have plans to improve the network to move more passengers. These plans are set out in strategies such as More Trains, More Services and in the continued implementation of new infrastructure such as the Sydney Metro. Since 2017, TfNSW and Sydney Trains have introduced 1,500 more weekly services to increase capacity. Additional network capacity improvements are in progress for delivery from 2022 onwards.

In the meantime, TfNSW and Sydney Trains need to use other ways of managing crowding at train stations until increased capacity comes on line.

This audit examined how effectively TfNSW and Sydney Trains are managing crowding at selected metropolitan train stations in the short and medium term. In doing so, the audit examined how TfNSW and Sydney Trains know whether there is a crowding problem at stations and how they manage that crowding.

TfNSW is the lead agency for transport in NSW. TfNSW is responsible for setting the standard working timetable that Sydney Trains must implement. Sydney Trains is responsible for operating and maintaining the Sydney metropolitan heavy rail passenger service. This includes operating, staffing and maintaining most metropolitan stations. Sydney Trains’ overall responsibility is to run a safe rail network to timetable.

Conclusion

Sydney Trains has identified platform crowding as a key strategic risk, but does not have an overarching strategy to manage crowding in the short to medium term. TfNSW and Sydney Trains devolve responsibility for managing crowding at stations to Customer Area Managers, but do not have sufficient oversight to know if crowding is being effectively managed. TfNSW is delivering a program to influence demand for transport in key precincts but the effectiveness of this program and its impact on station crowding is unclear as Transport for NSW has not evaluated the outcomes of the program.

TfNSW and Sydney Trains do not directly measure or collect data on station crowding. Data and observation on dwell time, which is the time a train waits at a platform for customers to get on and off trains, inform the development of operational approaches to manage crowding at stations. Sydney Trains has KPIs on reliability, punctuality and customer experience and use these to indirectly assess the impact of station crowding. TfNSW and Sydney Trains only formally assess station crowding as part of planning for major projects, developments or events.

Sydney Trains devolve responsibility for crowd management to Customer Area Managers, who rely on frontline Sydney Trains staff to understand how crowding affects individual stations. Station staff at identified key metropolitan train stations have developed customer management plans (also known as crowd management plans). However, Sydney Trains does not have policies to support the creation, monitoring and evaluation of these plans and does not systematically collect data on when station staff activate crowding interventions under these plans.

Sydney Trains stated focus is on providing a safe and reliable rail service. As such, management of station crowding is a by-product of its strategies to manage customer safety and ensure on-time running of services. Sydney Trains' operational response to crowding involves restricting customer access to platforms or stations before crowding reaches unsafe levels, or when it impacts on-time running. As rail patronage increases, it is likely that Sydney Trains will need to increase its use of interventions to manage crowding. As Sydney Trains restrict more customers from accessing platforms or station entries, it is likely these customers will experience delays caused by these interventions.

Since 2015, TfNSW has been delivering the 'Travel Choices' program which aims to influence customer behaviour and to manage the demand for public transport services in key precincts. TfNSW is unable to provide data demonstrating the overall effectiveness of this program and the impact the program has on distributing public transport usage out of peak AM and PM times. TfNSW and Sydney Trains continue to explore initiatives to specifically address crowd management.

Conclusion

TfNSW and Sydney Trains do not directly measure or collect data on station crowding. There are no key performance indicators directly related to station crowding. Sydney Trains uses performance indicators on reliability, punctuality and customer experience to indirectly assess the impact of station crowding. Sydney Trains does not have a routine process for identifying whether crowding contributed to minor safety incidents. TfNSW and Sydney Trains formally assess station crowding as part of planning for major projects, developments or events.

 

Conclusion

Sydney Trains has identified platform crowding as a strategic risk but does not have an overarching strategy to manage station crowding. Sydney Trains' stated focus is on providing a safe and reliable rail service. As such, management of station crowding is a by-product of its strategies to manage customer safety and ensure on-time running of services.

Sydney Trains devolve responsibility for managing crowding at stations to Customer Area Managers but does not have sufficient oversight to know that station crowding is effectively managed. Sydney Trains does not have policies to support the creation, monitoring or evaluation of crowd management plans at key metropolitan train stations. The use of crowding interventions is likely to increase due to increasing patronage, causing more customers to experience delays directly caused by these activities.

TfNSW and Sydney Trains have developed interventions to influence customer behaviour and to manage the demand for public transport services but are yet to evaluate these interventions. As such, their impact on managing station crowding is unclear.

Appendix one – Response from agency

Appendix two – Sydney rail network

Appendix three – Rail services contract

Appendix four – Crowding pedestrian modelling

Appendix five – Airport Link stations case study

Appendix six – About the audit

Appendix seven – Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #333 - released 30 April 2020

 

Published

Local Schools, Local Decisions: needs-based equity funding

Education
Internal controls and governance
Management and administration
Service delivery

The Auditor-General for New South Wales, Margaret Crawford, released a report today examining the Department of Education’s (the department’s) support and oversight of school planning and use of needs-based funding under the Local Schools, Local Decisions reform.

The report found the department has not had adequate oversight of how schools are using needs-based funding to improve student outcomes since it was introduced in 2014.

The department had not set measures or targets for needs-based equity funding. It had also not been clear enough in how it expected schools to report on the outcomes of additional funding. This means it has not been able to effectively demonstrate the impact of funding at a school, or state-wide level.

To assist with the transition to greater local decision-making, the department provided schools with guidance materials, additional resources and systems support. However, guidance material was not clear enough on the purpose of funding, school budgeting systems were not fit-for-purpose when initially introduced, and support for schools was spread across different areas of the department.

The department has recently increased executive oversight of progress to improve educational outcomes for Aboriginal students and students from a low socio-economic background. It has also developed a consistent set of school-level targets to be implemented from 2020. This may help the department more reliably monitor progress in lifting outcomes for students with additional learning needs.

The report makes eight recommendations aimed at clarifying requirements of schools, better coordinating support and strengthening oversight of the use of needs-based equity funding.

Read full report (PDF)

The Local Schools, Local Decisions reform was launched in 2012 to give public schools more authority to make local decisions about how best to meet the needs of their students. A major element of the reform was the introduction of a new needs-based school funding model. Core elements of the model address staffing and operational requirements, while needs-based elements reflect the characteristics of schools and students within them. This includes equity funding designed to support students with additional needs. The four categories of equity funding are:

  • socio-economic background
  • Aboriginal background
  • English language proficiency
  • low-level adjustment for disability. 

Around $900 million in equity funding was allocated in 2019. School principals decide how to use these funds and account for them through their school annual reports. The Department of Education (the department) supports schools in making these choices with tools and systems, guidelines, and good practice examples.

The objective of this audit was to assess the department's support and oversight of school planning and use of needs-based funding under the Local Schools, Local Decisions reform. To address this objective, the audit examined whether:

  • effective accountability arrangements have been established
  • effective support is provided to schools.  

Conclusion

The department has not had adequate oversight of how schools are using needs-based equity funding to improve student outcomes since it was introduced in 2014. While it provides guidance and resources, it has not set measures or targets to describe the outcomes expected of this funding, or explicit requirements for schools to report outcomes from how these funds were used. Consequently, there is no effective mechanism to capture the impact of funding at a school, or state-wide level. The department has recently developed a consistent set of school-level targets to be implemented from 2020. This may help it to better hold schools accountable for progress towards its strategic goal of reducing the impact of disadvantage.

A significant amount of extra funding has been provided to schools over recent years in recognition of the additional learning needs of certain groups of students facing disadvantage. Under the Local Schools, Local Decisions reform, schools were given the ability to make decisions about how best to use the equity funding in combination with their overall school resources to meet their students’ needs. However, multiple guidelines provided to schools contain inconsistent advice on how the community should be consulted, how funding could be used, and how impact should be reported. Because of this, it is not clear how schools have used equity funding for the benefit of identified groups. School annual reports we reviewed did not fully account for the equity funding received, nor adequately describe the impact of funding on student outcomes.

To help in the transition to greater local decision-making, the department provided extra support by; establishing peer support for new principals, increasing the number of directors, developing data analysis and financial planning systems, targeted training and showcasing good practice. Multiple roles and areas of the department provide advice to schools in similar areas and this support could be better co-ordinated.

Financial planning systems designed to help schools budget for equity and other funding sources were not fit-for-purpose when originally introduced. Schools reported a lack of trust in their budget figures and so were not fully spending their allocated funding. Since then, the department developed and improved a budgeting tool in consultation with stakeholder and user groups. It provided extra funding for administrative support and one-to-one training to help schools develop their capabilities. Despite this, schools we spoke to reported they were not yet fully confident in using the system and needed ongoing training and support. 

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #331 - released 8 April 2020.

Published

Volume Nine 2011 focus on Education and Communities

Education
Community Services
Asset valuation
Internal controls and governance
Management and administration
Project management
Workforce and capability

The report includes comments on financial audits of government agencies in the Education and Communities sectors. The audits of the above entities’ financial statements for the year ended 30 June 2011 resulted in unmodified audit opinions within the Independent Auditor’s Reports. A key finding was that Treasury should consider issuing further guidance to arts and cultural bodies on collection valuation methodologies due to the significance of these assets to the State’s asset base.

View our audit program
View audit program
EXPLORE
upcoming audits
Have your say
CONTRIBUTE