Reports
Education 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the results of the financial audits of agencies in the Education cluster. The report focuses on key observations and findings from the most recent financial audits of these agencies. 'I am pleased to report that unqualified audit opinions were issued on the financial statements of both agencies in the Education cluster', the Auditor-General said. Statements were submitted and audited within statutory deadlines.
This report analyses the results of our audits of financial statements of the Education cluster for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the Education cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- service delivery.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster for 2017–18.
| Observation | Conclusions and recommendations |
| 2.1 Quality of financial reporting | |
| Unqualified audit opinions were issued on the financial statements of both cluster agencies. | Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement. |
| 2.2 Timeliness of financial reporting | |
| Both cluster agencies met the statutory deadlines for completing early close procedures and submitting financial statements. | Early close procedures continue to facilitate the timely preparation of cluster agencies’ financial statements and completion of audits, but scope exists to improve outcomes by resolving issues and supplying supporting documentation earlier. |
| 2.3 Key issues from financial audits | |
| Inconsistencies in the Department’s annual leave and long service leave data, identified over the past three audits, remain unresolved. This issue impacts the Department’s liability estimates for annual leave and long service leave, including associated on-costs. It also on-flows to the Crown Entity, which assumes the Department's liability for long service leave. | Recommendation: The Department should confirm leave data and review assumptions following deployment of the new HR/Payroll system to better estimate the liability for employee benefits and the amount to be assumed by the Crown Entity. |
| 2.4 Key financial information | |
| Cluster agencies recorded net deficits in 2017–18. |
The Department recorded a net deficit of $30.7 million in 2017–18 against a budgeted surplus of $122 million. The NSW Education Standards Authority recorded a net deficit of $4.1 million against a budgeted deficit of $4.7 million. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Education cluster for 2018
- the areas of focus identified in the Audit Office work program.
The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
| Observation | Conclusions and recommendations |
| 3.1 Internal controls | |
| Twenty internal control deficiencies were identified during our audits of cluster agencies. We assessed one as a high risk finding. | |
| Eight internal control weaknesses were repeat issues from previous financial audits that had not been fully addressed by management. | Recommendation: Management should prioritise and action recommendations to address internal control weaknesses. |
| 3.2 Information technology | |
| Delivery of the Learning Management and Business Reform (LMBR) program is complete. |
The LMBR program has been a major project for the Department since it was established in 2006. A staged approach was adopted for implementing the Department’s new HR/Payroll system to manage the risks associated with this large-scale roll-out. |
| 3.3 Valuation of the Department’s land and buildings | |
| The Department completed a revaluation of land and building assets during 2017–18. |
A market approach was used to revalue the Department’s land, resulting in a revaluation increment of $2.3 billion. A current replacement cost approach was used to revalue the Department’s school buildings, resulting in an increment of $6.2 billion. |
| 3.4 Maintenance of school facilities | |
| The Department regularly assesses the condition of school buildings and uses Life Cycle Costing to predict maintenance and capital renewal, and to prioritise maintenance activities. | The Life Cycle Costing assessment conducted by the Department in 2017–18 rated 70 per cent of school buildings as being in either as new or good condition. No school buildings were rated as being in end-of-life condition. |
| 3.4 School asset delivery | |
| The Department’s School Assets Strategic Plan is designed to ensure that there are sufficient fit-for-purpose places for students up to 2031. | The Department created a new division, School Infrastructure NSW, to oversee the planning, supply and maintenance of schools and implement major school infrastructure projects. |
This chapter provides service delivery outcomes for the Education cluster for 2017–18. It provides important contextual information about the cluster's operation, but the data on achievement of these outcomes is not audited. The Audit Office does not have a specific mandate to audit performance information.
Internal Controls and Governance 2018
The Auditor-General for New South Wales Margaret Crawford found that as NSW state government agencies’ digital footprint increases they need to do more to address new and emerging information technology (IT) risks. This is one of the key findings to emerge from the second stand-alone report on internal controls and governance of the 40 largest NSW state government agencies.
This report analyses the internal controls and governance of the 40 largest agencies in the NSW public sector for the year ended 30 June 2018.
This report covers the findings and recommendations from our 2017–18 financial audits that relate to internal controls and governance at the 40 largest agencies (refer to Appendix three) in the NSW public sector.
This report offers insights into internal controls and governance in the NSW public sector
This is our second report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. The way agencies deliver services increasingly relies on contracts and partnerships with the private sector. Many of these arrangements deliver front line services, but others provide less visible back office support. For example, an agency may rely on an IT service provider to manage a key system used to provide services to the community. The contract and service level agreements are only truly effective where they are actively managed to reduce risks to continuous quality service delivery, such as interruptions caused by system outages, cyber security attacks and data security breaches.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures, and report on those that present heightened risks for agencies to mitigate. This report divides these into the following five areas:
- Internal control trends
- Information technology (IT), including IT vendor management
- Transparency and performance reporting
- Management of purchasing cards and taxis
- Fraud and corruption control.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2018 cluster financial audit reports, which will be tabled in Parliament from November to December 2018.
The focus of the report has changed since last year
Last year's report topics included asset management, ethics and conduct, and risk management. We are reporting on new topics this year. We plan to introduce new topics and re-visit our previous topics in subsequent reports on a cyclical basis. This will provide a baseline against which to measure the NSW public sectors’ progress in implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Agencies selected for the volume account for 95 per cent of the state's expenditure
While we have covered only 40 agencies in this report, those selected are a large enough group to identify common issues and insights. They represent about 95 per cent of total expenditure for all NSW public sector agencies.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume presents this year’s controls and governance findings in more detail.
| Observation | Conclusions and recommendations |
|---|---|
| 2.1 High risk findings | |
| We found six high risk findings (seven in 2016–17), one of which was repeated from both last year and 2015–16. | Recommendation: Agencies should reduce risk by addressing high risk internal control deficiencies as a priority. |
| 2.2 Common findings | |
| We found several internal controls and governance findings common to multiple agencies. | Conclusion: Central agencies or the lead agency in a cluster can play a lead role in helping ensure agency responses to common findings are consistent, timely, efficient and effective. |
| 2.3 New and repeat findings | |
| Although internal control deficiencies decreased over the last four years, this year has seen a 42 per cent increase in internal control deficiencies. | The increase in new IT control deficiencies and repeat IT control deficiencies signifies an emerging risk for agencies. |
| IT control deficiencies feature in this increase, having risen by 63 per cent since last year. The number of repeat IT control deficiencies has doubled and is driven by the increasing digital footprint left by agencies as government prioritises on-line interfaces with citizens, and the number of transactions conducted through digital channels increases |
Recommendation: Agencies should reduce IT risks by:
|
Government agencies’ financial reporting is now heavily reliant on information technology (IT). IT is also increasingly important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our audits reviewed whether agencies have effective controls in place to manage both key financial systems and IT service contracts.
| Observation | Conclusions and recommendations |
|---|---|
| 3.1 Management of IT vendors | |
| Contract management framework Although 87 per cent of agencies have a contract management policy to manage IT vendors, one fifth require review. |
Conclusion: Agencies can more effectively manage IT vendor contracts by developing policies and procedures to ensure vendor management frameworks are kept up to date, plans are in place to manage vendor performance and risk, and compliance with the framework is monitored by:
|
| Contract risk management Forty-one per cent of agencies are not using contract management plans and do not assess contract risks. Half of the agencies that did assess contract risks, had not updated the risk assessments since the commencement of the contract. |
Conclusion: Instead of applying a 'set and forget' approach in relation to management of contract risks, agencies should assess risk regularly and develop a plan to actively manage identified risks throughout the contract lifecycle - from negotiation and commencement, to termination. |
|
Performance management Only 24 per cent of agencies sought assurance about the accuracy of vendor reporting against KPIs, yet sixty-seven per cent of the IT contracts allow agencies to determine performance based payments and/or penalise underperformance. |
Conclusion: Agencies are monitoring IT vendor performance, but could improve outcomes and more effectively manage under-performance by:
|
|
Transitioning services Where IT vendor contracts do make provision for transitioning-out, only 28 per cent of agencies have developed a transitioning-out plan with their IT vendor. |
Conclusion: Contract transition/phase out clauses and plans can mitigate risks to service disruption, ensure internal controls remain in place, avoid unnecessary costs and reduce the risk of 'vendor lock-in'. |
| Contract Registers Eleven out of forty agencies did not have a contract register, or have registers that are not accurate and/or complete. |
Conclusion: A contract register helps to manage an agency’s compliance obligations under the Government Information (Public Access) Act 2009 (the GIPA Act). However, it also helps agencies more effectively manage IT vendors by:
Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations. |
| 3.2 IT general controls | |
| Governance Ninety-five per cent of agencies have established policies to manage key IT processes and functions within the agency, with ten per cent of those due for review. |
Conclusion: Regular review of IT policies ensures risks are considered and appropriate strategies and procedures are implemented to manage these risks on a consistent basis. An absence of policies can lead to ad-hoc responses to risks, and failure to consider emerging IT risks and changes to agency IT environments. |
|
User access administration
|
Recommendation: Agencies should strengthen the administration of user access to prevent inappropriate access to key systems. |
| Privileged access Forty per cent of agencies do not periodically review logs of the activities of privileged users to identify suspicious or unauthorised activities. |
Recommendation: Agencies should:
|
| Password controls Twenty-three per cent of agencies did not comply with their own policy on password parameters. |
Recommendation: Agencies should ensure IT password settings comply with their password policies. |
| Program changes Fifteen per cent of agencies had deficient IT program change controls mainly related to segregation of duties and authorisation and testing of IT program changes prior to deployment. |
Recommendation: Agencies should maintain appropriate segregation of duties in their IT functions and test system changes before they are deployed. |
This chapter outlines our audit observations, conclusions and recommendations from our review of how agencies reported their performance in their 2016–17 annual reports. The Annual Reports (Statutory Bodies) Regulation 2015 and Annual Reports (Departments) Regulation 2015 (annual reports regulation) currently prescribes the minimum requirements for agency annual reports.
| Observation | Conclusion or recommendation |
| 4.1 Reporting on performance | |
|
Only 57 per cent of agencies linked reporting on performance to their strategic objectives. The use of targets and reporting performance over time was limited and applied inconsistently. |
Conclusion: There is significant disparity in the quality and consistency of how agencies report on their performance in their annual reports. This limits the reliability and transparency of reported performance information. Agencies could improve performance reporting by clearly linking strategic objectives to reported outcomes, and reporting on performance against targets over time. NSW Treasury may need to provide more guidance to agencies to support consistent and high-quality performance reporting in annual reports. |
|
There is no independent assurance that the performance metrics agencies report in their annual reports are accurate. Prior performance audits have noted issues related to the collection of performance information. For example, our 2016 Report on Red Tape Reduction highlighted inaccuracies in how the dollar-value of red tape reduction had been reported. |
Conclusion: The ability of Parliament and the public to rely on reported information as a relevant and accurate reflection of an agency's performance is limited. The relevance and accuracy of performance information is enhanced when:
|
| 4.2 Reporting on reports | |
|
Agency reporting on major projects does not meet the requirements of the annual reports regulation. Forty-seven per cent of agencies did not report on costs to date and estimated completion dates for major works in progress. Of the 47 per cent of agencies that reported on major works, only one agency reported detail about significant cost overruns, delays, amendments, deferments or cancellations. |
NSW Treasury produce an annual report checklist to help agencies comply with their annual report obligations. Recommendation: Agencies should comply with the annual reports regulation and report on all mandatory fields, including significant cost overruns and delays, for their major works in progress. |
|
The information the annual reports regulation requires agencies to report deals only with major works in progress. There is no requirement to report on completed works. Sixteen of 30 agencies reported some information on completed major works. |
Conclusion: Agencies could improve their transparency if they reported, or were required to report:
|
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency preventative and detective controls over purchasing card and taxi use for 2017–18.
| Observation | Conclusion or recommendation |
| 5.1 Management of purchasing cards | |
| Volume of credit card spend Purchasing card expenditure has increased by 76 per cent over the last four years in response to a government review into the cost savings possible from using purchasing cards for low value, high volume procurement. |
Conclusion: The increasing use of purchasing cards highlights the importance of an effective framework for the use and management of purchasing cards. |
| Policy framework We found all agencies that held purchasing cards had a policy in place, but 26 per cent of agencies have not reviewed their purchasing card policy by the scheduled date, or do not have a scheduled revision date stated within their policy. |
Recommendation: Agencies should mitigate the risks associated with increased purchasing card use by ensuring policies and purchasing card frameworks remain current and compliant with the core requirements of TPP 17–09 'Use and Management of NSW Government Purchasing Cards'. |
| Preventative controls We found that:
|
Agencies have designed and implemented preventative controls aimed at deterring the potential misuse of purchasing cards. Conclusion: Further opportunities exist for agencies to better control the use of purchasing cards, such as:
|
|
Detective controls Major reviews, such as data analytics (29 per cent of agencies) and independent spot checks (49 per cent of agencies) are not widely used. |
Agencies have designed and implemented detective controls aimed at identifying potential misuse of purchasing cards. Conclusion: More effective monitoring using purchasing card data can provide better visibility over spending activity and can be used to:
|
| 5.2 Management of taxis | |
| Policy framework Thirteen per cent of agencies have not developed and implemented a policy to manage taxi use. In addition:
|
Conclusion: Agencies can promote savings and provide more options to staff where their taxi use policies:
|
| Detective controls All agencies approve taxi expenditure by expense reimbursement, purchasing card and Cabcharge, and have implemented controls around this approval process. However, beyond this there is minimal monitoring and review activity, such as data monitoring, independent spot checks or internal audit reviews. |
Conclusion: Taxi spend at agencies is not significant in terms of its dollar value, but it is significant from a probity perspective. Agencies can better address the probity risk by incorporating taxi use into a broader purchasing card or fraud monitoring program. |
Fraud and corruption control is one of the 17 key elements of our governance lighthouse. Recent reports from ICAC into state agencies and local government councils highlight the need for effective fraud control and ethical frameworks. Effective frameworks can help protect an agency from events that risk serious reputational damage and financial loss.
Our 2016 Fraud Survey found the NSW Government agencies we surveyed reported 1,077 frauds over the three year period to 30 June 2015. For those frauds where an estimate of losses was made, the reported value exceeded $10.0 million. The report also highlighted that the full extent of fraud in the NSW public sector could be higher than reported because:
- unreported frauds in organisations can be almost three times the number of reported frauds
- our 2015 survey did not include all NSW public sector agencies, nor did it include any NSW universities or local councils
- fraud committed by citizens such as fare evasion and fraudulent state tax self-assessments was not within the scope of our 2015 survey
- agencies did not estimate a value for 599 of the 1,077 (56 per cent) reported frauds.
Commissioning and outsourcing of services to the private sector and the advancement of digital technology are changing the fraud and corruption risks agencies face. Fraud risk assessments should be updated regularly and in particular where there are changes in agency business models. NSW Treasury Circular TC18-02 NSW Fraud and Corruption Control Policy now requires agencies develop, implement and maintain a fraud and corruption control framework, effective from 1 July 2018.
Our Fraud Control Improvement Kit provides guidance and practical advice to help organisations implement an effective fraud control framework. The kit is divided into ten attributes. Three key attributes have been assessed below; prevention, detection and notification systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency fraud and corruption controls for 2017–18.
| Observation | Conclusion or recommendation |
| 6.1 Prevention systems | |
|
Prevention systems Only 54 per cent of agencies have an employment screening policy and all agencies have IT security policies, but gaps in IT security controls could undermine their policies. |
Conclusion: Most agencies have implemented fraud prevention systems to reduce the risk of fraud. However poor IT security along with other gaps in agency prevention systems, such as employment screening practices heightens the risk of fraud and inappropriate use of data. Agencies can improve their fraud prevention systems by:
|
| Twenty-three per cent of agencies were not performing fraud risk assessments and some agency fraud risk assessments may not be as robust as they could be. | Conclusion: Agencies' systems of internal controls may be less effective where new and emerging fraud risks have been overlooked, or known weaknesses have not been rectified. |
| 6.2 Detection systems | |
| Detection systems Several agencies reported they were developing a data monitoring program, but only 38 per cent of agencies had already implemented a program. |
Studies have shown data monitoring, whereby entire populations of transactional data are analysed for indicators of fraudulent activity, is one of the most effective methods of early detection. Early detection decreases the duration a fraud remains undetected thereby limiting the extent of losses. Conclusion: Data monitoring is an effective tool for early detection of fraud and is more effective when informed by a comprehensive fraud risk assessment. |
| 6.3 Notification systems | |
| Notification system All agencies have notification systems for reporting actual or suspected fraud and corruption. Most agencies provide multiple reporting lines, provide training and publicise options for staff to report actual or suspected fraud and corruption. |
Conclusion: Training staff about their obligations and the use of fraud notification systems promotes a fraud-aware culture |
State Finances 2018
Pursuant to the Public Finance and Audit Act 1983, I present my Report on State Finances 2018.
I am pleased to once again report that I issued a clear audit opinion on the State’s consolidated financial statements. This demonstrates the Government’s focus on preparing high quality information on the State’s financial position and performance for use by stakeholders.
However, there are two key areas I would like to see addressed to further support the preparation of the State’s financial statements.
Firstly, some complex accounting matters are not being resolved until late in the financial reporting cycle. This has contributed to an increase in the number of errors in the financial statements key agencies are submitting for audit, particularly around assessing the value of physical assets. Better planning and earlier resolution of these matters would lead to more efficient processes.
Secondly, the State needs to implement five new accounting standards over the next two years. Agencies will need to devote significant resources and effort to collect the necessary information and assess the impact at the whole of government level. I will work with Treasury and relevant agencies to help them improve quality assurance controls over their financial reporting.
Throughout 2017-18 my office worked with Treasury on reforms to improve financial governance, budgeting and reporting arrangements across the sector.
The Government Sector Finance Bill 2018 passed both houses of Parliament in June 2018. However, the Legislative Council returned other proposed changes to the Public Finance and Audit Act 1983 to the Legislative Assembly for further consideration. Most of these changes relate to the Public Accounts Committee. At the time of writing, the cognate Bill had not been debated.
The budget result was a $4.2 billion surplus. The consolidated financial statements at 30 June 2018 do not reflect the sale of 51 per cent of the State’s investment in Sydney Motorway Corporation for which it received $9.3 billion. The sale was announced on 31 August 2018.
Finally, I would like to thank the staff of Treasury for the way they approached the audit. Our partnership is critical to ensuring the quality of financial management and reporting.
Margaret Crawford
Auditor-General
19 October 2018
The State's financial statements given a clear audit opinion
Timely and accurate financial reporting enables informed decision making, effective management of public funds and enhances public accountability.
Since the introduction of mandatory ‘early close procedures’ in 2011-12, the number of significant errors in financial statements of agencies had fallen largely due to identifying and resolving complex accounting issues early.
In 2016-17, Treasury narrowed the scope of mandatory procedures to focus on physical asset valuations and pro-forma financial statements. Despite being broadened for 2017-18, we have observed an increase in the number of errors in agency financial statements.
In 2017-18, twenty-three errors exceeding $20 million were found in agencies’ financial statements that make up the State’s consolidated financial statements. This compares to only five in 2015-16.
The errors identified this year were the result of:
- incorrectly applying Australian Accounting Standards
- deficiencies in assessing the value of physical assets
- using inappropriate and inaccurate assumptions when measuring liabilities
- inaccurately reflecting inter-agency payables and receivables.
Quality financial reporting would be enhanced by responding to key accounting issues as soon as they are identified, and preparing accounting position papers for consideration by Treasury, agency Audit and Risk Committees and the Audit Office.
Key accounting matters addressed by the State in 2017-18.
Restatement of some of the State’s previously reported asset and liability values.
The state corrected the previously reported values of some long-term liabilities ($2 billion).
Accounting standards require the State to measure its long-term liabilities at the best estimate of the expenditures required to settle the obligations. The affected liabilities include claims liabilities of the Lifetime Care and Support Authority of NSW and the NSW Self Insurance Corporation, and scheme liabilities of the Long Service Corporation. The liabilities are adjusted by what is referred to as the ‘discount rate’ to reflect the decreasing value of money over time.
In the past, agencies used a variety of rates to discount these liabilities. Some liabilities were discounted using the estimated long-term fair value of 10-year TCorp bond yields while others were discounted using the expected
return on investments. These discount rates did not comply with the requirements of Australian Accounting Standards and underestimated liabilities by $2.0 billion.
In 2017-18, the State assessed the discount rates previously used in the Sector. It determined the market yield on Commonwealth Bonds best met the Accounting Standard requirements and used this rate to discount similar liabilities in relevant agencies. This resulted in a $2.0 billion increase in the previously reported values of these liabilities and a similar decrease in retained earnings at 1 July 2016.
The State corrected previously reported values of certain Library assets ($1.1 billion).The value of the Pictorial Collection of the Library Council of NSW (the Library) was reassessed at 31 January 2018. During the valuation process the Library identified three errors in the 2015 valuations which overstated the previously reported asset values. The errors included:
This resulted in a $1.1 billion decrease in previously reported asset values and a corresponding decrease in the asset revaluation reserve at 1 July 2016. |
Information system limitations continue at TAFE NSW.TAFE NSW has experienced ongoing issues with its student administration system.TAFE NSW has again implemented additional processes to verify the accuracy and completeness of revenue from student fees. TAFE NSW expects to spend up to $89 million on a new information system to address these issues. Modules of the new student enrolment system are planned to be in place by May 2019 |
Risks to the quality and timeliness of financial reporting.
Challenges associated with valuing the State's physical assets.
When we audit financial statements we focus on areas we consider higher risk. These areas often require the use of estimates and judgements.
The valuation of the State’s physical assets is one such area. Fair value estimates are inherently complex and sensitive to assumptions and judgements. In the public sector, this may be exacerbated by the unique nature of its assets, such as land under roads, preserved plant specimens, cultural collections and other heritage assets.
In 2017-18, valuations of physical assets added $24.5 billion to the value of the State’s balance sheet. These assets are now valued at $339.2 billion. Our audits of these valuations identified:
The Library Council of NSW had three errors in the methodology previously used to value their pictorial assets ($1.1 billion error). |
The Royal Botanic Gardens and Domain Trust did not previously recognise a value for their Herbarium assets ($284 million error). |
Some revaluations within the Ministry of Health did not meet the requirements of Australian Accounting Standards or Treasury requirements ($159 million error). |
The Department of Justice used an incorrect valuation
|
Some important matters agencies should consider when planning/conducting asset valuations include:
STARTING OUT
- Planning is important
- Most effective revaluations include early engagement with all stakeholders, including auditors.
- Determine who needs to be involved and advised of progress with the revaluation – e.g. finance, internal audit, audit and risk committee.
- Ensure asset registers are complete and there is evidence to demonstrate the agency controls the assets.
- The effective date of the valuation can be any date after the financial year commences, but well before year end.
MANAGEMENT'S ROLE
- For large mass valuations consider using a suitable project management methodology to ensure the process remains ‘on track’ with sufficient oversight.
- Consider engaging an expert to perform the valuation, but maintain responsibility for the outcomes. Ensure the outcomes are reasonable and quality review the results, including the appropriateness of inputs and key assumptions.
- Compare pre and post valuation results on an individual asset basis. Where changes are significant and/or unexpected, document explanations from the valuer.
- Start revaluations early so they are completed by early close (around March). The timetable must allow time for a quality review of results and for the results to be recorded in the financial records.
- Revaluation workpapers must include the revaluation source data provided to the valuer and a reconciliation of the source data to the general ledger.
USING EXPERTS
- The terms of engagement should be documented in an engagement letter, which clearly details the proposed valuation methodology. It’s important the valuer knows what is required from a policy perspective and clearly understands the accounting framework used to prepare the financial statements.
- Valuation reports should detail the key assumptions used, explain why the valuation approach was adopted and how the use of relevant observable input was maximised.
- Valuation reports should clearly differentiate between assets revalued using a cost approach and those using an income or market approach. They should explain why the approach used was the most relevant for the asset type.
- Consider using representative/statistical sampling for mass valuations and determine the extent of physical inspections that may be required.
- If a sampling technique is used, it should provide sufficient confidence that the sample is representative of the population.
- Significant judgements should be supported by relevant benchmark data or other analysis and observations. A common example in the public sector is to discount asset values to reflect restrictions on use.
- Ensure the valuer has considered the age and condition of the assets, and heritage/cultural aspects and/or other special factors.
WHAT ABOUT INTERVENING YEARS?
- Perform revaluations with sufficient regularity to ensure asset carrying values in the financial statements reflect fair value.
- Indexation alone is not normally a substitute for a full revaluation. A full revaluation may be needed to accurately establish fair values if asset values move significantly when indices are applied to them.
- Where indexation is used between full revaluations, the indices should be appropriate for the type of asset being assessed.
- Indexing can be unreliable in assessing whether the fair value of assets has moved over time. For example, some assets are valued based on re- collection cost estimates, which may fall over time due to improved re-collection methods and technology.
COMMUNICATION
- For mass or complex valuations, key stakeholders, including auditors, should be involved at the scoping stage and invited to planning meetings with valuers.
- Management should meet with the auditors regularly to discuss progress and outcomes.
- When issues are identified, management should consult with and seek advice from Treasury.
The state will need to implement five new accounting standards over the next two years.
The State has started developing processes it considers necessary to effectively implement the requirements of five new accounting standards. The changes are significant and will impact the financial position and results of agencies and the State.
The new requirements increase the risk of errors in the financial statements. To minimise this risk, agencies will need to devote resources and effort to collect the necessary information and assess the impact of the accounting changes at the whole of government level.
Treasury is liaising with and obtaining information from agencies to assess the impact of the new standards at the whole of government level. Treasury is also liaising with other Treasuries throughout Australia on common implementation issues. To help agencies implement the new standards, Treasury is developing guidance, preparing position papers on proposed accounting treatments, and mandating options within the new standards that agencies need to adopt on transition.
A $4.2 billion surplus, $1.5 billion more than was budgeted
The Total State Sector comprises 304 entities controlled by NSW Government
The General Government Sector, which comprises 212 entities, generally provides goods and services funded centrally by the State.
The non-General Government Sector, which comprises 92 Government businesses, generally provides goods and services, such as water, electricity and financial services that consumers pay for directly.
A principal measure of a Government’s overall performance is its Net Operating Balance (Budget Result). This is the difference between the cost of General Government service delivery and the revenue earned to fund these sectors.
WHAT CHANGED FROM 2017 TO 2018?
$4.2b |
2017-18 General Government Budget Result |
Changes in revenues compared to 2016-17
 Dividends and distributions
|
Due to:
|
||
| 2016-2017 | Change | 2017-2018 | |
2.4b |
+1.3b |
3.7b |
|
| Taxation
|
Due to:
|
||
| 2016-2017 | Change | 2017-2018 | |
30.8b |
+537m |
31.3b |
|
 Grants & Subsidies
|
Due to:
|
||
| 2016-2017 | Change | 2017-2018 | |
31.4b |
+509m |
31.9b |
|
 Sale of Goods and services
|
Includes:
|
||
| 2016-2017 | Change | 2017-2018 | |
8.2b |
+349m |
8.5b |
|
5.5b |
-185m |
5.3b |
Other revenues |
Changes to expenses compared to 2016-17
| Recurrent Grants & Subsidies
|
Due to:
|
||
| 2016-2017 | Change | 2017-2018 | |
12.6b |
+1.3b |
13.9b |
|
 Employee costs
|
Due to:
|
||
| 2016-2017 | Change | 2017-2018 | |
34.9b |
+1.2b |
36.1b |
|
 Other operating expenses
|
Includes:
|
||
| 2016-2017 | Change | 2017-2018 | |
18.3b |
+1.4b |
19.7b |
|
6.8b |
+103m |
6.9b |
Other expenses |
$5.7b |
2016-17 General Government Budget Result |
The State maintained its AAA credit rating.
The object of the Fiscal Responsibility Act 2012 is to maintain the State’s AAA credit rating.
The Government manages NSW’s finances in alignment with the Fiscal Responsibility Act 2012 (the Act).
The Act establishes the framework for fiscal responsibility and the strategy to protect the State’s AAA credit rating and service delivery
to the people of NSW.
The legislation sets out targets and principles for financial management to achieve this.
New South Wales has credit ratings of AAA/ Stable from Standard & Poor’s and Aaa/ Stable from Moody’s Investors Service.
THE FISCAL TARGETS FOR ACHIEVING THIS OBJECTIVE ARE:
General Government annual expenditure growth is lower than long term average revenue growth.
General Government expenditure grew by 5.4 per cent in 2017-18. This was lower than the long-term revenue growth rate of 5.6 per cent.
Eliminating unfunded superannuation liabilities by 2030.
The Act sets a target to eliminate unfunded superannuation liabilities by 2030.
The State’s funding plan is to contribute amounts escalated by five per cent each year so the schemes will be fully funded by 2030. In 2017-18, the State made employer contributions of $1.7 billion, which is largely consistent with contributions over the past five years. Treasury expects superannuation liabilities will be fully funded by 2030 based on the funding program at the last triennial review (December 2015).
For fiscal responsibility purposes, the State uses AASB 1056: Superannuation Entities. This standard discounts superannuation liabilities using the expected return on assets backing the liability.
Using this method, the State’s unfunded superannuation liability was $14.0 billion at 30 June 2018 ($15.0 billion at 30 June 2017). The unfunded liability is $3.4 billion less than it was when the Act was introduced.
Revenues increased by $3.2 billion to $86.7 billion in 2017-18.
Revenues were underpinned by growth in taxation and Australian Government grant revenues, but stamp duties fell.
Tax revenue for the Total State Sector increased by $746 million, or 2.5 per cent compared to 2016-17, primarily due to a:
- $582 million increase in land tax from growth in land values
- $562 million increase in payroll tax from NSW employment and wages growth
- $1 billion decrease in stamp duty due to lower than expected growth in property market transactions, volumes and prices. In 2016-17, stamp duty included $718 million from the leases of Ausgrid and Endeavour Energy assets.
The State expects total stamp duties will fall to $9.5 billion in 2018-19, a decrease of almost $2.0 billion from 2016-17.
The State received Australian Government grants and subsidies of $30.9 billion in 2017-18.
The State received $444 million more in grants and subsidies from the Australian Government than it did in 2016-17. This was due to increases in GST revenues ($753 million) and special purpose payments ($683 million).
There was a decrease in National Partnership payments ($992 million), mainly due to the timing of major road projects including the Pacific Highway (Woolgoolga to Ballina), WestConnex and Western Sydney Infrastructure Program.
In 2017-18, sales of goods and services were $1.1 billion higher than in 2016-17. This reflected increased transaction revenue at Sydney Water ($139 million), the Department of Education ($133 million), WestConnex ($145 million), Department of Finance, Services and Innovation ($111 million) and Sydney Trains ($83 million).
Other dividends and distributions were $803 million higher than in 2016-17 mainly reflecting higher investment returns on TCorp investments.
$ |
83.5b |
+3.9% |
86.7b |
Total Revenue |
Key revenues include:
| 2016-2017 | Change% | 2017-2018 | ||
 |
35.4b |
+2.8 |
36.3b |
Taxation, Fees, Fines, and other |
|
31.4b |
+1.6 |
31.9b |
Grants & Subsidies |
|
14.1b |
+8.1 |
15.2b |
Sale of Goods and Services |
Expenses increased $4.9 billion to $84.2 billion in 2017-18
Overall expenses increased 6.1 per cent compared to 2016-17. Most of the increase was due to higher employee and operating costs.
$ |
79.3b |
+6.1% |
84.2b |
Total Expenses |
Salaries and wages increased by 3.6 per cent compared to 2016-17.
Salaries and wages increased to $31.1 billion from $30 billion. This was due to inflation linked salary and wage increases and a reported increase in front line staff.
The Government wages policy aims to limit growth in employee remuneration and other employee related costs to no more than 2.5 per cent per annum.
Operating expenses increased by 7.8 per cent from 2016-17.
Within operating expenses, payments for supplies, services and other expenses increased, in part, due to:
- increased costs of major rail projects, WestConnex, B-Line bus program and a new rail timetable
- addressing the maintenance backlog and higher school operating expenses of the Department of Education.
Key expenses include:
| 2016-2017 | Change% | 2017-2018 | ||
|
32.8b |
+3.8 |
34.1b |
Employee Expenses |
|
21.6b |
+7.8 |
23.3b |
Operating Costs |
|
9.7b |
+12.7 |
10.9b |
Grants & Subsidies |
 |
7.2b |
+6.6 |
7.6b |
Depreciation |
 |
4.6b |
+2.8 |
4.7b |
Superannuation Expense |
Health costs remain the highest expense of the State.
The Australian Bureau of Statistics introduced a revised Classification of the Function of Government Australia Framework (COFOG-A) effective 1 July 2017. This resulted in some re-classification of expenditure between purposes and now shows State expenses are highest in:
- Health (25.5 per cent)
- General Public Services (25.0 per cent)
- Education (19.6 per cent).
General Public Services includes the executive and legislative branches, financial affairs, public debt transactions and general public service transactions.
The graph highlights the annual expenditure by function and the value of assets to deliver those services.
Assets grew by $35.6 billion to $443 billion in 2017-18
Valuing the State’s physical assets.
The State had physical assets with a fair value of $339 billion at 30 June 2018. This includes land and buildings ($161.6b) and Infrastructure ($160.2b).
Our audits assess the reasonableness and appropriateness of assumptions used to value physical assets. This includes obtaining an understanding of the valuation methodologies used and judgements made. We also review the completeness of asset registers and the mathematical accuracy of valuation models.
Net movements between years include additions, disposals, depreciation and valuations. This year, revaluations of physical assets added $24.5 billion to the value of the State’s assets. This was mainly attributable to the following agencies:
- Department of Education - $8.5 billion
- Roads and Maritime Services - $7.4 billion.
The State’s financial assets increased by $308 million in 2017-18 ($27.5 billion in 2016-17).
In 2016-17, the significant increase in financial assets was primarily from the sale or lease of the following government assets and businesses:
- In June 2017, the Government leased 50.4 per cent of Endeavour Energy assets, which followed the long-term lease 50.4 per cent of Ausgrid’s assets in December 2016. The Government received proceeds of $24.0 billion from these transactions.
- A 35-year concession for providing titling and registry services, effective 30 June 2017, was granted to a private sector operator. The Government received $2.6 billion cash for the concession.
The Government implemented reforms relating to the use the State’s financial assets.
In 2017-18, the Asset and Liability Committee, which advises the Government on balance sheet management, recommended the following policy actions and frameworks to help manage the State’s financial risks and opportunities:
- expanding the scope of cash management reforms to give the State a whole-of-government view on the use of surplus funds. Treasury advises these reforms have centralised funds management of approximately $3.0 billion
- endorsing a new whole-of-government Foreign Exchange (FX) Risk Policy (effective 1 July 2018) to effectively manage the State’s FX risk
- expanding management of the State’s debt portfolio to minimise interest rate risks, reduce interest costs where possible, and extend the average weighted life of the General Government’s debt portfolio towards eight years
- endorsing establishment of a ‘sustainability bond’ program to further diversify and expand the State’s bond investor base and raise awareness of the Government’s social and environmental initiatives.
The State has established the NSW Generations Fund to maintain debt at sustainable levels.
The State established the NSW Generations Funds (NGF) in June 2018 to support debt retirement and to fund community-focused initiatives. The Government has indicated it will initially capitalise the NGF with $3.0 billion from its reserves.
The NSW Generations Funds Act 2018 requires an audit of each NSW Generations Fund by the Auditor- General (including a report by the Auditor-General on whether payments from the Funds have been made in accordance with the Act). The first audit of the fund will be for the period up to 30 June 2019.
$ |
407b |
+8.7% |
443b |
Total Assets |
Key assets include:
| 2016-2017 | Change% | 2017-2018 | ||
| Physical Assets | ||||
 |
147.0b |
+9.0 |
160.2b |
Infrastructure |
 |
143.4b |
+12.7 |
161.6b |
Land and Buildings |
| Financial Assets | ||||
 |
27.7b |
- 4.6 |
26.4b |
Equity investments |
|
20.6b |
- 5.2 |
19.5b |
Cash and Recievables |
|
40.5b |
+6.5 |
41.3b |
Investments and Placements |
Liabilities increased $5.1 billion to $189 billion in 2017-18
Valuing the State’s liabilities relies on actuarial assessments.
Nearly half of the State’s liabilities relate to its employees. They include unfunded superannuation, and employee benefits, such as long service and recreation leave.
Valuing these obligations involves complex estimation techniques and significant judgements. Small changes in assumptions can materially impact the values and the financial statements.
The State’s superannuation obligations fell $2.2 billion in 2017-18.
The State’s $56.4 billion unfunded superannuation liability represents obligations to past and present employees less the value of assets set aside to meet those obligations. The unfunded superannuation liability fell from $58.6 billion to $56.4 billion in 2017-18.
The State’s borrowings at 30 June 2018 were $700 million higher than they were at 30 June 2017.
The State’s borrowings totalled $71.3 billion at 30 June 2018.
TCorp issues bonds to raise funds for NSW Government agencies. These are actively traded in financial markets, which provides price transparency and liquidity to public sector borrowers and institutional investors. All TCorp bonds are guaranteed by the NSW Government.
The Government manages its debt liabilities through its balance sheet management strategy. The strategy extends to TCorp, which applies an active risk management strategy to the Government’s debt portfolio.
General Government Sector debt has been restructured by replacing shorter-term debt with longer-term debt. This lengthens the portfolio to match liabilities with the funding requirements for infrastructure assets.
$ |
184b |
+2.8% |
189b |
Total Liabilities |
Key liabilities include:
| 2016-2017 | Change% | 2017-2018 | ||
|
58.6b |
- 3.7 |
56.4b |
Unfunded Superannuation |
|
18.3b |
+4.7 |
19.1b |
Other Employee Benefits |
|
70.6b |
+1.0 |
71.3b |
Borrowings |
Procurement and reporting of consultancy services
NSW Government agencies engage consultants to provide professional advice to inform their decision‑making. The spend on consultants is measured and reported in different ways for different purposes and the absence of a consistently applied definition makes quantification difficult.
The NSW Government’s procurement principles aim to help agencies obtain value for money and be fair, ethical and transparent in their procurement activities. All NSW Government agencies, with the exception of State Owned Corporations, must comply with the NSW Procurement Board’s Direction when engaging suppliers of business advisory services. Business advisory services include consultancy services. NSW Government agencies must disclose certain information about their use of consultants in their annual reports. The table below illustrates the detailed procurement and reporting requirements.
| Relevant guidance | Requirements | |
|---|---|---|
| Procurement of consultancy services | PBD 2015 04 Engagement of major suppliers of consultancy and other services (the Direction) including the Standard Commercial Framework (revised on 31 January 2018, shortly before it was superseded by 'PBD 2018 01') |
Required agencies to seek the Agency Head or Chief Financial Officer's approval for engagements over $50,000 and report the engagements in the Major Suppliers' Portal (the Portal). |
| PBD 2018 01 Engagement of professional services suppliers (replaced 'PBD 2015 04' in May 2018) |
Requires agencies to seek the Agency Head or Chief Financial Officer's approval for engagements that depart from the Standard Commercial Framework and report the engagements in the Portal. Exhibit 3 in the report includes the key requirements of these three Directions. |
|
| Reporting of consultancy expenditure | Annual Reports (Departments) Regulation 2015 and Annual Reports (Statutory Bodies) Regulation 2015 | Requires agencies to disclose, in their annual reports, details of consultants engaged in a reporting year. |
| Premier's Memorandum 'M2002 07 Engagement and Use of Consultants' |
Outlines additional reporting requirements for agencies to describe the nature and purpose of consultancies in their annual reports. |
We examined how 12 agencies complied with their procurement and reporting obligations for consultancy services between 1 July 2016 and 31 March 2018. Participating agencies are listed in Appendix two. We also examined how NSW Procurement supports the functions of the NSW Procurement Board within the Department of Finance, Services and Innovation.
This audit assessed:
- agency compliance with relevant procurement requirements for their use of consultants
- agency compliance with disclosure requirements about consultancy expenditure in their annual reports
- the effectiveness of the NSW Procurement Board (the Board) in fulfilling its functions to oversee and support agency procurement of consultancy services.
Internal Controls and Governance 2017
Agencies need to do more to address risks posed by information technology (IT).
Effective internal controls and governance systems help agencies to operate efficiently and effectively and comply with relevant laws, standards and policies. We assessed how well agencies are implementing these systems, and highlighted opportunities for improvement.
1. Overall trends
|
New and repeat findings |
The number of reported financial and IT control deficiencies has fallen, but many previously reported findings remain unresolved. |
|
High risk findings |
Poor systems implementations contributed to the seven high risk internal control deficiencies that could affect agencies. |
|
Common findings |
Poor IT controls are the most commonly reported deficiency across agencies, followed by governance issues relating to cyber security, capital projects, continuous disclosure, shared services, ethics and risk management maturity. |
2. Information Technology
|
IT security |
Only two-thirds of agencies are complying with their own policies on IT security. Agencies need to tighten user access and password controls. |
|
Cyber security |
Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
|
Other IT systems |
Agencies can improve their disaster recovery plans and the change control processes they use when updating IT systems. |
3. Asset Management
|
Capital investment |
Agencies report delays delivering against the significant increase in their budgets for capital projects. |
|
Capital projects |
Agencies are underspending their capital budgets and some can improve capital project governance. |
|
Asset disposals |
Eleven per cent of agencies were required to sell their real property through Property NSW but didn’t. And eight per cent of agencies can improve their asset disposal processes. |
4. Governance
|
Governance arrangements |
Sixty-four per cent of agencies’ disclosure policies support communication of key performance information and prompt public reporting of significant issues. |
|
Shared services |
Fifty-nine per cent of agencies use shared services, yet 14 per cent do not have service level agreements in place and 20 per cent can strengthen the performance standards they set. |
5. Ethics and Conduct
|
Ethical framework |
Agencies can reinforce their ethical frameworks by updating code‑of‑conduct policies and publishing a Statement of Business Ethics. |
|
Conflicts of interest |
All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
6. Risk Management
|
Risk management maturity |
All agencies have implemented risk management frameworks, but with varying levels of maturity. |
|
Risk management elements |
Many agencies can improve risk registers and strengthen their risk culture, particularly in the way that they report risks to their lead agency. |
This report covers the findings and recommendations from our 2016–17 financial audits related to the internal controls and governance of the 39 largest agencies (refer to Appendix three) in the NSW public sector. These agencies represent about 95 per cent of total expenditure for all NSW agencies and were considered to be a large enough group to identify common issues and insights.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2017 cluster financial audit reports tabled in Parliament from October to December 2017.
This new report offers strategic insight on the public sector as a whole
In previous years, we have commented on internal control and governance issues in the volumes we published on each ‘cluster’ or agency sector, generally between October and December. To add further value, we then commented more broadly about the issues identified for the public sector as a whole at the start of the following year.
This year, we have created this report dedicated to internal controls and governance. This will help Parliament to understand broad issues affecting the public sector, and help agencies to compare their own performance against that of their peers.
Without strong control measures and governance systems, agencies face increased risks in their financial management and service delivery. If they do not, for example, properly authorise payments or manage conflicts of interest, they are at greater risk of fraud. If they do not have strong information technology (IT) systems, sensitive and trusted information may be at risk of unauthorised access and misuse.
These problems can in turn reduce the efficiency of agency operations, increase their costs and reduce the quality of the services they deliver.
Our audits do not review every control or governance measure every year. We select a range of measures, and report on those that present the most significant risks that agencies should mitigate. This report divides these into the following six areas:
- Overall trends
- Information technology
- Asset management
- Governance
- Ethics and conduct
- Risk management.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume then illustrates this year’s controls and governance findings in more detail.
|
Issues |
Recommendations |
|
1.1 New and repeat findings |
|
|
The number of internal control deficiencies reduced over the past three years, but new higher-risk information technology (IT) control deficiencies were reported in 2016–17. Deficiencies repeated from previous years still make up a sizeable proportion of all internal control deficiencies. |
Recommendation Agencies should focus on emerging IT risks, but also manage new IT risks, reduce existing IT control deficiencies, and address repeat internal control deficiencies on a more timely basis. |
|
1.2 High risk findings |
|
|
We found seven high risk internal control deficiencies, which might significantly affect agencies. |
Recommendation Agencies should rectify high risk internal control deficiencies as a priority |
|
1.3 Common findings |
|
|
The most common internal control deficiencies related to poor or absent IT controls. We found some common governance deficiencies across multiple agencies. |
Recommendation Agencies should coordinate actions and resources to help rectify common IT control and governance deficiencies. |
Information technology (IT) has become increasingly important for government agencies’ financial reporting and to deliver their services efficiently and effectively. Our audits reviewed whether agencies have effective controls in place over their IT systems. We found that IT security remains the source of many control weakness in agencies.
| Issues | Recommendations |
2.1 IT security |
|
|
User access administration While 95 per cent of agencies have policies about user access, about two-thirds were compliant with these policies. Agencies can improve how they grant, change and end user access to their systems. |
Recommendation Agencies should strengthen user access administration to prevent inappropriate access to sensitive systems. Agencies should:
|
|
Privileged access Sixty-eight per cent of agencies do not adequately manage who can access their information systems, and many do not sufficiently monitor or restrict privileged access. |
Recommendation Agencies should tighten privileged user access to protect their information systems and reduce the risks of data misuse and fraud. Agencies should ensure they:
|
|
Password controls Forty-one per cent of agencies did not meet either their own standards or minimum standards for password controls. |
Recommendation Agencies should review and enforce password controls to strengthen security over sensitive systems. As a minimum, password parameters should include:
|
2.2 Cyber Security |
|
|
Cyber security framework Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
Recommendation The Department of Finance, Services and Innovation should revisit its existing framework to develop a shared cyber security terminology and strengthen the current reporting requirements for cyber incidents. |
|
Cyber security strategies While 82 per cent of agencies have dedicated resources to address cyber security, they can strengthen their strategies, expertise and staff awareness. |
Recommendations The Department of Finance, Services and Innovation should:
Agencies should ensure they adequately resource staff dedicated to cyber security. |
2.3 Other IT systems |
|
|
Change control processes Some agencies need to improve change control processes to avoid unauthorised or inaccurate system changes. |
Recommendation Agencies should consistently perform user acceptance testing before system upgrades and changes. They should also properly approve and document changes to IT systems. |
|
Disaster recovery planning Agencies can do more to adequately assess critical business systems to enforce effective disaster recovery plans. This includes reviewing and testing their plans on a timely basis. |
Recommendation Agencies should complete business impact analyses to strengthen disaster recovery plans, then regularly test and update their plans. |
Agency service delivery relies on developing and renewing infrastructure assets such as schools, hospitals, roads, or public housing. Agencies are currently investing significantly in new assets. Agencies need to manage the scale and volume of current capital projects in order to deliver new infrastructure on time, on budget and realise the intended benefits. We found agencies can improve how they:
- manage their major capital projects
- dispose of existing assets.
| Issues | Recommendations or conclusions |
3.1 Capital investment |
|
|
Capital asset investment ratios Most agencies report high capital investment ratios, but one-third of agencies’ capital investment ratios are less than one. |
Recommendation Agencies with high capital asset investment ratios should ensure their project management and delivery functions have the capacity to deliver their current and forward work programs. |
|
Volume of capital spending Most agencies have significant forward spending commitments for capital projects. However, agencies’ actual capital expenditure has been below budget for the last three years. |
Conclusion The significant increase in capital budget underspends warrant investigation, particularly where this has resulted from slower than expected delivery of projects from previous years. |
3.2 Capital projects |
|
|
Major capital projects Agencies’ major capital projects were underspent by 13 percent against their budgets. |
Conclusion The causes of agency budget underspends warrant investigation to ensure the NSW Government’s infrastructure commitment is delivered on time. |
|
Capital project governance Agencies do not consistently prepare business cases or use project steering committees to oversee major capital projects. |
Conclusion Agencies that have project management processes that include robust business cases and regular updates to their steering committees (or equivalent) are better able to provide those projects with strategic direction and oversight. |
3.3. Asset disposals |
|
|
Asset disposal procedures Agencies need to strengthen their asset disposal procedures. |
Recommendations Agencies should have formal processes for disposing of surplus properties. Agencies should use Property NSW to manage real property sales unless, as in the case for State owned corporations, they have been granted an exemption. |
Governance refers to the high-level frameworks, processes and behaviours that help an organisation to achieve its objectives, comply with legal and other requirements, and meet a high standard of probity, accountability and transparency.
This chapter sets out the governance lighthouse model the Audit Office developed to help agencies reach best practice. It then focuses on two key areas: continuous disclosure and shared services arrangements. The following two chapters look at findings related to ethics and risk management.
| Issues | Recommendations or conclusions |
4.1 Governance arrangements |
|
|
Continuous disclosure Continuous disclosure promotes improved performance and public trust and aides better decision-making. Continuous disclosure is only mandatory for NSW Government Businesses such as State owned corporations. |
Conclusion Some agencies promote transparency and accountability by publishing on their websites a continuous disclosure policy that provides for, and encourages:
|
4.2 Shared services |
|
|
Service level agreements Some agencies do not have service level agreements for their shared service arrangements. Many of the agreements that do exist do not adequately specify controls, performance or reporting requirements. This reduces the effectiveness of shared services arrangements. |
Conclusion Agencies are better able to manage the quality and timeliness of shared service arrangements where they have a service level agreement in place. Ideally, the terms of service should be agreed before services are transferred to the service provider and:
|
|
Shared service performance Some agencies do not set performance standards for their shared service providers or regularly review performance results. |
Conclusion Agencies can achieve better results from shared service arrangements when they regularly monitor the performance of shared service providers using key measures for the benefits realised, costs saved and quality of services received. Before agencies extend or renegotiate a contract, they should comprehensively assess the services received and test the market to maximise value for money. |
All government sector employees must demonstrate the highest levels of ethical conduct, in line with standards set by The Code of Ethics and Conduct for NSW government sector employees.
This chapter looks at how well agencies are managing these requirements, and where they can improve their policies and processes.
We found that agencies mostly have the appropriate codes, frameworks and policies in place. But we have highlighted opportunities to improve the way they manage those systems to reduce the risks of unethical conduct.
| Issues | Recommendations or conclusions |
5.1 Ethical framework |
|
|
Code of conduct All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
Recommendation Agencies should regularly review their code-of-conduct policies and ensure they keep their codes of conduct up-to-date. |
|
Statement of business ethics Most agencies maintain an ethical framework, but some can enhance their related processes, particularly when dealing with external clients, customers, suppliers and contractors. |
Conclusion Agencies can enhance their ethical frameworks by publishing a Statement of Business Ethics, which communicates their values and culture. |
5.2 Potential conflicts of interest |
|
|
Conflicts of interest All agencies have a conflicts-of-interest policy, but most can improve how they identify, manage and avoid conflicts of interest. |
Recommendation Agencies should improve the way they manage conflicts of interest, particularly by:
|
|
Gifts and benefits While all agencies already have a formal gifts-and-benefits policy, we found gaps in the management of gifts and benefits by some that increase the risk of unethical conduct. |
Recommendation Agencies should improve the way they manage gifts and benefits by promptly updating registers and providing annual training to staff. |
Risk management is an integral part of effective corporate governance. It helps agencies to identify, assess and prioritise the risks they face and in turn minimise, monitor and control the impact of unforeseen events. It also means agencies can respond to opportunities that may emerge and improve their services and activities.
This year we looked at the overall maturity of the risk management frameworks that agencies use, along with two important risk management elements: risk culture and risk registers.
| Issues | Recommendations or conclusions |
6.1 Risk management maturity |
|
|
All agencies have implemented risk management frameworks, but with varying levels of maturity in their application. Agencies’ averaged a score of 3.1 out of five across five critical assessment criteria for risk management. While strategy and governance fared best, the areas that most need to improve are risk culture, and systems and intelligence. |
Conclusion Agencies have introduced risk management frameworks and practices as required by the Treasury’s:
However, more can be done to progress risk management maturity and embed risk management in agency culture. |
6.2 Risk management elements |
|
|
Risk culture Most agencies have started to embed risk management into the culture of their organisation. But only some have successfully done so, and most agencies can improve their risk culture.
|
Conclusion Agencies can improve their risk culture by:
|
|
Risk registers and reporting Some agencies do not report their significant risks to their lead agency, which may impair the way resources are allocated in their cluster. Some agencies do not integrate risk registers at a divisional and whole-of-enterprise level. |
Conclusion Agencies not reporting significant risks at the cluster level increases the likelihood that significant risks are not being mitigated appropriately. |
Effective risk management can improve agency decision-making, protect reputations and lead to significant efficiencies and cost savings. By embedding risk management directly into their operations, agencies can also derive extra value for their activities and services.
Report on Education 2017
The Auditor-General, Margaret Crawford released her report on the results of the financial audits of agencies in the Education cluster. The report focuses on key observations and findings from the most recent audits of these agencies.
'I am pleased to report that unqualified audit opinions were issued on the financial statements for all agencies in the Education cluster', the Auditor-General said. 'The quality and timeliness of financial reporting remains strong'.
Information and Communication Technologies in schools for teaching and learning
Several factors are reducing effective use of information and communication technology (ICT) in the classroom.
These are primarily:
Parliamentary reference - Report number #289 - released 6 July 2017
2016 - An overview
This report focuses on key observations and findings from 2016 audits and highlights key areas of focus for financial and performance audits in 2017.
| Financial reporting | |
| Observation | Conclusion |
| Only one qualified audit opinion was issued on the 2015–16 financial statements of NSW public sector agencies, compared to two in 2014–15. | The quality of financial reporting continued to improve across the NSW public sector. |
| More 2015–16 financial statements and audit opinions were signed within three months of the year end. | Timely financial reporting was facilitated by more agencies resolving significant accounting issues early, completing asset valuations on time and compiling sufficient evidence to support financial statement balances. |
|
NSW Treasury’s early close procedures in 2015–16 were again successful in improving the quality and timeliness of financial reporting, largely facilitated by the early resolution of accounting issues. For 2016–17, NSW Treasury has narrowed the scope of mandatory early close procedures. |
The narrowed scope of mandatory early close procedures may diminish the good performance in ensuring the quality and timeliness of financial reporting achieved in recent years. To mitigate this risk, NSW Treasury has mandated that agencies perform non-financial asset valuations and prepare proforma financial statements in their early close procedures. It also encourages them to continue with the good practices embedded in recent years. |
| Although most agencies complied with NSW Treasury’s early close asset revaluation procedures we identified areas where they can improve. | Asset revaluations need to commence early enough to ensure all assets are identified and the results are analysed, recorded and reflected accurately in the early close financial statements. |
| Number of misstatements | |||||
| Year ended 30 June | 2015-16 | 2014-15 | 2013-14 | 2012-13 | 2011-12 |
| Total reported misstatements | 298 | 396 | 459 | 661 | 1,077 |
All material misstatements identified by agencies and audit teams were corrected before the financial statements and audit opinions were signed. A material misstatement relates to an incorrect amount, classification, presentation or disclosure in the financial statements that could reasonably be expected to influence the economic decisions of users.
Significant matters reported to the portfolio Minister, Treasurer and Agency Head
In 2015–16, we reported the following significant matters to the portfolio Minister, Treasurer and agency head in our Statutory Audit Reports:
Appropriate financial controls help ensure the efficient and effective use of resources and the implementation and administration of agency policies. They are essential for quality and timely decision making.
In 2015–16, our audit teams made the following key observations on the financial controls of NSW public sector agencies.
| Financial controls | |
| Observation | Conclusion |
| More needs to be done to implement audit recommendations on a timely basis. We found 212 internal control issues identified in previous audits had not been adequately addressed by 30 June 2016. |
Delays in implementing audit recommendations can impact the quality of financial information and the effectiveness of decision making. Agencies need to ensure they have action plans, timeframes and assigned responsibilities to address recommendations in a timely manner. |
| Agencies continue to face challenges managing information security. Most information technology issues we identified related to poor IT user administration in areas like password controls and inappropriate access. | Agencies should review the design and effectiveness of information security controls to ensure data is adequately protected. |
|
We found shared service provider agreements did not always adequately address information security requirements. |
Where agencies use shared service providers they should consider whether the service level arrangements adequately address information security. |
| Thirteen of 108 agencies required to attest to having a minimum set of information security controls did not do so in their 2015 annual reports. | The 'NSW Government Digital Information Security Policy' recognises the growing need for effective information security. With cyber security threats continuing to increase as digital services expand we plan to look at cyber security as part of our 2017–18 performance audit program. |
| We identified instances where service level agreements with shared service providers were outdated, signed too late or did not exist. | Corporate and shared service arrangements are more effective when service level arrangements are negotiated and signed in time, clearly detail rights and responsibilities and include meaningful KPIs, fee arrangements and dispute resolution processes. |
| Internal controls at GovConnect, the private sector provider of transactional and information technology services to many NSW public sector agencies were ineffective in 2015–16. We found mitigating actions taken to manage transition risks from ServiceFirst to GovConnect were ineffective in ensuring effective control over client transactions and data. | The Department of Finance, Services and Innovation should ensure GovConnect addresses the control deficiencies. It should also examine the breakdowns in the transition of the shared service arrangements and apply the learnings to other services being transitioned to the private sector. |
| Maintenance backlogs exist in several NSW public sector agencies, including Roads and Maritime Services, Sydney Trains, NSW Health, the Department of Education and the Department of Justice. | To address backlog maintenance it is important for agencies to have asset lifecycle planning strategies that ensure newly built and existing assets are funded and maintained to a desired service level. |
