Reports
Actions for Treasury 2021
Treasury 2021
What the report is about
The results of Treasury cluster agencies' financial statement audits for the year ended 30 June 2021. The results of the audit of the NSW Government's consolidated Total State Sector Accounts (TSSA), which are prepared by NSW Treasury, are reported separately in our report on State Finances 2021.
What we found
Unmodified audit opinions were issued for all Treasury cluster agencies.
The number of identified monetary misstatements increased from 16 in 2019–20 to 24 in 2020–21.
Reported corrected monetary misstatements decreased from 15 in 2019–20 to seven with a gross value of $1.1 billion in 2020–21.
The largest corrected misstatement was in NSW Treasury's financial statements and was a $1 billion correction to administered borrowings.
Reported uncorrected monetary misstatements increased from one in 2019–20 to 17 with a gross value of $168 million in 2020–21.
Seven of the 2020–21 uncorrected misstatements related to one common decision relating to investment management funds terminated during the year by the NSW Treasury Corporation (TCorp).
All agencies submitted their 2020–21 financial statements within NSW Treasury's reporting deadlines.
What the key issues were
Significant audit findings were identified with respect to NSW Treasury's processes to prepare the NSW Government's consolidated TSSA (whole of government accounts). This included one extreme finding and several high-risk findings related to NSW Treasury processes. These are reported in our report on State Finances 2021.
Two high-risk issues raised in 2019–20 were also not addressed by NSW Treasury during the year and were repeat issues reported to management. These related to the appropriations framework and resolution of cross cluster payments, and instances where some agencies spent deemed appropriations money without an authorised delegation.
A number of previously reported audit findings and recommendations with respect to icare continue to be ongoing issues, namely:
- The Workers Compensation Nominal Insurer continues to hold less assets than the estimated present value of its future payment obligations.
- The Workers Compensation Nominal Insurer's four week return-to-work rate fell from 68% to 64%. This is below icare's 70% target. Contributing factors include COVID-19 lockdowns which have impacted claims handling processes, and increased barriers to claimants returning to work.
- Instances were noted where inadequate documentation was kept on file to support claims, including pre-injury average weekly earnings (PIAWE) calculations.
The Workers Compensation (Dust Diseases) Authority increased its outstanding claims liability by $93.9 million, which included $39.3 million to remediate historical underpayments, resulting from workers not being paid the rate required by existing legislation.
The icare Board approved a new approach for remediating PIAWE underpayments on 24 September 2021, the date the Workers Compensation Nominal Insurer’s financial statements were approved for issue. The impact of the decision on the financial statements was not discussed with the Audit Office and assessed as an ‘after balance date event’.
What we recommended
Our report on State Finances 2021 made several recommendations to improve NSW Treasury processes. These included:
- improve processes to ensure information is shared with audit on a timely basis
- seek legislative amendments to resolve statutory inconsistencies relating to statutory reporting time frames
- implement effective quality review processes over key accounting information
- establish a policy to determine the minimum expected rate of return on equity injections in other public sector entities
- prepare robust financial projections to support accounting decisions
- re-confirm sector classifications of TAHE, Sydney Trains and NSW Trains
- ensure sufficient oversight of its use of consultants and assess the risk of an overdependence on consultants at the cost of internal capability
- improve disclosures of equity injections invested in other public sector entities
- determine a state-wide policy on when borrowings are recognised in agency financial statements
- make legislative amendments to ensure expenditure incurred across financial years does not exceed the appropriation authority and assess the financial reporting impact
- improve the guidance provided to agencies to ensure expenditure of public money is properly supported by authorised delegations.
We also recommended icare should ensure:
- it has sufficient controls over claim payments including an effective quality assurance program, to minimise claim payment errors
- that documentation to support injured worker benefit calculations is appropriately maintained, and the documentation requirements are set out in a policy
- the impact of ‘after balance date events’ on financial statements is appropriately assessed
- its operational practices are improved to ensure the correct payment of claims in compliance with legislative requirements. icare also needs to act on a timely basis on received legal advice and amend operational practices to ensure correct payments are made.
Fast factsNSW Treasury notes that it is the Government's principal financial and economic adviser to guide the State’s growth for the benefit of the people who live, work and study in NSW.
|
This report focuses on agencies within the Treasury cluster and provides parliament and other users of the Treasury cluster's financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
NSW Treasury also prepares the consolidated NSW whole of government financial statements (the Total State Sector Accounts), which is reported in the report on State Finances 2021.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making is enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Treasury cluster (the cluster) for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Treasury cluster.
Section highlights
|
Findings reported to management
The number of findings reported to management has decreased, but 30% of all issues were repeat issues and these need greater focus and prioritisation
Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.
In 2020–21, there were 57 findings raised across the cluster (71 in 2019–20), 30% of which were repeat issues (32% in 2019–20).
The most common repeat issues related to claims processing and information technology user access administration.
A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.
The table below describes the common issues identified across the cluster by category and risk rating.
Risk rating | Issue | |
Information technology | ||
Moderate2 Low1 |
The financial audits identified the need for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with:
|
|
Internal control deficiencies or improvements | ||
High3 Moderate2 Low1
|
The financial audits identified internal control weaknesses across key business processes, including:
|
|
Financial reporting | ||
High3 Moderate2 Low1 |
The financial audits identified opportunities for agencies to strengthen financial reporting, including:
|
|
Governance and oversight | ||
Extreme4 High3 Low1 |
The financial audits identified the need for agencies to improve governance and oversight processes, including:
|
|
Non-compliance with key legislation and/or central agency policies | ||
High3 Low1 |
The financial audits identified the need for agencies to improve its compliance with key legislation and central agency policies, including:
|
|
4 Extreme risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
3 High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
1 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
|
The number of moderate risk findings decreased from prior year
There were 21 moderate risk findings reported in 2020–21, representing a 30% decrease from 2019–20. Of these, ten were repeat findings, and 11 were new issues.
Moderate risk repeat findings include:
- claims processing weaknesses including claim payment errors, and inadequate documentation to support calculations and evidence claims were reviewed by someone with appropriate delegation
- inadequate review of user access and higher risks of unintended or unauthorised system access
- controls assurance reports from an outsourced service provider did not cover the services it provided to the government agency
- failure to review procurement contracts register to ensure it is accurate and complete
- ongoing control deficiencies with grant application and approval processes
- key policies including delegations not being reviewed in a number of years and do not incorporate new requirements from more recent legislation
- quality review processes failing to identify material classification errors associated with grant funding.
NSW Treasury related matters
Accounting for the Government's investment in Transport Asset Holding Entity
A total of seven recommendations were made with respect to NSW Treasury's processes to prepare the NSW Government's consolidated whole of government accounts (the TSSA). This included one extreme risk finding and six high risk findings. The extreme finding related to NSW Treasury needing to significantly improve its processes to ensure all key information is identified and shared with the Audit Office on a timely basis. Other high-risk findings were identified which resulted in the following recommendations for NSW Treasury:
- establishing a policy to determine the minimum expected rate of return on the GGS equity injections in other public sectors entities and report on the performance of these GGS investments in the TSSA, including how much and what type of returns the government is obtaining from its investments compared to its targeted return
- facilitate revised commercial agreements to reflect access and license fees that were agreed in the 18 December 2021 Heads of Agreement between Transport for NSW, TAHE and the operators Sydney Trains and NSW Trains
- with TAHE, prepare robust projections and business plans to support GGS investment returns beyond FY2031.
- liaising with the ABS to re-confirm the classification of TAHE, NSW Trains and Sydney Trains as entities within the PNFC sector
- monitoring the risk that control of TAHE assets could change in future reporting periods and the implications on the TSSA
- consider whether there is sufficient competent oversight of its use of consultants and assess the risk of an over dependence on consultants at the cost of internal capability.
More details on the recommendations to NSW Treasury relating to its accounting for the GGS investment in TAHE are included on pages 7 to 24 of the State Finances 2021 NSW Auditor-General’s Report to Parliament.
Borrowings of $1 billion were understated by NSW Treasury
NSW Treasury, a GGS agency, made agreements to borrow $1 billion from New South Wales Treasury Corporation (TCorp), a PFC sector agency. Some of these agreements were entered as early as 17 May 2021 and all agreements for borrowings were entered into before 30 June 2021. However, NSW Treasury requested that settlement of those additional borrowings be deferred until 1 July 2021.
As TCorp raised the funds before 30 June 2021, it recognised a financial asset and liability to NSW Treasury on 30 June 2021. Despite TCorp having raised the funds by 30 June 2021 under the mutually agreed trade deal, NSW Treasury did not recognise any borrowings at year end on the basis that it requested the settlement date and receipt of cash to be deferred to past the balance sheet date. This led to an understatement of debt liabilities of $1 billion by NSW Treasury, and an inconsistent accounting treatment between the two agencies. NSW Treasury subsequently corrected the misstatement after the matter was raised by the audit, resulting in the GGS recognising $1 billion in financial assets and borrowings at 30 June 2021.
More detail on these inconsistencies is on page 37 of the State Finances 2021 NSW Auditor-General’s Report to Parliament. We recommended NSW Treasury seek develop a state-wide accounting policy for borrowings which ensure correct and consistent accounting treatment between agencies and sectors.
Inconsistencies exist in the GSF Act and GSA Act related to key statutory timeframes
There are inconsistencies between key statutory reporting timeframes imposed on the Treasurer and Auditor-General for the Consolidated State Financial Statements (the Statements) in the Government Sector Finance Act 2018 (GSF Act) and Government Sector Audit Act 1983 (GSA Act). Ambiguity in the statutory reporting timeframes could impact on the future timely provision of this information to Parliament. More detail on these inconsistencies is on page 54 of the State Finances 2021 NSW Auditor-General’s Report to Parliament. We recommended NSW Treasury seek legislative amendments in Parliament to resolve these inconsistencies.
NSW Treasury lacks a framework to monitor and provide assurance to ministers that they are in compliance with their appropriation authority
In July 2021, NSW Treasury highlighted a potential issue associated with certain cross-cluster payments which was based on advice received from the Crown Solicitor in January 2021. After being made aware of the issue, the Audit Office obtained its own advice on matters related to the appropriations framework under relevant state legislation. In the advice to the Audit Office, the Crown Solicitor advised that an agency is not subject to its own legally appropriated expenditure limit (assuming it is not subject to any annual spending limit imposed through an instrument of delegation or a budget control authority issued by the Treasurer under section 5.1 of the GSF Act). In effect, because responsible ministers are given appropriations, these legal expenditure limits, rest in aggregate, with the principal department and agencies the minister is responsible for. It is not possible for an individual agency to monitor or determine at what ‘point in time’ expenditure has been incurred in excess of the minister’s appropriation authority and there is currently no framework to monitor this.
Further detail on this matter is on pages 54 to 56 of the State Finances 2021 NSW Auditor-General’s Report to Parliament. In this report, we recommended that NSW Treasury:
- ensure a framework exists to monitor and provide assurance to ministers that expenditure incurred across a financial year by agencies under the relevant minister's coordination does not exceed the appropriation authority conferred by the annual Appropriations Act and the GSF Act
- assess how the requirement to prepare a Summary of Compliance under Australian Accounting Standards impacts relevant principal departments and cluster agencies financial statement disclosures.
Agencies have again spent monies without an authorised delegation
In the State Finances NSW Auditor-General's Report to Parliament for 2020 and 2021 we reported instances where agencies spent money received from an annual appropriation and/or deemed appropriation money without an authorised delegation from the relevant minister(s) as required by sections 4.6(1) and 5.5(3) of the GSF Act. Further detail on this matter is on pages 56 to 57 of the State Finances 2021 NSW Auditor-General’s Report to Parliament. In this report, we recommended NSW Treasury promptly improve the guidance it provides agencies to ensure that expenditure of public monies is properly supported by authorised delegations.
Control deficiencies at NSW Treasury's service providers
NSW Treasury's business processes and information technology services were provided by Infosys, Unisys and the Department of Customer Service during 2020–21. Together this constitutes the GovConnect environment.
The GovConnect information technology general controls (ITGC) were qualified in 2020–21. The key controls over user access, system changes and batch process failed in all ITGC reports. Most of these deviations were not mitigated or sufficiently mitigated to address the risk of unauthorised user access.
In response to the internal control qualifications, the audit teams performed data analytics over payroll and accounts payable to obtain reasonable assurance that these control deficiencies did not materially impact on relevant agencies' financial statements.
Refer to the Customer Service 2021 NSW Auditor-General’s Report to Parliament for further details.
Insurance related matters
icare is in the process of implementing organisational reform in response to findings in recent external reviews. These reviews have identified 151 recommendations for icare to improve in the areas of risk and governance, performance, and culture and accountability. The reviews include the April 2021 McDougall Review, and the February 2021 ‘Independent Review of icare governance, accountability and culture’ which was recommended by SIRA in the Dore Report.
All of these recommendations were accepted by icare and are expected to be addressed through their ‘Improvement Program’. As at February 2022, icare report that 21 have been addressed, 139 are in progress, and 15 still to commence.
A number of the observations referred to in this report were also identified in the above reviews and are expected to be actioned as part of the improvement program.
Workers Compensation Nominal Insurer (the Nominal Insurer)
The Nominal Insurer’s net asset deficiency at 30 June 2021
Last year's Central Agencies Report to Parliament reported that the Workers Compensation Nominal Insurer (the Nominal Insurer), the NSW Self Insurance Corporation and the Lifetime Care and Support Authority of New South Wales all had negative net assets at 30 June 2020. After strong investment returns in 2020–21, only the Nominal Insurer continued to have negative net assets at 30 June 2021.
The Nominal Insurer's negative net assets of $252.9 million at 30 June 2021 ($316.2 million at 30 June 2020) means that it still does not hold sufficient capital to meet the estimated present value of its future payment obligations, when measured in accordance with the accounting framework. The financial statements continued to be prepared on a going concern basis because the future payment obligations are not all due for settlement within the next 12 months.
As noted in section 2.4 ‘Key accounting issues’, icare changed from an 'Accounting Ratio', to an 'Insurance Ratio', to assess the Nominal Insurer’s capital position from 2020–21. The insurance ratio uses a (higher) discount rate based on the expected earnings rate on the Nominal Insurer’s assets, rather the ‘risk free’ rate which is used for financial reporting.
Last year's Report to Parliament also noted that the deterioration in the value of the Nominal Insurer’s net assets has resulted in its funding ratio at 30 June 2020 being outside of the ‘target operating zone’ set by the Board of icare. The Insurance Ratio at 30 June 2021 is 122%, which is less than icare's target operating zone of over 130%.
icare is assessing how it can increase the Nominal Insurer’s funding ratio, and advises that actions taken to date include the execution of the Nominal Insurer Improvement Program (the Improvement Program) and an increase in premium rates.
icare were given approval by the State Insurance Regulatory Authority (SIRA) to increase workers compensation premium rates from 1.4% to 1.44% of wages (2.9%) for the 2021–22 policy year. icare advises that their pricing strategy for workers compensation premiums is for ‘modest increases over the medium term’.
Return-to-work rates have worsened
Last year's Central Agencies Report to Parliament noted that the Nominal Insurer has experienced deteriorating return-to-work rates since late 2017. According to data published by SIRA, the Nominal Insurer’s monthly four week return-to-work rate has continued to decline, falling from 68% at 30 June 2020 to 64% at 30 June 2021, and down to 63% at 30 September 2021.
A key assumption when measuring the Nominal Insurer’s outstanding claims liability, is the amount of time that injured workers will remain on benefits (i.e. continuance rates). This assumption is significantly aligned with return-to-work rate measures. At 30 June 2021, the liability was increased by $296 million due to changes in continuance rate assumptions, with workers expected to remain on benefits longer. This change is consistent with the fall in four week return-to-work rates.
The four week return-to-work rate trend since August 2017 is shown in the graph below.
Appendix one - Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Appendix five – Acquittals and other opinions
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Universities 2020 audits
Universities 2020 audits
What the report is about
Results of the financial statement audits of the public universities in NSW for the year ended 31 December 2020.
What we found
Unqualified audit opinions were issued for all ten universities.
Two universities reported retrospective corrections of prior period errors.
Universities were impacted by the COVID-19 pandemic with student enrolments decreasing in 2020 compared to 2019 by 10,032 (3.3 per cent). Of this decrease 8,310 students were from overseas.
In response to the pandemic, each university provided welfare support, created student hardship funds, provided accommodation and flexibility on payment of course fees. State and Commonwealth governments provided additional support to the sector.
Six universities recorded negative net operating results in 2020 (two in 2019). The combined revenues of the ten universities from fees and charges decreased by $361 million (5.8 per cent).
Despite the impact of the COVID-19 pandemic, which will continue to impact the financial results of universities in 2021, enrolments of overseas students in semester one of 2021 increased at two universities. This growth meant that total overseas student enrolments increased by 7,944 or 5.8 per cent across the sector as a whole. However, eight universities experienced decreases in overseas student enrolments compared to semester one of 2020. All universities have experienced growth in domestic student enrolments.
What the key issues were
There were 110 findings reported to universities in audit management letters.
Three high risk findings were identified. One related to the continued work by the University of New South Wales to assess its liability for underpayment of casual staff entitlements. The other two deficiencies were at Charles Sturt University, relating to financial reporting implications of major contracts, and resolving issues identified by an internal review of its employment contracts to reliably quantify the university’s liability to its employees.
What we recommended
Universities should prioritise actions to address repeat findings. Forty-five findings were repeated from 2019, of which 23 related to information technology.
Fast factsThere are ten public universities in NSW with 51 local controlled entities and 23 overseas controlled entities.
|
Further information
Please contact Ian Goodwin, Deputy Auditor-General on 9275 7347 or by email.
This report analyses the results of our audits of the financial statements of the ten universities in NSW for the year ended 31 December 2020. The table below summarises our key observations.
1. Financial reporting
Financial reporting | The 2020 financial statements of all ten universities received unmodified audit opinions.
Two universities reported retrospective corrections of prior period errors. The University of Sydney reported errors relating to the underpayment of staff entitlements and the fair value of buildings. Charles Sturt University reported an error relating to how it had calculated right‑of‑use assets and lease liabilities on initial application of the new leasing standard in the previous year. |
Impacts of COVID‑19 |
Student enrolments decreased in 2020 compared to 2019 by 10,032 (3.3 per cent). Of this decrease, 8,310 students were from overseas. The ongoing impact of COVID‑19 in the short‑term, on semester one enrolments for 2021 compared to semester one of 2020, has been mixed:
During 2020, universities provided welfare support to students, created student hardship funds, provided accommodation, and flexibility on payment of course fees. State and Commonwealth governments provided additional support to the sector:
|
Financial results |
Six universities recorded negative net operating results in 2020 (two in 2019). While most universities experienced decreased revenue in 2020, only four had reduced their expenses to a level that was less than revenue. |
Revenue from operations |
Universities' revenue streams were impacted in 2020 by the COVID‑19 pandemic, with fees and charges decreasing by $361 million (5.8 per cent). Government grants as a proportion of total revenue increased for the first time in five years to 34 per cent in 2020. Nearly 40 per cent of universities' total revenue from course fees in 2020 (40.9 per cent in 2019) came from overseas students from three countries: China, India and Nepal (same in 2019). Students from these countries of origin contributed $2.2 billion ($2.4 billion in 2019) in fees. Some universities continue to be dependent on revenues from students from these destinations and their results are more sensitive to fluctuations in demand as a result. |
Other revenues |
Overall philanthropic contributions to universities increased by 32.2 per cent in 2020 to $222 million ($167.9 million in 2019). The University of Sydney and the University of New South Wales attracted 75.2 per cent of the total philanthropic contributions in 2020 (69.5 per cent in 2019). Total research income for universities was $1.4 billion in 20191, with the University of Sydney and the University of New South Wales attracting 66.5 per cent of the total research income of all universities in NSW (65.2 per cent in 2018). |
Expenditure | Universities initiated cost saving measures in response to the COVID‑19 pandemic. The cost of redundancy programs increased employee related expenses in 2020 by 4.4 per cent to $6.5 billion ($6.2 billion in 2019). The cost of redundancies offered in 2020 across the universities totalled $293.9 million. Combined other expenses decreased to $2.8 billion in 2020, a reduction of $436 million (13.4 per cent). |
2. Internal controls and governance
Internal control findings | One hundred and ten internal control deficiencies were identified in 2020 (108 in 2019). Forty‑five findings were repeated from 2019, of which 23 related to information technology.
Recommendation: Universities should prioritise actions to address repeat findings on internal control deficiencies in a timely manner. Risks associated with unmitigated control deficiencies may increase over time. Three high risk internal control deficiencies were identified, namely:
Gaps in information technology (IT) controls comprised the majority of the remaining deficiencies. Deficiencies included a lack of sufficient privileged user access reviews and monitoring, payment files being held in editable formats and accessible by unauthorised persons, and password settings not aligning with the requirements of information security policies. |
Business continuity and disaster recovery planning | All universities have a business continuity policy supported with a business impact analysis.
Except for Macquarie University, all other universities had disaster recovery plans prepared for all of the IT systems that support critical business functions. Macquarie University’s disaster recovery plans were still in progress at 31 December 2020. Only half of the universities' policies require regular testing of their business continuity plans and six universities' plans do not specify staff must capture, asses and report disruptive incidents. |
3. Teaching and research
Graduate employment outcomes | Eight out of ten universities were reported as having full‑time employment rates of their undergraduates in 2020 that were greater than the national average.
Six universities were reported as having full‑time employment rates of their postgraduates in 2020 that were greater than the national average. |
Student enrolments by field of education | Enrolments at universities in NSW decreased the most in Management and Commerce courses and Engineering and Related Technologies courses. The largest increase in enrolments was in Society and Culture courses. |
Achieving diversity outcomes | Five universities in 2019 were reported as meeting the target enrolment rate for students from low socio‑economic status (SES) backgrounds.
Seven universities were reported to have increased their enrolments of students from Aboriginal and Torres Strait Islander backgrounds in 2019. The target growth rate for increases in enrolments of Aboriginal and Torres Strait Islander students (to exceed the growth rate of enrolments of non‑indigenous students by at least 50 per cent) was achieved in 2019. |
This report provides Parliament with the results of our financial audits of universities in NSW and their controlled entities in 2020, including our analysis, observations and recommendations in the following areas:
- financial reporting
- internal controls and governance
- teaching and research.
Financial reporting is an important element of governance. Confidence and transparency in university sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations on the financial reporting of universities in NSW for 2020.
Financial results
The graph below shows the net results of individual universities for 2020.
Appropriate and robust internal controls help reduce risks associated with managing finances, compliance and administration of universities.
This chapter outlines the internal controls related observations and insights across universities in NSW for 2020, including overall trends in findings, level of risk and implications.
Our audits do not review all aspects of internal controls and governance every year. The more significant issues and risks are included in this chapter. These along with the less significant matters are reported to universities for management to address.
Universities' primary objectives are teaching and research. They invest most of their resources to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and their standing in international and Australian rankings.
This chapter outlines teaching and research outcomes for universities in NSW for 2020.
Actions for Central Agencies 2020
Central Agencies 2020
This report analyses the results of our audits of the financial statements of the Treasury, Premier and Cabinet, Customer Service cluster agencies (central agencies), and the Legislature for the year ended 30 June 2020. The table below summarises our key observations.
1. Financial reporting
Audit opinions and timeliness of reporting |
Unqualified audit opinions were issued on the 2019–20 financial statements of central agencies and the Legislature. The audit opinion on the Social and Affordable Housing NSW Fund's compliance with the payment requirements of the Social and Affordable Housing NSW Fund Act 2016 was qualified. All agencies met statutory deadlines for submitting |
Agencies were financially impacted by recent emergency events | The NSW Government allocated $1.4 billion to provide small business support and bushfire recovery relief, support COVID-19 quarantine compliance management, recruit more staff to respond to increased customer demand, and meet additional COVID-19 cleaning requirements. Agencies spent $901 million (64 per cent of the allocated funding) for the financial year ended 30 June 2020. NSW Self Insurance Corporation reported an increase of $850 million in its liability for claims related to emergency events. |
AASB 16 'Leases' resulted in significant changes to agencies' financial position | The implementation of new accounting standards was challenging for many agencies. The New South Wales Government Telecommunications Authority was not well-prepared to implement AASB 16 'Leases' and had not completely assessed contracts that contained leases. This resulted in understatements of leased assets and liabilities by $56 million which were subsequently corrected. |
Implementation of new revenue standards | NSW Treasury did not adequately implement the new revenue standard AASB 1058 ‘Income of Not-for-Profit Entities’ for the Crown Entity. This resulted in understatements of $274 million in opening equity and $254 million to current year revenue, which have been corrected in the final financial statements. |
2. Audit observations
Management letter findings and repeat issues | Our 2019–20 audits identified nine high risk and 122 moderate risk issues across central agencies and the Legislature. The high risk issues were identified in the audits of:
High risk findings include:
Of the 122 moderate risk issues, 36 per cent were repeat issues. The most common repeat issue related to weaknesses in controls over information technology user access administration, which increases the risk of inappropriate access to systems and records. |
Grants administration for disaster relief | Service NSW delivers grants responding to emergency events on behalf of other NSW Public Sector agencies. Since the first grant program commenced in January 2020, Service NSW processed approximately $791 million to NSW citizens and businesses impacted by emergency events for the financial year ended 30 June 2020. A performance audit of grants administration for disaster relief is planned for 2020–21. It will assess whether grants programs administered under the Small Business Support Fund were effectively designed and implemented to provide disaster relief. |
Internal controls at GovConnect NSW service providers require enhancement |
GovConnect NSW provides transactional and information technology services to central agencies. It engages an independent service auditor (service auditor) from the private sector to perform annual assurance reviews of controls at service providers, namely Infosys, Unisys and the Department of Customer Service (DCS). The service auditor issued:
These may impact on the ability of agencies to detect and respond to a cyber incident. Recommendation: We recommend DCS work with GovConnect service providers to resolve the identified control deficiencies as a matter of priority. |
The NSW Public Sector's cyber security resilience needs to improve |
The NSW Cyber Security Policy requires agencies to provide a maturity self-assessment against the Australian Cyber Security Centre (ACSC) Essential 8 to the head of the agency and Cyber Security NSW annually. Completed self-assessment returns highlighted limited progress in implementing the Essential 8. Repeat recommendation: Cyber Security NSW and NSW government agencies need to prioritise improvements to their cyber security resilience as a matter of urgency |
Three Insurance and Care NSW (icare) entities had net asset deficiencies at 30 June 2020 | The Workers Compensation Nominal Insurer, NSW Self Insurance Corporation and the Lifetime Care and Support Authority of NSW all had negative net assets at 30 June 2020. These icare entities did not hold sufficient assets to meet the estimated present value of all of their future payment obligations at 30 June 2020. The deterioration in net assets was largely due to increases in outstanding claims liabilities. Notwithstanding the overall net asset deficiencies, the financial statements for these entities were prepared on a going concern basis. This is because future payment obligations are not all due within the next 12 months. Settlement is instead expected to occur over years into the future, depending on the nature of the benefits provided by each scheme. |
icare has not been able to demonstrate that its allocation of costs reflects the actual costs incurred by the Workers Compensation Nominal Insurer and other schemes |
Costs are incurred by icare as the 'service entity' of the statutory scheme it administers, and then subsequently recovered from the schemes through 'service fees'. In the absence of documentation supported by robust supporting analysis, there is a risk of the schemes being overcharged, and the allocation of costs being in breach of legislative requirements. Recommendation: icare should ensure its approach to allocating service fees to the Workers Compensation Nominal Insurer and the other schemes it manages, is transparent and reflects actual costs. |
icare did not comply with GIPA requirements | icare did not comply with the Government Information (Public Access) Act 2009 (GIPA) contract disclosure requirements in 2019–20 and has not complied for several years. A total of 417 contracts were identified by management as not having been published on the NSW Government’s eTendering website. The final upload of these past contracts occurred on 20 August 2020. |
Implementation of Machinery of Government (MoG) changes | MoG changes impacted the governance and business processes of some agencies. Our audits identified and reported areas for improvement in the consolidation of corporate functions following MoG implementation processes at Infrastructure NSW and in the Customer Service cluster. |
This report provides Parliament and other users of NSW Government central agencies' financial statements and the Legislature's financial statements with the results of our financial audits, observations, analyses, conclusions and recommendations.
Emergency events, such as bushfires, floods and the COVID-19 pandemic significantly impacted agencies in 2019–20. Our findings on nine agencies that were most impacted by recent emergency events are included throughout this report.
Refer to Appendix one for the names of all central agencies and Appendix four for the nine agencies most impacted by emergency events.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely. This chapter outlines our audit observations on the financial reporting of central agencies and the Legislature for 2020, including the financial implications from recent emergency events.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines:
- our observations and insights from the financial statement audits of agencies in the central agencies and the Legislature
- our assessment of how well agencies adapted their systems, policies, procedures and governance arrangements in response to recent emergencies.
Section highlights
|
Actions for Transport 2020
Transport 2020
1. Financial Reporting |
|
Audit opinion | Unmodified audit opinions issued for the financial statements of all Transport cluster entities. |
Quality and timeliness of financial reporting | All cluster agencies met the statutory deadlines for completing the early close and submitting the financial statements. Transport cluster agencies continued to experience some challenges with accounting for land and infrastructure assets. The former Roads and Maritime Services and Sydney Metro recorded prior period corrections to property, plant and equipment balances. |
Impact of COVID-19 on passenger revenue and patronage | Total patronage and revenue for public transport decreased by approximately 18 per cent in 2019–20 due to COVID-19. The Transport cluster received additional funding from NSW Treasury during the year to support the reduced revenue and additional costs incurred such as cleaning on all modes of public transport and additional staff to manage physical distancing. |
Completion of the CBD and South East Light Rail | The CBD and South East Light Rail project was completed and commenced operations in this financial year. At 30 June 2020, the total cost of the project related to the CBD and South East Light Rail was $3.3 billion. Of this total cost, $2.6 billion was recorded as assets, whilst $700 million was expensed. |
2. Audit Observations |
|
Internal control | While internal controls issues raised in management letters in the Transport cluster have decreased compared to the prior year, control weaknesses continue to exist in access security for financial systems. We identified 56 management letter findings across the cluster and 43 per cent of all issues were repeat issues. The majority of the repeat issues relate to information technology controls around user access management. There were three high risk issues identified - two related to financial reporting of assets and one for implementation of TAHE (see below). |
Agency responses to emergency events | Transport for NSW established the COVID-19 Taskforce in March 2020 to take responsibility for the overall response of planning and coordination for the Transport cluster. It also implemented the COVIDSafe Transport Plan which incorporates guidance on physical distancing, increasing services to support social distancing and cleaning. |
RailCorp transition to TAHE | On 1 July 2020, RailCorp was renamed Transport Asset Holding Entity of New South Wales (TAHE) and converted to a for-profit statutory State-Owned Corporation. TAHE is a commercial for-profit Public Trading Entity with the intent to provide a commercial return to its shareholders. A plan was established by NSW Treasury to transition RailCorp to TAHE which covered the period 1 July 2015 to 1 July 2019. A large portion of the planned arrangements were not implemented by 1 July 2020. As at the time of this report, the TAHE operating model, Statement of Corporate Intent (SCI) and other key plans and commercial agreements are not finalised. The State Owned Corporations Act 1989 generally requires finalisation of an SCI three months after the commencement of each financial year. However, under the Transport Administration Act 1988, TAHE received an extension from the voting shareholders, the Treasurer and Minister for Finance and Small Business, to submit its first SCI by 31 December 2020. In accordance with the original plan, interim commercial access arrangements were supposed to be in place with RailCorp prior to commencement of TAHE. Under the transitional arrangements, TAHE is continuing to operate in accordance with the asset and safety management plans of RailCorp. The final operating model is expected to include considerations of safety, operational, financial and fiscal risks. This should include a consideration of the potential conflicting objectives of a commercial return, and maintenance and safety measures. This matter has been included as a high risk finding in our management letter due to the significance of the financial reporting impacts and business risks for TAHE. Recommendation: TAHE management should:
Resolution of the above matters are critical as they may significantly impact the financial reporting arrangements for TAHE for 2020–21, in particular, accounting policies adopted as well as measurement principles of its significant infrastructure asset base. |
Completeness and accuracy of contracts registers | Across the Transport cluster, contracts and agreements are maintained by the transport agencies using disparate registers. Recommendation (repeat): Transport agencies should continue to implement a process to centrally capture all contracts and agreements entered. This will ensure:
|
This report provides parliament and other users of the Transport cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- the impact of emergencies and the pandemic.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Transport cluster for 2020, including any financial implications from the recent emergency events.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our:
- observations and insights from our financial statement audits of agencies in the Transport cluster
- assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies.
Section highlights
|
Appendix one – List of 2020 recommendations
Appendix two – Status of 2019, 2018 and 2017 recommendations
Appendix three – Management letter findings
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Internal controls and governance 2020
Internal controls and governance 2020
The Auditor-General for New South Wales, Margaret Crawford today released her report on the findings and recommendations from the 2019–20 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector.
The bushfire and flood emergencies and the COVID‑19 pandemic continue to have a significant impact on the people and public sector of New South Wales. The scale of the government response to these events has been significant. The report focuses on the effectiveness of internal controls and governance processes, including relevant agencies’ response to the emergencies. In particular, the report focuses on:
- financial and information technology controls
- business continuity and disaster recovery planning arrangements
- procurement, including emergency procurement
- delegations that support timely and effective decision-making.
Due to the ongoing impact of COVID‑19 agencies have not yet returned to a business‑as‑usual environment. ‘Agencies will need to assess their response to the recent emergencies and update their business continuity, disaster recovery and other business resilience frameworks to reflect the lessons learnt from these events’ the Auditor-General said.
The report noted that special procurement provisions were put in place to allow agencies to better respond to the COVID-19 pandemic. The Auditor-General recommended agencies update their procurement policies to reflect the current requirements of the NSW Procurement Framework and the emergency procurement requirements.
This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2020. These 40 agencies constitute an estimated 85 per cent of total expenditure for all NSW public sector agencies.
1. Internal control trends
New, repeat and high risk findings |
Internal control deficiencies increased by 13 per cent compared to last year. This is predominately due to a seven per cent increase in new internal control deficiencies and 24 per cent increase in repeat internal control deficiencies. There were ten high risk findings compared to four last year. The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies. Agencies should:
|
Common findings |
A number of findings remain common across multiple agencies over the last four years, including:
|
2. Information technology controls
IT general controls |
We found deficiencies in information security controls over key financial systems including:
The deficiencies above increase the risk of non-compliance with the NSW Cyber Security Policy, which requires agencies to have processes in place to manage user access, including privileged user access to sensitive information or systems and remove that access once it is not required or employment is terminated. |
3. Business continuity and disaster recovery planning
Assessing risks to business continuity and Scenario testing |
The response to the recent emergencies and the COVID-19 pandemic has encompassed a wide range of activities, including policy setting, on-going service delivery, safety and availability of staff, availability of IT and other systems and financial management. Agencies were required to activate their business continuity plans in response, and with the continued impact of COVID-19 have not yet returned to a business-as-usual environment. Our audits focused on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic. We identified deficiencies in agency business continuity and disaster recovery planning arrangements. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities. Agencies can also improve the content of their BIA. For example, ten per cent of agencies' BIAs did not include recovery time objectives and six per cent of agencies did not identify key IT systems that support critical business functions. Scenario testing improves the effectiveness with which a live crisis is handled, but 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. There were also opportunities to improve the effectiveness of scenario testing exercises by:
Agencies have responded to the recent emergencies but addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required. During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'. |
Responding to disruptions |
We found agencies' governance functions could have been better informed about responses to disruptive incidents that had activated a business continuity or disaster recovery response between 1 January 2019 to 31 December 2019. For instance: in 89 per cent of instances where a business continuity response was activated, a post-incident review had been performed. In 82 per cent of these instances, the outcomes were reported to a relevant governance or executive management committee in 95 per cent of instances where a disaster recovery response was activated, a post incident review had been performed. In 86 per cent of these instances, the outcomes were reported to a relevant governance committee or executive management committee. Examples of recorded incidents included extensive air quality issues and power outages due to bushfires, system and network outages, and infected and hijacked servers. Agencies should assess their response to the recent emergencies and the COVID-19 pandemic and update business continuity, disaster recovery and other business resilience frameworks to incorporate lessons learned. Agencies should report to those charged with governance on the results and planned actions. |
Management review and oversight | Eighty-two per cent and 86 per cent of agencies report to their audit and risk committees (ARC) on their business continuity and disaster recovery planning arrangements, respectively. Only 18 per cent and five per cent of ARCs are briefed on the results of respective scenario testing. Briefing ARCs on the results of scenario testing exercises helps inform their decisions about whether sound and effective business continuity and disaster recovery arrangements have been established. |
4. Procurement, including emergency procurement
Policy framework |
Agency procurement policies did not capture the requirements of several key NSW Procurement Board Directions (the Directions), increasing the risk of non-compliance with the Directions. We noted:
Recommendation: Agencies should review their procurement policies and guidelines to ensure they capture the key requirements of the NSW Government Procurement Policy Framework, including NSW Procurement Board Directions. |
Managing contracts |
Eighty-eight per cent of agencies maintain a central contract register to record all details of contracts above $150,000, which is a requirement of GIPA legislation. Of the agencies that maintained registers, 13 per cent did not capture all contracts and eight per cent did not include all relevant contract details. Sixteen per cent of agencies did not periodically review their contract register. Timely review increases compliance with GIPA legislation, and enhances the effectiveness with which procurement business units monitor contract end dates, contract extensions and commence new procurement. |
Training and support |
Ninety-three per cent of agencies provide training to staff involved in procurement processes, and a further 77 per cent of agencies provide this training on an on-going basis. Of the seven per cent of agencies that had not provided training to staff, we noted gaps in aspects of their procurement activity, including:
Training on procurement activities ensures there is effective management of procurement processes to support operational requirements, and compliance with procurement directions. |
Procurement activities | While agencies had implemented controls for tender activities above $650,000, 43 per cent of unaccredited agencies did not comply with the NSW Procurement Policy Framework because they had not had their procurement endorsed by an accredited agency within the cluster or by NSW Procurement. This endorsement aims to ensure the procurement is properly planned to deliver a value for money outcome before it commences. |
Emergency procurement |
As at 30 June 2020, agencies within the scope of this report reported conducting 32,239 emergency procurements with a total contract value of $316,908,485. Emergency procurement activities included the purchase of COVID-19 cleaning and hygiene supplies. The government, through NSW Procurement released the 'COVID-19 Emergency procurement procedure', which relaxed procurement requirements to allow agencies to make COVID-19 emergency procurements. Our review against the emergency procurement measures found most agencies complied with requirements. For example:
Complying with the procedure helps to ensure government resources are being efficiently, effectively, economically and in accordance with the law. Recommendation: Agency procurement frameworks should be reviewed and updated so they can respond effectively to emergency situations that may arise in the future. This includes:
|
5. Delegations
Instruments of delegation |
We found that agencies have established financial and human resources delegations, but some had not revisited their delegation manuals following the legislative and machinery of government changes. For those agencies impacted by machinery of government changes we noted:
Delegations manuals are not always complete; 16 per cent of agencies had no delegation for writing off bad debts and 26 per cent of agencies had no delegation for writing off capital assets. Recommendation: Agencies should ensure their financial and human resources delegation manuals contain regular set review dates and are updated to reflect the Government Sector Finance Act 2018, machinery of government changes and their current organisational structure and roles and responsibilities. |
Compliance with delegations |
Agencies did not understand or correctly apply the requirements of the Government Sector Finance Act 2018 (GSF Act), resulting in non-compliance with the Act. We found that 18 per cent of agencies spent deemed appropriations without obtaining an authorised delegation from the relevant Minister(s), as required by sections 4.6(1) and 5.5(3) of the GSF Act. Further detail on this issue will be included in our Auditor-General's Reports to Parliament on Central Agencies, Education, Health and Stronger Communities, which will be tabled throughout December 2020. Recommendation: Agencies should review financial and human resources delegations to ensure they capture all key functions of laws and regulations, and clearly specify the relevant power or function being conferred on the officer. |
6. Status of 2019 recommendations
Progress implementing last year's recommendations |
Recommendations were made last year to improve transparency over reporting on gifts and benefits and improve the visibility management and those charged with governance had over actions taken to address conflicts of interest that may arise. This year, we continue to note:
While we acknowledge the significance of the recent emergencies, which have consumed agency time and resources, we note limited progress has been made implementing these recommendations. Further detail on the status of implementing all recommendations is in Appendix 2. Recommendation: Agencies should re-visit the recommendations made in last year's report on internal controls and governance and action these recommendations. |
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.
Section highlights We identified ten high risk findings, compared to four last year with two findings repeated from the previous year. There was an overall increase of 13 per cent in the number of internal control deficiencies compared to last year due to a seven per cent increase in new internal control deficiencies, and a 24 per cent increase in repeat internal control deficiencies. The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies. We identified a number of findings that remain common across multiple agencies over the last four years. Some of these findings related to areas that are fundamental to good internal control environments and effective organisational governance. Examples include:
Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.
Section highlights Government agencies’ financial reporting is heavily reliant on information technology (IT). We continue to see a high number of deficiencies related to IT general controls, particularly those related to user access administration. These controls are key in adequately protecting IT systems from inappropriate access and misuse. IT is also important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our financial audits do not review all agency IT systems. For example, IT systems used to support agency service delivery are generally outside the scope of our financial audit. However, agencies should also consider the relevance of our findings to these systems. Agencies need to continue to focus on assessing the risks of inappropriate access and misuse and the implementation of controls to adequately protect their systems, focussing on the processes in place to grant, remove and monitor user access, particularly privileged user access. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency business continuity and disaster recovery planning arrangements.
Section highlights We identified deficiencies in agency business continuity and disaster recovery planning arrangements and opportunities for agencies to enhance their business continuity management and disaster recovery planning arrangements. This will better prepare them to respond to a disruption to their critical functions, resulting from an emergency or other serious event. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities and 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. Scenario testing improves the effectiveness with which a live crisis is handled. This section focusses on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic. While agencies have responded to the recent emergencies, proactively addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required. During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of procurement agency procurement policies and procurement activity.
Section highlights We found agencies have procurement policies in place to manage procurement activity, but the content of these policies was not sufficiently detailed to ensure compliance with NSW Procurement Board Directions (the Directions). The Directions aim to ensure procurement activity achieves value for money and meets the principles of probity and fairness. Agencies have generally implemented controls over their procurement process. In relation to emergency procurement activity, agencies reported conducting 32,239 emergency procurements with a total contract value of $316,908,485 up to 30 June 2020. Our review of emergency procurement activity conducted during 2019–20 identified areas where some agencies did not fully comply with the 'COVID-19 Emergency procurement procedure'. We also found not all agencies are maintaining complete and accurate contract registers. This not only increases the risk of non-compliance with GIPA legislation, but also limits the effectiveness of procurement business units to monitor contract end dates, contract extensions and commence new procurement in a timely manner. We noted instances where agencies renewed or extended contracts without going through a competitive tender process during the year. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency compliance with financial and human resources delegations.
Appendix one – List of 2020 recommendations
Appendix two – Status of 2019 recommendations
Appendix three – Cluster agencies
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Universities 2019 audits
Universities 2019 audits
This report contains findings on the results of financial audits of NSW universities for the year ended 31 December 2019.
All ten NSW universities received unqualified audit opinions. The 2019 financial results for universities are reported as at 31 December and reflect results from operations before the impact of the COVID‑19 pandemic.
The combined revenues for all NSW universities increased by $381 million to $11.4 billion in 2019, driven by increases in student revenues. Revenue from overseas students continued to grow faster than that from domestic students and contributed $3.6 billion in course fees to NSW universities in 2019.
Overseas students from the top three countries of origin, being China, India and Nepal, represented 72.4 per cent of all enrolments of overseas students and 65.4 per cent of all overseas student revenues for 2019. Revenue from students from these three countries comprised 40.9 per cent of total student revenues for all NSW universities, creating a considerable concentration risk for NSW universities.
The COVID‑19 pandemic may significantly impact the financial results of NSW universities in 2020. NSW universities provided data on COVID‑19 impacted student enrolments for semester one 2020. Overall numbers of student enrolments in semester one 2020 were 5.8 per cent beneath projections. Overseas student enrolments were 13.8 per cent beneath expectations and domestic student enrolments were 2.4 per cent below expectations.
The report makes recommendations to the NSW universities, aimed at strengthening controls over information technology, cyber security, validating published performance information, procurement practices and the oversight of their overseas controlled entities' legal and policy compliance functions.
This report analyses the results of our audits of the financial statements of the ten NSW universities for the year ended 31 December 2019. The table below summarises our key observations.
1. Financial reporting
Financial reporting |
The 2019 financial statements of all ten NSW universities received unmodified audit opinions. One controlled entity of the Western Sydney University received a qualified audit opinion. Five NSW universities finalised their audited financial statements this year on or before the date they did last year. New accounting standards, which changed how universities report income and treat operating leases, became effective from 1 January 2019. |
Sources of revenue from operations |
Government grants as a proportion of the total income of NSW universities continued to decrease. Fee revenue from overseas students continued to grow faster than fees from domestic students. Forty-one per cent of NSW universities' total student revenue came from overseas students from three countries. Five NSW universities increased the proportion of revenue they receive from overseas students from a single country. Two universities sourced over 73 per cent of their total overseas student revenue from students from a single country of origin in 2019. |
Other revenues | Two universities attracted over 69.5 per cent of the total philanthropic revenue of $174 million received by all NSW universities in 2019. |
Operating expenditures | Combined total operating expenditure for NSW universities increased to $9.9 billion in 2019, a rise of 5.2 per cent from 2018. |
Current ratio | At 31 December 2019, five NSW universities had a current ratio of less than one, meaning those universities need to actively manage their cash to meet current obligations. |
Controlled entities |
All six NSW universities with overseas controlled entities have devolved responsibility for governance and legislative compliance to their overseas controlled entities. Recommendation (repeat issue): NSW universities should strengthen their governance arrangements to oversight their overseas controlled entities' legal and policy compliance functions. |
COVID-19 impacts and responses |
The 2019 financial results for universities are reported as at 31 December. Consequently, the results for the 2019 year were unaffected by the impact of the COVID-19 pandemic. NSW universities provided data on the COVID-19 impacted student enrolments for semester one 2020. Overall numbers of student enrolments were 5.8 per cent beneath projections. Overseas student enrolments were 13.8 per cent beneath expectations and domestic student enrolments were 2.4 per cent beneath expectations. NSW universities are responding to the challenges presented by COVID-19 by moving course delivery online, expanding student support and introducing cost saving measures. |
2. Internal controls and governance
Internal control findings |
Our audits identified 108 internal control deficiencies in 2019 (99 in 2018). Gaps in information technology (IT) controls comprised the majority of these deficiencies. Deficiencies included a lack of sufficient user access reviews, inadequate review and approval of change management processes, and issues with password settings. We identified one high risk financial control deficiency at the University of New South Wales, which resulted in the University providing for a potential underpayment of casual staff salaries. NSW universities continue to implement recommendations arising from 35 findings raised in previous years. |
Performance reporting |
Five NSW universities still do not have formal processes to internally review and validate performance information published in their annual reports. Recommendation (repeat issue): NSW universities should strengthen processes to review and validate published performance information. |
Cyber security |
Two universities have not yet implemented a cyber risk policy and three universities have not formally trained staff in cyber awareness. Recommendation (repeat issue): NSW universities should strengthen cyber security frameworks and controls to protect sensitive data and prevent financial and reputational losses. |
Management of IT service providers | NSW universities have contracts with vendors to support their computer systems. Five universities have not formally established frameworks to manage these contracts. Poor contract management can compound risks associated with IT control deficiencies. |
Data breach management | Universities are required to maintain the privacy of sensitive data which, if disclosed or used inappropriately, could result in harm to individuals, financial loss, or loss of intellectual property. Two NSW universities have not established formal policies to manage data breaches. |
Procurement |
All universities have a procurement policy. Most universities have a documented procurement manual and contact management policy. Recommendation: NSW universities should review their procurement and contract management policies and procedures to ensure that they are relevant and effective in reducing risk and improving purchasing outcomes. |
3. Teaching and research
Graduate employment outcomes | Eight out of ten NSW universities exceeded the national average for full-time employment rates of their undergraduates in 2019. Six universities performed better than the national average for full-time employment outcomes of their postgraduates in 2019. |
Student enrolments by field of education | Enrolments at NSW universities increased the most in Management and Commerce courses in 2019. |
Achieving diversity outcomes |
Five universities in 2018 (five in 2017) met the target enrolment rate for students from low socio-economic status (SES) backgrounds. Eight universities increased enrolments of students from Aboriginal and Torres Strait Islander backgrounds in 2018. |
This report provides Parliament with the results of our financial audits of New South Wales universities and their controlled entities in 2019, including our analysis, observations and recommendations in the following areas:
- financial reporting
- internal controls and governance
- teaching and research.
Financial reporting is an important element of governance. Confidence and transparency in university sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations on the financial reporting of NSW universities for 2019.
Appropriate and robust internal controls help reduce risks associated with managing finances, compliance and administration of NSW universities.
This chapter outlines the internal controls related observations and insights across NSW universities for 2019, including overall trends in findings, level of risk and implications.
Our audits do not review all aspects of internal controls and governance every year. The more significant issues and risks are included in this chapter. These along with the less significant ones are reported to universities for them to address.
Universities' primary objectives are teaching and research. They invest most of their resources to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and international and Australian rankings.
This chapter outlines teaching and research outcomes for NSW universities for 2019.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – NSW universities’ controlled entities and associated entities
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Central Agencies 2019
Central Agencies 2019
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the results of the financial audits of NSW Government central agencies, namely the Premier and Cabinet, Treasury and Customer Service clusters. There are 191 agencies in these clusters, including government financial, superannuation and insurance entities.
Unqualified audit opinions were issued on the financial statements for all agencies in the clusters. There were two high risk and 99 moderate risk audit findings on internal controls. Of these, 31 percent were repeat issues, and most related to weaknesses in information technology access controls.
The report notes a number of audit observations including:
- a qualified opinion on information technology internal controls at an outsourced service provider
- self-insurance losses of $1.4 billion partly due to unfavourable movements in the risk free discount rate, and increases in workers compensation claims, including psychological injury claims
- a shortfall (unfunded liability) of $637 million at 30 June 2019 in the Home Building Compensation Fund, due to premiums not being sufficient to meet costs of the scheme
- agencies self-assessed against the Australian Cyber Security Centre’s ‘Essential 8’ cyber risk mitigation strategies for the first time in 2018-19. Based on their own self assessments, more work needs to be done to improve cyber security resilience.
This report analyses the results of our financial statement audits of the Treasury, Premier and Cabinet and Customer Service clusters for the year ended 30 June 2019. Our key observations are summarised below.
This report provides parliament and other users of the NSW Government's central agencies and their cluster agencies financial statements with the results of our audits, observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- government financial services.
Central agency clusters were significantly impacted by Machinery of Government changes which took effect on 1 July 2019. This report is focussed on agencies now in the Treasury, Premier and Cabinet and Customer Service clusters. Some of these agencies may have been in another cluster during 2018–19. Please refer to the section on Machinery of Government changes for more details.
Central agencies and their key responsibilities are set out below.
Machinery of Government (MoG) refers to how the government organises the structures and functions of the public service. MoG changes are where the government reorganises these structures and functions and they are given effect by Administrative orders.
The MoG changes announced following the NSW State election on 23 March 2019 significantly impacted Central Agencies’ clusters through Administrative Changes Orders issued on 2 April 2019 and 1 May 2019. These orders took effect on 1 July 2019.
Section highlights
Significant impacts of the 2019 MoG changes included:
- abolishing the former Department of Finance, Services and Innovation, and creating the Department of Customer Service as the principal agency within the newly established Customer Service cluster
- transferring Jobs for NSW, Destination NSW and the Western City and Aerotropolis Authority into the Treasury cluster
- transferring Arts and Culture entities and Aboriginal Affairs NSW into the Premier and Cabinet cluster
- new responsibilities, risks and challenges for each cluster
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations on the 2019 financial reporting of agencies in the Treasury, Premier and Cabinet, and Customer Service clusters.
Section highlights
- Unqualified audit opinions were issued on the 30 June 2019 financial statements of all agencies within the three clusters, and the Legislature.
- The NSW Self Insurance Corporation (Corporation) 2018–19 financial statements did not include an estimate of the liability for unreported incidents of abuse that have occurred within NSW Government institutions. This is because the Corporation’s financial exposure could not be reliably measured at 30 June 2019. The exposure was instead disclosed as an unquantified contingent liability in the financial statement notes. This liability may be material to the Corporation and the Total State Sector financial statements.
- We recommend management and those charged with governance review instructions provided to management experts each year, along with other significant accounting judgements.
- Agencies will be implementing the requirements of new accounting standards shortly. These could significantly impact their financial positions and operating results. We noted instances where agencies need to do more work on their impact assessments to minimise the risk of errors in the 2019–20 financial statements.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Treasury, Premier and Cabinet and Customer Service clusters.
Section highlights
- The 2018–19 audits found two high risk and 99 moderate risk issues across the agencies. Of these, 31 per cent were repeat issues. The most common repeat issue related to weaknesses in controls over information technology user access administration.
- NSW Government agency self-assessment results show that the NSW Public Sector's cyber security resilience needs urgent attention.
- GovConnect received a qualified opinion from the auditor of their service provider, Unisys, over weaknesses in information technology controls.
- Crown revenues from taxes, fines and fees continued to increase, but this was offset by decreases in stamp duty on property sales.
- The CTP reform resulted in green slip refunds of $198 million to vehicle owners. Unclaimed refunds are to be returned to motorists through a reduction in green slip premiums.
Background
This chapter outlines our audit observations, conclusions and recommendations specific to NSW Government agencies providing financial services.
Section highlights
- Last year's Auditor-General's Report to Parliament recommended Treasury consult with STC Pooled Fund and PCS Fund Trustees to prescribe prudential standards and requirements. Treasury has not taken specific action to address this recommendation.
We recommend Treasury formally assess the merits of implementing prudential standards and supervision arrangements, after considering the risks, benefits and costs to scheme members. - The NSW Self Insurance Corporation did not include an estimate of the liability for unreported incidents of abuse that have occurred within NSW Government institutions because it could not be reliably measured at 30 June 2019. The amounts involved could be material to the Corporation's and Total State Sector's financial statements.
- Insurance scheme liabilities were significantly impacted by unfavourable movements in economic assumptions, including a decrease in the risk free discount rate, and adverse changes in non-economic assumptions, such as higher medical costs.
Appendix one – Timeliness of financial reporting by agency
Appendix two – Management letter findings by agency
Appendix three – Status of 2018 recommendations
Appendix four – Cluster agencies
Appendix five – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Transport 2019
Transport 2019
This report details the results of the financial audits of NSW Government's Transport cluster for the financial year ended 30 June 2019. The report focuses on key observations and findings from the most recent financial statement audits of agencies in the Transport cluster.
Unqualified audit opinions were issued for all agencies' financial statements. However, valuations of assets continue to create challenges across the cluster. The Audit Office identified some deficiencies in relation to asset valuations at Transport for NSW, Roads and Maritime Services, Rail Corporation New South Wales and Sydney Metro.
The Audit Office noted an increase in findings on internal controls across the Transport cluster. Key themes related to information technology, asset management and employee leave entitlements. The report also highlights the status of significant infrastructure projects across the Transport cluster.
The report makes several recommendations including:
- agency finance teams need to be consulted on major business decisions and commercial transactions at the time of their execution to assess the financial reporting impacts
- the Department of Transport should ensure consistent accounting policies are applied across its controlled entities.
This report analyses the results of our audits of financial statements of the Transport cluster for the year ended 30 June 2019. The table below summarises our key observations.
1. Machinery of Government changes
Transport for NSW, as the lead agency, will absorb the functions of Roads and Maritime Services |
The NSW Government announced its intention to integrate Roads and Maritime Services (RMS) into Transport for NSW (TfNSW) as part of the Machinery of Government changes. This change was not included in the Administrative Orders as the Transport Administration Act 1988 No. 109 governs the composition of the Transport cluster. The Transport Administration Amendment (RMS Dissolution) Act 2019 (the Act) received assent on 22 November 2019. The Act dissolves RMS and transfers the assets, rights and liabilities of RMS to TfNSW. As at the date of this Report, the Act is not yet in force. Transport is considering the impact of the changes on its operating model and financial reporting. |
2. Financial reporting
Audit opinions |
Unqualified audit opinions were issued on the 2018–19 financial statements of all agencies in the Transport cluster. TfNSW and Sydney Metro obtained a three-week extension from NSW Treasury to submit their financial statements for audit to resolve accounting issues surrounding the valuation of property, plant and equipment. The Department of Transport reported total consolidated property, plant and equipment of $158 billion at 30 June 2019. In 2018–19, there were issues with asset valuations at TfNSW, RMS, Sydney Metro and Rail Corporation New South Wales (RailCorp), resulting in adjustments after the submission of financial statements for audit and the correction of a prior period error. |
Preparedness for new accounting standards |
Agencies across the cluster are progressing in their implementation of the new accounting standards. Transport cluster agencies need to improve their contracts registers to ensure they have a complete list of contracts and agreements to assess the impact of the new accounting standards. |
Valuation of assets remains a challenge in the Transport cluster |
Whilst agencies complied with the requirements of the accounting standards and NSW Treasury policies on valuations, the Audit Office identified some deficiencies in relation to asset valuations across the cluster.
Sydney Metro North West officially opened in May 2019 and reported total assets of $9.1 billion. Sydney Metro derecognised $322 million in assets constructed to facilitate its operation but transferred to councils and utilities. |
Inconsistent accounting policies across the Transport cluster |
There was an inconsistency identified in the cluster relating to the valuation of substratum land. In 2018–19, RailCorp derecognised $109 million of substratum land to ensure consistency in its approach with other Transport agencies. As the parent entity, the Department of Transport needs to ensure accounting policies are consistently applied across all controlled entities for consolidation purposes. Inconsistencies in the application of accounting standards across agencies will impact comparability of financial reporting and decision making across the Transport cluster. |
Revenue growth |
Public transport passenger revenue increased by $89.0 million (5.9 per cent) in 2018–19, and patronage increased by 37.8 million (4.9 per cent) across all modes of transport based on data provided by TfNSW. The increase in revenue is mainly due to an increase in patronage as well as the annual increase in fares. |
Negative Opal cards |
Negative balance Opal cards resulted in $2.9 million in revenue not collected in 2018–19 ($10.4 million since the introduction of Opal). In January 2019, Transport made a change to the Sydney Airport stations to prevent customers with high negative balances exiting the station. In addition, in late 2018, Transport increased the minimum top up values for new cards at the airport stations. |
3. Audit observations
Internal controls | There was an increase in findings on internal controls across the Transport cluster. Key themes relate to information technology, employee leave entitlements and asset management. Twenty-nine per cent of all issues were repeat issues. The majority of the repeat issues related to information technology controls. |
Write-off of assets | In addition to a $322 million derecognition of assets transferred to councils and utilities by Sydney Metro and a $109 million derecognition of substratum land at RailCorp, the Transport cluster wrote-off $278 million of assets related to roads, bridges, maritime assets, traffic signals and controls network. These mainly related to roads, bridges, maritime assets, traffic signals and the control network where new infrastructure assets substantially replaced an existing asset as part of construction activities. |
Transport Asset Holding Entity (TAHE) |
TAHE was established to be a dedicated asset manager for the delivery of public transport asset management. The Transport Administration Amendment (Transport Entities) Act 2017 will transition RailCorp into TAHE. RailCorp is now expected to transition to TAHE from 1 July 2020 (previously 1 July 2019). Several working groups have been considering various aspects of the TAHE transition including its status as a for profit Public Trading Enterprise, the operating model and the impact of the new accounting standards AASB 16 'Leases' and AASB 1059 'Service Concession Arrangements: Grantors'. The considerations of these aspects identified several challenges in the implementation of TAHE which has led to the revised transition date. Given the delays in implementation, it is important to clarify the intent of the TAHE model. |
Excess annual leave |
Twenty-six per cent of Transport employees have annual leave balances exceeding 30 days. Of the employees with excess leave balances, 732 (10.3 per cent) did not take any annual leave in 2018–19.
|
Completeness and accuracy of contracts registers |
There are no centralised processes to record all significant contracts and agreements in a register across the Transport cluster.
|
This report provides parliament and other users of the Transport cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
This cluster was impacted by the Machinery of Government changes on 1 July 2019. The NSW Government announced its intention to integrate Roads and Maritime Services (RMS) into Transport for NSW (TfNSW). This report is focused on the Transport cluster prior to these changes. Please refer to the section on Machinery of Government changes for more details.
Machinery of Government refers to how the government organises the structures and functions of the public service. Machinery of Government changes are where the government reorganises these structures and functions, and are given effect by Administrative orders.
The Transport cluster was impacted by recent Machinery of Government changes. These changes were announced by the Department of Premier and Cabinet but were not included in the Administrative Orders as the Transport Administration Act 1988 No. 109 governs the composition of the Transport cluster. It was the intention of government to transfer the functions of the RMS into TfNSW. This requires legislative changes to the Transport Administration Act 1988 No. 109.
Section highlights
Under the Machinery of Government changes, the NSW Government will transfer the functions of RMS into TfNSW.
- The Transport Administration Amendment (RMS Dissolution) Act 2019 (the Act) received assent on 22 November 2019.
- The Act will dissolve RMS and transfer its functions, assets, rights and liabilities to TfNSW.
- As at the date of this report, the Act is not yet in force.
- There are risks and challenges for asset and liability transfers, governance and retention of knowledge.
- As of 1 July 2019, administrative arrangements (delegations and reporting line changes) were put in place to enable TfNSW and RMS to operate within a single management structure, while still remaining as separate legal entities.
- Transport is working on a number of options as to how to implement the changes.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Transport cluster for 2019.
Section highlights
- Unqualified audit opinions were issued on all agencies' financial statements.
- RMS required an extension from NSW Treasury for their early close procedures.
- TfNSW and Sydney Metro required extensions to submit their year-end financial statements.
- Valuation of assets remains a challenge across the cluster.
- There remains Opal cards with negative balances.
- Sydney Metro derecognised assets of $322 million in relation to assets constructed for third parties.
- Inconsistencies in the application of accounting policies across cluster agencies impact comparability of financial reporting across the Transport cluster.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Transport cluster.
Section highlights
- There was an increase in findings on internal controls across the Transport cluster. Twenty-nine per cent of all issues were repeat issues.
- Transport entities wrote-off over $278 million of assets which were replaced by new assets or technology.
- Twenty-six per cent of Transport employees have excess annual leave.
- There are no processes to ensure all significant contracts and agreements are captured by agencies in a centralised register.
Appendix one – Timeliness of financial reporting by agency
Appendix two – Management letter findings by agency
Appendix three – List of 2019 recommendations
Appendix four – Status of 2017 and 2018 recommendations
Appendix five – Cluster agencies
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Internal Controls and Governance 2019
Internal Controls and Governance 2019
This report covers the findings and recommendations from the 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector. The 40 agencies selected for this report constitute around 84 per cent of total expenditure for all NSW public sector agencies.
The report provides insights into the effectiveness of controls and governance processes across the NSW public sector. It evaluates how agencies identify, mitigate and manage risks related to:
- financial controls
- information technology controls
- gifts and benefits
- internal audit
- contingent labour
- sensitive data.
The Auditor-General recommended that agencies do more to prioritise and address vulnerabilities in their internal controls and governance. The Auditor-General also recommended agencies increase the transparency of their management of gifts and benefits by publishing their registers on their websites.
This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2019.
1. Internal control trends
New, repeat and high risk findings |
There was an increase in internal control deficiencies of 12 per cent compared to last year. The increase is predominately due to a 100 per cent increase in repeat financial and IT control deficiencies. Some agencies attributed the delay in actioning repeat findings to the diversion of staff from their regular activities to implement and operationalise the recent Machinery of Government changes. As a result, actions to address audit recommendations have been deferred or re prioritised, as the changes are implemented. Agencies need to ensure they are actively managing the risks associated with having these vulnerabilities in internal control systems unaddressed for extended periods of time. |
Common findings |
A number of findings were common to multiple agencies. These findings often related to areas that are fundamental to good internal control environments and effective organisational governance, such as:
|
2. Information technology controls
IT general controls |
We examined information security controls over key financial systems that support the preparation of agency financial statements. We found:
We also found 20 per cent of agencies had deficient IT program change controls, mainly related to segregation of duties in approval and authorisation processes, and user acceptance testing of program changes prior to deployment into production environments. User acceptance testing helps identify potential issues with software incompatibility, operational workflows, absent controls and software issues, as well as areas where training or user support may be required. |
3. Gifts and benefits
Gifts and benefits registers |
All agencies had a gifts and benefits policy and 90 per cent of agencies maintain a gifts and benefits register. However, 51 per cent of the gifts and benefits registers we examined contained incomplete declarations, such as missing details for the approving officer, value of the gift and/or benefit offered and reasons supporting the decision. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate, compliant with policy and were not direct or indirect inducements to the recipients to favour suppliers or service providers. Agencies should ensure their gifts and benefits register includes all key fields specified in the Public Service Commission's minimum standards for gifts and benefits. Agencies should also perform regular reviews of the register to ensure completeness and ensure any gift or benefit accepted by a staff member meets the public's expectations for ethical behaviour. |
Managing gifts and benefits |
We found opportunities to improve gifts and benefits processes and enhance transparency. For example, only three per cent of agencies publish their gifts and benefits registers on their websites. Agencies can improve management of gifts and benefits by:
|
Reporting and monitoring |
Only 35 per cent of agencies reported trends in the number and nature of gifts and benefits recorded in their registers to the agency's senior executive management and/or a governance committee. Agencies should regularly report to the agency executive or other governance committee on trends in the offer and acceptance of gifts and benefits. |
4. Internal audit
Obtaining value from the internal audit function |
Agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value. For example, only 73 per cent of CAEs regularly attend meetings of the agency board or executive management committee. Internal audit functions can add greater value by involving the CAE more extensively in executive forums as an observer. Internal audit functions should also consider producing an annual report on internal audit. An annual report allows the internal audit function to report on their performance and add value by drawing to the attention of audit and risk committees and senior management strategic issues, thematic trends and emerging risks. |
Role of the Chief Audit Executive |
Forty-five per cent of agencies assigned responsibilities to the Chief Audit Executive (CAE) that were broader than internal audit, but 17 per cent of these had not documented safeguards to protect the independence of the CAE. The reporting lines and status of the CAE at some agencies also needs review. At two agencies, the CAE reported to the CFO. Agencies should ensure:
|
Quality assurance and improvement program |
Thirty-five per cent of agencies did not have a documented quality assurance and improvement program for its internal audit function. The policy and the International Standards for the Professional Practice of Internal Auditing require agencies to have a documented quality assurance and improvement program. The results of this program should be reported annually. Agencies should ensure there is a documented and operational Quality Assurance and Improvement Program for the internal audit function that covers both internal and external assessments. |
5. Managing contingent labour
Obtaining value for money from contingent labour |
According to NSW Procurement data, spend on contingent labour has increased by 75 per cent over the last five years, to $1.5 billion in 2018–19. Improvements in internal processes and a renewed focus on agency monitoring and oversight of contingent labour can help ensure agencies get the best value for money from their contingent workforces. Agencies can improve their management of contingent labour by:
We also found 57 per cent of the 23 agencies we examined with contingent labour spend of more than $5 million in 2018–19 have implemented the government's vendor management system and service provider 'Contractor Central'. |
6. Managing sensitive data
Identifying and assessing sensitive data |
Sixty-eight per cent of agencies maintain an inventory of their sensitive data and where it resides. However, these inventories are not always complete and risks may be overlooked. Agencies can improve processes to manage sensitive data by:
|
Managing data breaches |
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents. Agencies should maintain a data breach register to effectively manage the actions undertaken to contain, evaluate and remediate each data breach. |
This report covers the findings and recommendations from our 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies (refer to Appendix three) in the NSW public sector. The 40 agencies selected for this volume constitute around 84 per cent of total expenditure for all NSW public sector agencies.
Although the report includes several agencies that have changed as a result of the Machinery of Government changes that were effective from 1 July 2019, its focus on sector wide issues and insights means that its findings remain relevant to NSW public sector agencies, including newly formed agencies that have assumed the functions of abolished agencies.
This report offers insights into internal controls and governance in the NSW public sector
This is the third report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. For example, if they do not have strong information technology controls, sensitive information may be at risk of unauthorised access and misuse.
Areas of specific focus of the report have changed since last year
Last year's report topics included transparency and performance reporting, management of purchasing cards and taxi use, and fraud and corruption control. We are reporting on new topics this year and re-visiting agency management of gifts and benefits, which we first covered in our 2017 report. Re-visiting topics from prior years provides a baseline to show the NSW public sectors’ progress implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures and report on those that present heightened risks for agencies to mitigate. This year the report focusses on:
- internal control trends
- information technology controls, including access to agency systems
- protecting sensitive information held within agencies
- managing large and diverse workforces (controls around employing and managing contingent workers)
- maintaining an ethical culture (management of gifts and benefits)
- effectiveness of internal audit function and its oversight by Audit and Risk Committees.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, internal controls and audit observations are included in the individual 2019 cluster financial audit reports, which will be tabled in parliament from November to December 2019.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.
Key conclusions and sector wide learnings
- out of date policies or an absence of policies to guide appropriate decisions
- poor record keeping and document retention
- incomplete or inaccurate centralised registers or gaps in these registers.
Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage gifts and benefits.
Key conclusions and sector wide learnings
We found most agencies have implemented the Public Service Commission's minimum standards for gifts and benefits. All agencies had a gifts and benefits policy and 90 per cent of agencies maintained a gifts and benefits register and provided some form of training to employees on the treatment of gifts and benefits.
Based on our analysis of agency registers, we found some areas where opportunities existed to make processes more effective. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate and compliant with policy. Fifty-one per cent of the gifts and benefits registers reviewed contained declarations where not all fields of information had been completed. Seventy-seven per cent of agencies that maintained a gifts and benefits register did not include all key fields suggested by the minimum standards.
Areas where agencies can improve their management of gifts and benefits include:
- ensuring agency policies comprehensively cover the elements necessary to make it effective in an operational environment, such as identifying risks specific to the agency and actions that will be taken in the event of a policy breach
- establishing and publishing a statement of business ethics on the agency's website to clearly communicate expected behaviours to clients, customers,suppliers and contractors
- updating gifts and benefits registers to include all key fields suggested by the minimum standards, as well as performing regular reviews of the register to ensure completeness
- providing on-going training, awareness activities and support to employees, not just at induction
- regularly reporting gifts and benefits to executive management and/or a governance committee such as the audit and risk committee, focussing on trends in the number and types of gifts and benefits offered to and accepted by agency staff
- publishing their gifts and benefits registers on their websites to demonstrate a commitment to a transparently ethical environment.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency internal audit functions.
Key conclusions and sector wide learnings
We found agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems as required by TPP15-03 'Internal Audit and Risk Management Policy for the NSW Public Sector'. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value, including:
- documenting and implementing safeguards to address conflicting roles performed by the Chief Audit Executive (CAE)
- ensuring the reporting lines for the CAE comply with the NSW Treasury policy, and the CAE reports neither functionally or administratively to the finance function or other significant recipients of internal audit services
- involving the CAE more extensively in executive forums as an observer
- documenting a Quality Assurance and Improvement Program for the internal audit function and performing both internal and external performance assessments to identify opportunities for continuous improvement
- reporting against key performance indicators or a balanced scorecard and producing an annual report on internal audit to bring to the attention of the audit and risk committee and senior management strategic issues, thematic trends and emerging risks that may require further attention or resources.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to on-board, manage and off-board contingent labour.
Key conclusions and sector wide learnings
Agencies have implemented controls to manage contingent labour and most agencies have some level of reporting and oversight of contingent labour at an executive level. However, the increasing trend in spend on contingent labour warrants a renewed focus on agency monitoring and oversight of their use of contingent labour. Over the last five years spend on contingent labour has increased by 75 per cent, to $1.5 billion in 2018–19.
There are also some key gaps that limit the ability of agencies to effectively manage contingent labour. Key areas where agencies can improve their management of contingent labour include:
- preparing workforce plans to inform their resourcing strategy, and confirm prior to engaging contingent labour, that this solution aligns with the strategy and best meets business needs
- involving agency human resources units in decisions about engaging contingent labour
- regularly reporting on contingent labour use to agency executive teams, particularly in terms of trends in agency spend, tenure and compliance with policies and procedures
- strengthening on-boarding and off-boarding processes, including establishing checklists to on-board and off-board contingent labour, making provisions for knowledge transfer, and assessing, documenting and capturing performance information.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of governance and processes in relation to the management of sensitive data.
Key conclusions and sector wide learnings
Information technology risks are rapidly increasing. More interfaces between agencies and greater connectivity means the amounts of data agencies generate, access, store and share continue to increase. Some of this information is sensitive information, which is protected by the Privacy Act 1988.
It is important that agencies understand what sensitive data they hold, the risks associated with the inadvertent release of this information and how they are mitigating those risks. We found that agencies need to continue to identify and record their sensitive data, as well as expand the methods they use to identify sensitive data. This includes data held in unstructured repositories, such as network shared drives and by agency service providers.
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents.
Key areas where agencies can improve their management of sensitive data include:
- identifying sensitive data, based on a comprehensive and structured process and maintaining an inventory of the data
- assessing the criticality and sensitivity of the data so that the protection of high risk data can be prioritised
- developing comprehensive data breach management policies to ensure data breaches are appropriately managed
- maintaining a data breach incident register to record key information in relation to identified data breaches incidents, including the estimated cost of the breach
- providing on-going training and awareness activities to employees in relation to sensitive data and managing data breaches.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – In-scope agencies
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Universities 2018 audits
Universities 2018 audits
The Acting Auditor General of New South Wales, Ian Goodwin, released a report today on the results of financial audits of NSW universities for the year ended 31 December 2018.
All ten NSW universities received unqualified audit opinions.
This report analyses the results of our audits of financial statements of the ten NSW universities for the year ended 31 December 2018. The table below summarises our key observations.
This report provides Parliament with the results of our financial audits of New South Wales universities and their controlled entities in 2018, including our analysis, observations and recommendations in the following areas:
- financial reporting
- internal controls and governance
- teaching and research.
Financial reporting is an important element of governance. Confidence and transparency in university sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations on the financial reporting of NSW universities for 2018.
Appropriate and robust internal controls help reduce risks associated with managing finances, compliance and administration of NSW universities.
This chapter outlines the internal controls related observations and insights across NSW universities for 2018, including overall trends in findings, level of risk and implications.
Our audits do not review all aspects of internal controls and governance every year. The more significant issues and risks are included in this chapter. These along with the less significant ones are reported to universities for them to address.
Universities' primary objectives are teaching and research. They invest most of their resources to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and international and Australian rankings.
This chapter outlines teaching and research outcomes for NSW universities for 2018.