Last year the NSW Government spent almost $250 million on travel. The government’s travel policies aim to help agencies make better travel decisions and reduce costs. The Department of Finance, Services and Innovation (DFSI) is responsible for the government’s travel policy and manages the government contract with an approved private sector provider to procure travel services.

This audit assessed how effective agency processes were to ensure compliance with:

• the ‘Policy on Official Travel within Australia and Overseas’ issued by the Department of Premier and Cabinet in Circular OFS-2014–07 ‘Official Travel in Australia and Overseas’ (the former policy)
• the ‘NSW Government Travel and Transport Policy’ issued by DFSI (the new policy), effective from 28 September 2016.

We examined 15 agencies from different NSW Government clusters with significant travel expenditure. For a list of participating agencies, refer to the Appendix two.

This report analyses the results of the financial statement audits of the ten NSW universities and their controlled entities for the year ended 31 December 2016. The table below summarises key observations.  

Governance refers to the high-level frameworks, processes and behaviours that ensure universities meet their intended purpose, conform with legislative requirements, and meet expectations of probity, accountability and transparency.

This chapter outlines audit findings on the governance of NSW universities and their controlled entities. 

The quality and timeliness of financial reporting continued to improve across the NSW public sector in 2016. Only one qualified audit opinion was issued and most agencies signed their financial statements on time.

We found the Government’s cluster governance arrangements were unclear and inconsistently implemented across the sector in 2016. Clearer arrangements would improve cooperation and coordination amongst cluster agencies and help deliver government priorities that cut across agencies.

This report focuses on key observations and common issues identified from our financial, performance and compliance audits in 2016, and identifies examples of good practice. It also looks forward to where we will focus our efforts in 2017.

We have summarised our observations and findings for 2016 in four chapters:

• Financial Performance and Reporting
• Financial Controls
• Governance
• Service Delivery.

Key observations and common issues identified across several agencies will often apply more broadly across the NSW public sector. For this reason, we hope this report is a useful tool for agency management and Audit and Risk Committees to assess our observations and common issues and consider the impact on their agencies. The report provides links to other reports and refers to other useful reference material.

Our financial audits provide independent opinions on NSW agencies’ financial statements. They consider whether agencies have complied with accounting standards, relevant laws, regulations and government directions. They also identify and report internal control weaknesses and matters of governance interest, and make recommendations to address deficiencies.

Our performance and compliance audits build on the financial audits by reviewing and concluding on whether taxpayers’ money is being spent efficiently, effectively, economically and in accordance with the law.

Financial performance and reporting

The quality and timeliness of financial reporting continues to improve

Only one qualified opinion was issued on the 2015–16 financial statements of NSW public sector agencies, compared to two in 2014–15. The audit opinion for the Office of the NSW State Emergency Service was qualified because effective controls over fundraising activities did not operate for the entire year.

Since NSW Treasury introduced its ‘early close procedures’ initiative in 2011–12, the number of reported misstatements and significant matters have fallen considerably across the NSW public sector. The number of misstatements has fallen from 1,077 in 2011–12 to 298 in  2015–16.

Most agencies submitted and signed their financial statements on time, which enabled more audits to be completed within three months of year end. In 2015–16, 204 of 286 agencies’ financial statements and audit opinions were signed within three months of the year end, compared to only 67 in 2010–11.  

NSW Treasury has narrowed the scope of mandatory early close procedures 

NSW Treasury’s early close procedures in 2015–16 were again successful in improving the quality and timeliness of financial reporting, largely facilitated by the early resolution of accounting issues. For 2016–17, NSW Treasury has narrowed the scope of mandatory early close procedures, which may diminish the good performance achieved in recent years.   

To mitigate this risk, NSW Treasury has mandated that agencies perform non-financial asset valuations and prepare proforma financial statements in their early close procedures. It also encourages them to continue with the good practices embedded in recent years. These include:

• resolving all past audit issues
• performing key account reconciliations
• agreeing and confirming inter and intra (cluster) agency balances and transactions
• identifying material, complex and one-off transactions
• preparing quality workpapers to support balances with variance analysis and meaningful explanations for movements
• adequate review by management and Audit and Risk Committees.

Financial controls

More needs to be done to implement audit recommendations

More needs to be done to implement audit recommendations on a timely basis. Internal control issues were identified in previous audits, but had not been adequately addressed. Delays in implementing audit recommendations can impact the quality of financial information and the effectiveness of decision making. Agencies need to ensure they have action plans, timeframes and assigned responsibilities to address recommendations in a timely manner.

Agencies continue to face challenges managing information security

Our financial audits identified opportunities to improve IT control environments, with most information technology issues relating to information security. We also found service level arrangements with IT service providers did not always adequately address information security risks.

Agencies should ensure information security controls and contractual arrangements with IT service providers adequately protect their data.

Internal controls at GovConnect were ineffective in 2015–16

GovConnect provides information technology and transactional services to agencies within the NSW Public Sector. Service levels fell during the transition of shared services from ServiceFirst to GovConnect and NSW public sector agencies using these services were unable to rely on controls over financial transactions and information. We found mitigating actions taken to manage transition risks from ServiceFirst to GovConnect did not ensure effective control over client transactions and data. This increased the risk of fraud and error, and inappropriate access to information.

Governance

Cluster governance arrangements are unclear

Currently, cluster governance arrangements are unclear and inconsistently implemented across the NSW public sector. Implementing cluster governance frameworks is complex because clusters bring together entities with different enabling legislation, organisational and legal structures, information systems and processes, risk profiles and governance frameworks.  

Clear cluster governance arrangements would improve cooperation and coordination amongst cluster agencies, help deliver government priorities that cut across agencies and improve service delivery outcomes.  

We recommended the Department of Premier and Cabinet release a revised NSW Public Sector Governance Framework that clearly articulates cluster governance arrangements, the role of the cluster Secretary, Chief Finance Officer, Chief Information Officer and Chief Risk Officer. The Department of Premier and Cabinet has indicated the framework will be updated to provide guidance on cluster governance, and how accountability and performance information are monitored and reported.  

The sale and lease of Crown land is not being managed effectively

Our 2016 performance audit found limited oversight of sales and leases of Crown land by the Department of Industry - Lands. The Department has only just started monitoring whether tenants are complying with lease conditions, and does not have a clear view of what is happening on most leased Crown land.  

Most guidance to staff had not been updated for a decade, contributing to staff sometimes incorrectly implementing policies on rental rebates, unpaid rent, rent redeterminations and the direct negotiation of sales and leases on Crown land. Between 2012 and 2015, 97 per cent of leases and 50 per cent of sales were negotiated directly between the Department and individuals, without a public expression of interest process.  

Project cost and time overruns continue to occur

Our audits continue to highlight project management, cost and time issues. The Government’s 2016–17 Infrastructure Statement forecasts a $73.3 billion investment program to 2019–20. Good governance of individual projects is critical to ensure the investment program delivers the intended outcomes to the desired quality, on time and on budget.   

A strong risk culture is fundamental to successful risk management

Our assessment of a sample of 33 agencies found that while agencies have risk management governance structures in place, they need to focus on developing stronger risk cultures and fit-for-purpose systems to capture risks and incidents.

Agencies are not fully complying with the GIPA Act

Our review of 13 agencies from across each cluster found varying degrees of non-compliance with recording and disclosure aspects of the GIPA Act by each agency. Our 2016 Special Report 'Compliance with the GIPA Act' details our findings and makes recommendations to help agencies comply with the requirements of the Act.

Service delivery

Some Premier's and State Priorities at risk of not being achieved

Agency data, which we have not audited, indicates some Premier's and State Priorities are at risk of not being achieved. We found that although performance reporting against the Premier’s Priorities is publicly reported, comprehensive performance reporting against the 18 State Priorities is not.  

We will continue to report on performance against the targets to assess whether agency initiatives are delivering intended outcomes.

Government does not always get enough information for evidence-based decisions 

The NSW Government’s program evaluation initiative has been largely ineffective. A performance audit looked at the Justice, Industry, Skills and Regional Development, Planning and Environment, Premier and Cabinet and Treasury clusters and made recommendations for improvements to program evaluation.

Performance is not always measured, evaluated or publicly reported

Inadequate performance measures and reporting that is primarily internal reduces the transparency of agency performance and makes it hard for the public to assess if the agencies are doing a good job. Our audits found instances where performance outcomes were not being measured, evaluated or publicly reported.  

Agencies need to consider whether their performance measurement frameworks adequately measure performance and outcomes so they can make evidence-based decisions and be publicly accountable.

Commissioning and contestability continues to increase

New ways of delivering services across NSW Government are being developed and implemented, including commissioning and contestability arrangements. Commissioning services and introducing new systems can be challenging and it is important for this to be managed well. The learnings from decommissioning ServiceFirst and commissioning GovConnect should be applied to future commissioning arrangements.

NSW Treasury has developed a 'Government Commissioning and Contestability Policy', which is supported by the 'NSW Government Commissioning and Contestability Practice Guide'.

In 2017, we will build on our 2016 financial audits and continue to report our observations and findings as they relate to financial performance and reporting, financial controls, governance and service delivery. We also plan to review agencies' compliance with government travel policies at key agencies in each cluster.

In 2017, we will restructure our financial audit volumes to report our observations and findings on agencies’ financial controls and governance in one cross-sector report to Parliament in September. This will provide the Parliament with more timely reporting on these aspects of our audits. Our observations and findings on agencies’ financial performance and reporting, and service delivery will continue to be reported on a cluster by cluster basis through November and early December.

Our 2017 performance audits will have regard to what we see as key risks and opportunities for the NSW Government, and the Premier's and State Priorities. The program will aim to cover each NSW Government cluster, and focus on how efficiently, effectively and economically they deliver services and other outcomes.

Legislative reforms in the Local Government Amendment (Governance and Planning) Act 2016 have extended the Auditor-General's mandate to the Local Government sector. The expanded mandate includes auditing all NSW local council financial statements and conducting performance audits across the local government sector. The reforms generally bring NSW in line with most other Australian States.

We will report financial audit outcomes and our observations after the 30 June 2017 council audits are completed. Most are expected to complete by the end of October 2017. Our 2017 performance audits will examine and report on whether councils are operating efficiently, effectively, economically and in accordance with the law. In 2017–18, our performance audits will consider how councils are reporting on service delivery, managing shared services and the risk of fraud.

2017 – Issues, risks and opportunities impacting the NSW Government

Our 2017 audits will consider some of the following issues, risks and opportunities impacting the NSW Government.

In mid-2017, we will publish our rolling three-year performance audit program. This will include the performance audits we expect to perform in 2017–18 and the next two financial years. The program can be located at http://www.audit.nsw.gov.au/audit-program

Financial performance and reporting are important elements of good governance. Confidence in public sector decision making and transparency is enhanced when financial and performance reporting are accurate and timely.  

The preparation of accurate and timely financial statements by agencies is an important tool to ensure accountability and transparency in the use of public resources. As the NSW Government moves to program budgeting with a greater focus on performance and outcomes it will need to ensure the key performance indicators and data used to measure the outcomes are relevant, accurate and reliable. The NSW Government’s Financial Management Transformation (FMT) program aims to address this.

In 2015–16, our audit teams made the following key observations on the financial reporting of NSW public sector agencies.

Financial reporting

The quality and timeliness of financial reporting continues to improve across the NSW public sector.

Quality of financial reporting

Only one qualified audit opinion was issued on 2015–16 financial statements

Only one qualified opinion was issued on the 2015–16 financial statements of NSW public sector agencies, down from two in 2014–15. The audit opinion for the Office of the NSW State Emergency Service was qualified because effective controls over fundraising activities did not operate for the entire year. For further details, refer to page 16 in our Report on Law and Order, Emergency Services and the Arts.

Unqualified audit opinion issued for TAFE NSW after remediation

TAFE NSW’s audit opinion on its financial statements was qualified in 2014–15 due to system limitations, which prevented it from providing sufficient evidence to support its student revenue, student receivables, accrued income and unearned revenue balances. TAFE NSW dedicated considerable resources to address this issue in the short term.

Management resolved over 250,000 data exceptions and found revenue had been understated by $138 million in 2014–15. This was recorded as a prior-period error in the 2015–16 financial statements. For further details, refer to pages 17–18 in our Report on Industry, Skills, Electricity and Water.

The quality of financial reporting continues to improve

Since NSW Treasury introduced its mandatory ‘early close procedures’ initiative in 2011–12, the number of reported misstatements and significant matters in agency financial statements submitted for audit have fallen considerably across the NSW public sector. This is largely attributed to the early resolution of accounting issues, which helps agencies meet earlier reporting deadlines and improve the quality and accuracy of financial reporting. Whilst the quality and timeliness of financial reporting has continued to improve, the NSW Government will need to continue focusing on strong financial management across the NSW public sector to maximise performance and effectively manage assets and liabilities.

The table below shows the fall in misstatements over five years across NSW public sector agencies since mandatory early close procedures were introduced in 2011–12.

• Transport for NSW needs to assess whether a $179 million fall in the carrying value of the bus fleet leased from the State Transit Authority has similar implications for the value of the bus fleet leased from private operators
•  issues were identified with how the Northern NSW Local Health District implemented its new rostering system, including rosters being 'force approved' by the system administrator, users having inappropriate access, no review of payroll exceptions and inadequate project governance over the system’s rollout
• the Aboriginal and Torres Strait Islander Health Practice Council of New South Wales’ financial statements were not prepared on a ‘going concern’ basis because it had insufficient funding to continue operating
• the Department of Industry, Skills and Regional Development needs to improve the recording and accounting for Crown Land (repeat issue)
• the financial reporting requirements for Local Land Services local boards, established under the Local Land Service Act 2013, need to be clarified (repeat issue)
• significant limitations exist in TAFE NSW’s student administration system (repeat issue)
• Hunter Water Corporation contracted to sell Kooragang Island Advanced Water Treatment Plant, which is conditional on the purchaser obtaining a water licence for use of the plant, for $35.5 million. This resulted in a $20.5 million decrease in the revaluation reserve
• Hunter Water Corporation received $28.1 million from the sale of land impacted by the NSW Government’s decision not to construct Tillegra Dam. This was $62.4 million less than the carrying value of the land
• Sydney Water Corporation needs to ensure it has robust governance over the development and implementation of a new customer billing system and an integrated enterprise resource planning system, budgeted to cost $184 million and $54.5 million respectively.

Timeliness of financial reporting

More financial statements and audit opinions signed within three months of year end

Most agencies submitted and signed their financial statements on time, which enabled more audits to be completed within three months of year end.

In 2015–16, 204 of 286 agencies’ financial statements and audit opinions were signed within three months of the year end. This compares to only 67 in 2010–11, the year before NSW Treasury introduced mandatory early close procedures.

Early close procedures improved the timeliness of financial reporting

Agencies were broadly successful in performing early close procedures in 2015–16. However, we did identify opportunities for improvement across the NSW public sector.  

Agencies will not always be able to fully resolve significant and complex accounting issues as part of the early close process. If this is the case, it is important they document a clear path towards timely resolution and ensure relevant stakeholders, including NSW Treasury, are kept informed. The documentation should set out the issue, status, key aspects needing resolution, and who is responsible for the expected deliverables.

Changes in accounting standards can materially impact agencies’ financial statements. Agencies will need to ensure they review the impact of, and have appropriate systems and processes in place to address these changes. Because of the lead time required, agencies need to start preparing for imminent changes now. The more significant changes that will come into effect over the next two years include:

• service concession arrangements - where private sector entities design, build, finance and/or operate infrastructure to provide public services, such as toll roads, utilities, prisons and hospitals
• the classification, measurement, recognition and de-recognition of financial instruments
• leasing arrangements - lessees will no longer classify leases as operating or finance leases; leases will be ‘capitalised’ with financial liabilities being recognised for future lease payments.

NSW Treasury has narrowed the scope of mandatory early close procedures

NSW Treasury Circular 16-13 'Agency guidelines for the 2016–17 Mandatory Early Close' has narrowed the scope of mandatory early close procedures to non-financial asset valuations and proforma financial statements. Early close procedures that are no longer mandatory, but considered to be good practice by NSW Treasury, include:

• resolving all past audit issues
• performing key account reconciliations
• agreeing and confirming inter and intra (cluster) agency balances and transactions
• identifying material, complex and one-off transactions
• preparing quality workpapers to support balances with variance analysis and meaningful explanations for movements
• adequate review by management and Audit and Risk Committees.

If agencies do not perform the good practice procedures, the early close process may not be as effective in ensuring the quality and timeliness of financial reporting. We will monitor and report on the impact of this change on the timeliness and quality of the 2016–17 financial statements.

NSW Treasury piloted a hard-close initiative

NSW Treasury conducted a ‘hard-close pilot’ with nine agencies in 2015–16 to assess the benefits, and whether they should be applied more widely across the NSW public sector. While NSW Treasury has evaluated the results of the pilot, it has not mandated agencies complete hard close procedures in 2016–17. NSW Treasury Circular 16–13 gives agencies the option to complete hard close procedures.  

Hard close procedures involve applying year-end procedures to the fullest extent practicable at a preliminary month end date to further improve the quality and timeliness of financial reporting.

Processes for asset valuations can be improved

Although most agencies complied with NSW Treasury’s early close asset revaluation procedures, we identified areas where they can be improved.  

Asset valuations can be complex. They can involve the valuation of a large, geographically dispersed asset base, require significant judgement to estimate fair value and require substantial resources to complete.

NSW Treasury Policy Paper TPP14-01 also provides guidance to agencies to help manage the revaluation process.

Performance reporting

In 2017 and 2018, NSW Treasury is implementing its Financial Management Transformation (FMT) program. The program will replace the current ‘service group’ budgeting and reporting structure with program based budgeting and reporting. The program expects to have the legislation, policy framework and financial reporting system rolled out for the 2017–18 financial year.  

The program will implement a modern IT system, PRIME, as NSW Treasury's key tool to support whole-of-government budgeting and reporting. PRIME is expected to give the NSW Government strategic, relevant and timely information to plan and deliver its policy priorities and the Budget. It is expected to capture and monitor financial and non-financial performance data, and provide business intelligence and analytics. The roll-out of PRIME commenced in November 2016 and the 2017–18 Budget will be delivered using PRIME.

A project of this scale and complexity has many risks, which need to be carefully managed if the desired benefits are to be realised. To manage the risks, NSW Treasury is running PRIME in parallel with the existing IT systems for an extended period that covers preparation of the 2017–18 budget.

Independent assurance over the appropriateness and accuracy of agency key performance measures and indicators would improve confidence in the reliability of the NSW Government performance data.

The FMT program aims to achieve:

• better performance and outcomes management
• improved management of the State’s balance sheet, revenues and expenditures
• stronger interagency collaboration
• clearer accountabilities
• better reporting of performance and outcomes.

This should give the NSW Government greater visibility on whether programs are delivering value for money, with emphasis not just on whether they are meeting compliance requirements, but whether they are also meeting performance expectations. This will require agencies to have the expertise they need to analyse how programs are performing and meeting expected outcomes.

Internal controls

Agency internal controls

We report deficiencies in internal controls, matters of governance interest and unresolved issues identified during our audits to management and those charged with governance of the agencies. We do this through management letters, which include our observations, related implications, recommendations and risk ratings.

We identified and reported 837 issues during our 30 June 2016 audits. Common internal control weaknesses identified during these audits included: 

• non-compliance with processes and legislation
• incomplete and inaccurate central registers, such as those for managing conflicts of interest, legislative compliance and contract management
• weaknesses in information technology controls (see further details below)
• financial performance and reporting issues, such as inadequate review of manual journals and poor quality and review of general ledger account reconciliations
• deficiencies in purchasing and payables processes, such as poor review of vendor master file changes, limited use of purchase orders and inadequate payment approval processes.

Fewer internal control weaknesses were assessed as being high risk than in previous years. High risk internal control deficiencies should be addressed by the relevant agencies as a matter of urgency.

More needs to be done to implement audit recommendations

More needs to be done to implement audit recommendations on a timely basis. We found 212 internal control issues identified in previous audits had not been adequately addressed by 30 June 2016. The highest proportion of these issues were in the following clusters:

• Family and Community Services cluster - 11 of 31 issues were repeat issues.
• Planning and Environment cluster - 26 of 88 issues were repeat issues
• Finance, Services and Innovation cluster - 31 of 111 issues were repeat issues
• Justice cluster - 33 of 124 issues were repeat issues
• Transport cluster - 18 of 68 issues were repeat issues
• Health cluster - 33 of 126 issues were repeat issues.

Two of the 212 issues were classified as high risk and related to:

• an agency’s lack of effective controls over fundraising activities
• recognition of a loan and the agency’s capacity to repay the loan

Of the remainder, 126 were classified as moderate risk and 84 as low risk. Delays in implementing audit recommendations can impact the quality of financial information and the effectiveness of decision making. They expose agencies to reputational risks and financial loss.

Some issues can take longer to address due to resource constraints and/or the complexity of the issue. Agencies need to ensure they have action plans, timeframes and assigned responsibilities to address recommendations in a timely manner. Audit and Risk Committees play an important role in monitoring and advising agency heads on how agencies are implementing measures to address audit findings and recommendations.

Internal controls at shared service providers

Cluster corporate and shared service models are common across NSW Government

Corporate and shared service models are common across NSW Government, with most clusters having moved to or planning to move to some form of shared service arrangement. Shared service arrangements are designed to achieve efficiencies and reduce costs by centralising service delivery in areas such as human resources, governance and risk, procurement, finance and information technology. Corporate and shared service models can:

• consolidate information systems and standardise processes through common policies and procedures. This should provide greater transparency to the cluster lead agency of agencies' and cluster-wide performance
• deliver better information management and decision support services
• increase efficiencies and reduce costs.

Agencies need to carefully manage the risks associated with these arrangements, such as:

• failing to deliver integrated systems and processes across the cluster
• limiting flexibility, which may hinder agencies from implementing fit for purpose frameworks, such as those for governance and risk
• sub-optimal performance by service providers and/or ineffective controls at the service provider
• poor governance, strategic leadership and direction over shared service arrangements.

The NSW Commission of Audit, in its May 2012 report on ‘Government Expenditure’, recommended improvements in the delivery of corporate and shared services across the NSW Government sector.

Service level arrangements are not always in place or are signed too late

We found instances where service level agreements with shared service providers were outdated, signed too late or did not exist. For example:

• service agreements, which include performance requirements for safety and quality, service access and patient flow, finance and activity, population health and people between the Secretary of NSW Health and local health districts/specialty networks, need to be signed earlier to clarify roles, responsibilities, performance measures, budgets and service volumes and levels
•  the NSW Department of Industry, Skills and Regional Development and the Department of Justice did not always have service agreements in place with agencies to which they provide financial and corporate services.

Agencies need to seek internal control certifications from service providers

NSW Treasury Policy TPP 14–05 'Certifying the Effectiveness of Internal Controls Over Financial Information' requires agencies to obtain certification on the effectiveness of internal controls from outsourced service providers. We found:

• agencies using the services of GovConnect were unable to rely on controls over financial transactions and information (further details below), which negated the certification process over controls at the service provider. This required the impacted agencies to implement controls to mitigate the control deficiencies at the service provider
• the Department of Justice did not always provide written certifications on the design and effectiveness of internal controls to client agencies
• some private sector service providers do not provide independent certifications on the effectiveness of their controls to agencies.

The NSW Treasury Policy notes that, in some instances, client agencies may consider it appropriate to seek additional assurance in the form of an independent opinion on the design and operating effectiveness of controls in the service organisation. Agencies should consider the nature and extent of the services provided by their service provider when determining whether independent assurance is required.

Internal controls at GovConnect were ineffective in 2015–16

GovConnect provides information technology and transactional services to agencies within the NSW Public Sector. Service levels fell during the transition of shared services from ServiceFirst to GovConnect and NSW public sector agencies using these services were unable to rely on controls over financial transactions and information.  

We found mitigating actions taken to manage transition risks from ServiceFirst to GovConnect were ineffective in ensuring effective control over client transactions and data. This increased the risk of fraud and error, and inappropriate access to information.  

The Department of Finance, Services and Innovation should ensure GovConnect addresses the control deficiencies identified in GovConnect’s Independent Auditor’s Assurance reports. It should also examine the breakdowns in the transition of the shared service arrangements and apply the learnings to other services being transitioned to the private sector. Refer to pages 19-20 in our Report on Finance, Services and Innovation for further details.

Information technology

Digital Information Security

Agencies continue to face challenges managing information security

We audited the information systems of 72 agencies in 2016. The audits focused on the information technology (IT) processes and controls supporting the integrity, availability and security of financial data used to prepare the financial statements.

The audits identified opportunities to improve IT control environments, with a large proportion of our findings relating to information security. We recommended agencies review and strengthen information security controls. The key control weaknesses we found related to user administration, password parameters and privileged access.

Over the last three years the number of information systems issues we identified has improved, as shown below: 

• 2015–16: 72 audits - 121 issues reported
• 2014–15: 73 audits - 169 issues reported
• 2013–14: 77 audits - 198 issues reported.

Of the 121 issues reported in 2015–16, two were classified as high risk, 80 as moderate risk and 39 as low risk. The two high risk issues related to:

• poor password configuration management
• inappropriate user access accounts and inadequate review of users’ access to the agency’s network, finance applications, database and servers.

Twenty-three per cent of the issues reported in 2014–15 were repeated in 2015–16. The percentage of repeat issues has fallen compared to 2013–14. 

Governance refers to the high-level frameworks, processes and behaviours established to ensure an entity meets its intended purpose, conforms with legislative and other requirements, and meets the expectations of probity, accountability and transparency.  

Governance models need to be adapted for the specific goals and outcomes required for different situations; one size does not fit all. High standards of public sector governance and accountability enable effective and efficient use of public resources. They also help to ensure agencies act impartially and lawfully, deliver program/project benefits within expected costs and timeframes and provide useful information about their activities and achievements.

In 2015–16, our audit teams made the following key observations on governance in NSW public sector agencies

Governance and Accountability

With the NSW public sector changing and becoming more complex, good governance becomes more important so the public's confidence in government and its agencies is maintained. Governance across the NSW public sector is complex and needs to accommodate risks arising from:

• the Government’s cluster arrangements having no legal basis
• many agencies not having conventional board structures
• agencies only being able to do what their enabling legislation allows
• agencies having for profit or not-for-profit objectives, and/or only being established to achieve a particular purpose
• capability limitations that may exist in governing bodies
• stakeholders having high expectations around accountability, transparency and conflicts of interest in public sector agencies.

Adding to this complexity is the continually changing nature of the public sector and the way it delivers services. Often, governance arrangements are impacted by:

• changes in service delivery models, such as commissioning and contestability arrangements
• machinery of government changes, leading to agencies being formed, amalgamated or abolished
• complex financing and other contractual arrangements, such as public private partnerships impacting the structure and risks agencies face.

Those charged with governance are accountable for the decisions they make and need relevant, accurate and up-to-date information on which to base their decisions. Consequently, they need to satisfy themselves the governance frameworks, and the design and effectiveness of internal systems and controls provides sufficient assurance the agency’s activities are in line with expectations and comply with standards and legal requirements.  

Our audits identified deficiencies in some agencies’ governance frameworks, including:

• not having frameworks to manage and ensure compliance with legislation
• outdated policies and procedures, including those for fraud and corruption
• inconsistent risk management frameworks
• not having effective internal audit functions
• some smaller agencies not having an Audit and Risk Committee
• poor frameworks for identifying and managing conflicts of interest and gifts and benefits.

Agencies can assess their governance frameworks against our Governance Lighthouse.

Cluster governance

Cluster governance arrangements, including accountability, are unclear

Currently, cluster governance arrangements are unclear and inconsistently implemented across the NSW public sector. Implementing cluster governance frameworks is complex because clusters bring together entities with different enabling legislation, organisational and legal structures, information systems and processes, risk profiles and governance frameworks. They require Ministers, boards, department Secretaries, agency heads and management to work together to ensure effective cluster governance and accountability arrangements are in place.

Clear cluster governance arrangements would improve cooperation and coordination amongst cluster agencies, help deliver government priorities that cut across agencies and improve service delivery outcomes. We recommended DPC release a revised NSW Public Sector Governance Framework that clearly articulates cluster governance arrangements, the role of the cluster Secretary, Chief Finance Officer, Chief Information Officer and Chief Risk Officer.

DPC has indicated the framework will be updated shortly to provide guidance on governance at a cluster level, including how cluster-level accountability and performance information is monitored and reported. We understand DPC will work with NSW Treasury to revise the framework by mid-2017. It is important for these agencies to collaborate and ensure the outcomes of NSW Treasury's Financial Management Transformation (FMT) program are considered when updating the framework.

The FMT program aims to revise financial governance, budgeting and reporting arrangements in the NSW public sector, and clarify the administrative and accountability arrangements for cluster operations. Further information on FMT is included in the Financial Performance and Reporting and Service Delivery chapters.  

Management oversight and capability

Those charged with governance are ultimately responsible for establishing an appropriate governance framework and system of internal control. However, management is accountable to those charged with governance and their oversight plays an important role in ensuring appropriate policies, procedures and internal controls are designed and working properly.

Sale and lease of Crown land is not being managed effectively

Adding to this, our financial audit findings have identified significant deficiencies for several years in recording and accounting for Crown land assets in the Crown Land Information Database and the Department’s general ledger.

A key objective of the Department of Industry - Lands is for Crown land to be occupied, used, sold, leased, licensed or otherwise dealt with in the best interests of the State. A major part of the State’s land holding is Crown land, which had an estimated value of $12 billion in  2015–16. Crown land comprises approximately 42 per cent of all land in New South Wales and supports a wide range of important environmental, economic, social and community activities.  

The Crown Land Management Act 2016 (the Act) received assent from Parliament on 14 November 2016. The Act consolidated eight pieces of legislation. Most of the Act is expected to commence in early 2018. It is expected to reduce complexity and duplication, deliver better social, environmental and economic outcomes and facilitate community involvement in Crown land.

Good progress is being made on implementing public sector management reforms

In early 2012, the NSW Commission of Audit Interim report identified a range of issues with workforce management in New South Wales. The Public Service Commission (PSC), which was established in late 2011, was tasked to address some of these issues and build the capability of the public sector. The Government Sector Employment Act 2013 (GSE Act), which provides the legislative basis for reforms, commenced in February 2014.

The public sector management reforms are ambitious, covering a substantial workforce and requiring a lot to be done in a short time. To achieve the intended outcomes, the reforms needed to be supported by sound evidence, have clear objectives and performance indicators, and be evaluated at appropriate stages.

Risk Management

The increasing complexity of government business transactions reinforces the need for whole of government approaches to deal with inter-related and inter-dependent risks across government agencies. It is important that safeguards in place to manage these risks are commensurate to the risk posed.

Findings from some of our 2016 performance audits, which looked at how areas of high risk are managed across NSW Government, are detailed below:

Cluster-wide risk management

Cluster wide risk management is inconsistent

Agencies within clusters have their own risk profiles and risk management frameworks. We found varying approaches and levels of maturity on how agency risks are captured and escalated to a cluster level so cluster heads can assess how they are being managed, treated and reported. We recommended some clusters review how agency level risks are escalated and reported at a cluster level.

Enterprise-wide risk management

Agency enterprise-wide risk management across the public sector is improving

In 2016, we assessed risk management processes at 33 agencies across the NSW public sector against the criteria in our Risk Assessment Tool. In 2015, we asked 77 agencies to perform a self-assessment of their risk management maturity. The table below compares the overall results of our assessment against the agencies self-assessments. The comparison indicates that risk management is improving.

Our assessments found that agencies have risk management governance structures in place, but need to focus on developing stronger risk cultures and fit-for-purpose systems to capture risks and incidents.

The environment in which services are delivered to the people of NSW is constantly changing. Services need to remain relevant and support the public's changing needs and expectations. People expect high quality services to be delivered in cost effective ways. To do this, agencies need to determine how best to deliver the services. Governments can deliver their services through agencies or through commissioning the right mix of services from public, private and not for profit sector providers.  

Agencies also need to consider how they collaborate with each other to improve the quality of their services and help drive down costs. Changes in innovation and technology can help agencies adapt to changing circumstances and to deliver better services in different ways.

In 2015–16, our audit teams made the following key observations on service delivery by NSW public sector agencies.

Commissioning and Contesting the Delivery of Services

Effective commissioning can be achieved through:

• strong governance and leadership to manage relationships and risks effectively within risk appetite levels
• good information systems and tools 
• being well prepared with the right capability and number of employees who are well trained and supported
• adopting approaches that best fit the circumstances
• regularly monitoring and assessing if expected outcomes are being achieved 
• having a common purpose with clear outcomes
•  being flexible and prepared to make trade-offs
•  binding commitments with clear accountabilities
•  sound financial management to control costs
•  adequate development and testing of new systems before going live.

Commissioning and contestability continues to increase

We continue to see new ways of delivering services across NSW Government agencies. Some examples of commissioning and contestability include:

• commissioning of GovConnect to provide information technology and transactional services to several agencies within the NSW Public Sector (refer Financial Controls chapter for further detail)
• contestability testing within NSW Health, including linen services, non-emergency patient transport, warehousing, hospital support services, pathology and radiology
• commissioning NGOs to provide some services traditionally provided by the Department of Family and Community Services ($2.8 billion received by NGOs in 2015–16 for the delivery of these services).

Our performance audit on franchising of the Sydney Ferries network found the decision to do so was justified and Transport for NSW’s management of the franchise was largely effective. The franchising has resulted in cost savings, good service performance and effective risk transfer from Government to the private sector operator. Scheduled ferry services are now provided under a seven-year contract managed by Transport for NSW.

Our 2016–17 performance audit program includes a review of Roads and Maritime Services' (RMS) Sydney region road maintenance contracts to assess whether RMS has realised the expected benefits of outsourcing road maintenance for the Sydney Region West and South zones under its Stewardship Maintenance Contracts. We also recently tabled a performance audit report, which focused on the Department of Family and Community Services work to build the readiness of the non-government sector for the National Disability Insurance Scheme.

Accountability needs to be maintained when services are outsourced

Generally, contractual arrangements allow an agency that is outsourcing services to review and assess the performance of the service provider. However, outsourced service providers are not directly accountable to the NSW Parliament for their use of public resources.

Governments are increasingly outsourcing to or partnering with private and NGO providers to deliver government services. Consequently, many parliaments now have legislation that enables Auditors-General to ‘go beyond’ the boundaries of the agencies commissioning services and into the entities providing the services to examine how effectively and efficiently they are providing the services (‘follow the money’ powers). New South Wales legislation does not currently provide the Auditor–General with such powers.

Delivering Government Services

Evidence-based decision making

Government services are being delivered by agencies through a variety of programs

To do this effectively agencies need to be able to make evidence based decisions. In August 2013, the NSW Government commenced a program evaluation initiative, which required agencies to periodically evaluate their programs. Since then, NSW Treasury and DPC have worked with agencies to implement the initiative. Agencies are required to prioritise programs for evaluation based on size, strategic significance and degree of risk, recognising their available capability and resources to conduct evaluations.

Our performance audit also recommended NSW Treasury develop an evaluation framework to support the program budgeting and reporting component of the Financial Management Transformation (FMT) program, and ensure the program evaluation initiative is integrated into the new framework.

The FMT program budgeting, reporting and evaluation initiative aims to provide evidence-based information to inform investment decisions on programs. Adopting program budgeting and reporting as a key component of the FMT program requires a proven and systematic evidence-based methodology for measuring the efficiency and effectiveness of the programs.

Service delivery performance

Our performance audits found mixed service delivery performance

Performance audits build on our financial audits by reviewing whether taxpayers' money is spent efficiently, effectively, economically and in accordance with the law. Many of our performance audits focus on whether agencies are delivering good services to citizens at a reasonable cost. Findings from some of our 2016 audits, which focused on service delivery performance, are outlined below:

Reporting on Service Delivery Performance

As agencies partner and collaborate more, measuring performance becomes more important. Sharing, using and making information available enables agencies to collectively understand and improve their service performance. This also gives agencies an opportunity to achieve efficiencies in collating and using research and performance data within privacy and legislative constraints. Where appropriate, agencies should consider obtaining independent assurance over the reliability and accuracy of the performance data they use.

Complaints are an important and free source of information that can provide valuable insights into poor service, systemic errors or problems with specific processes. How agencies manage and respond to complaints demonstrates their commitment to high standards of service delivery. Complaints also give agencies an opportunity to understand the expectations and experiences of people using their services. Government agencies need to ensure complaints are easy to make, consistently recorded and analysed, and openly reported and actioned.

Transparency over performance

Performance is not always measured, evaluated or publicly reported

Agencies should consider whether their performance measurement frameworks:

• measure the right things, focus on outcomes and integrate with decision making processes
• set baselines and establish targets and timeframes for key performance indicators
• require the use of reliable, up to date and accurate information
• require information to be publicly reported to increase transparency.

The Government will not get the same level of reliance on performance information as it does for financial statements if that information is not independently assured. We will continue to focus on how well agencies assess and report the performance of their initiatives in achieving desired outcomes.

Premier's and State Priorities

The NSW Government released State Priorities 'NSW: Making it Happen' in September 2015. It includes 12 Premier's Priorities and 18 State Priorities with measures and targets to track the Government's performance in key priority areas.

The Premier's Priorities are detailed below.

Performance against the Premier's and State Priorities is not audited

The Premier's and State Priorities have not been independently audited to provide assurance the performance information is accurate. The Commonwealth, Victorian and Western Australian Auditors-General have varying powers that provide for auditing the appropriateness of agency key performance indicators and determine whether they fairly represent actual performance. NSW legislation does not currently provide the Auditor-General with such powers.

Premier's Priorities

Some Premier's Priorities are at risk of not being achieved

Our 2015–16 reports commented on the Government's performance against some of the Premier’s and State Priorities. Published data, which we have not audited, indicates the following Premier's Priorities may be at risk of not being achieved:

• the proportion of domestic violence perpetrators re-offending within 12 months was 15.9 per cent, which is 6.7 percentage points higher than the target of 9.2 per cent (refer page 52–53 in Report on Law and Order, Emergency Services and the Arts for further details)
• the percentage of children and young people re-reported at risk of significant harm was 40 per cent, which is 5.6 percentage points higher than the target of 34.4 per cent (refer page 31–32 in Report on Family and Community Services)
• in 2015–16, 32.5 per cent of students achieved results in in the top two NAPLAN bands for reading and numeracy, marginally below the baseline of 32.7 per cent and below the 2019 target of 35.2 per cent (refer page 40–41 in Report on Education for further details)
• the rate of patients leaving emergency departments within four hours was 74.2 per cent, 6.8 percentage points below the target of 81 per cent (refer page 53 in Report on Health for further details).

Published data, which we have not audited, indicates the following Premiers Priorities have been achieved or are on track to be achieved:

• creating 150,000 new jobs by 2019 has been reported as achieved (refer page 47 in Report on Industry, Skills, Electricity and Water for further details)
• current trends indicate the target of reducing the volume of litter by 40 per cent by 2020 may be achieved (refer page 38–39 in Report on Planning and Environment for further details).

Progress against all 12 priorities can be found at https://www.nsw.gov.au/improving-nsw/premiers-priorities.

State Priorities

Some State Priorities at risk of not being achieved

Data, which we have not audited, indicates the following State Priorities may be at risk of not being achieved:

• journey time reliability was 86 per cent in 2015–16, four percentage points below the 90 per cent target for peak travel on key routes being on time (refer page 48 in Report on Transport for further details)
• in 2015–16, 9.1 per cent of Aboriginal and Torres Strait Islander students achieved results in the top two NAPLAN bands for reading and numeracy, which shows no improvement on the baseline of 9.1 per cent and is below the 2019 target of 11.6 per cent (refer page 42–43 in Report on Education for further details)
• reducing the rate of adult re-offending by five per cent by 2019 – the rate increased 2.3 percentage points over the five years since 2010 to 36.7 per cent for the year ended 31 December 2014 (refer page 53–54 in Report on Law and Order, Emergency Services and the Arts for further details).

Data, which we have not audited, indicates the following State Priorities have been achieved or are on track to be achieved:

• the State maintained its AAA credit rating (refer page 25 in Report on State Finances for further details)
• general government expenditure growth was 4.4 per cent in 2015–16 and continued to be below long term revenue growth of 5.6 per cent (refer page 25 in Report on State Finances for further details)
• 70,077 new dwelling approvals were granted in 2015–16, higher than the target of 50,000 approvals (refer page 35 in Report on Planning and Environment for further details)
• the time taken to assess planning applications for complex state significant developments fell 46 per cent in 2015–16 from the 2013–14 baseline. A further four percentage point reduction is required to meet the target of halving the time to perform these assessments (refer page 35 in Report on Planning and Environment for further details)

A comprehensive report of performance against the State Priorities is not published

The Department of Premier and Cabinet has defined targets and measures in ‘NSW: Making it Happen’ so Ministers and individual agencies know which targets they are accountable for and how they will be measured. While some measures are publicly reported through agency annual reports or other sources, a comprehensive report of performance against the 18 State priorities is not published. We understand the NSW Government is considering this matter and developing reporting options.

Agencies are responsible for the priorities and they report progress at least bi-annually to the Department of Premier and Cabinet for reporting to the Premier. We will continue to report performance against the targets set in the Premier's and State Priorities.

Contract Management

Our audits identified deficiencies in contract management processes

Our audits continue to identify deficiencies in contract management processes, including:

• agencies not having central contract registers detailing key contractual obligations and commitments
• incomplete and inaccurate contract registers and/or no policy or procedures to update and maintain contract registers
• no monitoring of contract performance.

We recommended agencies in the Family and Community Services and Planning and Environment clusters improve contract management processes. A robust contract management framework helps ensure all parties meet their obligations, contractual relationships are well managed, value for money is achieved and deliverables meet the required standards and agreed timeframes.

A 2014 performance audit ‘'Making the most of government purchasing power – telecommunications' developed a Better Practice Contract Management Framework (Framework) with nine key elements. Agencies can refer to this framework when assessing the adequacy of their contract management framework.

Benefits realisation

Benefits realisation approach for the Service NSW initiative is not as effective as it could be

Effective benefits realisation is critical to achieving intended outcomes expected from investments.  

The Department of Finance, Services and Innovation has developed a benefits realisation management framework, which can be found at www.finance.nsw.gov.au/publication-and-resources/benefits-realisation-management-framework. The Department of Education has established a benefits realisation plan for the Learning Management and Business Reform Program (LMBR) following our performance audit on the LMBR program. The Department of Planning and Environment is planning a benefits realisation review on the implementation of stage one of the ePlanning system.  

We will continue to review whether agencies have implemented effective benefit realisation frameworks for major projects and programs and examine the outcomes of benefit realisation reviews.