Refine search

Reports

10 December 2020

Published

Regional NSW 2020

Environment

Industry

Compliance

Financial reporting

Information technology

Management and administration

Risk

This report analyses the results of our audits of financial statements of entities within the Regional NSW cluster for the year ended 30 June 2020. The table below summarises our key observations and recommendations.

1. Machinery of Government (MoG) changes
Creation of Regional NSW cluster	MoG changes on 2 April 2020 created the Department of Regional NSW (the Department). The Department of Planning, Industry and Environment (DPIE) staff employed in the Regions, Industry, Agriculture and Resources Group, together with associated functions, assets and liabilities were transferred to the new Department. A number of agencies moved from the Planning, Industry and Environment cluster to the new Regional NSW cluster. The Department deals with major issues affecting regional communities, including the coordination of support for people, businesses and farmers who have faced drought, bushfires, flood and the COVID-19 pandemic.
The Department is still in the process of implementing changes	The Department continues to receive corporate services support from DPIE. The Department has indicated it will transition to its own policies and procedures by June 2021.
2. Financial reporting
Audit opinions	Unqualified audit opinions were issued for all cluster agencies' 30 June 2020 financial statements audits.
Timeliness of financial reporting	Nine of the ten cluster agencies subject to statutory reporting deadlines met the revised timeline for submitting the financial statements. The Department and a number of cluster agencies obtained NSW Treasury’s approval to delay submission of their 30 June 2020 financial statements due to delays resulting from accounting and administrative complexities created by the Machinery of Government changes that separated the Department from DPIE. The deadlines were moved from 5 August 2020 to either 10 August 2020 or 12 August 2020. New South Wales Rural Assistance Authority missed the revised deadline by one day. All agencies that were required to perform early close procedures had met the revised timeline. Due to issues identified during audit, four financial statements audit were not completed and audit opinions issued by the statutory deadline.
New accounting standards	Agencies implemented three new accounting standards during the year. Our audit of the Department identified there was a lack of quality assurance over the accuracy of lease information provided by Property NSW. Recommendation: The Department should: quality assure and validate the leasing information provided by Property NSW ensure changes made by Property NSW to lease data are supported and that assumptions and judgements applied are appropriate document their review of the data supplied.
3. Audit observations
Internal control deficiencies	We identified 30 internal control issues, including 16 findings that were raised with former agencies in previous years. Two matters from previous years have been elevated to high risk during 2019–20. Both matters related to Local Land Services: not completing all mandatory requirements as part of its early close procedures at 31 March 2020 not performing annual fair value assessment of asset improvements on land reserves used for moving livestock. Recommendation: Management letter recommendations to address internal control weaknesses should be actioned promptly, with a focus on addressing high-risk and repeat issues.
Agency responses to emergency events	The Department's executive leadership committee along with support from DPIE crisis management team managed the recovery from the bushfires and impact of COVID-19. Social distancing and other infection control measures were put in place. The Forestry Corporation of New South Wales accelerated a fire salvage timber program in response to the bushfire emergency. The Department and cluster agencies received additional funding for bushfire recovery and COVID-19 pandemic response.

The Regional NSW cluster aims to respond to regional issues, creating and preserving regional jobs, driving regional economy, growing existing and supporting emerging industries. The key areas of focus across the New South Wales (NSW) State is shown below:

MoG changes impact on Department of Regional NSW

The Department was created as result of the MoG changes during 2019–20. The Administrative Arrangements Order 2020, effective on 2 April 2020 created the Department of Regional NSW. These changes had a significant administrative impact on the cluster agencies. The MoG change resulted in a transfer of net assets ($446 million) and budget ($284 million) from DPIE to the newly created Department of Regional NSW on 2 April 2020. A summary of the MoG impacts on the Regional NSW cluster is shown below.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

The COVID-19 Legislation Amendment (Emergency Measures–Treasurer) Act 2020 amended legislation administered by the Treasurer to implement further emergency measures as a result of the COVID-19 pandemic. These amendments:

allowed the Treasurer to authorise payments from the consolidated fund until the enactment of the 2020–21 budget – impacting the going concern assessments of cluster agencies
revised budgetary and financial and annual reporting time frames – impacting the timeliness of financial reporting
exempted certain statutory bodies and departments from preparing financial statements.

This chapter outlines our audit observations related to the financial reporting of agencies in the Regional NSW cluster for 2020, including any financial implications from the recent emergency events.

Section highlights

Unqualified audit opinions were issued for all cluster agencies' 30 June 2020 financial statements audits.
Nine of the ten cluster agencies subject to statutory reporting deadlines met the revised timeline for submitting the financial statements. New South Wales Rural Assistance Authority missed the revised deadline by one day.
Due to issues identified during audit, four financial statements audit were not completed and audit opinions issued by the statutory deadline.
Emergency legislation allowing the Treasurer to continue authorising payments from the consolidated fund under the existing Appropriations Act enabled cluster agencies to prepare financial statements on a going concern basis.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our:

observations and insights from our financial statement audits of agencies in the Regional NSW cluster
assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies.

Section highlights

Two high-risk issues were identified during our audits. Both related to Local Land Services for:
− not completing all mandatory requirements as part of its early close procedures at 31 March 2020
− not performing annual fair value assessment of asset improvements on land reserves used for moving livestock
More than one in two issues identified and reported to management in 2019–20 were raised in the former agencies.

Appendix one - List of 2020 recommendations

Appendix two - Financial data

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

26 November 2020

Published

Waste levy and grants for waste infrastructure

Planning

Environment

Management and administration

Regulation

Risk

Service delivery

The Auditor-General for New South Wales, Margaret Crawford, released a report today that examined the effectiveness of the waste levy and grants for waste infrastructure in minimising the amount of waste sent to landfill and increasing recycling rates.

The audit found that the waste levy has a positive impact on diverting waste from landfill. However, while the levy rates increase each year in line with the consumer price index, the EPA has not conducted a review since 2009 to confirm whether they are set at the optimal level. The audit also found that there were no objective and transparent criteria for which local government areas should pay the levy, and the list of levied local government areas has not been reviewed since 2014.

Grant funding programs for waste infrastructure administered by the EPA and the Environmental Trust have supported increases in recycling capacity. However, these grant programs are not guided by a clear strategy for investment in waste infrastructure.

The Auditor-General made six recommendations aimed at ensuring the waste levy is as effective as possible at meeting its objectives and ensuring funding for waste infrastructure is contributing effectively to recycling and waste diversion targets.

Overall, waste generation in New South Wales (NSW) is increasing. This leads to an increasing need to manage waste in ways that reduce the environmental impact of waste and promote the efficient use of resources. In 2014, the NSW Government set targets relating to recycling rates and diversion of waste from landfill, to be achieved by 2021–22. The NSW Waste and Resource Recovery (WARR) Strategy 2014–21 identifies the waste levy, a strong compliance regime, and investment in recycling infrastructure as key tools for achieving these waste targets.

This audit assessed the effectiveness of the NSW Government in minimising waste sent to landfill and increasing recycling rates. The audit focused on the waste levy, which is paid by waste facility operators when waste is sent to landfill, and grant programs that fund infrastructure for waste reuse and recycling.

The waste levy is regulated by the Environment Protection Authority (EPA) and is generally paid when waste is disposed in landfill. The waste levy rates are set by the NSW Government and prescribed in the Protection of Environment Operations (Waste) Regulation 2014. As part of its broader role in reviewing the regulatory framework for managing waste and recycling, the EPA can provide advice to the government on the operation of the waste levy.

The purpose of the waste levy is to act as an incentive for waste generators to reduce, re-use or recycle waste by increasing the cost of sending waste to landfill. In 2019–20, around $750 million was collected through the waste levy in NSW. The government spends approximately one third of the revenue raised through the waste levy on waste and environmental programs.

One of the waste programs funded through the one third allocation of the waste levy is Waste Less, Recycle More (WLRM). This initiative funds smaller grant programs that focus on specific aspects of waste management. This audit focused on five grant programs that fund projects that provide new or enhanced waste infrastructure such as recycling facilities. Four of these programs were administered by the Environmental Trust and one by the EPA.

Conclusion

The waste levy has a positive impact on diverting waste from landfill. However, aspects of the EPA's administration of the waste levy could be improved, including the frequency of its modelling of the waste levy impact and coverage, and the timeliness of reporting. Grant funding programs have supported increases in recycling capacity but are not guided by a clear strategy for investment in waste infrastructure which would help effectively target them to where waste infrastructure is most needed. Data published by the EPA indicates that the NSW Government is on track to meet the recycling target for construction and demolition waste, but recycling targets for municipal solid waste and commercial and industrial waste are unlikely to be met.

Waste levy

The waste levy rate, including a schedule of annual increases to 2016, was set by the NSW Government in 2009. Since 2016, the waste levy rate has increased in line with the consumer price index (CPI). The EPA has not conducted recent modelling to test whether the waste levy is set at the optimal level to achieve its objectives. The waste levy operation was last reviewed in 2012, although some specific aspects of the waste levy have been reviewed more recently, including reviews of waste levy rates for two types of waste. The waste levy is applied at different rates across the state. Decisions about which local government areas (LGAs) are subject to the levy, and which rate each LGA pays, were made in 2009 and potential changes were considered but not implemented in 2014. Currently, there are no objective and transparent criteria for determining which LGAs pay the levy. The EPA collects waste data from waste operators. This data has improved since 2015, but published data is at least one year out of date which limits its usefulness to stakeholders when making decisions relating to waste management.

Grants for waste infrastructure

All state funding for new and enhanced waste infrastructure in NSW is administered through grants to councils and commercial waste operators. The government's Waste and Resource Recovery (WARR) Strategy 2014–21 includes few priorities for waste infrastructure and there is no other waste infrastructure strategy in place to guide investment. The absence of a formal strategy to guide infrastructure investment in NSW limits the ability of the State Government to develop a shared understanding between planners, councils and the waste industry about waste infrastructure requirements and priorities. The Department of Planning, Industry and Environment is currently developing a 20-year waste strategy and there is an opportunity for the government to take a more direct role in planning the type, location and timing of waste infrastructure needed in NSW.

The grants administration procedures used for the grant programs reviewed in this audit were well designed. However, we identified some gaps in risk management, record-keeping and consistency of information provided to applicants and assessment teams. In four of the five programs we examined, there was no direct alignment between program objectives and the NSW Government's overall waste targets.

Achievement of the 2014–21 state targets for waste and resource recovery (WARR targets) is reliant in part on the availability of infrastructure that supports waste diversion and recycling. The state WARR targets dependent on waste infrastructure are:

Increase recycling rates to 70 per cent for municipal solid waste and commercial and industrial waste, and 80 per cent for construction and demolition waste.
Increase waste diverted from landfill to 75 per cent.

A further target — manage problem waste better by establishing or upgrading 86 drop-off facilities or services for managing household problem wastes state-wide — is dependent on accessible community waste drop-off facilities across NSW.

Exhibit 7 identifies the five grant programs that provide funding for new or enhanced waste infrastructure to increase capacity for reuse or recycling of waste. All five of these programs were examined in the audit.
In addition to the grant programs shown in Exhibit 7, other programs provide funding for infrastructure, but at a smaller scale. Examples of these include:

Bin Trim which provides rebates to small businesses for small scale recycling equipment such as cardboard and soft plastic balers.
Litter grants which provide funding for litter bins.
Weighbridges grants for installation of a weighbridge at waste facilities.
Landfill consolidation and environmental improvement grants for rural councils to replace old landfills with transfer stations or to improve the infrastructure at landfill sites.

Appendix one – Responses from audited agencies

Appendix two – About the audit

Appendix three – Performance auditing

Copyright notice

Parliamentary reference - Report number #343 - released 26 November 2020

24 September 2020

Published

Support for regional town water infrastructure

Industry

Environment

Local Government

Infrastructure

Management and administration

Regulation

Risk

The Auditor-General for New South Wales, Margaret Crawford, released a report today examining whether the Department of Planning, Industry and Environment has effectively supported the planning for, and funding of, town water infrastructure in regional NSW.

The audit found that the department has not effectively supported or overseen town water infrastructure planning since at least 2014. It does not have a clear regulatory approach and lacks internal procedures and data to guide its support for local water utilities that service around 1.85 million people in regional NSW.

The audit also found that the department has not had a strategy in place to target investments in town water infrastructure to the areas of greatest priority. A state-wide plan is now in development.

The Auditor-General made seven recommendations to the department, aimed at improving the administration and transparency of its oversight, support and funding for town water infrastructure, and at strengthening its sector engagement and interagency coordination on town water planning issues and investments.

According to the Auditor-General, ‘A continued focus on coordinating town water planning, investments and sector engagement is needed for the department to more effectively support, plan for and fund town water infrastructure, and to work with local water utilities to help avoid future shortages of safe water in regional towns and cities.’

This report is part of a multi-volume series on the theme of water. Refer to ‘Water conservation in Greater Sydney’ and ‘Water management and regulation – undertaking in 2020-21’.

Read full report (PDF)

Safe and reliable water and sewer services are essential for community health and wellbeing, environmental protection, and economic productivity. In 2019, during intense drought, around ten regional New South Wales (NSW) cities or towns were close to ‘zero’ water and others had six to 12 months of supply. In some towns, water quality was declared unsafe.

Ensuring the right water and sewer infrastructure in regional NSW to deliver these services (known as 'town water infrastructure') involves a strategic, integrated approach to water management. The NSW Government committed to ‘secure long-term potable water supplies for towns and cities’ in 2011. In 2019, it reiterated a commitment to invest in water security by funding town water infrastructure projects.

The New South Wales’ Water Management Act 2000 (WM Act) aims to promote the sustainable, integrated and best practice management of the State’s water resources, and establishes the priority of town water for meeting critical human needs.

The Department of Planning, Industry and Environment (the department) is the lead agency for water resource policy, regulation and planning in NSW. It is also responsible for ensuring water management is consistent with the shared commitments of the Australian, State and Territory Governments under the National Water Initiative. This includes the provision of healthy, safe and reliable water supplies, and reporting on the performance of water utilities.

Ninety-two Local Water Utilities (LWUs) plan for, price and deliver town water services in regional NSW. Eighty-nine are operated by local councils under the New South Wales’ Local Government Act 1993, and other LWUs exercise their functions under the WM Act. The Minister for Water, Property and Housing is the responsible minister for water supply functions under both acts.

The department is the primary regulator of LWUs. NSW Health, the NSW Environment Protection Authority (EPA) and the Natural Access Resource Regulator (NRAR) also regulate aspects of LWUs' operations. The department’s legislative powers with respect to LWUs cover approving infrastructure developments and intervening where there are town water risks, or in emergencies. In this context, the department administers the Best Practice Management of Water Supply and Sewerage Guidelines (BPM Guidelines) to support its regulation and to assist LWUs to strategically plan and price their services, including their planning for town water infrastructure.

Under the BPM Guidelines, the department supports LWU’s town water infrastructure planning with the Integrated Water Cycle Management (IWCM) Checklist. The Checklist outlines steps for LWUs to prepare an IWCM strategy: a long-term planning document that sets out town water priorities, including infrastructure and non-infrastructure investments, water conservation and drought measures. The department's objective is to review and approve (i.e. give ‘concurrence to’) an IWCM strategy before the LWU implements it. In turn, these documents should provide the department with evidence of town water risks, issues and infrastructure priorities.

The department also assesses and co-funds LWU's town water infrastructure projects. In 2017, the department launched the $1 billion Safe and Secure Water Program to ensure town water infrastructure in regional NSW is secure and meets current health and environmental standards. The program was initially established under the Restart NSW Fund.

This audit examined whether the department has effectively supported the planning for and funding of town water infrastructure in regional NSW. It focused on the department’s activities since 2014. This audit follows a previous Audit Office of NSW report which found that the department had helped to promote better management practices in the LWU sector, up to 2012–13.

Conclusion

The Department of Planning, Industry and Environment has not effectively supported or overseen town water infrastructure planning in regional NSW since at least 2014. It has also lacked a strategic, evidence-based approach to target investments in town water infrastructure.

A continued focus on coordinating town water planning, investments and sector engagement is needed for the department to more effectively support, plan for and fund town water infrastructure, and work with Local Water Utilities to help avoid future shortages of safe water in regional towns and cities.

The department has had limited impact on facilitating Local Water Utilities’ (LWU) strategic town water planning. Its lack of internal procedures, records and data mean that the department cannot demonstrate it has effectively engaged, guided or supported the LWU sector in Integrated Water Cycle Management (IWCM) planning over the past six years. Today, less than ten per cent of the 92 LWUs have an IWCM strategy approved by the department.

The department did not design or implement a strategic approach for targeting town water infrastructure investment through its $1 billion Safe and Secure Water Program (SSWP). Most projects in the program were reviewed by a technical panel but there was limited evidence available about regional and local priorities to inform strategic project assessments. About a third of funded SSWP projects were recommended via various alternative processes that were not transparent. The department also lacks systems for integrated project monitoring and program evaluation to determine the contribution of its investments to improved town water outcomes for communities. The department has recently developed a risk-based framework to inform future town water infrastructure funding priorities.

The department does not have strategic water plans in place at state and regional levels: a key objective of these is to improve town water for regional communities. The department started a program of regional water planning in 2018, following the NSW Government’s commitment to this in 2014. It also started developing a state water strategy in 2020, as part of an integrated water planning framework to align local, regional and state priorities. One of 12 regional water strategies has been completed and the remaining strategies are being developed to an accelerated timeframe: this has limited the department’s engagement with some LWUs on town water risks and priorities.

Regional New South Wales (NSW) is home to about a third of the state's population. Infrastructure that provides safe and reliable water and sewer services (also known simply as 'town water infrastructure') is essential for community health and wellbeing, environmental protection, and economic productivity. Planning for and meeting these infrastructure needs, as well as identifying when non-infrastructure options may be a better solution, involves a strategic and integrated approach to water resource management in regional NSW.

We examined whether the department has effectively supported planning for town water infrastructure since 2014. This assessment was made in the context of its current approach to LWU sector regulation. The findings below focus on whether the department has an effective framework including governance arrangements for town water issues to inform state-wide strategic water planning, and whether (at the local level) the department has effectively overseen and facilitated town water infrastructure planning through its Integrated Water Cycle Management (IWCM) planning guidance to LWUs.

We examined whether the department has effectively targeted town water infrastructure funding to policy objectives, with a focus on the design and implementation of the Safe and Secure Water Program (SSWP) since its commencement in 2017. The program’s aim was to fund town water infrastructure projects that would deliver health, social and environmental benefits, and support economic growth and productivity. We also assessed the department’s capacity to demonstrate the outcomes of the SSWP funding and the contributions of its town water infrastructure investments more broadly. Finally, we identified risks to the effectiveness of the department’s work underway since 2018–19, which is intended to enhance its strategic water planning and approach to prioritising investments in reducing town water risks.

Appendix one – Response from agency

Appendix two – Key terms

Appendix three – About the audit

Appendix four – Performance auditing

Copyright notice

Parliamentary reference - Report number #341 - released 24 September 2020

23 June 2020

Published

Water conservation in Greater Sydney

Environment

Industry

Infrastructure

Internal controls and governance

Management and administration

Regulation

Risk

This report examines whether the Department of Planning, Industry and Environment, and Sydney Water have effectively progressed water conservation initiatives in Greater Sydney.

The report found that the department and Sydney Water have not effectively investigated, implemented or supported water conservation initiatives in Greater Sydney. The agencies have not met key requirements of the current Metropolitan Water Plan and Sydney Water has not met all its operating licence requirements for water conservation. There has been little policy or regulatory reform, little focus on identifying new options and investments, and limited planning and implementation of water conservation initiatives.

As a result, Greater Sydney's water supply may be less resilient to population growth and climate variability, including drought.

The Metropolitan Water Plan states that water conservation, including recycling water, makes the drinking water supply go further. The plan also states that increasing water conservation efforts may be cheaper than building new large-scale supply options and can delay the timing of investment in new supply infrastructure.

The Auditor-General recommends the department develop a clear policy and regulatory position on water conservation options, improve governance and funding for water conservation, and work with Sydney Water to assess the viability of water conservation initiatives. The report also recommends improvements to Sydney Water’s planning for and reporting on water conservation, including the transparency of this information.

This report is part of a multi-volume series on the theme of water. Refer to ‘Support for regional town water infrastructure’ and ‘Water management and regulation – undertaking in 2020-21’.

Read full report (PDF)

The current, 2017 Metropolitan Water Plan states that water conservation, including recycling water, makes the drinking water supply go further. The plan also states that increasing water conservation efforts may be cheaper than building new large-scale supply options and can delay the timing of investment in new supply infrastructure.

Water conservation refers to water recycling, leakage management and programs to enhance water efficiency. Water recycling refers to both harvesting stormwater for beneficial use and reusing wastewater.

This audit examined whether water conservation initiatives for the Greater Sydney Metropolitan area are effectively investigated, implemented and supported. We audited the Department of Planning, Industry and Environment (the Department) and the Sydney Water Corporation (Sydney Water), with a focus on activities since 2016.

The Department is responsible for the integrated and sustainable management of the state’s water resources under the Water Management Act 2000, which includes encouraging ‘best practice in the management and use of water’ as an objective. The Department is also responsible for strategic water policy and planning for Greater Sydney, including implementing the Metropolitan Water Plan.

Sydney Water is a state-owned corporation and the supplier of water, wastewater, recycled water and some stormwater services to more than five million people in Greater Sydney. It is regulated by an operating licence that is issued by the Governor on the recommendation of the Independent Pricing and Regulatory Tribunal (IPART). The Tribunal determines Sydney Water’s maximum prices, reviews its operating licence and monitors compliance. Sydney Water's operating licence and reporting manual set out requirements for its planning, implementing and reporting of water conservation.

From 2007 to 2012, the Climate Change Fund was a source of funds for water conservation activities to be undertaken by the Department and Sydney Water. The Climate Change Fund was established under the Energy and Utilities Administration Act 1987. Four of its six objectives relate to water savings. Water distributors such as Sydney Water can be issued with orders to contribute funds for water-related programs. The Fund is administered by the Department.

In 2016, Sydney Water developed a method for determining whether and how much to invest in water conservation. Known as the ‘Economic Level of Water Conservation’ (ELWC), the method identifies whether it costs less to implement a water conservation initiative than the value of the water saved, in which case the initiative should be implemented.

Conclusion

The Department and Sydney Water have not effectively investigated, implemented or supported water conservation initiatives in Greater Sydney.

The agencies have not met key requirements of the Metropolitan Water Plan and Sydney Water has not met all its operating licence requirements for water conservation. There has been little policy or regulatory reform, little focus on identifying new options and investments, and limited planning and implementation of water conservation initiatives.

As a result, Greater Sydney's water supply may be less resilient to population growth and climate variability, including drought.

The Department has not undertaken an annual assessment of Sydney Water’s level of investment in water conservation against water security risks and the capacity to respond when drought conditions return, as required by the Metropolitan Water Plan. It did not complete identified research and planning activities to support the plan, such as developing and using a framework for assessing the potential for water conservation initiatives for Greater Sydney, and developing a long-term strategy for water conservation and water recycling. It also did not finalise a monitoring, evaluation, reporting and improvement strategy to support the plan.

Sydney Water has been ineffective in driving water conservation initiatives, delivering detailed planning and resourcing for ongoing initiatives, and in increasing its investment in water conservation during drought. These were requirements of the Metropolitan Water Plan. Sydney Water's reporting on water conservation has not met all its operating licence requirements and lacked transparency with limited information on key aspects such as planning for leakage management, how the viability of potential initiatives were assessed, and how adopted initiatives are tracking.

The Department and Sydney Water did not put in place sufficient governance arrangements, including clarifying and agreeing responsibilities for key water conservation planning, delivery and reporting activities. There has also been limited collaboration, capacity building and community engagement to support water conservation, particularly outside times of drought.

Appendix one – Responses from agencies

Appendix two – About the audit

Appendix three – Glossary

Appendix four – Performance auditing

Copyright notice

Parliamentary reference - Report number #336 - released 23 June 2020

7 April 2020

Published

Integrity of data in the Births, Deaths and Marriages Register

Justice

Premier and Cabinet

Whole of Government

Cyber security

Fraud

Information technology

Internal controls and governance

Management and administration

This report outlines whether the Department of Customer Service (the department) has effective controls in place to ensure the integrity of data in the Births, Deaths and Marriages Register (the register), and to prevent unauthorised access and misuse.

The audit found that the department has processes in place to ensure that the information entered in the register is accurate and that any changes to it are validated. Although there are controls in place to prevent and detect unauthorised access to, and activity in the register, there were significant gaps in these controls. Addressing these gaps is necessary to ensure the integrity of information in the register.

The Auditor-General made nine recommendations to the department, aimed at strengthening controls to prevent and detect unauthorised access to, and activity in the register. These included increased monitoring of individuals who have access to the register and strengthening security controls around the databases that contain the information in the register.

The NSW Registry of Births Deaths and Marriages is responsible for maintaining registers of births, deaths and marriages in New South Wales as well as registering adoptions, changes of names, changes of sex and relationships. Maintaining the integrity of this information is important as it is used to confirm people’s identity and unauthorised access to it can lead to fraud or identity theft.

Read full report (PDF)

The NSW Registry of Births Deaths and Marriages (BD&M) is responsible for maintaining registers of births, deaths and marriages in New South Wales. BD&M is also responsible for registering adoptions, changes of name, changes of sex and relationships. These records are collectively referred to as 'the Register'. The Births, Deaths and Marriages Registration Act 1995 (the BD&M Act) makes the Registrar (the head of BD&M) responsible for maintaining the integrity of the Register and preventing fraud associated with the Register. Maintaining the integrity of the information held in the Register is important as it is used to confirm people's identity. Unauthorised access to, or misuse of the information in the Register can lead to fraud or identity theft. For these reasons it is important that there are sufficient controls in place to protect the information.

BD&M staff access, add to and amend the Register through the LifeLink application. While BD&M is part of the Department of Customer Service, the Department of Communities and Justice (DCJ) manages the databases that contain the Register and sit behind LifeLink and is responsible for the security of these databases.

This audit assessed whether BD&M has effective controls in place to ensure the integrity of data in the Births, Deaths and Marriages Register, and to prevent unauthorised access and misuse. It addressed the following:

Are relevant process and IT controls in place and effective to ensure the integrity of data in the Register and the authenticity of records and documents?
Are security controls in place and effective to prevent unauthorised access to, and modification of, data in the Register?

Conclusion

BD&M has processes and controls in place to ensure that the information entered in the Register is accurate and that amendments to the Register are validated. BD&M also has controls in place to prevent and detect unauthorised access to, and activity in the Register. However, there are significant gaps in these controls. Addressing these gaps is necessary to ensure the integrity of the information in the Register.

BD&M has detailed procedures for all registrations and amendments to the Register, which include processes for entering, assessing and checking the validity and adequacy of source documents. Where BD&M staff have directly input all the data and for amendments to the Register, a second person is required to check all information that has been input before an event can be registered or an amendment can be made. BD&M carries out regular internal audits of all registration processes to check whether procedures are being followed and to address non-compliance where required.

BD&M authorises access to the Register and carries out regular access reviews to ensure that users are current and have the appropriate level of access. There are audit trails of all user activity, but BD&M does not routinely monitor these. At the time of the audit, BD&M also did not monitor activity by privileged users who could make unauthorised changes to the Register. Not monitoring this activity created a risk that unauthorised activity in the Register would not be detected.

BD&M has no direct oversight of the database environment which houses the Register and relies on DCJ's management of a third-party vendor to provide the assurance it needs over database security. The vendor operates an Information Security Management System that complies with international standards, but neither BD&M nor DCJ has undertaken independent assurance of the effectiveness of the vendor's IT controls.

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

Copyright notice

Parliamentary reference - Report number #330 - released 7 April 2020.

30 October 2018

Published

Internal Controls and Governance 2018

Education

Community Services

Finance

Health

Industry

Justice

Planning

Premier and Cabinet

Transport

Treasury

Whole of Government

Environment

Compliance

Cyber security

Financial reporting

Fraud

Information technology

Internal controls and governance

Management and administration

Procurement

Project management

The Auditor-General for New South Wales Margaret Crawford found that as NSW state government agencies’ digital footprint increases they need to do more to address new and emerging information technology (IT) risks. This is one of the key findings to emerge from the second stand-alone report on internal controls and governance of the 40 largest NSW state government agencies.

This report analyses the internal controls and governance of the 40 largest agencies in the NSW public sector for the year ended 30 June 2018.

This report covers the findings and recommendations from our 2017–18 financial audits that relate to internal controls and governance at the 40 largest agencies (refer to Appendix three) in the NSW public sector.

This report offers insights into internal controls and governance in the NSW public sector

This is our second report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:

highlighting the potential risks posed by weaknesses in controls and governance processes
helping agencies benchmark the adequacy of their processes against their peers
focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.

Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. The way agencies deliver services increasingly relies on contracts and partnerships with the private sector. Many of these arrangements deliver front line services, but others provide less visible back office support. For example, an agency may rely on an IT service provider to manage a key system used to provide services to the community. The contract and service level agreements are only truly effective where they are actively managed to reduce risks to continuous quality service delivery, such as interruptions caused by system outages, cyber security attacks and data security breaches.

Our audits do not review all aspects of internal controls and governance every year. We select a range of measures, and report on those that present heightened risks for agencies to mitigate. This report divides these into the following five areas:

Internal control trends
Information technology (IT), including IT vendor management
Transparency and performance reporting
Management of purchasing cards and taxis
Fraud and corruption control.

The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2018 cluster financial audit reports, which will be tabled in Parliament from November to December 2018.

The focus of the report has changed since last year

Last year's report topics included asset management, ethics and conduct, and risk management. We are reporting on new topics this year. We plan to introduce new topics and re-visit our previous topics in subsequent reports on a cyclical basis. This will provide a baseline against which to measure the NSW public sectors’ progress in implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.

Agencies selected for the volume account for 95 per cent of the state's expenditure

While we have covered only 40 agencies in this report, those selected are a large enough group to identify common issues and insights. They represent about 95 per cent of total expenditure for all NSW public sector agencies.

Internal controls are processes, policies and procedures that help agencies to:

operate effectively and efficiently
produce reliable financial reports
comply with laws and regulations
support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume presents this year’s controls and governance findings in more detail.

Observation	Conclusions and recommendations
2.1 High risk findings
We found six high risk findings (seven in 2016–17), one of which was repeated from both last year and 2015–16.	Recommendation: Agencies should reduce risk by addressing high risk internal control deficiencies as a priority.
2.2 Common findings
We found several internal controls and governance findings common to multiple agencies.	Conclusion: Central agencies or the lead agency in a cluster can play a lead role in helping ensure agency responses to common findings are consistent, timely, efficient and effective.
2.3 New and repeat findings
Although internal control deficiencies decreased over the last four years, this year has seen a 42 per cent increase in internal control deficiencies.	The increase in new IT control deficiencies and repeat IT control deficiencies signifies an emerging risk for agencies.
IT control deficiencies feature in this increase, having risen by 63 per cent since last year. The number of repeat IT control deficiencies has doubled and is driven by the increasing digital footprint left by agencies as government prioritises on-line interfaces with citizens, and the number of transactions conducted through digital channels increases	Recommendation: Agencies should reduce IT risks by: assigning ownership of recommendations to address IT control deficiencies, with timeframes and actions plans for implementation ensuring audit and risk committees and agency management regularly monitor the implementation status of recommendations.

Government agencies’ financial reporting is now heavily reliant on information technology (IT). IT is also increasingly important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our audits reviewed whether agencies have effective controls in place to manage both key financial systems and IT service contracts.

Observation	Conclusions and recommendations
3.1 Management of IT vendors
Contract management framework Although 87 per cent of agencies have a contract management policy to manage IT vendors, one fifth require review.	Conclusion: Agencies can more effectively manage IT vendor contracts by developing policies and procedures to ensure vendor management frameworks are kept up to date, plans are in place to manage vendor performance and risk, and compliance with the framework is monitored by: internal audit focusing on key contracting activities experienced officers who are independent of contract administration performing spot checks or peer reviews targeted analysis of data in contract registers.
Contract risk management Forty-one per cent of agencies are not using contract management plans and do not assess contract risks. Half of the agencies that did assess contract risks, had not updated the risk assessments since the commencement of the contract.	Conclusion: Instead of applying a 'set and forget' approach in relation to management of contract risks, agencies should assess risk regularly and develop a plan to actively manage identified risks throughout the contract lifecycle - from negotiation and commencement, to termination.
Performance management Eighty-six per cent of agencies meet with vendors to discuss performance. Only 24 per cent of agencies sought assurance about the accuracy of vendor reporting against KPIs, yet sixty-seven per cent of the IT contracts allow agencies to determine performance based payments and/or penalise underperformance.	Conclusion: Agencies are monitoring IT vendor performance, but could improve outcomes and more effectively manage under-performance by: a more active, rigorous approach to both risk and performance management checking the accuracy of vendor reporting against those KPIs and where appropriate seeking assurance over their accuracy invoking performance based payments clauses in contracts when performance falls below agreed standards.
Transitioning services Forty-three per cent of the IT vendor contracts did not contain transitioning-out provisions. Where IT vendor contracts do make provision for transitioning-out, only 28 per cent of agencies have developed a transitioning-out plan with their IT vendor.	Conclusion: Contract transition/phase out clauses and plans can mitigate risks to service disruption, ensure internal controls remain in place, avoid unnecessary costs and reduce the risk of 'vendor lock-in'.
Contract Registers Eleven out of forty agencies did not have a contract register, or have registers that are not accurate and/or complete.	Conclusion: A contract register helps to manage an agency’s compliance obligations under the Government Information (Public Access) Act 2009 (the GIPA Act). However, it also helps agencies more effectively manage IT vendors by: monitoring contract end dates and contract extensions, and commence new procurements through their central procurement teams in a timely manner managing their contractual commitments, budgeting and cash flow requirements. Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations.
3.2 IT general controls
Governance Ninety-five per cent of agencies have established policies to manage key IT processes and functions within the agency, with ten per cent of those due for review.	Conclusion: Regular review of IT policies ensures risks are considered and appropriate strategies and procedures are implemented to manage these risks on a consistent basis. An absence of policies can lead to ad-hoc responses to risks, and failure to consider emerging IT risks and changes to agency IT environments.
User access administration Seventy-two deficiencies were identified related to user access administration, including: thirty issues related to granting user access across 43 per cent of agencies sixteen issues related to removing user access across 30 per cent of agencies twenty-six issues related to periodic reviews of user access across 50 per cent of agencies.	Recommendation: Agencies should strengthen the administration of user access to prevent inappropriate access to key systems.
Privileged access Forty per cent of agencies do not periodically review logs of the activities of privileged users to identify suspicious or unauthorised activities.	Recommendation: Agencies should: review the number of, and access granted to privileged users, and assess and document the risks associated with their activities monitor user access to address risks from unauthorised activity.
Password controls Twenty-three per cent of agencies did not comply with their own policy on password parameters.	Recommendation: Agencies should ensure IT password settings comply with their password policies.
Program changes Fifteen per cent of agencies had deficient IT program change controls mainly related to segregation of duties and authorisation and testing of IT program changes prior to deployment.	Recommendation: Agencies should maintain appropriate segregation of duties in their IT functions and test system changes before they are deployed.

This chapter outlines our audit observations, conclusions and recommendations from our review of how agencies reported their performance in their 2016–17 annual reports. The Annual Reports (Statutory Bodies) Regulation 2015 and Annual Reports (Departments) Regulation 2015 (annual reports regulation) currently prescribes the minimum requirements for agency annual reports.

Observation

Conclusion or recommendation

4.1 Reporting on performance

Only 57 per cent of agencies linked reporting on performance to their strategic objectives.

The use of targets and reporting performance over time was limited and applied inconsistently.

Conclusion: There is significant disparity in the quality and consistency of how agencies report on their performance in their annual reports. This limits the reliability and transparency of reported performance information.

Agencies could improve performance reporting by clearly linking strategic objectives to reported outcomes, and reporting on performance against targets over time. NSW Treasury may need to provide more guidance to agencies to support consistent and high-quality performance reporting in annual reports.

There is no independent assurance that the performance metrics agencies report in their annual reports are accurate.

Prior performance audits have noted issues related to the collection of performance information. For example, our 2016 Report on Red Tape Reduction highlighted inaccuracies in how the dollar-value of red tape reduction had been reported.

Conclusion: The ability of Parliament and the public to rely on reported information as a relevant and accurate reflection of an agency's performance is limited.

The relevance and accuracy of performance information is enhanced when:

policies and guidance support the consistent and accurate collection of data
internal review processes and management oversight are effective
independent review processes are established to provide effective challenge to the assumptions, judgements and methodology used to collect the reported performance information.

4.2 Reporting on reports

Agency reporting on major projects does not meet the requirements of the annual reports regulation.

Forty-seven per cent of agencies did not report on costs to date and estimated completion dates for major works in progress. Of the 47 per cent of agencies that reported on major works, only one agency reported detail about significant cost overruns, delays, amendments, deferments or cancellations.

NSW Treasury produce an annual report checklist to help agencies comply with their annual report obligations.

Recommendation: Agencies should comply with the annual reports regulation and report on all mandatory fields, including significant cost overruns and delays, for their major works in progress.

The information the annual reports regulation requires agencies to report deals only with major works in progress. There is no requirement to report on completed works.

Sixteen of 30 agencies reported some information on completed major works.

Conclusion: Agencies could improve their transparency if they reported, or were required to report:

on both works in progress and projects completed during the year
actual costs and completion dates, and forecast completion dates for major works, against original and revised budgets and original expected completion dates
explanations for significant cost overruns, delays and key project performance metrics.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency preventative and detective controls over purchasing card and taxi use for 2017–18.

Observation	Conclusion or recommendation
5.1 Management of purchasing cards
Volume of credit card spend Purchasing card expenditure has increased by 76 per cent over the last four years in response to a government review into the cost savings possible from using purchasing cards for low value, high volume procurement.	Conclusion: The increasing use of purchasing cards highlights the importance of an effective framework for the use and management of purchasing cards.
Policy framework We found all agencies that held purchasing cards had a policy in place, but 26 per cent of agencies have not reviewed their purchasing card policy by the scheduled date, or do not have a scheduled revision date stated within their policy.	Recommendation: Agencies should mitigate the risks associated with increased purchasing card use by ensuring policies and purchasing card frameworks remain current and compliant with the core requirements of TPP 17–09 'Use and Management of NSW Government Purchasing Cards'.
Preventative controls We found that: all agencies maintained purchasing card registers seventy-six per cent provided training to cardholders prior to being issued with a card eighty-nine per cent appointed a program administrator, but only half of these had clearly defined roles and responsibilities thirty-two per cent of agencies place merchant blocks on purchasing cards forty-seven per cent of agencies place geographic restrictions on purchasing cards.	Agencies have designed and implemented preventative controls aimed at deterring the potential misuse of purchasing cards. Conclusion: Further opportunities exist for agencies to better control the use of purchasing cards, such as: updating purchasing card registers to contain all mandatory fields required by TPP17–09 appointing a program administrator for the agency's purchasing card framework and defining their role and responsibility for the function strengthening preventive controls to prevent misuse.
Detective controls Ninety-two per cent of agencies have designed and implemented at least one control to monitor purchasing card activity. Major reviews, such as data analytics (29 per cent of agencies) and independent spot checks (49 per cent of agencies) are not widely used.	Agencies have designed and implemented detective controls aimed at identifying potential misuse of purchasing cards. Conclusion: More effective monitoring using purchasing card data can provide better visibility over spending activity and can be used to: detect misuse and investigate exceptions analyse trends to highlight cost saving opportunities.
5.2 Management of taxis
Policy framework Thirteen per cent of agencies have not developed and implemented a policy to manage taxi use. In addition: a further 41 per cent of agencies have not reviewed their policies by the scheduled revision date, or do not have a scheduled revision date more than half of all agencies’ policies do not offer alternative travel options. For example, only 36 per cent of policies promoted the use of general Opal cards.	Conclusion: Agencies can promote savings and provide more options to staff where their taxi use policies: limit the circumstances where taxi use is appropriate offer alternate, lower cost options to using taxis, such as general Opal cards and rideshare.
Detective controls All agencies approve taxi expenditure by expense reimbursement, purchasing card and Cabcharge, and have implemented controls around this approval process. However, beyond this there is minimal monitoring and review activity, such as data monitoring, independent spot checks or internal audit reviews.	Conclusion: Taxi spend at agencies is not significant in terms of its dollar value, but it is significant from a probity perspective. Agencies can better address the probity risk by incorporating taxi use into a broader purchasing card or fraud monitoring program.

Fraud and corruption control is one of the 17 key elements of our governance lighthouse. Recent reports from ICAC into state agencies and local government councils highlight the need for effective fraud control and ethical frameworks. Effective frameworks can help protect an agency from events that risk serious reputational damage and financial loss.

Our 2016 Fraud Survey found the NSW Government agencies we surveyed reported 1,077 frauds over the three year period to 30 June 2015. For those frauds where an estimate of losses was made, the reported value exceeded $10.0 million. The report also highlighted that the full extent of fraud in the NSW public sector could be higher than reported because:

unreported frauds in organisations can be almost three times the number of reported frauds
our 2015 survey did not include all NSW public sector agencies, nor did it include any NSW universities or local councils
fraud committed by citizens such as fare evasion and fraudulent state tax self-assessments was not within the scope of our 2015 survey
agencies did not estimate a value for 599 of the 1,077 (56 per cent) reported frauds.

Commissioning and outsourcing of services to the private sector and the advancement of digital technology are changing the fraud and corruption risks agencies face. Fraud risk assessments should be updated regularly and in particular where there are changes in agency business models. NSW Treasury Circular TC18-02 NSW Fraud and Corruption Control Policy now requires agencies develop, implement and maintain a fraud and corruption control framework, effective from 1 July 2018.

Our Fraud Control Improvement Kit provides guidance and practical advice to help organisations implement an effective fraud control framework. The kit is divided into ten attributes. Three key attributes have been assessed below; prevention, detection and notification systems.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency fraud and corruption controls for 2017–18.

Observation	Conclusion or recommendation
6.1 Prevention systems
Prevention systems Ninety-two per cent of agencies have a fraud control plan in place, 81 per cent maintain a fraud database and 79 per cent report fraud and corruption matters as a standing item on audit and risk committee agendas. Only 54 per cent of agencies have an employment screening policy and all agencies have IT security policies, but gaps in IT security controls could undermine their policies.	Conclusion: Most agencies have implemented fraud prevention systems to reduce the risk of fraud. However poor IT security along with other gaps in agency prevention systems, such as employment screening practices heightens the risk of fraud and inappropriate use of data. Agencies can improve their fraud prevention systems by: completing regular fraud risk assessments, embedding fraud risk assessment into their enterprise risk management process and reporting the results of the assessment to the audit and risk committee maintaining a fraud database and reviewing it regularly for systemic issues and reporting a redacted version of the database on the agency's website to inform corruption prevention networks developing policies and procedures for employee screening and benchmarking their current processes against ICAC's publication ‘Strengthening Employment Screening Practices in the NSW Public Sector’ developing and maintaining up to date IT security policies and monitoring compliance with the policy.
Twenty-three per cent of agencies were not performing fraud risk assessments and some agency fraud risk assessments may not be as robust as they could be.	Conclusion: Agencies' systems of internal controls may be less effective where new and emerging fraud risks have been overlooked, or known weaknesses have not been rectified.
6.2 Detection systems
Detection systems Several agencies reported they were developing a data monitoring program, but only 38 per cent of agencies had already implemented a program.	Studies have shown data monitoring, whereby entire populations of transactional data are analysed for indicators of fraudulent activity, is one of the most effective methods of early detection. Early detection decreases the duration a fraud remains undetected thereby limiting the extent of losses. Conclusion: Data monitoring is an effective tool for early detection of fraud and is more effective when informed by a comprehensive fraud risk assessment.
6.3 Notification systems
Notification system All agencies have notification systems for reporting actual or suspected fraud and corruption. Most agencies provide multiple reporting lines, provide training and publicise options for staff to report actual or suspected fraud and corruption.	Conclusion: Training staff about their obligations and the use of fraud notification systems promotes a fraud-aware culture

Appendix one - List of 2018 recommendations

Appendix two - Status of 2017 recommendations

Appendix three - Cluster agencies

29 June 2018

Published

Performance audit insights: key findings from 2014-2018

Whole of Government

Compliance

Fraud

Information technology

Internal controls and governance

Procurement

Project management

A report released today by the Auditor-General for New South Wales, Margaret Crawford, presents key findings from four years of performance audits. The report findings are presented around six areas of government activity including planning for the future, meeting community expectations for key services, investment in infrastructure, managing natural resources, ensuring good governance and digital disruption.

In this report, we present common findings and lessons from the past four years of performance audits, and offer insights to the public sector on elements of effective performance. We have analysed the key findings and recommendations from 61 performance audits tabled in the NSW Parliament between July 2014 and June 2018, spanning varied areas of government activity. We will also use this report to help determine areas of unaddressed risk across all parts of government, and to shape our future audit priorities.

Governments play an important stewardship role. Their decisions need to consider intergenerational equity by ensuring that investment strategies are sustainable. Governments also need to consider the impact of their decisions on different parts of the community. We recognise that governments face challenges in delivering programs and services, targeting complex social issues with finite resources.

Governments are changing how they deliver services to respond to citizen needs and deliver greater value for money. In this section, we reflect on audits that looked at how government entities are planning their activities to meet the needs of the community into the future.

State and local government exist to provide services to citizens, and citizens are playing a greater role in defining what services they want or need. Expectations about consultation, ease of access, timeliness, and customisation of services are rising. Governments face challenges to continually improve the way they plan and deliver services to meet these expectations. Governments also need to provide quality services for a growing and ageing population whilst working within a constrained financial environment.

Over the past four years, our performance audits have assessed aspects of State and local government services, including education, health services, disability support, corrective services, and many others. In this section, we draw together common findings that government entities should reflect on when providing services to the community.

The NSW Government’s 2018–19 Budget forecasts an $87.2 billion infrastructure investment program over the next four years. Infrastructure investment of this size carries significant opportunities and risks. Competition for resources is high and maintaining the capability to manage and deliver projects effectively is challenging. Governments also need to plan effectively to ensure infrastructure built today will meet future needs.

Over the past four years, we have looked at some of the ways NSW Government agencies justify and prioritise projects for funding, work with contractors to deliver projects, and track and report on progress. In this section, we draw together common findings from our audits that government entities should consider when planning future infrastructure projects.

Governments face challenges in balancing the use of natural resources to meet diverse interests, while supporting a sustainable natural environment for the future. They need to supply communities with water, produce energy, protect natural habitats, and support farming, industry, and economic development.

Some of our recent audits have considered how government agencies are managing natural resources and protecting the environment for future generations. In this section, we have drawn together common findings across our audits that government entities should consider in managing the environment and natural resources.

A range of checks and balances is needed to support public confidence in government decision making. To maintain trust, government agencies should act transparently, and in accordance with relevant legislation and policy. This is particularly important as the public sector increasingly engages with external partners to deliver services and provide a more contestable environment.

Good governance arrangements should result in improved service delivery and more effective and efficient use of resources. Our audits have looked at many different elements of governance, including making sure the necessary processes and workplace cultures are in place to help government entities achieve their aims. In this section, we have drawn together various aspects of governance that government entities should consider.

The global increase in digital technology provides governments with opportunities to interact with citizens in more immediate and responsive ways than was previously possible. Data can be used in powerful ways such as predicting future demand for services, targeting interventions, responding to crises, and evaluating outcomes. Governments face challenges in doing this while maintaining secure digital environments that protect citizen interests, privacy, and autonomy.

Our audits have assessed some of the ways that government entities are incorporating digital change into their work. In this section, we draw together common themes that governments could consider in protecting their digital assets, or expanding their digital capabilities.

Appendix one – Performance audits 2014 to 2018

Appendix two – Performance auditing

Appendix three – About this report

28 June 2018

Published

Regulation of water pollution in drinking water catchments and illegal disposal of solid waste

Environment

Compliance

Internal controls and governance

Management and administration

Regulation

Risk

There are important gaps in how the Environmental Protection Authority (EPA) implements its regulatory framework for water pollution in drinking water catchments and illegal solid waste disposal. This limits the effectiveness of its regulatory responses, according to a report released today by the Auditor-General for New South Wales, Margaret Crawford.

The NSW Environment Protection Authority (the EPA) is the State’s primary environmental regulator. The EPA regulates waste and water pollution under the Protection of the Environment Operations Act 1997 (the Act) through its licensing, monitoring, regulation and enforcement activities. The community should be able to rely on the effectiveness of this regulation to protect the environment and human health. The EPA has regulatory responsibility for more significant and specific activities which can potentially harm the environment.

Activities regulated by the EPA include manufacturing, chemical production, electricity generation, mining, waste management, livestock processing, mineral processing, sewerage treatment, and road construction. For these activities, the operator must have an EPA issued environment protection licence (licence). Licences have conditions attached which may limit the amount and concentrations of substances the activity may produce and discharge into the environment. Conditions also require the licensee to report on its licensed activities.

This audit assessed the effectiveness of the EPA’s regulatory response to water pollution in drinking water catchments and illegal solid waste disposal. The findings and recommendations of this review can be reasonably applied to the EPA’s other regulatory functions, as the areas we examined were indicative of how the EPA regulates all pollution types and incidents.

Conclusion

There are important gaps in how the EPA implements its regulatory framework for water pollution in drinking water catchments and illegal solid waste disposal which limit the effectiveness of its regulatory response. The EPA uses a risk-based regulatory framework that has elements consistent with the NSW Government Guidance for regulators to implement outcomes and risk-based regulation. However, the EPA did not demonstrate that it has established reliable practices to accurately and consistently detect the risk of non compliances by licensees, and apply consistent regulatory actions. This may expose the risk of harm to the environment and human health.

The EPA also could not demonstrate that it has effective governance and oversight of its regulatory operations. The EPA operates in a complex regulatory environment where its regional offices have broad discretions for how they operate. The EPA has not balanced this devolved structure with an effective governance approach that includes appropriate internal controls to monitor the consistency or quality of its regulatory activities. It also does not have an effective performance framework that sets relevant performance expectations and outcome-based key performance indicators (KPIs) for its regional offices.

These deficiencies mean that the EPA cannot be confident that it conducts compliance and enforcement activities consistently across the State and that licensees are complying with their licence conditions or the Act.

The EPA's reporting on environmental and regulatory outcomes is limited and most of the data it uses is self reported by industry. It has not set outcome-based key result areas to assess performance and trends over time.

The EPA uses a risk-based regulatory framework for water pollution and illegal solid waste disposal but there are important gaps in implementation that reduce its effectiveness.

Elements of the EPA’s risk-based regulatory framework for water pollution and illegal solid waste disposal are consistent with the NSW Government Guidance for regulators to implement outcomes and risk-based regulation. There are important gaps in how the EPA implements its risk-based approach that limit the effectiveness of its regulatory response. The EPA could not demonstrate that it effectively regulates licensees because it has not established reliable practices that accurately and consistently detect licence non compliances or breaches of the Act and enforce regulatory actions.

The EPA lacks effective governance arrangements to support its devolved regional structure. The EPA's performance framework has limited and inconclusive reporting on regional performance to the EPA’s Chief Executive Officer or to the EPA Board. The EPA cannot assure that it is conducting its regulatory responsibilities effectively and efficiently.

The EPA does not consistently evaluate its regulatory approach to ensure it is effective and efficient. For example, there are no set requirements for how EPA officers conduct mandatory site inspections, which means that there is a risk that officers are not detecting all breaches or non-compliances. The inconsistent approach also means that the EPA cannot rely on the data it collects from these site inspections to understand whether its regulatory response is effective and efficient. In addition, where the EPA identifies instances of non compliance or breaches, it does not apply all available regulatory actions to encourage compliance.

The EPA also does not have a systematic approach to validate self-reported information in licensees’ annual returns, despite the data being used to assess administrative fees payable to the EPA and its regulatory response to non-compliances.

The EPA does not use performance frameworks to monitor the consistency or quality of work conducted across the State. The EPA has also failed to provide effective guidance for its staff. Many of its policies and procedures are out-dated, inconsistent, hard to access, or not mandated.

Recommendations

By 31 December 2018, to improve governance and oversight, the EPA should:
1.	implement a more effective performance framework with regular reports to the Chief Executive Officer and to the EPA Board on outcomes-based key result areas that assess its environmental and regulatory performance and trends over time
By 30 June 2019, to improve consistency in its practices, the EPA should:
2.	progressively update and make accessible its policies and procedures for regulatory operations, and mandate procedures where necessary to ensure consistent application
3.	implement internal controls to monitor the consistency and quality of its regulatory operations.

The EPA does not apply a consistent approach to setting licence conditions for discharges to water.

The requirements for setting licence conditions for water pollution are complex and require technical and scientific expertise. In August 2016, the EPA approved guidance developed by its technical experts in the Water Technical Advisory Unit to assist its regional staff. However, the EPA did not mandate the use of the guidance until mid-April 2018. Up until then, the EPA had left discretion to regional offices to decide what guidance their staff use. This meant that practices have differed across the organisation. The EPA is yet to conduct training for staff to ensure they consistently apply the 2016 guidance.

The EPA has not implemented any appropriate internal controls or quality assurance process to monitor the consistency or quality of licence conditions set by its officers across the State. This is not consistent with good regulatory practice.

The triennial 2016 audit of the Sydney drinking water catchment report highlighted that Lake Burragorang has experienced worsening water quality over the past 20 years from increased salinity levels. The salinity levels were nearly twice as high as in other storages in the Sydney drinking water catchment. The report recommended that the source and implication of the increased salinity levels be investigated. The report did not propose which public authority should carry out such an investigation.

To date, no NSW Government agency has addressed the report's recommendation. There are three public authorities, the EPA, DPE and WaterNSW that are responsible for regulating activities that impact on water quality in the Sydney drinking water catchment, which includes Lake Burragorang.

Recommendation

By 30 June 2019, to address worsening water quality in Lake Burragorang, the EPA should:
4.	(a) review the impact of its licensed activities on water quality in Lake Burragorang, and
	(b) develop strategies relating to its licensed activities (in consultation with other relevant NSW Government agencies) to improve and maintain the lake's water quality.

The EPA’s risk-based approach to monitoring compliance of licensees has limited effectiveness.

The EPA tailors its compliance monitoring approach based on the performance of licensees. This means that licensees that perform better have a lower administrative fee and fewer mandatory site inspections.

However, this approach relies on information that is not complete or accurate. Sources of information include licensees’ annual returns, EPA site inspections and compliance audits, and pollution reports from the public.

Licensees report annually to the EPA on their performance, including compliance against their licence conditions. The Act contains significant financial penalties if licensees provide false and misleading information in their annual returns. However, the EPA does not systematically or consistently validate information self-reported by licensees, or consistently apply regulatory actions if it discovers non-compliance.

Self-reported compliance data is used in part to assess a licensed premises’ overall environmental risk level, which underpins the calculation of the administrative fee, the EPA’s site inspection frequency, and the licensee’s exposure to regulatory actions. It is also used to assess the load-based licence fee that the licensee pays.

The EPA has set minimum mandatory site inspection frequencies for licensed premises based on its assessed overall risk level. This is a key tool to detect non-compliance or breaches of the Act. However, the EPA has not issued a policy or procedures that define what these mandatory inspections should cover and how they are to be conducted. We found variations in how the EPA officers in the offices we visited conducted these inspections. The inconsistent approach means that the EPA does not have complete and accurate information of licensees’ compliance. The inconsistent approach also means that the EPA is not effectively identifying all non-compliances for it to consider applying appropriate regulatory actions.

The EPA also receives reports of pollution incidents from the public that may indicate non-compliance. However, the EPA has not set expected time frames within which it expects its officers to investigate pollution incidents. The EPA regional offices decide what to investigate and timeframes. The EPA does not measure regional performance regarding timeframes.

The few compliance audits the EPA conducts annually are effective in identifying licence non-compliances and breaches of the Act. However, the EPA does not have a policy or required procedures for its regulatory officers to consistently apply appropriate regulatory actions in response to compliance audit findings.

The EPA has not implemented any effective internal controls or quality assurance process to check the consistency or quality of how its regulatory officers monitor compliance across the State. This is not consistent with good regulatory practice.

Recommendations

To improve compliance monitoring, the EPA should implement procedures to:
5.	by 30 June 2019, validate self-reported information, eliminate hardcopy submissions and require licensees to report on their breaches of the Act and associated regulations in their annual returns
6.	by 31 December 2018, conduct mandatory site inspections under the risk-based licensing scheme to assess compliance with all regulatory requirements and licence conditions.

The EPA cannot assure that its regulatory enforcement approach is fully effective.

The EPA’s compliance policy and prosecution guidelines have a large number of available regulatory actions and factors which should be taken into account when selecting an appropriate regulatory response. The extensive legislation determining the EPA’s regulatory activities, and the devolved regional structure the EPA has adopted in delivering its compliance and regulatory functions, increases the risk of inconsistent compliance decisions and regulatory responses. A good regulatory framework needs a consistent approach to enforcement to incentivise compliance.

The EPA has not balanced this devolved regional structure with appropriate governance arrangements to give it assurance that its regulatory officers apply a consistent approach to enforcement.

The EPA has not issued standard procedures to ensure consistent non-court enforcement action for breaches of the Act or non-compliance with licence conditions. Given our finding that the EPA does not effectively detect breaches and non-compliances, there is a risk that it is not applying appropriate regulatory actions for many breaches and non-compliances.

A recent EPA compliance audit identified significant non-compliances with incident management plan requirements. However, the EPA has not applied regulatory actions for making false statements on annual returns for those licensees that certified their plans complied with such requirements. The EPA also has not applied available regulatory actions for the non-compliances which led to the false or misleading statements.

Recommendation

By 31 December 2018 to improve enforcement, the EPA should:
7.	Implement procedures to systematically assess non-compliances with licence conditions and breaches of the Act and to implement appropriate and consistent regulatory actions.

The EPA has implemented the actions listed in the NSW Illegal Dumping Strategy 2014–16. To date, the EPA has also implemented four of the six recommendations made by the ICAC on EPA's oversight of Regional Illegal Dumping Squads.

The EPA did not achieve the NSW Illegal Dumping Strategy 2014–16 target of a 30 per cent reduction in instances of large scale illegal dumping in Sydney, the Illawarra, Hunter and Central Coast from 2011 levels.

In the reporting period, the incidences of large scale illegal dumping more than doubled. The EPA advised that this increase may be the result of greater public awareness and reporting rather than increased illegal dumping activity.

By June 2018, the EPA is due to implement one outstanding recommendation made by the ICAC but has not set a time for the other outstanding recommendation.

Appendix one – Response from agency

Appendix two – List of enforcement tools

Appendix three – The EPA's organisational structure

Appendix four – The EPA's regions and branches

Appendix five – About the audit

Appendix six – Performance auditing

Parliamentary reference - Report number #304 - released 28 June 2018

6 December 2016

Published

Planning and Environment 2016

Planning

Environment

Asset valuation

Compliance

Financial reporting

Fraud

Information technology

Internal controls and governance

Project management

Auditor-General, Margaret Crawford released a report on the planning and environment cluster today, concluding that the quality of financial reporting is improving. However, the cluster can improve its financial controls and governance framework.

10 November 2016

Published

Fraud Survey

Education

Community Services

Finance

Health

Industry

Justice

Local Government

Planning

Premier and Cabinet

Transport

Treasury

Universities

Whole of Government

Environment

Fraud

Information technology

Internal controls and governance

Procurement

Risk

In a report released today, the NSW Auditor-General, Margaret Crawford provides a snapshot of reported fraud in the NSW public sector and an analysis of NSW Government agencies’ fraud controls based on a survey of 102 agencies.

Audit progress

Sector

Year

Report type

Topic

Reports

Regional NSW 2020

1. Machinery of Government (MoG) changes

2. Financial reporting

3. Audit observations

Waste levy and grants for waste infrastructure

Conclusion

Support for regional town water infrastructure

Conclusion

Water conservation in Greater Sydney

Conclusion

Integrity of data in the Births, Deaths and Marriages Register

Conclusion

Internal Controls and Governance 2018

This report offers insights into internal controls and governance in the NSW public sector

The focus of the report has changed since last year

Agencies selected for the volume account for 95 per cent of the state's expenditure

Performance audit insights: key findings from 2014-2018

Regulation of water pollution in drinking water catchments and illegal disposal of solid waste

Planning and Environment 2016

Fraud Survey