Refine search Expand filter

Reports

Published

Actions for Service NSW's handling of personal information

Service NSW's handling of personal information

Premier and Cabinet
Finance
Cyber security
Fraud
Information technology
Internal controls and governance
Management and administration
Risk
Service delivery

The Auditor-General for New South Wales, Margaret Crawford, released a report today examining the effectiveness of Service NSW’s handling of customers’ personal information to ensure its privacy.

The audit found that Service NSW is not effectively handling personal customer and business information to ensure its privacy. Service NSW continues to use business processes that pose a risk to the privacy of personal information. This includes the routine emailing of personal information between Service NSW service centres and other agencies, which is one of the processes that contributed to the data breach earlier this year. The audit found that previously identified risks and recommended solutions had not been implemented on a timely basis.

The Auditor-General made eight recommendations aimed at ensuring improved processes, technologies, and governance arrangements for how Service NSW handles customers’ personal information.

The Hon. Victor Dominello, MP, Minister for Customer Service, requested this audit under section 27(B)(3)(c) of the Public Finance and Audit Act 1983 following public reports in May 2020 of a cyber security attack which had led to a breach of Service NSW customer information. This audit also included the Department of Customer Service which supports Service NSW with privacy, risk and governance functions.

Service NSW was established in 2013 with the intention that it would, over time, 'become the primary interaction point for customers accessing New South Wales Government transaction services'.

Service NSW's functions are set out in the Service NSW (One stop Access to Government Services) Act 2013. This legislation allows for other NSW Government agencies to delegate to and enter into agreements with the Chief Executive Officer of Service NSW in order for Service NSW to undertake service functions for the agency.

Service NSW now has agreements with 36 NSW Government client agencies to facilitate over 1,200 types of interactions and transactions for the community.

The nature of each agreement between Service NSW and its client agencies varies. Some client agencies have delegated authority to allow Service NSW staff to conduct transactions on their behalf in the agencies' systems. Other arrangements do not include the same degree of delegation. In these cases, Service NSW provides services such as responding to enquiries and validating documents.

In addition, Service NSW conducts transactions for its own programs, such as the Seniors Card. Personal information for these programs, as well as information for customers' MyServiceNSW accounts, are stored by Service NSW on its Salesforce Customer Relationship Management (CRM) system.

In March 2020, Service NSW suffered two cyber security attacks in short succession. Technical analysis undertaken by the Department of Customer Service (DCS) concluded that these attacks resulted from a phishing exercise through which external threat actors gained access to the email accounts of 47 staff members. These attacks resulted in the breach of a large amount of personal customer information that was contained in these email accounts. See Section 1.1 for further details.

This audit is being conducted in response to a request from the Hon. Victor Dominello, Minister for Customer Service, under section 27B(3)(c) of the Public Finance and Audit Act 1983. Minister Dominello requested that the Auditor General conduct a performance audit in relation to Service NSW's handling of sensitive customer and business information.

This audit assessed how effectively Service NSW handles personal customer and business information to ensure its privacy.

It addressed the following:

  • Does Service NSW have processes and governance in place to identify and manage risks to the privacy of personal customer and business information?
  • Does Service NSW have policies, processes and systems in place that support the effective handling of personal customer and business information to ensure its privacy?
  • Has Service NSW effectively implemented its policies, processes and systems for managing personal customer and business information?

Conclusion

Service NSW is not effectively handling personal customer and business information to ensure its privacy. It continues to use business processes that pose a risk to the privacy of personal information. These include routinely emailing personal customer information to client agencies, which is one of the processes that contributed to the March 2020 data breach. Previously identified risks and recommended solutions had not been implemented on a timely basis.

Service NSW identifies privacy as a strategic risk in both its Risk Management Guideline and enterprise risk register and sets out a zero level appetite for privacy risk in its risk appetite statement. That said, the governance, policies, and processes established by Service NSW to mitigate privacy risk are not effective in ensuring the privacy of personal customer and business information. While Service NSW had risk identification and management processes in place at the time of the March 2020 data breach, these did not prevent the breach occurring.

Some of the practices that contributed to the data breach are still being followed by Service NSW staff. For example, business processes still require Service NSW staff to scan and email personal information to some client agencies.

The lack of multi factor authentication has been identified as another key contributing factor to the March 2020 data breach as this enabled the external threat actors to gain access to staff email accounts once they had obtained the user account details through a phishing exercise. Service NSW had identified the lack of multi factor authentication on its webmail platform as a risk more than a year prior to the breach and had committed to addressing this by June 2019. It was not implemented until after the breach occurred.

There are weaknesses in the general IT and security controls implemented by Service NSW over its Salesforce Customer Relationship Management (CRM) system, which holds the personal information of over four million NSW residents.

Internal audits carried out by Service NSW, including one completed in August 2020, have identified significant weaknesses in the general IT and security controls implemented by Service NSW over its Salesforce CRM system. These include deficiencies in the management of role based access, monitoring and audit of user access, and partitioning of program specific transaction information. These deficiencies create an increased risk of unauthorised access to the personal information of over four million customers held in the system.

Lines of responsibility for meeting privacy obligations are not clearly drawn between Service NSW and its client agencies.

Service NSW has agreements in place with client agencies. However, the agreements lack detail and clarity about the roles and responsibilities of the agencies in relation to the collection, storage and security of customer's personal information. This lack of clarity raises the risk that privacy obligations will become confused and missed between the agencies.

Service NSW carries out privacy impact assessments for major new projects but does not routinely review existing processes and systems.

Service NSW carries out privacy impact assessments as part of its routine processes for implementing major new projects, ensuring that privacy management is considered as part of project design. Service NSW does not regularly undertake privacy impact assessments or reviews of existing or legacy processes and systems, which has resulted in some processes continuing despite posing significant risks to the privacy of personal information, such as the scanning, emailing, and storing of identification documents.

1. Key findings

Service NSW identifies privacy risks, but the controls and processes it put in place to mitigate these privacy risks were not adequate to prevent or limit the extent of the data breach that occurred in March 2020

Service NSW’s approach to risk management is framed by its Risk Management Guideline, which defines 'privacy and compliance' as one of the key types of risk for the agency. Service NSW's enterprise risk register identifies four strategic privacy related risks. Service NSW has set out a zero level appetite for privacy risk in its risk appetite statement.

Service NSW has assessed the adequacy of its controls for privacy risks as needing improvement. To be fully effective, the Risk Management Guideline says that these controls should have a focus that is ‘largely preventative and address the root causes’.

One of the business processes that was a key contributing factor to the data breach was the emailing of personal information by Service NSW staff to client agencies.

This process had been identified as a risk prior to the breach and some steps had been put in place to mitigate the risk. In particular, staff were required to manually delete emails that contained personal information. However, these measures were ineffective in preventing the breach, as the external threat actors still gained access to 47 staff email accounts that contained a large amount of personal information.

It is unclear why Service NSW did not effectively mitigate this risk prior to the breaches. However, Service NSW has advised that it implemented measures in June and October 2020 to automatically archive emails likely to contain personal information. This is expected to limit the quantity of information retained in email accounts for extended periods.

Service NSW has not put in place any technical or other solutions to avoid Service NSW staff having to scan and email personal information to some client agencies. Urgent action is needed to remove the requirement for staff to email personal information to client agencies, thereby mitigating the risk inherent in sending and storing this information using email.

There are weaknesses in the general IT and security controls implemented by Service NSW over its Salesforce CRM system, which holds the personal information of over four million customers

There are weaknesses in the general IT and security controls implemented by Service NSW over its Salesforce CRM system. These weaknesses include deficiencies in governance of role based access, monitoring and audit of staff access, and partitioning of program specific transaction information. These deficiencies create an increased risk of unauthorised access to the personal information of over four million customers which is stored in this system.

In addition, there is an absence of important controls to safeguard customers' privacy, such as multi factor authentication and reviewable logs of access history to their information. Such controls, when properly implemented, would enhance the control that customers are able to exercise over their personal information.

A privacy impact assessment conducted on Service NSW’s Salesforce CRM system in 2015 recommended that the system include the ability for customers to review access history to their personal information, as well as the option for customers to apply multi factor authentication to their accounts. While both these recommendations appeared positively received by Service NSW, neither have been implemented.

Since its inception, Service NSW’s use of Salesforce has extended to storing transaction data, particularly for transactions for which Service NSW is responsible, such as the Seniors Card. It also holds details of over four million MyServiceNSW account holders, including name, email address and phone number, and optional address details. It was not originally intended for the system to hold this volume and nature of customer information.

Lines of responsibility for meeting privacy obligations are unclear between Service NSW and its client agencies

Service NSW's privacy management plan does not clearly set out the privacy obligations of Service NSW and its client agencies. It sets out that 'compliance with the privacy principles will primarily be the responsibility of that [client] agency'. However, Service NSW has its own obligations under the security principles of the Privacy and Personal Information Protection Act 1998 (PPIP Act) to take reasonable steps to prevent unauthorised access to personal information, which is not made clear in the privacy management plan.

The agreements between Service NSW and client agencies reviewed for this audit only include general and high level references to privacy. Most do not include details of each parties' privacy responsibilities such as: which agency will provide the customer with a privacy notice explaining how their personal information will be handled, how personal information will be kept secure, how long Service NSW will retain information, what processes will be followed for internal reviews, and what specific planning is in place to respond to data breaches.

Service NSW's privacy management plan has not been updated to include new programs and governance changes

Service NSW's privacy management plan includes most of the matters required by law or good practice, with some exceptions. It does not explain any exemptions that the agency commonly relies on under the PPIP Act and does not address any health information that Service NSW may handle. It had also not been updated to reflect governance changes and the fact that, at the time this audit commenced, Service NSW was disclosing the content of internal review applications (the formal expression for 'complaints') to the Department of Customer Service (DCS). These governance changes were part of the centralisation of Service NSW's corporate support functions into DCS in late 2019, though internal review staff were seconded back into Service NSW during the course of this audit.

The current July 2019 privacy management plan has also not been updated since the rollout of a number of major new initiatives in 2020. These include 2019–20 bushfire emergency recovery initiatives (such as small business grants) and COVID 19 pandemic response initiatives (such as small business grants, border permits and the COVID safe check in app).

Service NSW routinely conducts privacy impact assessments for new initiatives, though privacy risks remain in legacy systems and processes

Service NSW routinely conducts privacy impact assessments for major new initiatives and the assessments reviewed for this audit largely accorded with good practice guidance.

Service NSW does not routinely review existing processes and systems to ensure that they are effective in ensuring the privacy of customer personal information. Business processes that create the highest risk to privacy, such as emailing of personal information, are more common in these longstanding legacy systems.

Service NSW's significant and rapid growth has outpaced the establishment of a robust control environment which has exacerbated privacy risks

Since it was established in 2013, Service NSW has experienced significant growth in the number and diversity of the types of transactions it provides, as well as the number of client agencies with which it works. The pace and extent of this growth has contributed to important controls not being properly implemented on a timely basis, which has heightened privacy risks, particularly in regard to existing, legacy systems and processes.

The pace of change and increasing demand for new program implementation has limited the opportunity for Service NSW, in collaboration with its client agencies, to revisit and redesign legacy business practices which pose a greater privacy risk. This includes the scanning and emailing of personal information.

While 2019–20 has seen additional demands placed on Service NSW in responding to the 2019–20 bushfire emergency and COVID 19 pandemic, it is the nature of the agency’s work that it operates in a fast paced and complex environment, where it is required to respond to multiple client agencies and stakeholders. Ensuring customer privacy should be integral to Service NSW’s business as usual operations.

2. Recommendations

Service NSW commissioned a number of external reviews and investigations stemming from the data breaches. The Auditor General's recommendations below have taken these other reviews into account. In order to offer assurance that it is appropriately protecting the privacy of its customers, Service NSW should address the full breadth of findings and recommendations made across all relevant reviews.

As a matter of urgency, Service NSW should:

1. in consultation with relevant client agencies and the Department of Customer Service, implement a solution for a secure method of transferring personal information between Service NSW and client agencies

2. review the need to store scanned copies of personal information and, if still required, implement a more secure method of storing this information and regular deletion of material.

By March 2021, Service NSW should:

3. ensure that all new agreements entered into with client agencies from 1 April 2021 address the deficiencies identified in this audit, including that they provide clarity on:

  • the content and provision of privacy collection notices
  • the terms by which personal information will be retained, stored, archived, and disposed of when no longer required
  • steps that will be taken by each agency to ensure that personal information is kept secure
  • the circumstances in which, and processes by which, applications for internal review will be referred by one agency to the other
  • how identified breaches of privacy will be handled between agencies

4. in collaboration with the Department of Customer Service, review its privacy management plan to address the deficiencies raised in this audit, including:

  • to clarify Service NSW's understanding of how responsibility for meeting privacy obligations are delineated between Service NSW and client agencies
  • to better reflect the full scope and complexity of personal information handled by Service NSW
  • to better explain how applications for internal review are handled between Service NSW and the Department of Customer Service
  • to ensure regular ongoing review, either according to a schedule or when Service NSW experiences substantial change to its programs and handling of personal information

5. in consultation with the Department of Customer Service, review its policies and processes for the management of privacy risks, including to:

  • ensure that there are appropriate mechanisms to escalate identified privacy risks from business units to the Executive Leadership Team
  • ensure that there are action plans to address strategic privacy risks that are assessed as having ineffective controls.
By June 2021, Service NSW should:

6. address deficiencies in the controls over, and security for, its Salesforce customer relationship management and related systems that hold customer personal information, including:

  • establish policies and processes for regular access reviews and monitoring of user activity in these systems, including for privileged users
  • enable partitioning and role based access restrictions to personal information collected for different programs
  • provide customers the choice to use multi factor authentication to further secure their MyServiceNSW accounts
  • enable customers to view the transaction history of their personal information to detect possible mishandling.
By December 2021, Service NSW should:

7. ensure that all existing agreements with client agencies address the deficiencies identified in this audit, including that they provide clarity on:

  • the content and provision of privacy collection notices
  • the terms by which personal information will be retained, stored, archived, and disposed of when no longer required
  • steps that will be taken by each agency to ensure that personal information is kept secure
  • the circumstances in which, and processes by which, applications for internal review will be referred by one agency to the other
  • how identified breaches of privacy will be handled between agencies

8. carry out a risk assessment of all processes, systems and transactions that involve the handling of personal information and undertake a privacy impact assessment for those that:

  • are identified as high risk and have not previously had a privacy impact assessment
  • have had major changes or updates since the privacy impact assessment was completed.

Appendix one – Responses from agencies

Appendix two – About the audit

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Actions for One TAFE NSW modernisation program

One TAFE NSW modernisation program

Education
Finance
Management and administration
Project management
Shared services and collaboration

The Auditor-General for New South Wales, Margaret Crawford, released a report today examining the management of the One TAFE NSW modernisation program.

In 2016, the Government released 'A Vision for TAFE NSW' which stated that TAFE NSW needed to become more flexible, efficient and competitive. It set out the need to progressively reduce significant cost inefficiencies, including by moving away from separate institutes to a single institute model. TAFE NSW established the One TAFE NSW modernisation program to deliver on that vision.

The Auditor General found that the One TAFE NSW modernisation program did not deliver against its key objectives within planned timeframes. The modernisation program originally aimed to realise $250 million in annual savings from 2018–19. Because of project delays and higher than expected transition costs, TAFE NSW did not meet the original savings target. TAFE NSW has made progress on key elements of the program and anticipates that savings will be realised in coming years.

The report makes two recommendations to improve governance arrangements for delivering on commercial objectives and increasing transparency of non commercial activities. 

The report also identifies a series of lessons for future government transformation programs.

TAFE NSW is the public provider of Vocational Education and Training (VET) in New South Wales. In 2018, TAFE NSW enrolled 436,000 students in more than 1,200 courses at around 130 locations across the State.

There have been major policy changes impacting TAFE NSW over the past decade. Under the Smart and Skilled reform, TAFE NSW started to compete with other Registered Training Organisations (RTOs) for a share of the student market.

In 2016, the NSW Government released 'A Vision for TAFE NSW'. The Vision stated that a failure to adapt to market circumstances had left TAFE NSW with unsustainable costs and inefficiencies. To address this, TAFE NSW needed to become more flexible, efficient and competitive. It set out that TAFE NSW must progressively reduce significant cost inefficiencies, including by moving away from a model of separate institutes to a One  TAFE NSW model. The NSW Government set TAFE NSW a target to achieve savings through implementing the Vision.

TAFE NSW established the One TAFE NSW modernisation program to deliver on that vision. The program initially aimed to deliver savings of $250 million per year from 2018–19, but this target was reviewed and updated as the program was being delivered.

This audit assessed whether TAFE NSW effectively managed the One TAFE NSW modernisation program to deliver on the NSW Government's vision for TAFE NSW. In making this assessment, the audit examined whether:

  • delivery of the program was well planned
  • the program was driven by sound governance arrangements
  • TAFE NSW is making progress against the intended outcomes of the program.

The audit focused on the effectiveness of planning, governance and reporting arrangements. It examined five projects within the overall modernisation program as case studies.

Conclusion

The One TAFE NSW modernisation program was an ambitious plan to deliver on the NSW Government’s vision for TAFE NSW, while achieving ongoing savings. Several factors contributed to TAFE NSW not effectively managing the program to deliver on planned timeframes and objectives. These factors include unclear expectations of the primary role of TAFE NSW, unrealistic timeframes, undertaking a large number of complex projects concurrently, governance arrangements that were not fit-for-purpose and poor-quality data.

Planning for the modernisation program and its projects was driven by top-down savings targets and pre-determined timeframes. This led to TAFE NSW attempting to deliver a large number of programs concurrently within tight timeframes. Program management capability was underdeveloped at the commencement of the program and this affected the quality of planning for delivery.

There was a lack of clarity around TAFE NSW's primary purpose. Part of the NSW Government's vision for TAFE NSW was for it to be more commercial, competitive and efficient. These objectives were not fully supported by existing legislation. The commercial objectives of the modernisation program conflicted with legislated social objectives for TAFE NSW. TAFE NSW did not have the autonomy to operate like a government-owned business in a market environment. And while TAFE NSW received separate funding to support students facing disadvantage this did not cover the costs of other non-commercial activities undertaken for social purposes, such as delivering uneconomic courses. The role of the TAFE Commission Board was ambiguous during the initial years of the program, which increased reporting requirements and blurred accountabilities for decision-making.

TAFE NSW's Strategic Plan 2016-22 nominated ten key milestones for delivery by January 2019. TAFE NSW has made progress against several important milestones, including that TAFE ‘is a single TAFE NSW brand’ and has 'industry specific TAFE NSW SkillsPoints'. Other key elements have yet to be delivered, including that TAFE NSW achieves 'integrated enterprise-wide business systems'. Because of delays to projects and higher than expected transition costs, TAFE NSW reported that it did not meet the originally targeted $250 million in annual savings for 2018–19 (which was reviewed and updated as the program was being delivered). 

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #346 - released 17 December 2020

Published

Actions for Central Agencies 2020

Central Agencies 2020

Premier and Cabinet
Treasury
Financial reporting
Internal controls and governance
Management and administration
Risk

This report analyses the results of our audits of the financial statements of the Treasury, Premier and Cabinet, Customer Service cluster agencies (central agencies), and the Legislature for the year ended 30 June 2020. The table below summarises our key observations.

1. Financial reporting

Audit opinions and timeliness of reporting

Unqualified audit opinions were issued on the 2019–20 financial statements of central agencies and the Legislature.

The audit opinion on the Social and Affordable Housing NSW Fund's compliance with the payment requirements of the Social and Affordable Housing NSW Fund Act 2016 was qualified.

All agencies met statutory deadlines for submitting
financial statements. 

Agencies were financially impacted by recent emergency events The NSW Government allocated $1.4 billion to provide small business support and bushfire recovery relief, support COVID-19 quarantine compliance management, recruit more staff to respond to increased customer demand, and meet additional COVID-19 cleaning requirements. Agencies spent $901 million (64 per cent of the allocated funding) for the financial year ended 30 June 2020. NSW Self Insurance Corporation reported an increase of $850 million in its liability for claims related to emergency events.
AASB 16 'Leases' resulted in significant changes to agencies' financial position The implementation of new accounting standards was challenging for many agencies. The New South Wales Government Telecommunications Authority was not well-prepared to implement AASB 16 'Leases' and had not completely assessed contracts that contained leases. This resulted in understatements of leased assets and liabilities by $56 million which were subsequently corrected.
Implementation of new revenue standards NSW Treasury did not adequately implement the new revenue standard AASB 1058 ‘Income of Not-for-Profit Entities’ for the Crown Entity. This resulted in understatements of $274 million in opening equity and $254 million to current year revenue, which have been corrected in the final financial statements.

2. Audit observations

Management letter findings and repeat issues Our 2019–20 audits identified nine high risk and 122 moderate risk issues across central agencies and the Legislature. The high risk issues were identified in the audits of:
  • Insurance and Care NSW
  • New South Wales Government Telecommunications Authority
  • Rental Bond Board
  • Independent Commission Against Corruption
  • NSW Treasury
  • Crown Entity
  • Department of Premier and Cabinet.

High risk findings include:

  • Insurance and Care NSW (icare) allocates service costs to the Workers Compensation Nominal Insurer, and the other schemes it supports. The documentation supporting cost allocations does not demonstrate how these allocations reflect actual costs. There is a risk of the Workers Compensation Nominal Insurer being overcharged.
  • New South Wales Government Telecommunications Authority's delay in capitalisation and valuation of material capital projects; and insufficient work performed to implement the new accounting standard AASB 16 ‘Leases’.
  • NSW Treasury's four-year plan to transition RailCorp to a for-profit State Owned Corporation called Transport Asset Holding Entity of New South Wales (TAHE) by 1 July 2019, remains to be implemented. On 1 July 2020, RailCorp converted to TAHE. A large portion of the planned arrangements are still to be implemented. As at the time of the audit, the TAHE operating model, Statement of Corporate Intent (SCI) and other key plans and commercial agreements were not finalised. In the absence of commercial arrangements with the public rail operators, there is a lack of evidence to demonstrate TAHE’s ability to create a commercial return in the long term. This matter has been included as a high risk finding in our management letter as there may be financial reporting implications to the State if TAHE does not generate a commercial return for its shareholders in line with the original intent. NSW Treasury and TAHE should ensure the commercial arrangements, operating model and SCI are finalised in 2020–21.

Of the 122 moderate risk issues, 36 per cent were repeat issues. The most common repeat issue related to weaknesses in controls over information technology user access administration, which increases the risk of inappropriate access to systems and records.

Grants administration for disaster relief Service NSW delivers grants responding to emergency events on behalf of other NSW Public Sector agencies. Since the first grant program commenced in January 2020, Service NSW processed approximately $791 million to NSW citizens and businesses impacted by emergency events for the financial year ended 30 June 2020. A performance audit of grants administration for disaster relief is planned for 2020–21. It will assess whether grants programs administered under the Small Business Support Fund were effectively designed and implemented to provide disaster relief.
Internal controls at GovConnect NSW service providers require enhancement

GovConnect NSW provides transactional and information technology services to central agencies. It engages an independent service auditor (service auditor) from the private sector to perform annual assurance reviews of controls at service providers, namely Infosys, Unisys and the Department of Customer Service (DCS). The service auditor issued:

  • unqualified opinions on information technology and business process controls at Infosys and Unisys, but there was an increase in control deficiencies identified in the user access controls at these service providers
  • a qualified opinion on DCS's information technology (IT) security monitoring controls because security tools were not implemented and monitored for the entire financial year. Responsibility for IT security monitoring transitioned from Unisys to DCS in 2019–20. These control deficiencies can increase the risk of fraud and inappropriate use of sensitive data.

These may impact on the ability of agencies to detect and respond to a cyber incident.

Recommendation:

We recommend DCS work with GovConnect service providers to resolve the identified control deficiencies as a matter of priority.

The NSW Public Sector's cyber security resilience needs to improve

The NSW Cyber Security Policy requires agencies to provide a maturity self-assessment against the Australian Cyber Security Centre (ACSC) Essential 8 to the head of the agency and Cyber Security NSW annually. Completed self-assessment returns highlighted limited progress in implementing the Essential 8.

Repeat recommendation:

Cyber Security NSW and NSW government agencies need to prioritise improvements to their cyber security resilience as a matter of urgency

Three Insurance and Care NSW (icare) entities had net asset deficiencies at 30 June 2020 The Workers Compensation Nominal Insurer, NSW Self Insurance Corporation and the Lifetime Care and Support Authority of NSW all had negative net assets at 30 June 2020. These icare entities did not hold sufficient assets to meet the estimated present value of all of their future payment obligations at 30 June 2020. The deterioration in net assets was largely due to increases in outstanding claims liabilities. Notwithstanding the overall net asset deficiencies, the financial statements for these entities were prepared on a going concern basis. This is because future payment obligations are not all due within the next 12 months. Settlement is instead expected to occur over years into the future, depending on the nature of the benefits provided by each scheme.
icare has not been able to demonstrate that its allocation of costs reflects the actual costs incurred by the Workers Compensation Nominal Insurer and other schemes

Costs are incurred by icare as the 'service entity' of the statutory scheme it administers, and then subsequently recovered from the schemes through 'service fees'. In the absence of documentation supported by robust supporting analysis, there is a risk of the schemes being overcharged, and the allocation of costs being in breach of legislative requirements.

Recommendation:

icare should ensure its approach to allocating service fees to the Workers Compensation Nominal Insurer and the other schemes it manages, is transparent and reflects actual costs.

icare did not comply with GIPA requirements icare did not comply with the Government Information (Public Access) Act 2009 (GIPA) contract disclosure requirements in 2019–20 and has not complied for several years. A total of 417 contracts were identified by management as not having been published on the NSW Government’s eTendering website. The final upload of these past contracts occurred on 20 August 2020.
Implementation of Machinery of Government (MoG) changes MoG changes impacted the governance and business processes of some agencies. Our audits identified and reported areas for improvement in the consolidation of corporate functions following MoG implementation processes at Infrastructure NSW and in the Customer Service cluster.

This report provides Parliament and other users of NSW Government central agencies' financial statements and the Legislature's financial statements with the results of our financial audits, observations, analyses, conclusions and recommendations.

Emergency events, such as bushfires, floods and the COVID-19 pandemic significantly impacted agencies in 2019–20. Our findings on nine agencies that were most impacted by recent emergency events are included throughout this report.

Refer to Appendix one for the names of all central agencies and Appendix four for the nine agencies most impacted by emergency events.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely. This chapter outlines our audit observations on the financial reporting of central agencies and the Legislature for 2020, including the financial implications from recent emergency events.

Section highlights

  • Unqualified audit opinions were issued on the 2019–20 financial statements of central agencies and the Legislature. All agencies met the statutory deadlines for submitting their financial statements.
  • The audit opinion on the Social and Affordable Housing NSW Fund's compliance with the payment requirements of the Social and Affordable Housing NSW Fund Act 2016 was qualified as a result of a payment made without a Treasurer's delegation.
  • Agencies were impacted by emergency events during 2019–20. This included additional grants to fund specific deliverables.
  • The implementation of new accounting standards was challenging for many agencies. The New South Wales Government Telecommunications Authority was not well-prepared to implement AASB 16 'Leases' and had not completely assessed contracts that contained leases. This resulted in understatements of leased assets and liabilities by $56 million which were subsequently corrected.
  • NSW Treasury did not adequately implement the new revenue standard AASB 1058 ‘Income of Not-for-Profit Entities’ for the Crown Entity. This resulted in understatements of $274 million in opening equity and $254 million to current year revenue in the financial statements. These misstatements were due to incorrect revenue calculations performed by the Transport agencies. The Crown Entity relies on information from Transport agencies as they are responsible for carrying out the State’s contractual obligations for Commonwealth funded transport projects. The extent of misstatements could have been reduced with more robust quality review processes in place by Treasury and Transport.

 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines:

  • our observations and insights from the financial statement audits of agencies in the central agencies and the Legislature
  • our assessment of how well agencies adapted their systems, policies, procedures and governance arrangements in response to recent emergencies.

Section highlights

  • The 2019–20 audits identified nine high risk and 122 moderate risk issues across the agencies. Of the 122 moderate risk issues, 44 (36 per cent) were repeat issues. The most common repeat issue relates to weaknesses in controls over information technology user access administration.
  • Service NSW delivers grants responding to emergency events on behalf of other NSW Public Sector agencies. Since the first grant program commenced in January 2020, Service NSW processed approximately $791 million to NSW citizens and businesses impacted by these emergency events for the financial year ended 30 June 2020.
  • GovConnect NSW engaged an independent auditor (the service auditor) from the private sector to evaluate the internal controls of its service providers. DCS's information technology security monitoring controls were qualified by the service auditor because security tools were not implemented and monitored for the entire financial year. These may impact on the ability of agencies to detect and respond to a cyber incident.
  • NSW Government agency self-assessment results show that the NSW Public Sector's cyber security resilience needs urgent attention.
  • The Workers Compensation Nominal Insurer, NSW Self Insurance Corporation and the Lifetime Care and Support Authority of NSW all had negative net assets at 30 June 2020. The financial statements for these entities continued to be prepared on a going concern basis as their liabilities are not all due for settlement within the next 12 months.
  • icare did not comply with the Government Information (Public Access) Act 2009 (GIPA) contract disclosure requirements in 2019–20, and has not complied for several years. A total of 417 contracts were identified by management as not having been published on the NSW Government’s eTendering website. The final upload of these past contracts occurred on 20 August 2020.
  • Machinery of Government (MoG) changes impacted the governance and business processes of affected agencies. Our audits identified and reported areas for improvement in the consolidation of corporate functions following MoG changes at Infrastructure NSW and in the Customer Service cluster.

 

Published

Actions for Health 2020

Health 2020

Health
Compliance
Financial reporting
Infrastructure
Internal controls and governance
Service delivery

This report analyses the results of our audits of financial statements of the Health cluster for the year ended 30 June 2020. The table below summarises our key observations.

1. Financial reporting

Financial reporting

Unqualified financial audit opinions

The financial statements of NSW Health and its 25 controlled entities received unqualified opinions.

The number of corrected and uncorrected misstatements increased from the prior year. Misstatements related predominantly to the implementation of new accounting standards, asset revaluations and accounting for new revenue streams to cover the cost of HSW Health’s response to the COVID-19 pandemic.

Qualified compliance audit opinion

We issued a qualified audit opinion for the Ministry of Health’s Annual Prudential Compliance Statement for aged care facilities operated by NSW Health. We identified 18 instances of material non-compliance with the Fees and Payments Principles 2014 (No. 2) (the Principles) in 2019–20 (30 in 2018–19).

Financial performance

NSW Health received an additional $3.3 billion in funding to cover costs associated with its response to the COVID-19 pandemic.

The impacts of the COVID-19 pandemic on the cluster were significant for health entities and included changes to operations, increased revenues, expenditure, assets and liabilities. Cancellation of elective surgery and decreased emergency department presentations meant that despite the pandemic, activity levels at many health entities decreased. Health Pathology and HealthShare were notable exceptions.

In the period to the 30 June 2020, NSW Health reported that over 900,000 COVID-19 tests were conducted. Health Pathology conducted over 500,000 of these tests. Health Pathology's surge requirements were enhanced through arrangements with 13 private sector providers. HealthShare purchased $864.2 million of personal protective equipment.

Overall, NSW Health recorded an operating surplus of $3.1 billion in 2019–20, an increase of $2.0 billion from 2018–19. As in previous years, the surplus largely resulted from additional revenue received to fund capital projects including the construction of new facilities, upgrades and redevelopments. In 2019–20 additional Commonwealth and State funding for the purchase and stockpiling of personal protective equipment also contributed to the operating surplus.

Overtime payments The Ambulance Service of NSW’s (NSW Ambulance) reduced their overtime payments to $79.7 million in 2019–20 ($83.1 million in 2018–19). Overtime payments in 2019–20 included $6.8 million related to the response to the 2019–20 bushfire season. NSW Ambulance overtime payments represent 16.8 per cent of total overtime payments in the cluster.

2. Audit observations

Internal control deficiencies

We identified more internal control deficiencies in 2019–20. The number of repeat issues from prior years also remains high.

NSW Health addressed 18 out of the 25 information system control deficiencies during the year.

Several key agreements lacked formal documentation. This included agreements between the Ministry and health entities, between health entities and agencies in other clusters and between the Ministry and health departments in other jurisdictions.

Infrastructure delivery NSW Health had 44 ongoing major capital projects at 30 June 2020 with a total revised budget of $12.3 billion. The revised total budget of $12.3 billion is $2.0 billion more than the original budget. NSW Health revises budgets when it combines project stages.

This report provides parliament and other users of the Health cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

The impacts of the COVID-19 pandemic on the cluster were significant and included changes to the operations of the health entities and increased revenue, expenditure, assets and liabilities.

As a part of this year's audits of health entities, we have considered:

  • financial implications of the COVID-19 emergency at both health entity and cluster levels
  • changes to agencies' operating models
  • agencies' access to technology and the maturity of systems and controls to prevent unauthorised and fraudulent access to data.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

The response to the COVID-19 pandemic primarily impacted the financial reporting of NSW Health through:

  • additional revenue from the State government in the form of grants and stimulus payments
  • additional revenue from the Commonwealth government under the National Partnership Agreement for COVID-19 to cover part of the cost of responding to the COVID-19 pandemic
  • increased expenses, largely due to increased payments to private health operators to maintain their viability during the COVID-19 pandemic and later to assist with public patient elective surgery waitlists and increased cleaning costs
  • increased purchases of personal protective equipment.

Chapter one outlines the impacts of NSW Health’s response to the COVID-19 pandemic. This chapter outlines our other audit observations related to the financial reporting of agencies in the Health cluster for 2020.

Section highlights

  • Unqualified audit opinions were issued for all health entities’ financial statements, although more misstatements were identified than last year.
  • NSW Health recorded an operating surplus of $3.1 billion, an increase of $2.0 billion from 2018–19. This is largely due to additional capital grants for new facilities, upgrades and redevelopments and additional Commonwealth and State funding for the purchase of personal protective equipment.
  • NSW Health’s expenses increased by 5.5 per cent in 2019–20 (7.0 per cent in 2018–19) despite the impact of the COVID-19 pandemic. The primary causes for the growth in expenses are increases in:
    • employee related expenses due to higher employee numbers, increased overtime and a 2.5 per cent award increase
    • payments to private health operators to maintain their viability during the COVID-19 pandemic and later to assist with public patient elective surgery waitlists
    • payments to private health operators due to the first full year of operation of the Northern Beaches hospital.
  • The Ambulance Service of NSW (NSW Ambulance) continued to report higher overtime payments than other health entities. However, despite the response to the 2019–20 bushfire season, their overtime payments were lower than last year. NSW Ambulance paid $79.7 million in overtime payments in 2019–20 ($83.1 million in 2018–19).
  • A qualified audit opinion was issued for the Ministry of Health’s Annual Prudential Compliance Statement for aged care facilities operated by NSW Health. There were 18 instances of material non-compliance with the Fees and Payments Principles 2014 (No. 2) (the Principles) in 2019–20 (30 in 2018–19)

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

The primary impact of the COVID-19 pandemic on the effectiveness of the internal controls of NSW Health and health entities relates to the effectiveness of controls implemented by HealthShare relating to the stocktake of personal protective equipment inventories. Inventory managed by HealthShare increased by 2,746 per cent during 2019–20. HealthShare’s inventory controls did not maintain pace with the sudden, significant increase.

The impacts of NSW Health’s response to the COVID-19 pandemic are outlined in chapter one. This chapter outlines other observations and insights from our financial statement audits of agencies in the Health cluster.

Section highlights

  • The number of internal control deficiencies has increased since 2018–19. More than a third of control deficiencies are repeat issues.
  • Control deficiencies that relate to managing employees’ leave and employee’s time recording continue to be difficult for entities to resolve, particularly during the ongoing response to the COVID-19 pandemic.
  • Several key agreements were undocumented. These included agreements between the Ministry and the health entities, between health entities, and between the Ministry and entities in other clusters and jurisdictions. These related to:
    • a loan arrangement between the Ministry and HealthShare for $319 million.
    • Northern Sydney Local Health District's use of land and buildings owned by the Graythwaite Charitable Trust
    • agreements for the treatment of New South Wales residents while they are interstate, and interstate residents receiving treatment while they are in New South Wales from Queensland, Victoria, South Australia and the ACT for both 2019–20 and 2018–19.
  • NSW Health reported that they completed nine major capital projects during 2019–20. As at 30 June 2020 there were 44 ongoing major capital health projects in NSW. The revised capital budget for these projects in total was $2.0 billion more than the original budget of $10.3 billion. NSW Health reported the budget revisions are largely the result of combining project stages.

Appendix one – List of 2020 recommendations 

Appendix two – Status of 2019 recommendations 

Appendix three – Financial data

Appendix four – Analysis of financial indicators 

Appendix five – Analysis of performance against budget

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Auditor-General’s Report to Parliament

Health 2020

11 December 2020

This corrigendum has been prepared to amend the following text within the Auditor-General’s Report to Parliament on Health 2020, dated 10 December 2020.

NSW Health emergency department treatment times

On page five the original text was as follows:

NSW Health also measures the percentage of patients whose clinical care in emergency departments is completed within four hours. The measure is used as an indicator of accessibility to public hospital services.

NSW Health aims to complete clinical care in the emergency department for 81 per cent of patients within four hours. In 2019–20 NSW Health reports it completed clinical care within four hours for 72.1 per cent of patients (a 7.3 per cent decrease from 2018–19).

At Western Sydney Local Health District, 59 per cent of patients were treated within the targeted timeframe. NSW Health attribute this to the profile of patients presenting in emergency departments and additional time taken processing COVID-19 patients to ensure staff safety.

The original text has now been changed to:

NSW Health also measures the percentage of patients with total time in the emergency department of four hours or less for each local health district. The measure is used as an indicator of accessibility to public hospital services.

Local Health Districts Target % (2019–20) Actual % (2019–20)
Central Coast 77.0 59.9
Far West 90.2 86.6
Hunter New England 81.0 72.5
Illawarra Shoalhaven 79.0 60.2
Mid North Coast 82.0 76.7
Murrumbidgee 85.3 81.9
Nepean Blue Mountains 79.0 65.5
Northern NSW 81.0 78.2
Northern Sydney 79.0 73.9
South Eastern Sydney 78.0 70.3
South Western Sydney 78.0 61.2
Southern NSW 85.0 83.0
Sydney 76.0 70.9
Sydney Children’s Hospitals Network 80.0 72.1
Western NSW 85.9 81.0
Western Sydney 78.0 59.0
St Vincent's Health Network* 75.0 65.4
* St Vincent’s Health Network Sydney (SVHNS) comprises of St Vincent’s Hospital Sydney Limited as the affiliated health organisation in respect of four recognised establishments under the Health Services Act 1997 (NSW) (Health Services Act). Under the Health Services Act, St Vincent’s Hospital Sydney Limited, is treated as a Network for the purposes of the National Health Reform Agreement in respect of the three recognised establishments: St Vincent’s Hospital, Darlinghurst; Sacred Heart Health Service, Darlinghurst; St Joseph’s Hospital, Auburn; and St Vincent's Correctional Health, Parklea.
Source: NSW Health (unaudited)

The above changes will be reflected in the version of the report published on the Audit Office website and should be considered the true and accurate version.

Published

Actions for Stronger Communities 2020

Stronger Communities 2020

Justice
Community Services
Asset valuation
Compliance
Financial reporting
Information technology
Internal controls and governance
Management and administration
Service delivery

This report analyses the results of our audits of financial statements of the agencies comprising the Stronger Communities cluster for the year ended 30 June 2020. The table below summarises our key observations.

1. Financial reporting

Quality of financial reporting Unqualified audit opinions were issued for all agencies' 30 June 2020 financial statements.
Compliance with financial reporting requirements

The Treasury extended the statutory deadline for the submission of the 2019–20 financial statements. For agencies subject to Treasurer's Directions, Treasury required agencies to submit their 30 June 2020 financial statements by 5 August 2020. For other agencies, the deadline was extended to 31 October 2020. All agencies in the cluster met the revised statutory deadlines.

Cluster agencies substantially completed the mandatory early close procedures set by NSW Treasury. However, nine agencies including the Department of Communities and Justice (the department) did not complete one or more mandatory requirements, such as assessing the impact of new and updated accounting standards.

Financial implications of recent emergencies

Emergency events significantly impacted cluster agencies in 2019–20. Our review of seven cluster agencies most affected highlighted some had incurred additional expenditure because of the bushfires and floods. Others lost revenue due to the COVID-19 pandemic.

During the year these agencies collectively received additional funding of $1.1 billion from the State to respond to:

  • increased demand for homeless people seeking temporary accommodation
  • additional cleaning requirements
  • bushfire recovery efforts
  • emergency support for eligible small businesses.

The Sydney Cricket Ground Trust, Venues NSW and Office of Sport lodged insurance claims of $51.3 million with the Treasury Managed Fund with respect to lost revenues from the pandemic. The losses were mainly due to event cancellations and covered various periods ranging from mid-March to 31 December 2020.

The change in economic conditions caused by the COVID-19 pandemic resulted in the NSW Government cancelling the refurbishment of Stadium Australia it had previously approved in August 2019. Venues NSW wrote off $16.8 million of redevelopment costs during 2019–20.

Restatement of the Sydney Cricket Ground valuation The valuation of the Sydney Cricket Ground (the Stadium) included costs of $28.6 million which were not eligible for capitalisation. The financial statements were restated to reflect the reduction in the value of the Stadium and the asset revaluation reserve.
Unresolved data quality issues in the VS Connect system

The department continues to address significant data quality issues resulting from its implementation of the VS Connect system (the System) in 2019. The issues relate to the completeness and accuracy of the data transferred from the legacy system. The System is used by the department to manage its Victims Support Services (VSS) and for financial reporting purposes.

An independent actuary helps the department estimate its liability for VSS claims. The actuary's valuation at 30 June 2020 was again impacted by the data quality issues. Consequently, the actuary adopted a revised valuation methodology compared to previous years.

Recommendation (repeat issue):

The department should resolve the data quality issues in the VS Connect System before 31 March 2021.

AASB 16 'Leases' resulted in significant changes to agencies' financial position

Cluster agencies implemented three new accounting standards for the first time in 2019–20. Adoption of AASB 16 'Leases' resulted in cluster agencies collectively recognising right-of-use assets and lease liabilities of $1.7 billion and $1.1 billion respectively on 1 July 2019.

Significant misstatements in how lease related balances had been calculated were found in 17 of the 29 cluster agencies. The cluster outsources the management of most of its owned and leased property portfolio to Property NSW, but cluster agencies remain responsible for any deliverables under that arrangement. The misstatements were mainly caused by late revisions of key assumptions and issues with the accuracy and completeness of Property NSW's lease information.

2. Audit observations

Internal control deficiencies

Our 2019–20 financial audits identified 191 internal control issues. Of these, two were high risk and almost one-third were repeat findings from previous audits. While repeat findings reduced by 5.7 percentage points in 2019–20, the number remains high.

Recommendation (repeat issue):

Cluster agencies should action recommendations to address internal control weaknesses promptly. Focus should be given to addressing high risk and repeat issues.

Agencies response to recent emergencies

The severity of the recent bushfires and floods meant natural disaster expenses incurred by emergency services agencies rose from $67.4 million in 2018–19 to $497 million in 2019–20.

The COVID-19 pandemic presented unprecedented challenges for the cluster. Social distancing and other infection control measures disrupted the traditional means of delivering services. Agencies established committees or response teams to respond to these challenges.

The department introduced measures to minimise the risk of the spread of COVID-19 amongst inmates in custodial settings.

Managing excess annual leave

Managing excess annual leave was a challenge for cluster agencies directly involved in the government's response to the emergency events. Employees in frontline cluster agencies deferred leave plans and many have taken little or no annual leave during the reporting period.

Annual leave liabilities rose at the department, NSW Police Force, Fire and Rescue NSW, Office of the NSW Rural Fire Service, the Legal Aid Commission of New South Wales and the Office of the Director of Public Prosecutions. The combined liabilities increased from $620 million to $692 million or 11.6 per cent between 30 June 2019 and 30 June 2020.

Implementation of Machinery of Government (MoG) changes

Administrative Arrangement Orders effective from 1 July 2019, created the department of Communities and Justice and transferred functions and staff, together with associated assets and liabilities into the department from the former departments of Justice and Family and Community Services.

The department continues to establish its governance arrangements following the MoG changes.

Recommendation:

The department should finalise appropriate governance arrangements for its new organisational structure as soon as possible. This includes:

  • harmonising policies and procedures to ensure a unified approach across the department
  • finalising risk management and monitoring processes across the department
  • updating its delegation instruments to reflect the current organisational structure, delegation limits and roles and responsibilities.
Delivery of the Prison Bed Capacity Program

The department continued to expand prison system capacity through the NSW Government's $3.8 billion Prison Bed Capacity Program. The department reported it spent $480 million on the Program in 2019–20. Six prison expansion projects were completed during the year, which added 1,660 new and 395 refurbished beds to the NSW prison system.

Data from the department shows the number of adult inmates in the NSW prison system reached a maximum of 14,165 during the year. Operational capacity was 16,096 beds on 19 August 2020.

 

This report provides parliament and other users of the financial statements of agencies in the Stronger Communities cluster with the results of our audits, our observations, analysis, conclusions and recommendations.

Agencies in the Stronger Communities cluster were significantly impacted by the bushfires, floods and the COVID-19 pandemic in 2019–20. Our 2019–20 financial audits of the seven cluster agencies most significantly impacted by the recent emergency events considered:

  • the financial implications of the emergency events
  • changes to agencies' operating models and control environments
  • delivery of new or expanded projects, programs or services at short notice.

Our findings on these seven agencies' responses to the recent emergencies are included throughout this report. These agencies are:

  • Department of Communities and Justice
  • Fire and Rescue NSW
  • NSW Police Force
  • Office of the NSW Rural Fire Service
  • Office of the NSW State Emergency Service
  • Sydney Cricket and Sports Ground Trust
  • Venues NSW.

The Department of Communities and Justice is the principal agency of the cluster. The names of all agencies in the Stronger Communities cluster are included in Appendix one.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster for 2020, including any financial implications from the recent emergency events.

Section highlights

  • Unqualified audit opinions were issued for all agencies' 30 June 2020 financial statements. All agencies met the revised statutory deadlines for completing early close procedures and submitting their financial statements.
  • Emergency events significantly impacted cluster agencies in 2019–20. Agencies received additional funding of $1.1 billion to respond to the emergencies.
  • Cluster agencies implemented three new accounting standards in 2019–20. Adoption of AASB 16 'Leases' resulted in significant changes to agencies' financial statements.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our:

  • observations and insights from our financial statement audits of agencies in the Stronger Communities cluster
  • assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies
  • review of how the cluster agencies managed the increased risks associated with new programs aimed at stemming the spread of COVID-19 and stimulating the economy.

Section highlights

  • Almost one-third of internal control issues reported were repeat findings. Cluster agencies should address these issues more promptly.
  • The severity of the recent bushfires and floods meant natural disaster expenses incurred by emergency services agencies increased by $430 million in 2019–20.
  • The department continues to establish its governance arrangements following Machinery of Government changes effective 1 July 2019.

 

Appendix one – Timeliness of financial reporting by agency

Appendix two – Management letter findings by agency

Appendix three – List of 2020 recommendations 

Appendix four – Status of 2019 recommendations 

Appendix five – Selected agencies for review of response to emergency events 

Appendix six – Financial data 

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Actions for Managing the health, safety and wellbeing of nurses and junior doctors in high demand hospital environments

Managing the health, safety and wellbeing of nurses and junior doctors in high demand hospital environments

Health
Internal controls and governance
Management and administration
Workforce and capability

The Auditor-General for New South Wales, Margaret Crawford, released a report today examining NSW Health’s management of health and safety risks to nurses and junior doctors in high demand hospital wards over the past five years, including during the first six months of the 2020 COVID-19 health emergency.

The Auditor-General found that while NSW Health effectively managed most incidents and risks to the physical health and safety of hospital staff during ‘business as usual’ activities, systems and resources are not fully effective to manage staff psychological and wellbeing risks, particularly for nurses.

The Auditor-General found that NSW Health was effective in managing most COVID-19 health and safety risks to hospital staff. Overall effectiveness could have been improved had pandemic preparedness training been delivered across all Local Health Districts. Additionally, state-wide communication systems could have been improved to provide hospital clinicians with access to a ‘single source of truth’ with the latest advice from NSW Health authorities.

NSW Health’s planning and preparation for the supply of Personal Protective Equipment (PPE) was partially effective. At various times, some PPE items could not be sourced from established suppliers. Face masks, goggles and protective gowns were substituted with products that differed in shape, size and fitting from usual items, and in some hospitals, substituted masks were used without being locally fit tested by hospital staff.

The Auditor-General made seven recommendations aimed at enhancing hospital health and safety risk reporting practices, along with a recommendation that NSW Health conduct a post pandemic 'lessons learned' review and make policy and operational recommendations for future pandemic responses.

Over the past decade, there have been increases in the numbers of health and safety incidents affecting nurses and junior doctors in NSW hospitals. These increases have been associated with higher numbers of patients with acute mental health conditions, age-related cognitive impairments, and patients presenting in emergency departments under the influence of drugs and alcohol.  

This audit commenced in August 2019, with a focus on the health, safety and wellbeing of nurses and junior doctors in high demand hospital wards. Our audit focused on emergency departments, mental health wards and aged care wards during 'business as usual’ periods of hospital operations. 

In the early months of 2020, the novel coronavirus (COVID-19) brought new health and safety risks to hospital staff. These risks included the potential for infection amongst health workers, increased staff workloads, and impacts on staff wellbeing.  

In May 2020, we expanded the focus of the audit to assess the effectiveness of NSW Health’s management of the health and safety risks to staff during the COVID-19 health emergency. We assessed the impacts on emergency departments and intensive care units, as these were the wards where staff were most likely to come into contact with COVID-19.  

The Audit Office acknowledges the ongoing health and safety challenges that the pandemic has brought to NSW Health staff – in particular to hospital clinicians and the managers who support them.  

This audit assessed the effectiveness of NSW Health’s:

  • systems, forums and workplace cultures to support reporting and generate data about risk
  • initiatives to support safe workplaces and effectively respond to health and safety incidents
  • actions to continuously improve staff health, safety and wellbeing in hospital environments.

The first three chapters of this report describe the effectiveness of NSW Health’s ‘business as usual’ health and safety risk management. The fourth and fifth chapters describe the effectiveness of NSW Health’s health and safety risk management during the COVID-19 pandemic.  

Conclusion
NSW Health’s management of health and safety risks in NSW hospitals

NSW Health is effectively monitoring and managing most incidents and risks to the physical health and safety of nurses and junior doctors in NSW hospitals. However, systems and resources are not fully effective across all Local Health Districts for monitoring or managing psychological and wellbeing risks - particularly in relation to nurses.

NSW Health’s incident management system is effective for recording health and safety incidents in hospital wards where incidents occur infrequently, and staff have time to log incident details during shift hours. However, in high demand wards where incidents and risks are common, staff report that they are unable to log all incidents due to the frequency of events, and the time it takes to record incidents in the system.

NSW Health is taking reasonable steps to manage and respond to physical health and safety incidents in NSW hospitals, but psychological and wellbeing risks and incidents are not routinely recorded or escalated to managers. Stress debriefing is not consistently available to staff after difficult or traumatic workplace incidents.

The Ministry of Health could improve its information sharing and data reporting on state-wide health and safety risks in NSW hospitals, and communicate risk trends to the wider NSW health system. This would assist managers to identify common health and safety issues, and target their responses. The Ministry has not set up systems or strategies to identify or support the expansion of successful health and safety initiatives across the NSW health system.

NSW Health’s management of health and safety risks associated with COVID-19

To date, NSW Health has effectively managed most COVID-19 related health and safety risks to hospital staff. The overall effectiveness of NSW Health's preparations and responses to COVID-19 could have been improved in the early phases of the health emergency - from January to early April 2020 - by ensuring that hospital staff in all Local Health Districts had access to pandemic training, that all emergency response policies had been updated and circulated, that state-wide communication systems were able to be rapidly upscaled to deliver consistent messages to hospital staff across the health system, and that PPE supply lines could provide sufficient stock to meet requirements during all pandemic response phases.

Local Health District executives and hospital managers effectively guided and supported nurses and junior doctors to manage and minimise most COVID-19 health and safety risks in hospital environments. However, communication with frontline staff could have been improved in the early stages of the pandemic. The Ministry did not set up a centralised communication channel to communicate consistent messages and advice to hospital clinicians until April 2020. This finding is consistent with a finding from the 2009 review into NSW Health’s response to the H1N1 influenza outbreak. Clinical staff advised that the lack of a centralised communication channel, substantially increased their workloads as they checked numerous sources for the latest and most authoritative advice.

Prior to COVID-19, pandemic response training was limited across the NSW Health system. Nurse managers of emergency departments and intensive care units reported that there was limited training or familiarisation with the NSW Pandemic Plan. Key policies describing infection control principles for emergency departments and intensive care units were outdated and had not been revised within required timelines.

NSW Health's planning and preparation for the supply and management of personal protective equipment (PPE) has been partially effective, with PPE available to hospital staff at all times. However, at various intervals, some PPE could not be sourced from established suppliers. Face masks, goggles and protective gowns were substituted with products that differed in shape, size and fitting, from the usual PPE stock. Staff reported that in the early stages of the pandemic, substituted masks were not locally fit tested by hospital staff in some emergency departments.

1. Audit recommendations

By December 2021, NSW Health should:

  1. Evaluate the effectiveness of the new incident management system to enable full reporting of health and safety incidents and risks in all hospital wards, including those where incidents and risks are common, and monitor for consistency of reporting over time
  2. Expand the categories of hospital incident data reported to Ministry executives in the Work Health and Safety Dashboard reports, including by linking injury data to incident types by hospital ward category, and monitor in conjunction with Local Health Districts for emerging trends and improvement over time
  3. Ensure that nurses and junior doctors have regular opportunities to report on risks to their psychological health and wellbeing, and that system managers have access to aggregate data to guide responses to mitigate these risks
  4. Develop and implement an evidence-based guiding framework and strategy to support hospital staff in the aftermath of traumatic or unexpected workplace incidents, and monitor implementation
  5. At regular intervals, publicly report aggregate Root Cause Analysis data detailing the hospital system factors that contribute to clinical incidents
  6. Develop and implement a systemwide platform for sharing research and information about hospital health and safety initiatives across the health system
  7. Conduct a post-pandemic 'lessons learned' review focusing on the effectiveness of key strategies deployed in the management of the COVID-19 pandemic and make policy and operational recommendations for future pandemic responses. In particular, ensure:
    • regular scenario-based pandemic training for hospital staff
    • updated policies and protocols for hospital infection controls
    • capability to upscale authoritative communication with frontline health workers at the earliest notification of a health emergency and for the duration of the emergency
    • systems and safeguards to ensure the supply and availability of clinically appropriate personal protective equipment (PPE) during all phases of a pandemic.

Local Health Districts were effective in leading health and safety infection control activity

According the NSW Health Influenza Pandemic Plan (Pandemic Plan), the Chief Executives of Local Health Districts have ultimate responsibility for public health unit preparations during health emergencies. If necessary, they can ‘draw on the support of the State Pandemic Management Team and local emergency management resources’.

During the preparations and early response phases to the COVID-19 pandemic, Local Health Districts were at the forefront of most NSW hospital activity. They took the lead role in developing hospital infection control protocols and guidance about the appropriate uses of Personal Protective Equipment (PPE). Each Local Health District established its own responses to the health emergency, based on the best clinical advice available to them. The localised approach meant that there were some minor differences in infection control practices across the NSW health system.

Throughout February and March 2020, there was limited centralised policy or guidance from the Ministry and its Pillar Health agencies about COVID-19 infection control practices. It was not possible to mandate practices at a time when information about the virus was evolving. Clinical responses were changing as more became known about COVID-19, especially about its patterns of transmission and its impacts on people with the disease.

During February and March 2020, Local Health District executives communicated with hospital staff via a range of methods. Some sent daily e-memos with the latest updates. Some scheduled more regular meetings with hospital clinicians. Some Districts set up extensive staff training sessions and information briefings to keep all personnel updated with the latest advice. Physical distancing made it difficult to bring staff together in large groups, so a range of communications measures were implemented.

Clinical staff also utilised their clinical training and expertise to prepare their wards and train frontline staff in infection control procedures. Some sourced information from national and international colleagues to add to localised knowledge of the virus.

When the first evidence of COVID-19 community transmission was identified in the Northern Sydney Local Health District, hospital staff followed infection control protocols that were based on local guidance and information. With the support from the District executive team and infectious diseases experts, hospital clinicians set up their own infection control protocols and PPE protections. Within a week the District had produced a matrix to guide staff in the uses of PPE during COVID-19 procedures, and had circulated the guidance to all hospital clinicians.

At the end of March 2020, a version of the Northern Sydney PPE matrix was published on the Clinical Excellence Commission’s website and it has now become NSW Health’s standard guideline for PPE during COVID-19 procedures. Once this guideline was published centrally, infection control practices were standardised across NSW hospitals.

This form of District-led policy making is not ‘business as usual’ practice for NSW Health. Policy making processes were somewhat reversed during the early response phases to COVID-19. This flexible policy approach supports the governance arrangements described in the Pandemic Plan, which assigns responsibility for ‘supporting and maintaining quality care across health services and implementing infection control measures as appropriate’ to Local Health Districts.

In non-health emergency situations, clinical policy and protocols are usually initiated and developed by the Ministry and the Clinical Excellence Commission and are subsequently shared across the health system after a quality control process. The localised approach adopted in the months from February to March 2020, allowed for rapid and flexible responses to changing information – to protect the health and safety of the hospital workforce and the wider community.

Hospital staff across NSW would have been better prepared for COVID-19 if pandemic training had been delivered across all Local Health Districts in the past decade

Local Health Districts are responsible for training hospital staff in preparation for public health emergencies. NSW’s policy describing Public Health Emergency Response Preparedness Minimum Standards requires that clinical staff participate in at least one annual emergency training exercise if they hold a position where they are likely to be called upon in an emergency. Staff must participate in an actual response exercise or a relevant training session. The training must also include re-familiarisation with PPE.

Available evidence about emergency response training in NSW indicates that at least two Local Health Districts have delivered pandemic focussed training in the past decade. Our interviews with managers of emergency departments and intensive care units indicates that most other Districts have focused their emergency training on mass patient trauma incidents such as plane crashes, train crashes and terrorist attacks. While the potential for these types of mass trauma events is real, and warrants training and preparation, significant global outbreaks of diseases have also had potential to threaten NSW communities. In previous decades, global health communities have been at risk of diseases such as the Severe Acute Respiratory Syndrome (SARS) and Middle East Respiratory Syndrome (MERS).

In the two Districts where pandemic training was provided in NSW, staff participated in community influenza vaccination exercises. These were focused on upskilling staff to follow emergency command structures, manage high volume patient flows, and organise sanitisation logistics during a hospital-based training exercise.

Our interviews with nurse managers in emergency departments and intensive care units indicate that in the majority of other Local Health Districts, key personnel were unaware of the NSW Pandemic Plan. Interviewed staff also reported insufficient scenario-based training in pandemic responses over the last ten years.

The Ministry, the Clinical Excellence Commission and the Health Education and Training Institute (HETI) are responsible for online training and 'state-wide strategies and resources to maintain high levels of compliance with infection control and patient safety recommendations'. The HETI website contains online training modules in infection control and PPE donning and doffing procedures. Other infection control information and research is available on the websites of the Clinical Excellence Commission and the Agency for Clinical Innovation.

Online training modules are effective for upskilling staff in a range of skills, but are not a substitute for real-time, rapid incident response training. Face-to-face training provides opportunities for first responders to test procedures in hospital environments. Incident response training provides opportunities for staff to assess their levels of compliance with protocols and their competence with equipment in scenario situations. It is the responsibility of Local Health Districts to provide this form of training to the health staff in their District.

Two NSW Health policies that govern clinical arrangements during pandemics are outdated

The Ministry had not updated two policies that had the potential to assist emergency departments and intensive care units in aspects of their ward preparation for the COVID-19 pandemic. Both policies were on the NSW Health website, but neither were shared with hospital staff in the planning phases for the pandemic. Both policies are out of date and have not been revised within required timeframes.

The 2010 Influenza Pandemic - Providing Critical Care policy was due for review in May 2015 and was not updated at the time of the COVID-19 health emergency. Similarly, the 2007 policy Hospital Response to Pandemic Influenza Part 1: Emergency Department Response was due for review in June 2012 and has not been updated.

These policies were designed to assist clinical staff to make necessary ward arrangements for infection control. They set out the steps for rapid identification of contingent workforces, isolation procedures, and management of patient flows to separate those with suspected infection from other patient cohorts. They were a potential addendum to the NSW Pandemic Plan which describes the command and control responsibilities of health agencies in health emergencies.

Our interviews with nurse managers from emergency departments and intensive care units indicate that in the absence of pandemic policy, they sought clinical guidance from external sources and Local Health District experts. Interviewees told us that a lack of policy guidance about ward arrangements and infection control practices in a pandemic increased their workloads and hours of overtime in the early response phases to COVID-19. With the support of Local Health Districts, clinical staff made rapid adjustments in order to respond to changing testing requirements and ward arrangements.

The Ministry was slow to establish a centralised communication channel to communicate with frontline staff

NSW Health’s governance and communication arrangements during a pandemic are set out in the Pandemic Plan. The Plan requires that government agencies ‘commence enhanced arrangements, establish communications measures’ and confirm ‘governance arrangements’ when there is evidence of person to person transmission during an influenza outbreak. NSW Health received the first notifications of the novel coronavirus risks in January 2020.

During the preparation and early response phases to COVID-19, the Ministry and its central agencies were slow in establishing a single, authoritative channel through which to communicate consistent messages to frontline staff. Clinical staff required up-to-date information about COVID-19 testing criteria as requirements were changing rapidly, sometimes daily. While there was no expectation for fixed policy at this time, hospital staff required the latest instructions about treatment requirements, and updates on the numbers of COVID-19 infections in their region.

As information about COVID-19 was evolving, information was communicated across the health system via ‘multiple channels and sources’. While the Ministry and its central agencies communicated extensively with Local Health Districts during March 2020, hospital staff reported to us that they weren’t always sure where they could find the latest advice about testing protocols or infection controls.

Frontline staff told audit office staff that they were checking multiple sources and time-stamping advice to ensure they had the most up to date information on a daily basis. While some Local Health Districts managed clear communication links with frontline staff, nurse managers told us that communication was ‘chaotic’ during the early phases of pandemic preparation. Key personnel were not always available outside business hours and nurse managers advise that they spent hours at the end of shifts, seeking and printing the latest advice for weekend and night shift personnel. By the end of March 2020, the Ministry and the Clinical Excellence Commission websites became better organised to communicate with frontline clinicians.

A recommendation to the Ministry of Health after H1N1 swine flu could be equally applied in the COVID-19 context. The NSW Government’s report: Key Recommendations on Pandemic (H1N1) 2009 Influenza recommended the establishment of ‘clear pathways of communication … so that all employees have confidence in where their information will come from and who they should approach if they need additional information.’

NSW Health acknowledges the challenges and the lessons from the early phases of the COVID-19 pandemic. For example, a strategy released in August 2020, sets out NSW Health’s own recommendation for the future management of PPE including: ‘Aligning a single source of truth for PPE education and evidence-based guidance to ensure clarity of information on appropriate use, supported by an influential network of Infection Prevention and Control (IPC) practitioners at the forefront.

Ministry executives advise that communication with health staff has improved since the early phases of the pandemic. The Ministry now sends weekly COVID-19 updates to over 130,000 health staff via email. In addition, NSW Health now has two COVID-19 tabs on its website with current information, including COVID-19 testing advice. According to Ministry executives, these communication channels could be used or replicated if needed for future health emergencies. The Ministry also provides health information and updates via a phone application called Med App. This App is preferred by doctors and is less likely to be used by nurses. As at October 2020, there are 13,000 users of Med App. Push notifications can be made on Med App through SMS alerts.

Personal protective equipment (PPE) was not always available in required sizes and some hospital masks and gowns were substituted with products that differed from the usual items

Since the emergence of COVID-19 in Australia, all clinicians in NSW hospitals have had access to some form of PPE for their clinical requirements. If staff did not have appropriate equipment for each COVID-19 related procedure, they were guided by the formal advice issued to the NSW Health workforce on 11 March 2020 stating that: ‘The safety of NSW Health staff is a priority at all times, especially during COVID-19. Where safe working practices confirm specific PPE (e.g. face shields/masks or other equipment) are required for the protection of staff due to COVID-19, in all circumstances:

  • staff are to wear prescribed PPE as instructed
  • staff are not to undertake or be required to undertake tasks requiring PPE if the PPE is not available for use. Any such tasks are not to proceed until required PPE is available
  • any staff member who is concerned about their safety must raise their concerns immediately to their manager.’

At periods during March and April 2020, some PPE items were not available in the required sizes or the regular brands to which staff were accustomed. HealthShare NSW was not able to source PPE from usual suppliers. HealthShare NSW sourced PPE including N95 masks from non-traditional suppliers. Some PPE items differed in shape and size from the usual hospital equipment. While senior executives from HealthShare NSW advise that all products were approved by the Therapeutic Goods Administration (TGA), in some hospitals, nurse managers advise that staff were not able to ‘fit test’ substituted masks. Fit testing determines the type and the size of the respirator mask that achieves an adequate seal on an individual’s face.

In March and April 2020, ‘duck bill’ (N95) masks were not available in some hospitals. According to stock managers and clinical managers in Local Health Districts, duck bills are the preferred mask for staff with smaller faces, particularly female staff members. The duck bill mask is a standard PPE product, and as such, is fit tested during mandatory PPE training. During the early response phases to COVID-19, most Local Health Districts were provided with substitute N95 masks. Fit testing of the substituted N95 masks was not able to be conducted in all NSW hospitals during the early phases of COVID-19. During the first wave of COVID-19 in March and April 2020, hospital staff told audit staff that there was no time and a lack of equipment to appropriately fit test substituted N95 masks.

Nurse managers in emergency departments advise that in some instances, staff made adaptations to PPE to improve protections, such as doubling masks, adding elastics or bringing their own equipment. These adaptations were not consistent with guidelines. Nurse managers advise that in some cases, adaptations to PPE or ill-fitting masks created pressure sores and contact dermatitis. Just over half of the stock managers of Local Health Districts advised that PPE stock was procured from outside the HealthShare NSW system. Stock managers in some Districts advise that facial shields and goggles sourced from non-traditional suppliers by HealthShare NSW were of a lesser quality than standard equipment. Stock managers and nurse managers reported that the changes in PPE products caused confusion and stress amongst staff.

Local Health Districts were proactive in assisting hospital staff to mitigate risks of COVID-19 infections. Some Local Health Districts assigned ‘tiger teams’ to assist staff with their PPE practices. Tiger teams provide clinical expertise and advice to staff, answer questions about infection control and provide training on PPE practice in hospital ward environments. They assist and support PPE donning and doffing practices to ensure the appropriate sequencing of applying and removing PPE for effective infection control. They provide mask fit checking guidance to assist staff in correct PPE practices.

Districts ran extensive refresher PPE training sessions for clinical staff. Some hospitals ran regular PPE demonstrations so that staff could observe correct PPE procedures at set times during the day. These activities assisted staff to implement appropriate infection control in the period before the Clinical Excellence Commission’s web-based materials and videos became available in late March and early April 2020. These online resources now provide comprehensive guidance to hospital staff in PPE practices.

HealthShare NSW placed limits or caps on some high-demand PPE items that were too low to meet requirements in some Local Health Districts and had to be adjusted to meet actual demand

The NSW Pandemic Plan describes the responsibilities of the Ministry and its central agencies to manage and maintain the State Medical Stockpile of essential PPE supplies and antiviral medications. During a pandemic, HealthShare NSW has responsibility for warehousing, monitoring and distributing health supplies to the health workforce.

Due to a reported global shortage of PPE and limits to the NSW stockpile, HealthShare NSW placed limits on the provision of approximately 100 high-demand items to NSW hospitals. HealthShare NSW advise that the PPE order capping ceilings were implemented ‘to ensure local stockpiling does not occur’. A centralised ordering process was established with Local Health Districts so that PPE product ordering occurred through single hospital locations (214 across the State), rather than at the ward level. Escalation processes were established to allow Districts to request one-off increases to supply, and a process was set up to permanently increase the order cap limit for any PPE item by facility.

According to HealthShare NSW, ‘as incoming central supply has improved, order caps have subsequently increased in line with strong engagement and governance with the Local Health Districts to ensure the appropriate levels of supply are provided’. The original capped levels were determined by assessing PPE usage in wards during the flu season of 2019. As the flu season case numbers of 2019 were relatively low, some Local Health District managers advised that the levels of PPE during 2019 were not comparable to the level of PPE required for the COVID-19 pandemic.

After advocacy from hospital stock managers and clinicians, HealthShare NSW increased capped PPE levels in many Local Health Districts.

Executive members of the State Health Emergency Operations Centre (SHEOC) advise that its PPE supply strategy needs to be carefully developed as there are vast differences in PPE usage rates during 'business as usual' periods and pandemic periods. If NSW Health kept the level of PPE required in planning for a worst-case scenario, this would equate to an extensive surplus of PPE that could not be utilised during business as usual periods. The SHEOC Executive advise that it is not feasible or economical to store this level of PPE. They advise that given the costs of PPE, and the fact that the products have a shelf life, a diversified supply line is a more reliable method for ensuring PPE during surge and non-surge periods.

Early data modelling showed ICU patient numbers at levels not manageable with levels of ventilators and equipment

Early projections of patient numbers requiring acute care for COVID-19, were at levels that would not have been manageable with the equipment and resources of NSW hospitals. Throughout March through to May 2020, government data modelling indicated significant surges of community infections and surges in intensive care patients.

Early estimates were based on overseas trends, and if actual cases had matched projections, NSW hospitals would not have had sufficient ventilators to meet demand. The knowledge of this shortfall caused high levels of anxiety among nursing and medical staff.

While the data was based on the best available information, it had negative implications for the health and safety of the nurse and junior doctor workforce. Managers of intensive care wards and emergency departments reported stress amongst the workforce. Staff concerns were primarily about being faced with ‘the unmanageable’, along with heightened fears about contracting the virus with the knowledge that there was insufficient equipment to treat acute patients.

As it transpired, overall numbers of COVID-19 infections were lower than projected during the early months of the pandemic. The lower infection rates in the general population have meant fewer instances of patients requiring intensive care in NSW hospitals. In addition, HealthShare NSW has been able to increase the numbers of ventilators in NSW hospitals to prepare for future surges in patients requiring acute respiratory care.

SHEOC Executive advise that NSW Health undertook an accelerated procurement strategy in early 2020 to increase its stock of ventilators, and that ventilator capacity has always far-exceeded actual requirements.

NSW Health has developed a strategy to improve the management of PPE for the NSW health workforce

In August 2020, NSW Health released a strategy that sets out its future management and planning approaches to the provision of PPE for the NSW Health workforce. NSW Health’s Personal Protective Equipment (PPE) Strategy describes the learnings and challenges during the COVID-19 pandemic in sourcing and distributing PPE. It sets out the systems and methods for distributing PPE to staff and patients and focuses on how staff are kept informed on the appropriate use of PPE at all times. A supporting communications strategy has been developed to support its implementation.

The strategy contains enhanced transparency measures to regularly inform staff about PPE stock levels and to provide data about PPE usage rates by item types in wards in NSW hospitals. The NSW Health PPE strategy describes a changed approach to ordering, storing and allocating PPE. This includes diversifying the supply lines for PPE products to increase supply options in circumstances where supply lines become disrupted. It includes a centralised system for coordinating the supply of hospital PPE through Local Heath District coordination points and centralised distribution points in large hospitals.

Our interviews with hospital PPE stock managers and nurse managers indicate that staff find the new ordering system to be an improvement upon the previous stock ordering method.

According to the Personal Protective Equipment (PPE) Strategy, NSW health is upgrading its models for monitoring and benchmarking PPE usage across the health system. Systems are being improved for forecasting demand volumes during business as usual periods and during health emergency surges.

Appendix one – Response from agency

Appendix two – Audit methodology

Appendix three – About the audit 

Appendix four – Performance auditing 

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #344 - released 9 December 2020

Published

Actions for Internal controls and governance 2020

Internal controls and governance 2020

Education
Environment
Community Services
Finance
Health
Industry
Justice
Premier and Cabinet
Transport
Treasury
Compliance
Cyber security
Information technology
Internal controls and governance
Management and administration
Procurement

The Auditor-General for New South Wales, Margaret Crawford today released her report on the findings and recommendations from the 2019–20 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector.

The bushfire and flood emergencies and the COVID‑19 pandemic continue to have a significant impact on the people and public sector of New South Wales. The scale of the government response to these events has been significant. The report focuses on the effectiveness of internal controls and governance processes, including relevant agencies’ response to the emergencies. In particular, the report focuses on:

  • financial and information technology controls
  • business continuity and disaster recovery planning arrangements
  • procurement, including emergency procurement
  • delegations that support timely and effective decision-making.

Due to the ongoing impact of COVID‑19 agencies have not yet returned to a business‑as‑usual environment. ‘Agencies will need to assess their response to the recent emergencies and update their business continuity, disaster recovery and other business resilience frameworks to reflect the lessons learnt from these events’ the Auditor-General said.

The report noted that special procurement provisions were put in place to allow agencies to better respond to the COVID-19 pandemic. The Auditor-General recommended agencies update their procurement policies to reflect the current requirements of the NSW Procurement Framework and the emergency procurement requirements.

Read the PDF report

This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2020. These 40 agencies constitute an estimated 85 per cent of total expenditure for all NSW public sector agencies.

1. Internal control trends
New, repeat and high risk findings

Internal control deficiencies increased by 13 per cent compared to last year. This is predominately due to a seven per cent increase in new internal control deficiencies and 24 per cent increase in repeat internal control deficiencies. There were ten high risk findings compared to four last year.

The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies.

Agencies should:

  • prioritise addressing high-risk findings
  • address repeat internal control deficiencies by re-setting action plans and timeframes and monitoring the implementation status of recommendations.
Common findings

A number of findings remain common across multiple agencies over the last four years, including:

  • out of date or missing policies to guide appropriate decisions
  • poor record keeping and document retention
  • incomplete or inaccurate centralised registers or gaps in these registers.
2. Information technology controls
IT general controls

We found deficiencies in information security controls over key financial systems including:

  • user access administration deficiencies relating to inadequate oversight of the granting, review and removal of user access at 53 per cent of agencies
  • privileged users were not appropriately monitored at 43 per cent of agencies
  • deficient password controls that did not align to the agency's own password policies at 25 per cent of agencies.

The deficiencies above increase the risk of non-compliance with the NSW Cyber Security Policy, which requires agencies to have processes in place to manage user access, including privileged user access to sensitive information or systems and remove that access once it is not required or employment is terminated.

3. Business continuity and disaster recovery planning
Assessing risks to business continuity and Scenario testing

The response to the recent emergencies and the COVID-19 pandemic has encompassed a wide range of activities, including policy setting, on-going service delivery, safety and availability of staff, availability of IT and other systems and financial management. Agencies were required to activate their business continuity plans in response, and with the continued impact of COVID-19 have not yet returned to a business-as-usual environment.

Our audits focused on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic.

We identified deficiencies in agency business continuity and disaster recovery planning arrangements. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities. Agencies can also improve the content of their BIA. For example, ten per cent of agencies' BIAs did not include recovery time objectives and six per cent of agencies did not identify key IT systems that support critical business functions. Scenario testing improves the effectiveness with which a live crisis is handled, but 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. There were also opportunities to improve the effectiveness of scenario testing exercises by:

  • involving key dependent or inter-dependent third parties who support or deliver critical business functions
  • testing one or more high impact scenarios identified in their business continuity plan
  • preparing a formalpost-exercise report documenting the outcome of their scenario testing.

Agencies have responded to the recent emergencies but addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required.

During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'.

Responding to disruptions

We found agencies' governance functions could have been better informed about responses to disruptive incidents that had activated a business continuity or disaster recovery response between 1 January 2019 to 31 December 2019. For instance:

in 89 per cent of instances where a business continuity response was activated, a post-incident review had been performed. In 82 per cent of these instances, the outcomes were reported to a relevant governance or executive management committee

in 95 per cent of instances where a disaster recovery response was activated, a post incident review had been performed. In 86 per cent of these instances, the outcomes were reported to a relevant governance committee or executive management committee.

Examples of recorded incidents included extensive air quality issues and power outages due to bushfires, system and network outages, and infected and hijacked servers.

Agencies should assess their response to the recent emergencies and the COVID-19 pandemic and update business continuity, disaster recovery and other business resilience frameworks to incorporate lessons learned. Agencies should report to those charged with governance on the results and planned actions.

Management review and oversight Eighty-two per cent and 86 per cent of agencies report to their audit and risk committees (ARC) on their business continuity and disaster recovery planning arrangements, respectively. Only 18 per cent and five per cent of ARCs are briefed on the results of respective scenario testing. Briefing ARCs on the results of scenario testing exercises helps inform their decisions about whether sound and effective business continuity and disaster recovery arrangements have been established.
4. Procurement, including emergency procurement
Policy framework

Agency procurement policies did not capture the requirements of several key NSW Procurement Board Directions (the Directions), increasing the risk of non-compliance with the Directions. We noted: 

  • 67 per cent of agencies did specify that procurement above $650,000 must be open to market unless exempt or procured through an existing Whole of Government Scheme or contract
  • 36 per cent of agencies did specify that procurements above $500,000 payable in foreign currencies must be hedged
  • 69 per cent of agencies' policies did specify that the agency head or cluster CFO must authorise the engagement of consultants where the engagement of the supplier does not comply with the standard commercial framework.

Recommendation: Agencies should review their procurement policies and guidelines to ensure they capture the key requirements of the NSW Government Procurement Policy Framework, including NSW Procurement Board Directions.

Managing contracts

Eighty-eight per cent of agencies maintain a central contract register to record all details of contracts above $150,000, which is a requirement of GIPA legislation. Of the agencies that maintained registers, 13 per cent did not capture all contracts and eight per cent did not include all relevant contract details.

Sixteen per cent of agencies did not periodically review their contract register. Timely review increases compliance with GIPA legislation, and enhances the effectiveness with which procurement business units monitor contract end dates, contract extensions and commence new procurement.

Training and support

Ninety-three per cent of agencies provide training to staff involved in procurement processes, and a further 77 per cent of agencies provide this training on an on-going basis. Of the seven per cent of agencies that had not provided training to staff, we noted gaps in aspects of their procurement activity, including:

  • not conducting value for money assessments prior to renewing or extending the contract with their existing supplier
  • not obtaining approval from a delegated authority to commence the procurement process
  • procurement documentation not specifying certain key details such as the conditions for participation including any financial guarantees and dates for the delivery of goods or supply of services.

Training on procurement activities ensures there is effective management of procurement processes to support operational requirements, and compliance with procurement directions.

Procurement activities While agencies had implemented controls for tender activities above $650,000, 43 per cent of unaccredited agencies did not comply with the NSW Procurement Policy Framework because they had not had their procurement endorsed by an accredited agency within the cluster or by NSW Procurement. This endorsement aims to ensure the procurement is properly planned to deliver a value for money outcome before it commences.
Emergency procurement

As at 30 June 2020, agencies within the scope of this report reported conducting 32,239 emergency procurements with a total contract value of $316,908,485. Emergency procurement activities included the purchase of COVID-19 cleaning and hygiene supplies.

The government, through NSW Procurement released the 'COVID-19 Emergency procurement procedure', which relaxed procurement requirements to allow agencies to make COVID-19 emergency procurements. Our review against the emergency procurement measures found most agencies complied with requirements. For example:

  • 95 per cent of agencies documented an assessment of the need for the emergency procurement for the good and/or service
  • 86 per cent of agencies obtained authorisation of the emergency procurement by the agency head or the nominated employee under Public Works and Procurement Regulation 2019
  • 76 per cent of agencies reported the emergency procurement to the NSW Procurement Board.

Complying with the procedure helps to ensure government resources are being efficiently, effectively, economically and in accordance with the law.

Recommendation: Agency procurement frameworks should be reviewed and updated so they can respond effectively to emergency situations that may arise in the future. This includes:

  • updating procurement policies and guidelines to define an emergency situation, specify who can approve emergency procurement and capture other key requirements
  • using standard templates and documentation to prompt users to capture key requirements, such as needs analysis, supplier selection criteria, price assessment criteria, licence and insurance checks
  • having processes for reporting on emergency procurements to those charged with governance and NSW Procurement.
5. Delegations
Instruments of delegation

We found that agencies have established financial and human resources delegations, but some had not revisited their delegation manuals following the legislative and machinery of government changes. For those agencies impacted by machinery of government changes we noted:

  • 16 per cent of agencies had not updated their financial delegations to reflect the changes
  • 16 per cent of agencies did not update their human resources delegations to reflect the changes.

Delegations manuals are not always complete; 16 per cent of agencies had no delegation for writing off bad debts and 26 per cent of agencies had no delegation for writing off capital assets.

Recommendation: Agencies should ensure their financial and human resources delegation manuals contain regular set review dates and are updated to reflect the Government Sector Finance Act 2018, machinery of government changes and their current organisational structure and roles and responsibilities.

Compliance with delegations

Agencies did not understand or correctly apply the requirements of the Government Sector Finance Act 2018 (GSF Act), resulting in non-compliance with the Act. We found that 18 per cent of agencies spent deemed appropriations without obtaining an authorised delegation from the relevant Minister(s), as required by sections 4.6(1) and 5.5(3) of the GSF Act.

Further detail on this issue will be included in our Auditor-General's Reports to Parliament on Central Agencies, Education, Health and Stronger Communities, which will be tabled throughout December 2020.

Recommendation: Agencies should review financial and human resources delegations to ensure they capture all key functions of laws and regulations, and clearly specify the relevant power or function being conferred on the officer.

6. Status of 2019 recommendations
Progress implementing last year's recommendations

Recommendations were made last year to improve transparency over reporting on gifts and benefits and improve the visibility management and those charged with governance had over actions taken to address conflicts of interest that may arise. This year, we continue to note:

  • 38 per cent of agencies have not updated their gifts and benefits register to include all the key fields required under the minimum standards set by the Public Service Commission
  • 56 per cent of agencies have not provided training to staff and 63 per cent of agencies have not implemented an annual attestation process for senior management
  • 97 per cent of agencies have not published their gifts and benefits register on their website and 41 per cent of agencies are not reporting on trends in the gifts and benefits register to those charged with governance.

While we acknowledge the significance of the recent emergencies, which have consumed agency time and resources, we note limited progress has been made implementing these recommendations. Further detail on the status of implementing all recommendations is in Appendix 2.

Recommendation: Agencies should re-visit the recommendations made in last year's report on internal controls and governance and action these recommendations.

Internal controls are processes, policies and procedures that help agencies to:

  • operate effectively and efficiently
  • produce reliable financial reports
  • comply with laws and regulations
  • support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.

Section highlights

We identified ten high risk findings, compared to four last year with two findings repeated from the previous year. There was an overall increase of 13 per cent in the number of internal control deficiencies compared to last year due to a seven per cent increase in new internal control deficiencies, and a 24 per cent increase in repeat internal control deficiencies. The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies.

We identified a number of findings that remain common across multiple agencies over the last four years. Some of these findings related to areas that are fundamental to good internal control environments and effective organisational governance. Examples include:

  • out of date or missing policies to guide appropriate decisions
  • poor record keeping and document retention
  • incomplete or inaccurate centralised registers, or gaps in these registers.

Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.

Section highlights

Government agencies’ financial reporting is heavily reliant on information technology (IT). We continue to see a high number of deficiencies related to IT general controls, particularly those related to user access administration. These controls are key in adequately protecting IT systems from inappropriate access and misuse.

IT is also important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our financial audits do not review all agency IT systems. For example, IT systems used to support agency service delivery are generally outside the scope of our financial audit. However, agencies should also consider the relevance of our findings to these systems.

Agencies need to continue to focus on assessing the risks of inappropriate access and misuse and the implementation of controls to adequately protect their systems, focussing on the processes in place to grant, remove and monitor user access, particularly privileged user access.

 

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency business continuity and disaster recovery planning arrangements.

Section highlights

We identified deficiencies in agency business continuity and disaster recovery planning arrangements and opportunities for agencies to enhance their business continuity management and disaster recovery planning arrangements. This will better prepare them to respond to a disruption to their critical functions, resulting from an emergency or other serious event. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities and 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. Scenario testing improves the effectiveness with which a live crisis is handled.

This section focusses on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic. While agencies have responded to the recent emergencies, proactively addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required.

During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'.

 

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of procurement agency procurement policies and procurement activity.

Section highlights

We found agencies have procurement policies in place to manage procurement activity, but the content of these policies was not sufficiently detailed to ensure compliance with NSW Procurement Board Directions (the Directions). The Directions aim to ensure procurement activity achieves value for money and meets the principles of probity and fairness.

Agencies have generally implemented controls over their procurement process. In relation to emergency procurement activity, agencies reported conducting 32,239 emergency procurements with a total contract value of $316,908,485 up to 30 June 2020. Our review of emergency procurement activity conducted during 2019–20 identified areas where some agencies did not fully comply with the 'COVID-19 Emergency procurement procedure'.

We also found not all agencies are maintaining complete and accurate contract registers. This not only increases the risk of non-compliance with GIPA legislation, but also limits the effectiveness of procurement business units to monitor contract end dates, contract extensions and commence new procurement in a timely manner. We noted instances where agencies renewed or extended contracts without going through a competitive tender process during the year.

 

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency compliance with financial and human resources delegations.

Section highlights
We found that agencies are not always regularly reviewing and updating their financial and human resources delegations when there are changes to legislation or other organisational changes within the agency or from machinery of government changes. For example, agencies did not understand or correctly apply the requirements of the GSF Act, resulting in non-compliance with the Act. We found that 18 per cent of agencies spent deemed appropriations without obtaining an authorised delegation from the relevant Minister(s), as required by sections 4.6(1) and 5.5(3) of the GSF Act.
In order for agencies to operate efficiently, make necessary expenditure and human resource decisions quickly and lawfully, particularly in emergency situations, it is important that delegations are kept up to date, provide clear authority to decision makers and are widely communicated.

Appendix one – List of 2020 recommendations 

Appendix two – Status of 2019 recommendations

Appendix three – Cluster agencies

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Actions for Government advertising 2018-19 and 2019-20

Government advertising 2018-19 and 2019-20

Whole of Government
Finance
Community Services
Compliance
Management and administration
Procurement

A report released today by the Auditor-General for New South Wales, Margaret Crawford found that select advertising campaigns conducted by Service NSW and the NSW Rural Fire Service met most requirements of the Government Advertising Act, regulations, Guidelines and other laws. However, the audit found that Service NSW inappropriately used its post campaign evaluation to measure sentiment towards and confidence in the NSW Government.  

While agency analysis shows that the ‘Cost of Living’ (phases 2 and 3)  and ‘How Fireproof is Your Plan?’ campaigns achieved most of their objectives, the campaign objectives and targets set by both agencies were not sufficient to measure all aspects of campaign effectiveness. 

The report makes two recommendations to the Department of Customer Service. The first is to review its guidance to ensure agencies are not using post campaign evaluations to measure sentiment towards the government. The second, to review its guidance and the new process of peer review to ensure they support agencies to comply with the Act, the regulations and the Guidelines. 

The Government Advertising Act 2011 requires the Auditor General to conduct an annual performance audit of one or more government agencies to see whether their advertising activities were carried out in an effective, economical and efficient manner and in compliance with the Government Advertising Act 2011.
 

Read full report (PDF)

The Government Advertising Act 2011 (the Act) requires the Auditor-General to conduct a performance audit on the activities of one or more government agencies in relation to government advertising campaigns in each financial year. The performance audit assesses whether a government agency or agencies have carried out activities in relation to government advertising in an effective, economical and efficient manner and in compliance with the Act, the regulations, other laws and the Government Advertising Guidelines (the Guidelines). This audit examined two campaigns run during the 2018–19 and 2019–20 financial years respectively:

  • the 'Cost of Living' campaign run by Service NSW (phases 2 and 3 delivered in 2018–19)
  • the 'How Fireproof Is Your Plan?' (Fireproof) campaign run by NSW Rural Fire Service (year two of a three-year campaign delivered in 2019–20).

Section 6 of the Act prohibits political advertising. Under this section, material that is part of a government advertising campaign must not contain the name, voice or image of a minister, member of parliament or a candidate nominated for election to parliament or the name, logo or any slogan of a political party. Further, a campaign must not be designed to influence (directly or indirectly) support for a political party.

Conclusion

Neither campaign breached the prohibition on political advertising contained in section 6 of the Act. While both campaigns met most requirements of the Act, the regulations, other laws and the Guidelines, we identified some instances of non-compliance. Service NSW inappropriately used its post campaign evaluation to measure sentiment towards and confidence in the NSW Government.

Service NSW used its post-campaign evaluation to measure sentiment towards and confidence in the NSW Government. While neither campaign breached the prohibition on political advertising contained in section 6 of the Act, measuring sentiment towards and confidence in the NSW Government is not an appropriate use of the post-campaign evaluation and creates a risk that the results may be used for party political purposes. This risk is heightened as both phases 2 and 3 of the Cost of Living campaign were run immediately before the NSW state election. We have made this finding previously in our report 'Government advertising 2017–18'.

The campaign objectives and targets set by both agencies were not sufficient to fully measure campaign effectiveness. Service NSW advertised seven rebates in phase 2 of the campaign but only set targets for the awareness and uptake of three of these rebates. NSW Rural Fire Service set objectives and targets to be achieved over the life of the three-year campaign but did not set targets to be achieved for each year of the campaign. While the Fireproof campaign is a three-year campaign, each year of the campaign is subject to a separate approval and peer review process.

Agency analysis shows that both campaigns achieved most of their objectives. There was some overlap in the timing of phases 2 and 3 of the Cost of Living campaign and both phases had similar high-level objectives to increase awareness of rebates, making it difficult to evaluate the effectiveness of each distinct campaign phase. NSW Rural Fire Service conducted a post-campaign evaluation for year two of the Fireproof campaign (2019–20) but although this showed positive results against the overall objectives of the three-year campaign, NSW Rural Fire Service did not set specific targets for year two of the campaign, making it difficult to evaluate effectiveness for that year.

Service NSW was not able to demonstrate that its campaign was economical as it directly negotiated with a single supplier for the creative materials for phase 2. This is contrary to the NSW Government's procurement rules which require agencies to obtain three quotes when using suppliers on a prequalification scheme. Service NSW did not comply with its own procurement policy, which restricts Service NSW employees from entering into discussions with a supplier until the appropriate delegate approves a direct procurement. NSW Rural Fire Service achieved cost efficiencies by re-using creative material developed in the first year of the campaign. NSW Rural Fire Service also received $4 million worth of free advertising time and space.

The cost benefit analyses prepared by both agencies did not fully meet the requirements in the Guidelines. Both agencies identified an alternative to advertising but did not assess the costs and benefits of that alternative. We have made this finding previously in our report 'Government advertising 2017–18' and in our report 'Government advertising 2015–16 and 2016–17'.

In 2018–19, Service NSW delivered phases 2 and 3 of the 'Cost of Living' campaign. The Cost of Living advertising campaign aimed to build awareness of the help available to ease the cost of living for people under financial pressure including awareness of specific rebates that can be claimed. As part of the Cost of Living program, Service NSW developed a webpage designed as a single portal to access more than 40 NSW Government savings, rebates and initiatives (which originated from over 12 different agencies). It also launched the Cost of Living service which includes face to face meetings and phone interviews to help people claim rebates from the NSW Government. Phase 2 of the campaign ran from September 2018 to August 2019. Phase 3 of the campaign ran from January 2019 to July 2019. The budgets for phases 2 and 3 were $4.127 million and $934,800 respectively. See Appendix two for more details on this campaign.

Service NSW complied with most requirements of the Act, the Regulations and the Guidelines. Campaign materials that we reviewed did not breach the prohibition on political advertising contained in section 6 of the Act. However, Service NSW used its post-campaign evaluation to measure sentiment towards, and confidence in, the NSW Government. This is not an appropriate use of the post-campaign evaluation and creates a risk that the results may be used for party political purposes. This risk is heightened as both phases 2 and 3 of the Cost of Living campaign were run immediately before the NSW state election.
The post-campaign evaluation shows that the campaign was effective in achieving most of its objectives. However, in phase 2, Service NSW did not set targets for all of the rebates it advertised. There was some overlap in the timing of phases 2 and 3 of the Cost of Living campaign and both phases had similar high-level objectives to increase awareness of rebates, making it difficult to evaluate the effectiveness of each distinct campaign phase.
Service NSW was not able to demonstrate that its campaign was economical as it directly negotiated with a single supplier for the creative materials in phase 2 (total cost $731,480). This is contrary to the NSW Government's procurement rules which require agencies to obtain three quotes when using suppliers on a prequalification scheme where the estimated cost is more than $150,000. Service NSW did not comply with its own procurement policy, which restricts Service NSW employees from entering into discussions with a supplier until the appropriate delegate approves a direct procurement.
The cost benefit analysis for phase 2 did not accurately assess the benefits of the campaign as Service NSW did not know which rebates would be included in the advertisements at the time the cost benefit analysis was developed. The cost benefit analysis for phase 2 did not assess the costs and benefits of alternatives to advertising.

Campaign materials we reviewed did not breach section 6 of the Act

The audit team reviewed campaign materials developed as part of the paid advertising campaign including radio transcripts, digital videos and display. The audit team did not review the use of social media outside paid social media content as section four of the Act defines government advertising as the dissemination of information which is funded by or on behalf of a government agency. See Appendix two for examples of campaign materials for this campaign.

Section 6 of the Act prohibits political advertising as part of a government advertising campaign. A government advertising campaign must not:

  • be designed to influence (directly or indirectly) support for a political party
  • contain the name, voice or image of a minister, a member of parliament or a candidate nominated for election to parliament
  • contain the name, logo, slogan or any other reference to a political party.

The audit found no breaches of section 6 of the Act in the campaign material we reviewed. 

Post-campaign evaluations measured sentiment towards and confidence in the NSW Government

The post-campaign evaluation for phases 2 and 3 measured levels of confidence with the statement ‘the NSW Government has your best interests at heart’, despite the fact this was not a stated objective of the campaign. This is not an appropriate use of the post-campaign evaluation, which should measure the success of the campaign against its stated objectives. The post-campaign evaluation for phase 3 found that exposure to the campaign improved sentiment towards the government amongst those who did not have confidence in the NSW Government.

Service NSW advised that it was important to measure the sentiment of the advertising including the wording 'best interests' as it did not want the whole of government brand to be detrimental to customer engagement with applying for the rebates.

Following phase 2, Service NSW conducted analysis of media sentiment using the key words 'cost of living' and the names of the Premier, Treasurer and Minister for Customer Service. The analysis presented the level of positive, negative and neutral media sentiment. The Government Advertising Guidelines 2012 list the purposes that government advertising may serve which do not include improving the perception of the government. The inclusion of this analysis in Service NSW's post-campaign evaluation creates a risk that the results may be used for party political purposes.

Section 10 of the Act restricts agencies from carrying out a campaign after 26 January in the calendar year before the Legislative Assembly is due to expire and before the election for the Legislative Assembly in that year. Service NSW authorised a media agency to book media in line with the media plans for the campaign. The media plans for the campaign show that Service NSW did not authorise or plan to run any advertisements between 27 January 2019 and 23 March 2019.

Service NSW did not set targets for all rebates advertised in phase 2

Service NSW did not set targets for four of the seven rebates that were advertised as part of phase 2 of the campaign. These rebates were the Family Energy Rebate, Appliance Replacement Offer, National Parks Concession Offer and the Pensioner Travel Voucher. As a result, it was unable to evaluate whether the advertisements for these rebates were effective. Service NSW advised that at the time the campaign went to peer review, when campaign objectives are set, it did not know which rebates would be included in the advertisements.

Service NSW stated in its submission to the Department of Premier and Cabinet that it may change the creative content for phase 2 as it announced new initiatives and rebates. The peer review process should have ensured that Service NSW set targets for any additional rebates or savings it intended to advertise before that advertising commenced to ensure a strategic approach to the campaigns that clearly demonstrated anticipated benefits were in place.

The post-campaign evaluation for phase 2 shows that the advertising campaign met most of its objectives

Service NSW set overall campaign objectives and specific targets for some rebates advertised as part of phase 2 of the campaign. The objectives, targets and results for phase 2 are shown in Exhibit 5. In phase 2, Service NSW established baseline data on levels of awareness of government rebates during the peer review process. The baseline level of awareness for government rebates was 44 per cent. The level of awareness for specific rebates was 46 per cent for the Compulsory Third Party (CTP) green slip refund, and 21 per cent for both Active Kids and Toll Relief.

Post-campaign evaluation reports for phase 2 show that the campaign met its objective to raise awareness of NSW Government rebates, achieving a 16 per cent increase in awareness from 44 per cent to 51 per cent. The campaign did not meet its target to increase awareness of the CTP green slip refund by ten per cent.

Service NSW did not report the results of the uptake of the CTP green slip refund, Active Kids and Toll Relief in its post campaign effectiveness report submitted to the Department of Premier and Cabinet. However, other post-campaign evaluation documentation, which Service NSW advise was submitted to the Department of Premier and Cabinet, show that these targets were met.

Service NSW did not report to the Department of Premier and Cabinet on whether it achieved the target of a ten per cent increase of average monthly visits to the Cost of Living webpage. Service NSW reported that it had achieved an average of 11,753 visitors to the webpage per day during the campaign. These average daily results indicate that the target was met.

Exhibit 5: Phase 2 - campaign objectives, targets and results
Campaign objectives and targets Does the post-campaign evaluation show that the target was met?
1. a) Increase awareness of rebates from the NSW Government by ten per cent.
Image
mauve circle with tick inside

    b) Increase average monthly visits to the Cost of Living webpage by ten per cent.

Image
mauve circle with tick inside and asterisk to the right

2. Increase awareness of rebates and savings by ten per cent for:

 
  • CTP green slip refund
Image
gold circle with white minus symbol inside
  • Active Kids
Image
mauve circle with tick inside
  • Toll Relief.
Image
mauve circle with tick inside
3. Increase awareness that NSW Government initiatives relating to the cost of living are available via Service NSW by ten per cent.
Image
mauve circle with tick inside
4. Increase the uptake of rebates and savings for the CTP green slip refund, Active Kids and Toll Relief by ten per cent.
Image
mauve circle with tick inside and asterisk to the right
Key
Image
mauve circle with tick inside
Yes
Image
gold circle with white minus symbol inside
Not Fully

*  Some issues with reporting on target.
Source: Service NSW. Audit Office analysis.

The post-campaign evaluation for phase 3 shows that the advertising campaign met most of its objectives

Service NSW set overall campaign objectives and specific targets for the two rebates advertised as part of phase 3 of the campaign. The objectives, targets and results for phase 3 are shown in Exhibit 6.

In phase 3, Service NSW established baseline data on levels of awareness during the peer review process. The baseline level of awareness for government rebates was 44 per cent. This is the same baseline that was used to measure performance for phase 2 of the campaign. Service NSW did not set baselines for awareness and uptake of Energy Switch and Creative Kids as these were new services.

Post-campaign evaluation reports for phase 3 show that the campaign met its objective to raise awareness of NSW Government rebates by ten per cent, achieving a 30 per cent increase in awareness from 44 per cent to 57 per cent. The overall increase in message take-out was met with 43 per cent agreeing with the message that the NSW Government is taking steps to ease the cost of living. The campaign achieved awareness and uptake targets for the specific rebates included in phase 3, except for awareness of Creative Kids which achieved 28 per cent awareness, falling short of the 30 per cent awareness target.

Exhibit 6: Phase 3 - campaign objectives, targets and results
Campaign objectives and targets Does the post-campaign evaluation show that the target was met?
1. Increase message takeout that ‘The NSW Government is taking steps to help ease the cost of living in NSW’ by ten per cent for those who can recall the campaign.
2. Increase awareness that the NSW Government has a range of rebates and savings by ten per cent.
3. Generate awareness with NSW residents aged 18+ of:
 
 
  • Energy Switch (15 per cent awareness)
  • Creative Kids (30 per cent awareness).
4. Create uptake of Energy Switch and Creative Kids (8,356 clicks on the Energy Switch website and 107,938 Creative Kids vouchers downloaded with 70 per cent conversion).
Key
Yes
Not Fully

Source: Service NSW. Audit Office analysis.

The timing of campaign phases meant that it was difficult for Service NSW to evaluate each distinct campaign phase and reduced opportunities to incorporate learnings from previous phases

Service NSW commenced planning for phase 2 of the campaign while phase 1 was still underway. This limited the opportunity for Service NSW to incorporate learnings from phase 1 into phase 2. There was some overlap in the timing of phase 2 and the start of phase 3 of the campaign, making it difficult to evaluate the effectiveness of each distinct campaign phase. Both phases 2 and 3 had the same high-level outcome objective to raise awareness of rebates by ten per cent. The baseline measures that were used to evaluate performance for phase 3 were the same as those used to evaluate phase 2. As a result, Service NSW was not able to separately evaluate these two phases of the campaign. This is important given the budgets for phases 2 and 3 were $4.127million and $934,800 respectively.

Service NSW allocated 7.5 per cent of its media budget to communications with culturally and linguistically diverse (CALD) and Aboriginal audiences

The NSW Government CALD and Aboriginal Advertising Policy requires that agencies spend at least 7.5 per cent of an advertising campaign media budget on direct communications with CALD and Aboriginal audiences. Service NSW authorised a media company to book media in line with the media plans for the campaign. The media plans for phases 2 and 3 of the campaign indicate that Service NSW met this requirement, with 7.5 per cent of the budget allocated to these audiences in phase 2 and 10.4 per cent in phase 3.

The post campaign evaluation for phases 1 and 2 of the Cost of Living campaign contained a recommendation to look at other opportunities to reach CALD audiences. Effective communication with CALD audiences was particularly important in phase 3 of the campaign, where they made up 30 per cent of the target audience for the Creative Kids advertisement. The post-campaign analysis for phase 3 showed that the campaign performed well with some, but not all CALD audiences. The post-campaign analysis also showed low awareness and uptake with Aboriginal audiences. Pre-campaign focus groups in phase 3 found Aboriginal audiences had a negative reaction to the campaign tag line ‘NSW Government is helping with the cost of living’ however this tagline was still used in some advertisements in phase 3.

The cost-benefit analysis (CBA) for phase 2 did not accurately assess the benefits of the campaign and did not assess the costs and benefits of alternatives to advertising

Under the Government Advertising Act 2011, agencies are required to prepare a CBA when the cost of the campaign is likely to exceed $1 million. The CBA conducted by Service NSW for phase 2 includes $8 million in benefits attributed to the advertisements for the Energy Switch tool and $6.9 million in benefits attributed to the advertisements for Creative Kids vouchers. These benefits should not have been included in the CBA for phase 2 as they were not included in this phase of the campaign. The CBA did not estimate the benefits of some other rebates and savings advertised in phase 2 of the campaign. This means that the CBA did not accurately assess the benefits of the campaign. Service NSW advised that at the time the CBA was developed it had not selected the rebates to be included in the campaign.

The Government Advertising Guidelines require agencies to consider options other than advertising to achieve the desired objective including a comparison of costs and benefits. The CBA developed as part of phase 2 identified using existing NSW Government communication channels as an alternative to advertising but did not assess the costs and benefits of this alternative.

This is a repeat finding from two previous government advertising audits. The report ‘Government Advertising: 2015–16 and 2016–17’ found that both agencies subject to the audit did not meet the requirements in the guidelines to consider alternatives to advertising. The report made a recommendation to the Department of Premier and Cabinet to work with Treasury to ensure the requirements of the guidelines are fully reflected in the 'Cost-Benefit Analysis Framework for Government Advertising and Information Campaigns'. The report ‘Government advertising 2017–18’ found that one agency subject to the audit did not identify to what extent the benefits could be achieved without advertising, nor did it consider alternatives to advertising which could achieve the same impact as the advertising campaign.

Service NSW negotiated with a single creative agency in phase 2, making it difficult to demonstrate value for money

Agencies are required to obtain three quotes when procuring a creative agency on the prequalification scheme if the estimated cost of the creative content is greater than $150,000. In phase 2 of the campaign, Service NSW extended the contract with the creative agency used for phase 1 of the campaign and did not obtain three quotes despite the cost of the creative content for phase 2 being $731,480. The requirement to obtain three quotes was met in phase 1 when initially selecting this creative agency.

Service NSWs procurement policy details that direct negotiation may be appropriate where there is a compelling reason to renew or rollover a contract beyond temporal or convenience reasons or in the cases of a genuine emergency. In its briefing to the Chief Executive, Service NSW stated that this contract extension was sought due to the time-sensitive nature of the project and that if work was delayed by a tender process, Service NSW may not be able to meet marketing milestones and this could result in limited customer uptake. This reason is not a genuine emergency and is not compelling as it does not explain what consequences would occur if it did not meet the marketing milestones or if there was limited customer uptake.

Service NSW's procurement policy also states that under no circumstances must Service NSW employees enter into discussions with a supplier until the delegate has formally made their decision to enter into direct negotiation. Service NSW briefed the Chief Executive of Service NSW in relation to extending the contract on 5 September 2018. The briefing states that the creative agency had already begun developing creative content for phase 2 and Service NSW had already received quotes from the creative provider for the proposed work prior to 5 September 2018. Procurement sign-offs were not completed until 7 September 2018. The engagement of the creative provider prior to appropriate approvals was contrary to Service NSWs procurement policy.

The economy of the campaign may have been limited by not meeting the procurement requirements in phase 2. It is possible that the creative provider may have offered a more competitive rate if it was aware that Service NSW was seeking quotes from other creative providers. Additionally, it is possible that another creative provider could have provided better value for money.

In phase 3 of the campaign, the estimated cost of the creative exceeded $150,000 however Service NSW chose to contract two different creative agencies, and the cost for each agency fell below the threshold to obtain three quotes. Agencies are permitted to obtain one quote when using a creative provider on the prequalification scheme if the cost is between $50,000 to $150,000. Service NSW advised that it contracted two creative providers as two different project teams were responsible for the rebates, each with separate marketing budgets.

Service NSW allowed sufficient time for cost-efficient media placement

During the peer review process, the Department of Premier and Cabinet advised agencies about the time they should allow to ensure cost-efficient media placement. For example, the Department of Premier and Cabinet advised that agencies book television advertising six to 12 weeks in advance and that agencies book radio advertising two to eight weeks in advance.

Service NSW allowed sufficient time between the completion of the peer review process and the commencement of the first advertising. Service NSW signed the agreement with the approved Media Agency Services provider with sufficient time to achieve cost-efficient media placement for all types of media used in this campaign.

The campaign may have been misleading for some people who were not eligible for rebates

Advertisements we reviewed focused on the amount of savings that could be obtained from rebates, for example ‘Save up to $285’, and ended with a statement ‘To save, visit service.nsw.gov.au. This directed viewers to the Cost of Living website which contains eligibility information. However, the advertisements in phases 2 and 3 we reviewed did not contain any details on the eligibility for these rebates and not all advertisements stated that eligibility criteria apply. Service NSW advised that the eligibility criteria for each rebate is extensive and that it was not possible to include this in the creative material.

Post-campaign evaluations in phase 3 recommended that advertisements for Creative Kids should indicate eligibility (e.g. age criteria) as statements on savings have the potential to be misleading when not all viewers will be eligible for rebates. Social media analysis conducted following phase 2 showed ineligibility or inability to claim rebates or refunds caused anger for some respondents.

Some advertisements in phase 2 stated ‘we've got something for everyone’. However, as rebates were subject to eligibility criteria, it is possible that some residents in NSW would not be eligible for any rebates as part of the Cost of Living initiative. As such, this statement has the potential to be misleading.

The campaign included statements that underestimated the savings that some customers could obtain

The Guidelines require accuracy in the presentation of all facts, statistics, comparisons and other arguments. The Guidelines also require that all claims of fact included in government advertising campaigns must be able to be substantiated.

In phase 2, the possible savings customers could obtain for two rebates or savings exceeded the amounts stated in the advertising campaign. Exhibit 7 shows some advertisements in phase 2 which stated, ‘My Green Slip Saving Save up to $60’. However, the State Insurance Regulatory Authority website shows that savings for some types of motor vehicles under the 2017 CTP scheme exceed $60. The State Insurance Regulatory Authority website states that the average saving under this scheme has been $129. Service NSW advised that these advertisements were designed for regional markets and that it used different advertisements for metropolitan areas which contained different amounts of savings.

Some advertisements in phase 2 stated, ‘My Toll Relief save up to $700’. The Service NSW website states that drivers can obtain free vehicle registration if they have spent $1,352 or more in tolls in the previous financial year. The cost of registration for some vehicles exceeds $700. This means the savings detailed in the advertisement were lower than what some customers could actually save.

NSW Rural Fire Service conducted the 'How FireProof Is Your Plan?' (Fireproof) campaign. The Fireproof campaign is a three-year campaign which ran in 2018–19 (year one), 2019–20 (year two) and is planned for 2020–21 (year three). This audit examined year two of the campaign (2019–20).

The Fireproof campaign is a public safety campaign encouraging people to plan and prepare for bush fires across the summer period. The campaign aims to improve the quality of bush fire planning and preparation in the community and decrease the impact of fires on the community when they occur.

The Fireproof campaign (year two) complied with most requirements of the Act, the Regulations and the Guidelines. The campaign materials that we reviewed did not breach the prohibition on political advertising contained in section 6 of the Act. NSW Rural Fire Service set objectives and targets to be achieved over the life of the three-year Fireproof campaign. Post-campaign evaluation shows that the Fireproof campaign was effective in achieving increases against its three-year objectives during year two. However, NSW Rural Fire Service did not set targets to be achieved for each year of the campaign, making it difficult to evaluate the effectiveness of year two of the campaign. NSW Rural Fire Service achieved cost efficiencies by re-using creative material developed in the first year of the campaign. NSW Rural Fire Service received $4 million worth of free advertising time and space. The cost benefit analysis for the Fireproof campaign did not assess the costs and benefits of alternatives to advertising.

Campaign materials we reviewed did not breach section 6 of the Act

The audit team reviewed campaign materials developed as part of the paid advertising campaign for example radio advertisements, television commercials and digital displays. The audit team did not review the use of social media outside paid social media content as section four of the Act defines government advertising as the dissemination of information which is funded by or on behalf of a government agency. Examples of campaign materials are shown in Appendix two.

Section 6 of the Act prohibits political advertising as part of a government advertising campaign. A government advertising campaign must not:

  • be designed to influence (directly or indirectly) support for a political party
  • contain the name, voice or image of a minister, a member of parliament or a candidate nominated for election to parliament
  • contain the name, logo, slogan or any other reference to a political party.

The audit found no breaches of section 6 of the Act in the campaign material we reviewed. 

NSW Rural Fire Service did not set targets for the second year of the campaign

The second year of the Fireproof campaign (2019–20) had the same objectives as the first year of the campaign (2018–19), however no specific targets were set for the second year. The advertising submission for the first year of the campaign (2018–19) details the targets for each objective as an increase of ten per cent against the baseline data to be achieved by March 2021, at the end of the three-year campaign.

The second year of the Fireproof campaign (2019–20) was one of the first campaigns approved under the new budget and peer review processes introduced by the Department of Customer Service in 2019–20. The new process for peer review introduced a new template for campaign submissions. The former template for campaign submissions contained more prompts for agencies to ensure the submission contained sufficient detail of campaign objectives, baseline measures, targets, dates for measurement and detail on how they would measure objectives. Despite this, the peer review process should have identified that NSW Rural Fire Service did not set targets for the second year of the campaign.

The 2016 Guidelines for Implementing NSW Government Evaluation Framework for Advertising and Communications requires campaign objectives to be SMART (specific, measurable, achievable, realistic and timed). NSW Rural Fire Service did not meet this requirement for year two of the Fireproof campaign.

Post-campaign evaluations showed increases against four out of five objectives, however there were no specific targets

NSW Rural Fire Service set three campaign objectives at the time it submitted the second year of the campaign (2019–20) to the Department of Customer Service for peer review. However, the post-campaign effectiveness report submitted to the Department of Customer Service measured campaign effectiveness against five campaign objectives. The objectives in the post-campaign effectiveness report were the same objectives set for the first year of the campaign, which is appropriate as this was a repeat campaign.

NSW Rural Fire Service achieved increases against four of their five objectives. However, as noted above there were no specific targets (such as percentage increases) against which performance of the 2019–20 campaign could be measured. Despite this, at the end of the second year, the Fireproof campaign had already achieved some of the targets that NSW Rural Fire Service had set for the end of the third year of the campaign. The post-campaign research showed that both audience recall and exposure to the campaign increased significantly from the prior year. The campaign objectives and results are shown in Exhibit 8.

For those people who already have a bush fire plan, the campaign aimed to increase the number of those plans which have included two or more elements from the Guide to Making a Bush Fire Survival Plan. Elements from the Guide to Making A Bush Fire Survival Plan include actions such as deciding what to take with you if you leave, ensuring you have the right equipment for defending your home and allocating responsibilities to members of a household. The post-campaign evaluation showed that the campaign did not achieve an increase against this objective for people who planned to stay and defend their property rather than leave.

Exhibit 8: Campaign objectives and results
Campaign objectives Does the post-campaign evaluation show increases against the objective?
1. Continue to increase the number of people that have discussed and/or written a plan with regards to what they will do in the event of a fire.
2. Of those who indicate they have a plan, increase the number of people who have included two or more elements from the Guide to Making a Bush Fire Survival Plan:  
  • for those who plan to leave
  • for those who plan to stay and defend.
3. Increase the frequency in completing preparation activities around a person’s property.
4. Increase the number of people who correctly assess it is their responsibility to complete preparation activities and enact their plan without direct intervention from emergency services.
5. Visits to MyFirePlan website.
Key
Yes
No

Source: NSW Rural Fire Service. Audit Office analysis.

NSW Rural Fire Service achieved cost efficiencies by reusing creative content developed in the first year of the campaign

Total creative and production costs incurred in year one of the campaign were $1.08 million. Rather than commissioning new creative materials, NSW Rural Fire Service re-used the same creative content in year two of the campaign. NSW Rural Fire Service incurred $100,000 in creative and production costs in year two of the campaign and achieved cost-efficiencies by reusing the same creative developed in the prior year.

NSW Rural Fire Service allowed sufficient time for cost-efficient media placement and received free media placements

The Department of Customer Service advises agencies to work with media contacts to book media in advance to ensure a cost-efficient placement. Prior to 2019–20, the Department of Premier and Cabinet provided suggested timeframes for agencies to book media as part of the peer review process. For example, it advised agencies to book television six to 12 weeks in advance and book radio advertising two to eight weeks in advance. NSW Rural Fire Service allowed sufficient time for a cost-efficient media placement.

NSW Rural Fire Service received $4 million of free advertising time and space donated by media companies due to the extent and impact of the 2019–20 fire season.

The cost benefit analysis (CBA) did not assess the costs and benefits of alternatives to advertising

Under the Government Advertising Act 2011, agencies are required to prepare a CBA when the cost of the campaign is likely to exceed $1 million. As part of the CBA, the Government Advertising Guidelines require agencies to consider options other than advertising to achieve the desired objective including a comparison of costs and benefits.

The CBA for the Fireproof campaign (year two) notes that the proposed campaign is one component of a broader community engagement strategy which has been developed over time and is based on research and evaluation. The CBA considers two options to achieve the objectives of the campaign. The first option is community engagement activities without an advertising campaign and the second option is community engagement activities alongside an advertising campaign. The CBA does not identify and assess the costs and benefits of both of the options in order to assess the most cost-efficient option.

This is a repeat finding from two previous government advertising audits. The report ‘Government Advertising: 2015–16 and 2016–17’ found that both agencies subject to the audit did not meet the requirements in the guidelines to consider alternatives to advertising. The report made a recommendation to the Department of Premier and Cabinet to work with Treasury to ensure the requirements of the guidelines are fully reflected in the 'Cost-Benefit Analysis Framework for Government Advertising and Information Campaigns'. The report ‘Government advertising 2017–18’ found that one agency subject to the audit did not identify to what extent the benefits could be achieved without advertising, nor did it consider alternatives to advertising which could achieve the same impact as the advertising campaign.

Appendix one – Responses from agencies

Appendix two – About the campaigns

Appendix three – About the audit

Appendix four – Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #342 - released 19 November 2020

Published

Actions for State Finances 2020

State Finances 2020

Education
Finance
Community Services
Health
Justice
Industry
Planning
Environment
Premier and Cabinet
Transport
Treasury
Whole of Government
Financial reporting

The Auditor-General for New South Wales, Margaret Crawford, released her report today on State Finances for the year ended 30 June 2020.

‘I am pleased to once again report that I issued an unmodified audit opinion on the State’s consolidated financial statements,’ the Auditor-General said.

The report acknowledges this has been a challenging year, with New South Wales impacted by natural disasters and the COVID-19 pandemic.

The State’s Budget Result, reported in the financial statements, was a deficit of $6.9 billion. This is different to the 2019-20 budget forecast surplus of $1.0 billion and is an outcome of the government’s significant response to bushfires and COVID-19.

The report summarises a number of audit and accounting matters arising from the audit of the Total State Sector Accounts, a sector that comprises 291 entities controlled by the NSW Government with total assets of $495 billion and total liabilities of $256 billion.

Read full report (PDF)

Our audit opinion on the State’s 2019–20 financial statements was unmodified

An unmodified audit opinion was issued on the State’s 2019–20 consolidated financial statements.

The State extended signing its financial statements by six weeks.

Natural disasters, the COVID-19 pandemic and other factors impacted the State’s 2019–20 reporting timetable. The State extended signing its financial statements by six weeks, compared with 2018–19.

All agencies were also given a two-week extension to prepare their financial statements compared with 2018–19. Further extensions beyond two weeks were subsequently approved for the following 11 agencies (7 in 2018–19) to submit completed financial statements for audit:

  • Department of Communities and Justice
  • Department of Customer Service
  • Department of Planning, Industry and Environment
  • Department of Regional NSW
  • Department of Transport
  • Environment Protection Authority
  • Infrastructure NSW
  • Lord Howe Island Board
  • NSW Crown Holiday Parks Land Manager
  • Service NSW
  • Water Administration Ministerial Corporation.

The extensions reflected that the COVID-19 pandemic impacted agencies’ work environments during the first six months of 2020. This was at a time when many were still implementing machinery of government changes and preparing to implement three significant new accounting standards:

  • AASB 15 Revenue from Contracts with Customers (issued December 2014, effective 1 July 2019)
  • AASB 16 Leases (issued February 2016, effective 1 July 2019)
  • AASB 1058 Income of Not-for-profit entities (issued December 2016, effective 1 July 2019).

These new accounting standards were issued some years before they became effective, to allow reporting entities sufficient time to prepare for implementation. Notwithstanding this, some agencies had not fully implemented the new accounting standards in time for early close procedures, and the unforeseen impact of COVID-19 further complicated the year-end financial reporting processes for the State and its agencies.

The graph below shows the number of reported errors exceeding $20 million over the past five years in agencies’ financial statements presented for audit.

In 2019–20, agency financial statements presented for audit contained 19 errors exceeding $20 million (six in 2018–19). The total value of these errors increased to $1.4 billion ($927 million in 2018–19).

The errors resulted from:

  • incorrectly applying Australian Accounting Standards and Treasury Policies
  • incorrect judgements and assumptions when valuing noncurrent physical assets and liabilities
  • incorrectly interpreting the accounting treatment for unspent stimulus funding.

Errors in agency financial statements exceeding $20m (2016–2020)

$4.1 billion in stimulus funding was allocated in 2019–20

The government implemented an economic stimulus package primarily to mitigate the impacts of the COVID-19 pandemic on New South Wales.

The COVID-19 pandemic and bushfires had a significant impact on the State’s finances, reducing its revenue and increasing its expenses especially in sectors directly responsible for responding to the COVID-19 pandemic, such as Health.

The government announced a $4.1 billion health and economic stimulus package in 2019–20. This primarily included:

  • $2.2 billion in health measures including purchases of essential medical equipment and increasing clinical health capacity (like intensive care spaces)
  • $1.0 billion in small business and land tax relief
  • $355 million in extra cleaning services and quarantine costs.

Cluster agencies had spent $3.0 billion (just under 75 per cent) of the COVID-19 stimulus package by 30 June 2020.

The Health cluster incurred most of this expenditure.

Total spend relating to bushfires was $1.3 billion in 2019–20.

The graph below shows the total allocation and spend by cluster to 30 June 2020.

Economic stimulus allocation and spend by cluster to 30 June 2020

Deficit of $6.9 billion compared with a budgeted surplus of $1.0 billion

An outcome of the government’s overall activity and policies is its net operating balance (Budget Result). This is the difference between the cost of general government service delivery and the revenue earned to fund these sectors.

The General Government Sector, which comprises 199 entities, generally provides goods and services funded centrally by the State.

The Non-General Government Sector, which comprises 92 government businesses, generally provides goods and services, such as water, electricity and financial services that consumers pay for directly.

The Budget Result for the 2019–20 financial year was a deficit of $6.9 billion. The original budget forecast, set before the COVID-19 pandemic and bushfires, was a $1.0 billion surplus. The main driver of the change in result was:

  • $1.3 billion of higher employee costs, mainly due to:
    • increased workers compensation claims
    • additional personnel required (mainly in the Health sector) to respond to the COVID-19 pandemic
  • $2.3 billion of higher operating expenses, mainly due to:
    • $828 million from first time recognition of a child abuse claim liability
    • $507 million from additional insurance claims from the NSW bushfires
    • $343 million from COVID-19 claims by agencies for loss of revenue.
  • $1.8 billion in higher grants and subsidy expenses, mainly due to:
    • small business grants
    • COVID-19 quarantine compliance measures
    • costs incurred in response to the 2019–20 bushfires, drought and disaster relief payments
    • third party-controlled assets that were subsequently transferred to councils and utility providers, mainly arising from construction of the CBD and South East Light Rail.

The deficit was further driven by:

  • $1.9 billion less taxation revenue, mainly resulting from:
    • $1.3 billion less in payroll tax due to relief measures introduced by the government as part of its COVID-19 economic stimulus
    • $424 million less in gambling and betting taxes, due to venue closures required by COVID-19 public health orders
  • $523 million less in dividends and income tax revenue from the Non-General Government Sector, due to lower dividends received from NSW Treasury Corporation and from the State’s other commercial government businesses
  • lower fines, regulatory fees and other revenue, due to a $305 million decrease in mining royalties, largely driven by lower coal prices.

Main drivers of the 2019–20 actual vs. budget variance

Revenues increased $209 million to $86.3 billion

In 2019–20, the State’s total revenues increased by $209 million to $86.3 billion, 0.2 per cent higher than in 2018–19. COVID-19 impacted taxation revenue, which fell by $1.1 billion and revenue from the sale of goods and services, which fell by $1.1 billion. These falls were offset by a $2.5 billion (7.7 per cent) increase in grants and subsidies from the Australian Government, mainly in the form of additional stimulus funding.

Taxation revenue fell 3.5 per cent

Taxation revenue fell by $1.1 billion, mainly due to a:

  • $861 million fall in payroll tax as a result of COVID-19 relief (reduced payroll tax payments for eligible small businesses)
  • $430 million fall in stamp duty collections, driven by lower than expected growth in the property market
  • $427 million decline in gambling and betting taxes, mainly due to venue closures driven by COVID-19 public health orders.

Stamp duties of $8.8 billion were the largest source of taxation revenue, $473 million higher than payroll tax, the second-largest source of taxation revenue.

Australian Government grants and subsidies

The State received $34.2 billion in grants and subsides which are mainly from the Australian Government, $2.4 billion more than in 2018–19.

The increase was driven by a $1.1 billion increase in Commonwealth Specific Purpose Payments to support the Health cluster respond to the COVID-19 pandemic. Commonwealth National Partnership Payments increased by a similar amount to provide the State with Natural Disaster relief.

Sales of goods and services

In 2019–20, sales of goods and services fell $1.1 billion. This was due to the COVID-19 pandemic reducing:

  • patronage and related transport passenger revenue
  • health billing activities with elective surgery being put on hold
Fines, regulatory fees and other revenues

Fines, regulatory fees and other revenues fell $505 million. This was mainly due to a $409 million decrease in mining royalties attributed to a drop in thermal coal prices during 2019–20.

Other dividends and distributions

Other dividends and distributions rose by $616 million due to higher distributions received from the State’s investments. This was due to an additional $1.3 billion held in the State’s investment portfolio compared with last year.

Expenses increased $8.2 billion to $96.0 billion

The State’s expenses increased 9.3 per cent compared with 2018–19. Most of the increase was due to higher employee expenses, other operating costs and grants and subsidies.

Employee expenses, including superannuation, increased 5.7 per cent to $42.6 billion.

Salaries and wages increased to $42.6 billion from $40.3 billion in 2018–19. This was mainly due to increases in staff numbers and a 2.5 per cent increase in pay rates across the sector. Salaries and wages for the Education and Health sectors increased by $659 million and $732 million in each sector respectively.

The Health sector employed an additional 2,763 full time staff in 2019–20. It also incurred more overtime in response to COVID-19. Education increased staff numbers by 4,866 full time equivalents and paid a one off 11 per cent pay rise to school administration staff in 2019–20. Historically, the government wages policy aims to limit growth in employee remuneration and other employee related costs to no more than 2.5 per cent per annum.

Operating expenses increased 8.7 per cent to $27.0 billion.

Operating expenses increased to $27.0 billion in 2019–20 ($24.8 billion in 2018–19) due to higher operating activities in Health. The higher level of activities and related costs is attributed to a full year of operations at the Northern Beaches Hospital (opened November 2018), and responding to COVID-19. The response to COVID-19 involved the State providing viability payments to private hospitals, higher visiting medical officer costs due to additional overtime hours and spending more on equipment to set up COVID-19 testing clinics.

Insurance claims increased by $2.0 billion. This was mainly due to NSW Self Insurance Corporation (SiCorp) recognising a liability for child abuse claims incurred but not reported for the first time, and claims for the 2019–20 bushfires, floods and COVID-19.

Health costs remain the State’s highest expense.

Total expenses of the State were $96 billion ($87.8 billion in 2018–19). Traditionally, the following clusters have the highest expenses as a percentage of total government expenses:

  • Health – 24.3 per cent (25.8 per cent in 2018–19)
  • Education – 17.6 per cent (19.3 per cent in 2018–19)
  • Transport - 12.8 per cent (12.6 per cent in 2018–19).

General public service expenses as a percentage of total State expenses is higher due to a $2.0 billion increase in SiCorp’s accrued claim expenses.

Other expenses increased due to additional grant funding by the State for drought relief and COVID-19 stimulus spend.

Health expenses increased by $632 million compared with 2018–19 but fell as a proportion of total State expenses.

Education expenses remained stable compared with last year due to savings in student transportation costs primarily driven by COVID-19. This led to a decrease in the proportion of the State’s costs relating to education activities.

Grants and subsidies increased $2.5 billion to $14.1 billion.

The increase in grants and subsidies was due to payments the State made to support businesses and local communities in the face of COVID-19 and bushfires. In addition, the State transferred CBD and South East Light Rail assets to councils and utility providers during 2019–20 as it no longer controlled these.

Depreciation expense increased $1.0 billion to $9.2 billion.

Depreciation increased to $9.2 billion from $8.0 billion in 2018–19. At 1 July 2019, the State implemented the new leases standard recognising a right of use (ROU) asset and related lease liability in its financial statements. The value of ROU assets are amortised over the term of the lease. This contributed to $980 million of the increase in 2019–20 depreciation expense. Last year, these costs were previously reported within other operating expenses.

Assets grew by $28.0 billion to $495 billion

The State’s assets primarily include physical assets such as land, buildings and infrastructure, and financial assets such as cash, and other financial instruments and equity investments. The value of total assets increased by $28.0 billion to $495 billion. This was a six per cent increase compared with 2018–19, mostly due to changes in asset carrying values.

Of the State’s $28.0 billion increase in asset values, $9.3 billion was due to a new accounting standard requirement for operating leases to be valued and recorded on balance sheet for the first time.

AASB 16 Leases requires entities recognise values for right-ofuse assets (ROU) for the first time. An ROU asset is a lessee’s right to use an asset, the value of which is amortised over the term of the lease. This standard came into effect from 1 July 2019.

Valuing the State’s physical assets

State’s physical assets valued at $365 billion.

The value of the State’s physical assets increased by $14.1 billion to $365 billion in 2019–20. The assets include land and buildings ($168 billion), infrastructure ($180 billion) and plant and equipment ($16.7 billion). A prior period error relating to the valuation of RMS infrastructure assets reduced the reported values by $1.0 billion from $352 billion to $351 billion at 30 June 2019.

The movement in physical asset values between years includes additions, disposals, depreciation and valuation adjustments. Other movements include reclassification of physical assets leased under finance leases to right of use assets upon adoption of AASB 16 Leases on 1 July 2019.

Movements in physical asset values

Liabilities increased $38.4 billion to $256 billion

The State borrowed additional funds in response to natural disasters and COVID-19.

The State’s borrowings rose by $33.9 billion to $113.8 billion at 30 June 2020. This accounted for most of the increase in the State’s total liabilities.

The value of TCorp bonds on issue increased by $25.2 billion to $97.0 billion to largely fund capital expenditure and costs associated with the bushfires, drought and COVID-19.

TCorp bonds are actively traded in financial markets and are guaranteed by the NSW Government.

Over 2019–20, TCorp continued to take advantage of lower interest rates, buying back short-term bonds and replacing them with longer dated debt. This lengthens the portfolio matching liabilities with the funding requirements for infrastructure assets.

With effect from 1 July 2019, AASB 16 Leases required the State to recognise liabilities for operating leases for the first time. This increased total lease liabilities from $5.3 billion at 30 June 2019 to $11.8 billion at 30 June 2020.

More than a third of the State’s liabilities relate to its employees. They include unfunded superannuation and employee benefits, such as long service and recreation leave.

Valuing these obligations involves complex estimation techniques and significant judgements. Small changes in assumptions and other variables, such as a lower discount rate, can materially impact the valuation of liability balances in the financial statements.

The State’s unfunded superannuation liability rose $300 million from $70.7 billion to $71.0 billion at 30 June 2020. This was mainly due to a lower discount rate of 0.87 per cent (1.32 per cent in 2018–19). The State’s unfunded superannuation liability represents the value of its obligations to past and present employees less the value of assets set aside to fund those obligations.

 

The State maintained its AAA credit rating

The object of the Fiscal Responsibility Act 2012 is to maintain the State’s AAA credit rating.

The government manages New South Wales’ finances in accordance with the Fiscal Responsibility Act 2012 (the Act).

The Act establishes the framework for fiscal responsibility and the strategy to maintain the State’s AAA credit rating and service delivery to the people of New South Wales.

The legislation sets out targets and principles for financial management to achieve this.

This year, the State’s credit rating from Standard & Poor’s changed from AAA/Stable to AAA/Negative. Moody’s Investors Service credit rating of Aaa/Stable did not change from the previous year.

The fiscal target for achieving this objective is that General Government annual expenditure growth should be lower than long term average revenue growth.

The State did not achieve its fiscal target of maintaining annual expenditure growth below the long-term revenue growth rate target of 5.6 per cent.

In 2019–20, General Government expenditure grew by 9.7 per cent (5.5 per cent in 2018–19).

Expenditure items that contributed most to the growth rate include:

  • recurrent grants and subsidies (20.4 per cent)
  • other operating expenses (9.5 per cent)
  • employee costs (including superannuation) (5.6 per cent)

Recurrent grant and subsidy expenses increased by $2.8 billion in 2019–20 mainly due to the COVID-19 and natural disaster payments. Other operating expenses increased mainly due to a $2.0 billion increase in SiCorp insurance claims. This included the $828 million provision for child abuse claims incurred but not reported. The bushfires and COVID-19 pandemic also increased the number and cost of claims in 2019–20.

Superannuation funding position since inception of the Act - AASB 1056 Valuation

Published

Actions for Health capital works

Health capital works

Health
Compliance
Infrastructure
Procurement
Project management

This report examines whether NSW Health effectively planned and delivered major capital works to meet the demand for health services in New South Wales.

The report found that NSW Health has substantially expanded health infrastructure across New South Wales since 2015. However, the program was driven by Local Health District priorities without assessment of the State’s broader and future‑focussed health requirements.

The report found that unclear decision making roles and responsibilities between Health Infrastructure and the Ministry of Health limited the ability of NSW Health to effectively test and analyse investment options.

Project delays and budget overruns on some major projects indicate that Health Infrastructure's project governance, risk assessment and management systems could be improved.

The Auditor‑General recommends that NSW Health ensure its capital projects offer the greatest value to New South Wales by establishing effective policy guidance and enhancing project governance and management systems.

Read full report (PDF)

Since 2011–12, NSW Health has aimed to improve its facilities and build 'future focused' infrastructure. The NSW Government’s 2015–16 election commitments established a four-year $5.0 billion capital program for NSW Health to build and upgrade more than 60 hospitals and health services. The 2019–20 State Budget committed a further $10.1 billion over four years for another 29 projects. This is the largest investment to date on health capital works in New South Wales.

Recent reviews of infrastructure have recognised that population and demographic growth will require a change in the delivery and composition of health infrastructure, including considering greater use of non-traditional, non-capital health service options and assets.

To ensure that expenditure on capital works represents the best value for money, NSW Health's business cases need to be robust and supported by evidence that demonstrates they are worthy investments. The NSW Process of Facility Planning has been the main framework guiding the detailed planning and development of NSW Health's capital works proposals. This framework was developed by the then NSW Department of Health in 2010. Its aim is to ensure investment proposals are supported by rigorous planning processes that address health service needs and provide value for money.

Infrastructure projects of the complexity and scale being delivered by NSW Health carry inherent risks. For example, unplanned cost escalations can potentially impact on the State’s finances. Unforeseen delays can also reduce the intended benefits. The growth in the State’s health capital spend and project profile, means its exposure to such risks has increased over time.

The objective of this audit was to assess the effectiveness of planning and delivery of major capital works to meet demand for health services in New South Wales. To address this objective, the audit examined whether:

  • the Ministry of Health has effective procedures for planning and prioritising investments in major health capital works
  • Health Infrastructure develops robust business cases for initiated major capital works that reliably inform government decision making
  • Health Infrastructure has effective project governance and management systems that support delivering projects on-time, within budget and achievement of intended benefits.

The audit focused on the Ministry of Health and Health Infrastructure – being the lead agencies within NSW Health responsible for prioritising, planning and delivering major health capital works across the State. The audit examined 13 business cases for eight discrete projects over a ten-year period.

Conclusion

NSW Health has substantially expanded health infrastructure across New South Wales since 2015. However, its planning and prioritisation processes were not assessed against a long-term statewide health infrastructure plan and lacked rigorous assessment against non-capital options creating a risk that they do not maximise value for New South Wales.

The scale of NSW Health's capital investment is significant and has grown substantially in recent years. The NSW Government’s election commitments in 2015–16 and 2019–20 collectively set out a $15.0 billion capital program to build and upgrade 89 hospitals and health services. NSW Health developed this infrastructure program in the absence of a statewide health infrastructure strategy and investment framework to focus its planning and decisions on the types of capital investments required to meet the long-term needs of the NSW health system.

Consequently, locally focused priorities of the State’s 17 Local Health Districts have been the primary drivers of NSW Health’s capital investments since 2015–16. Local Health District investment proposals for hospitals were developed without consideration of alternative health options such as community health service models, technology-driven eHealth care, or private sector options. Without rigorous assessment against a range of potential health service options, there is a risk that selected projects do not maximise value for New South Wales.

In recognition of the need for a statewide approach to infrastructure planning, the Ministry of Health recently developed a 20-year Health Infrastructure Strategy and prioritisation framework in 2019. The strategy was approved by the NSW Government in April 2020.

NSW Health's ability to effectively test and analyse its capital investment options has been compromised by unclear decision-making roles and responsibilities between its Health Infrastructure and the Ministry of Health agencies.

While both Health Infrastructure and the Ministry of Health have responsibilities for the assessment of business cases for proposed infrastructure projects, confusion about the roles of each agency at key steps compromised the efficacy of the process. Health Infrastructure and the Ministry of Health have differing views about which agency is responsible for testing business case inputs and conducting comprehensive options appraisals.

As a result of this confusion, Health Infrastructure and the Ministry of Health did not rigorously test Local Health District capital investment proposals against defined statewide health infrastructure investment priorities. The NSW Process of Facility Planning does not clarify the responsibilities of all parties in validating and prioritising Local Health District's Clinical Service Plans and progressing them to business cases.

NSW Health's infrastructure priorities are not sufficiently supported by transparent documentation of selection methodology and the rationale for decisions. Consequently, there is a risk that recommended options, whilst having some economic and health service merit, do not represent the greatest value.

Substantial delays and budget overruns on some major projects indicate that Health Infrastructure's project governance, risk assessment and management systems could be improved.

Health Infrastructure did not fully comply with NSW Government guidelines for developing business cases and making economic appraisals for proposed capital investments. These weaknesses, along with delays and budget overruns on some projects, demonstrate a need for Health Infrastructure to strengthen its project governance, management and quality control systems.

 

Over the period of review, NSW Government policies for business case development and submission have emphasised that effective governance arrangements are critical to a proposal's successful implementation.

NSW Health's Process of Facility Planning similarly highlights the importance of effective governance and project management for achieving good outcomes. It prescribes a general governance structure managed by Health Infrastructure that can be tailored to the planning and delivery of health infrastructure projects greater than $10.0 million.

Project challenges indicate opportunities for strengthening governance and project management

The three major hospital redevelopments examined in metropolitan, regional and rural areas had a combined Estimated Total Cost of more than $1.2 billion and comprised eight discrete projects and 13 separate business cases.

Almost all these projects experienced delivery challenges which impacted achievement of their original objectives and intended benefits. This is expected in complex and large-scale health infrastructure programs. However, in some projects the impacts were significant and resulted in substantial delays, unforeseen costs, and diversion of resources from other priority areas.

Our review of the selected case studies highlighted opportunities for enhancing governance and project management. Specifically, it indicates a need for improving transparency in the management of contingencies, risk management and assessments particularly relating to adverse site conditions and the selection of contractors. There is also a need to strengthen forward planning for options to address unfunded priorities within business cases that risk complicating the delivery of future project stages resulting in unforeseen costs and potentially avoidable budget overruns.

Need for increased transparency and accountability in the management of contingency funds

In February 2017, the Ministry's Capital Strategy Group approved the use of surplus funds of $13.76 million from Stage 1 of the Hornsby Ku-ring-gai Hospital Redevelopment for new works deemed needed to support Stage 2. Following this decision, Health Infrastructure finalised and submitted a business case addendum for Stage 1 to the Ministry in March 2017, addressing the new works comprising a two-storey building for medical imaging and paediatric floors. The business case addendum also addressed options to fit out and procure major medical imaging equipment. The Ministry approved the Stage 1 business case in July 2017, noting the Ministry's Capital Strategy Group had already approved the use of remaining Stage 1 funds to deliver the new works.

Stage 1 was completed in 2015, almost two years before the Stage 1 business case addendum was prepared in February 2017.

The Ministry's decision to approve the new works using $13.76 million of surplus Stage 1 funds did not comply with the NSW Treasury Circular TC 12/20. This policy establishes the Treasurer's approval must be sought and received before a new capital project with an Estimated Total Cost of $5.0 million or more can be approved by NSW Health. The Ministry therefore exceeded its delegated authority in making this decision, as it was not evident it had sought and received the Treasurer's approval prior to doing so.

Consequently, the surplus Stage 1 funds should not have been used by the Ministry to deliver new works in the circumstances. Instead, they should have been released from the Stage 1 project in accordance with established NSW Health procedures, and the Stage 1 Estimated Total Cost revised down accordingly. This did not occur, and NSW Health ultimately directed $11.0 million in surplus Stage 1 funds to the new works.

These circumstances indicate a need to strengthen transparency and accountability within NSW Health for the approval of new projects, and how contingency funds are used in the management of major health capital works. They also demonstrate the impact of weaknesses with options appraisal as the initial Stage 1 business case did not consider alternative options for addressing the initially unfunded works later covered by the Stage 1 business case addendum and ultimately funded from the Stage 1 contingency provision.

Weaknesses in service delivery planning resulted in unaccounted-for costs

In addition to proposing the above-noted new works, the 2017 Stage 1 Business Case Addendum for the Hornsby-Ku-ring-gai development sought to retrospectively address the estimated funding gap of around $14.0 million for the internal fit out, supply of major medical imaging equipment, and cost to operate the medical imaging service at Hornsby Ku-ring-gai Hospital also not addressed in the originally Stage 1 business case.

The Stage 1 business case addendum considered various procurement options to purchase and run the medical imaging services ranging from State operation purchase options to private operation purchase options.

It recommended outsourcing the operation and provision of equipment to the private sector based on estimated savings to the public sector initially of around $650,000 per annum reducing over time to $270,000. The Ministry endorsed this option in June 2017, but it did not ultimately proceed.

A July 2018 report to the Executive Steering Committee on the project shows NSW Health later decided to deliver operation of the medical imaging unit 'traditionally' with an updated estimate of the cost at approximately $16.4 million. The report also shows the Ministry supported the costs now being met by the Northern Sydney Local Health District.

This means the funding gap previously identified in the Stage 1 business case addendum for fitting out the medical imaging building and supply of major medical equipment would need to be met fully by the State, representing a $16.4 million cost overrun for the project.

Examined reports to the Executive Steering Committee show this was largely funded by the Northern Sydney Local Health District via the disposal of land realising approximately $15.0 million in proceeds.

This initially unforeseen cost, along with the additional $11.0 million for the new works approved under the Stage 1 business case addendum, were ultimately merged with the Stage 2 project initially approved in 2017–18 with an Estimated Total Cost of $200 million.

The extent of budget variation on the Hornsby Kur-ring-gai development has not been transparent

The 2019–20 State Budget provided an additional $65.0 million for a further Stage 2A to deliver additional built capacity to support outpatient services, enhanced allied health services, re-housed community health services and the delivery of prioritised clinical services unfunded as part of Stage 2. The funds were approved based on an Investment Decision Template (IDT) that examined two options in addition to the base case representing scoping alternatives to the preferred master planned capital solution.

However, we found the IDT showed around 23 per cent of the $65.0 million sought (i.e. $15.0 million) was to be allocated to fund the deficit in Stage 2, which had arisen as a result of project delays due to adverse site conditions. This was not discussed in the IDT.

The February 2020 report to the Executive Steering Committee shows a combined Stage 2 and 2A final forecast cost of $292.6 million against a potential budget of $290.7 million representing an overall deficit for the project of around 0.6 per cent.

However, this favourable final budget position does not transparently show the funding challenges experienced over the project's implementation to-date. The three major budget issues include:

  • inappropriate use of around $11.0 million in Stage 1 contingency for originally unfunded works contrary to Treasury policy
  • the additional $16.4 million cost unforeseen in the Stage 1 business case for delivering medical imaging services mostly funded through the sale of land
  • an additional $15.0 million from Stage 2A to cover the budget overrun in Stage 2 due to adverse site conditions.

The cumulative impact of these events is that Stages 1 and 2 of the Hornsby project cost approximately $42.4 million than it should have in the circumstances around 14 per cent more than what the revised combined Estimated Total Cost for both stages should have been after releasing the $11.0 million in surplus Stage 1 funds, with Stage 2 delayed by around 14 months.

Opportunity for strengthening risk management for adverse site conditions

Major construction projects often experience adverse site conditions which can be difficult to fully detect in advance. However, we found this was a common occurrence in the projects we examined sometimes with significant time and/or budget impacts indicating scope to enhance related risk and cost assessments. Specifically:

  • Hornsby Ku-ring-gai Hospital Redevelopment Stage 2: adverse site conditions during demolition works resulted in an 11-month delay for delivering the medical imaging unit and 14-month delay completing Stage 2 main works including need for additional $15.0 million in funds to cover the resultant budget deficit for the project.
  • Blacktown Mt Druitt Hospital Redevelopment Stage 2: adverse site conditions combined with project complexity delayed completion of the early works by approximately five months. This contributed to the delay in completing the main construction works which occurred around nine months later than planned in the business case.
  • Dubbo Health Service Redevelopment Stages 3 and 4: Health Infrastructure advised adverse site conditions including asbestos containing materials and ground conditions delayed works for the main building with completion forecast for March 2021, around 21 months later than planned in the final business case. This resulted in the need for additional $13.5 million to cover increased construction costs and risks, increasing the Stage 3 and 4 forecast final cost from $150 million to $163.5 million as at February 2020.

These examples indicate a risk the cumulative impact of adverse site conditions may be substantial when measured across both time and Health Infrastructure's full delivery program. They also point to potential for Health Infrastructure to achieve efficiencies and improved outcomes from strengthening its approach to assessing and mitigating the risks from adverse site conditions.

Limited due diligence with prospective contractors risks avoidable delays and costs

Main construction works on Stage 1 of the Dubbo Health Service Redevelopment were completed in October 2015, approximately 13 months later than planned in the final business case. Delays were mainly due to insolvency of the early works contractor resulting in their departure from the project. The ensuing 11-month delay in completing the early works significantly impacted the overall schedule and delivery of main construction works.

The insolvency event was significant as it affected nine separate Health Infrastructure projects – three of which had yet to reach practical completion. It also affected state-funded projects in other sectors. It resulted in the need for additional funding of $11.5 million that was provided in the 2014–15 State Budget increasing the total Stage 1 and 2 budget from $79.8 million to $91.3 million.

Health Infrastructure’s analysis of lessons learned shows it worked actively to mitigate the impacts of the insolvency event across all affected projects. However, it also indicates a risk the lessons were mainly focused on mitigating the impacts after an insolvency event occurred rather than on prevention.

Although Health Infrastructure initially commissioned a financial assessment of the now insolvent early works contractor before engagement, it did not detect any risks of the impending insolvency and instead concluded the contractor was in a strong financial position. However, the contractor became insolvent shortly after commencement approximately seven months later. This indicates a risk of weaknesses in the assessment performed that was not explicitly addressed by the lessons learned.

Delivery of the main construction works were further impacted by disputes with the main works contractor over the scope of works for the renal unit resulting in Health Infrastructure terminating the contract in November 2016 following lengthy negotiations over several months.

The scope of works relating to the renal unit were ultimately transferred to Stages 3 and 4 and were delivered in December 2019, around five years later than originally planned in the business case.

Health Infrastructure advised the delay was ultimately beneficial to the project because the refurbishment works for the renal unit, initially scheduled for Stages 1 and 2, would have been demolished to accommodate the new Western Cancer Centre proposed after Stages 1 and 2 and currently being delivered in parallel with Stages 3 and 4.

Health Infrastructure advised the actual cost of Stages 1 and 2 was $84.7 million against the budget of $91.3 million. The residual $6.6 million relates to the renal works not delivered during Stage 1 and 2 and transferred to Stage 3 and 4.

Health Infrastructure advised the contractual provisions for mitigating insolvency events 'in-flight' are limited highlighting the importance of proactive and effective due diligence prior to engaging contractors for significant construction projects.

Need for a quality framework linked to staff training and capability development

Health Infrastructure's 2017-20 Corporate Plan identifies the development of a quality framework to support delivery of future-focused outcomes as a key organisational priority. Related initiatives within the Corporate Plan describe a framework underpinned by a Quality Committee providing advice on:

  • records management, to meet the requirements of the State Records Act 1998
  • project assurance, to ensure future focused outcomes and enhance Health Infrastructure's Standards, Policies, Procedures and Guidelines, Templates and Design Guidance Notes
  • knowledge management and library services, to promote and leverage from project learnings.

Although Health Infrastructure has some elements of a quality framework it is not yet fully in place. Health Infrastructure advised it had yet to establish the quality framework and related committee described in its Corporate Plan due in part to its focus on responding to the growth of its capital program.

Health Infrastructure's Development and Innovation team has been active in supporting continuous improvement in knowledge and project management including development of business cases. Although useful, these initiatives have relied heavily on leveraging and disseminating insights from Gateway reviews and have not formed part of a systematic quality and continuous improvement framework.

The limited focus on the quality of business cases is reflected in internal performance monitoring and reporting which focuses mainly on tracking the delivery of projects against internal benchmarks, often revised from the baselines in the business case, and expenditure against cashflow targets. There is no evident internal monitoring and/or reporting to the Chief Executive and Board on defined quality metrics linked to business case development and staff capability.

Performance reporting on balanced scorecard metrics has similarly focused mainly on process rather than quality and has been inconsistent in recent years.

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

Appendix four – Ministry of Health planning tools and guidelines

Appendix five – Streamlined investment decision process for Health Capital Projects

Appendix six – Timeline of business cases and relevant policy guidelines

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #338 - released 12 August 2020