Main navigation

Appendix five – Councils received qualified audit opinions

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

13 December 2022

Published

Stronger Communities 2022

Justice

Community Services

Asset valuation

Compliance

Cyber security

Financial reporting

Information technology

Internal controls and governance

Management and administration

Procurement

Project management

Risk

What the report is about

Results of the Stronger Communities cluster agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unqualified audit opinions were issued on all completed 30 June 2022 financial statement audits. One audit is ongoing.

All 13 cluster agencies that have accommodation arrangements with Property NSW derecognised right-of-use assets and lease liabilities of $917 million and $1 billion respectively. The agencies also collectively recorded a gain on derecognition of $136 million.

The Department of Communities and Justice (the department) assumed the responsibility for delivery of the Process and Technology Harmonisation program from the Department of Customer Service. In 2021–22, the department incurred costs of $42.8 million in relation to the project, which remains ongoing.

The number of monetary misstatements identified during the audits decreased from 50 in 2020–21 to 48 in 2021–22.

What the key issues were

Six of the 15 cluster agencies required to submit 2021–22 mandatory early close procedures did not meet the statutory deadlines. One agency did not complete all mandatory procedures.

Five high-risk findings were identified in 2021–22. They related to deficiencies in:

user access administration at the department, NSW Rural Fire Service and New South Wales Aboriginal Land Council (NSWALC)
segregation of duties at the NSW Trustee and Guardian and NSWALC.

Recommendations were made to those agencies to address these control deficiencies.

This report provides Parliament and other users of the Stronger Communities cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster (the cluster) for 2022.

Section highlights

Unqualified audit opinions were issued on all completed 30 June 2022 financial statement audits of cluster agencies, including the acquittal and compliance audits for the Legal Aid Commission of New South Wales and Crown Solicitor's Office. One audit is ongoing.
Reported corrected misstatements decreased from 30 in 2020–21 to 23 with a gross value of $187 million in 2021–22 ($101 million in 2020–21). Reported uncorrected misstatements increased from 20 in 2020–21 to 25 with a gross value of $92.3 million in 2021–22 ($107 million in 2020–21).
Six of the 15 cluster agencies required to submit 2021–22 early close financial statements and all other mandatory procedures did not meet the statutory deadlines. One agency did not complete all mandatory procedures.
All 13 cluster agencies that have accommodation arrangements with Property NSW accepted the changes in the Client Acceptance Letters, resulting in the derecognition of right-of-use assets and lease liabilities of $917 million and $1 billion respectively. The agencies also collectively recorded a gain on derecognition of $136 million.
The Department of Communities and Justice (the department) assumed the responsibility to deliver the Process and Technology Harmonisation program from the Department of Customer Service. In 2021–22, the department incurred costs of $42.8 million in relation to the project.
In 2021–22, the department continued to implement the International Financial Reporting Standards Interpretations Committee's agenda decision on 'Configuration or customisation costs in a cloud computing arrangement'. The department's review of the remaining arrangements, with a net book value of $233 million at 30 June 2021, resulted in the recognition as an expense (through accumulated funds at 1 July 2020) of previously capitalised intangible assets totalling $106 million.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.

Section highlights

The number of issues reported to management has decreased from 130 in 2020–21, to 110 in 2021–22, and 43% were repeat issues (51% in 2020–21). Many repeat issues related to information technology, governance and oversight controls, and non-compliance with key legislation and/or agency policies.
Five high-risk issues were identified in 2021–22, all of which are repeat issues and related to user access administration and segregation of duties.
Of the 24 newly identified moderate risk issues, 11 related to information technology. The rest related to governance and oversight controls and internal control deficiencies or improvements in payroll, asset management and other processes.

Appendix one – Misstatements in financial statements submitted for audit

Appendix one – Misstatements in financial statements submitted for audit

Copyright notice

7 December 2022

Published

Health 2022

Health

Whole of Government

Asset valuation

Compliance

Cyber security

Financial reporting

Information technology

Infrastructure

Internal controls and governance

Management and administration

Procurement

Risk

Service delivery

Shared services and collaboration

Workforce and capability

What the report is about

Result of Health cluster (the cluster) agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for the financial statements for all Health cluster agencies.

The COVID-19 pandemic continued to increase the complexity and number of accounting matters faced by the cluster. The total gross value of corrected misstatements in 2021–22 was $353.3 million, of which $186.7 million related to an increase in the impairment provision for Rapid Antigen Tests (RATs).

A qualified audit opinion was issued on the Annual Prudential Compliance Statement related to five residential aged care facilities. There were 20 instances (19 in 2020–21) of non-compliance with the prudential responsibilities within the Aged Care Act 1997.

What the key issues were

The total number of matters we reported to management across the cluster decreased from 116 in 2020–21 to 67 in 2021–22. Of the 67 issues raised, four were high risk (three in 2020-21) and 37 were moderate risk (57 in 2020–21). Nearly half of all control deficiencies reported in 2021–22 were repeat issues.

Three unresolved high-risk issues were:

COVID-19 inventories impairment – we continued to identify issues relating to management’s impairment model which relies on anticipated future consumption patterns. RATs had not been assessed for impairment.
Asset capitalisation threshold – management has not reviewed the appropriateness of the asset capitalisation threshold since 2006.
Forced-finalisation of HealthRoster time records – we continued to observe unapproved rosters being finalised by system administrators so payroll can be processed on time. 2.6 million time records were processed in this way in 2021–22.

What we recommended

COVID-19 inventories impairment – ensure consumption patterns are supported by relevant data and plans.
Assets capitalisation threshold – undertake further review of the appropriateness of applying a $10,000 threshold before capitalising expenditure on property, plant and equipment.
Forced-finalisation of HealthRoster time records – develop a methodology to quantify the potential monetary value of unapproved rosters being finalised.

This report provides Parliament and other users of Health cluster (the cluster) agencies' financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Health cluster (the cluster) for 2022.

Section highlights

Unqualified audit opinions were issued for all cluster agencies required to prepare general purpose financial statements.
The total gross value of corrected monetary misstatements for 2021–22 was $353.3 million, of which, $186.7 million related to an increase in the impairment provision for Rapid Antigen Tests.
A qualified audit opinion was issued on the ministry's Annual Prudential Compliance Statements.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the cluster.

Section highlights

The total number of internal control deficiencies has decreased from 116 in 2020–21 to 67 in 2021–22. Of the 67 issues raised in 2021–22, four were high (2020–21: 3) and 37 were moderate (2020–21: 57); with nearly half of all control deficiencies reported in 2021–22 being repeat issues.
The following four issues were reported in 2021–22 as high risk:
- impairment of COVID-19 inventories
- inadequate review over the appropriateness of asset capitalisation threshold
- forced-finalisation of HealthRoster time records
- COVID-19 vaccination inventories – data quality issue at 31 March 2022.
Management of excessive leave balances and poor quality or lack of documentation supporting key agreements continued to be the key repeat issues observed in the 2021–22 financial reporting period.

Appendix one – Included reports, 2018–2022

Copyright notice

30 June 2022

Published

Audit Insights 2018-2022

Community Services

Education

Environment

Finance

Health

Industry

Justice

Local Government

Premier and Cabinet

Planning

Transport

Treasury

Universities

Whole of Government

Asset valuation

Cross-agency collaboration

Compliance

Cyber security

Financial reporting

Fraud

Information technology

Infrastructure

Internal controls and governance

Management and administration

Procurement

Project management

Regulation

Risk

Service delivery

Shared services and collaboration

Workforce and capability

What the report is about

In this report, we have analysed the key findings and recommendations from our audit reports over the past four years.

This analysis includes financial audits, performance audits, and compliance audits of state and local government entities that were tabled in NSW Parliament between July 2018 and February 2022.

The report is framed by recognition that the past four years have seen significant challenges and emergency events.

The scale of government responses to these events has been wide-ranging, involving emergency response coordination, service delivery, governance and policy.

The report is a resource to support public sector agencies and local government to improve future programs and activities.

What we found

Our analysis of findings and recommendations is structured around six key themes:

Integrity and transparency
Performance and monitoring
Governance and oversight
Cyber security and data
System planning for disruption
Resource management.

The report draws from this analysis to present recommendations for elements of good practice that government agencies should consider in relation to these themes. It also includes relevant examples from recent audit reports.

In this report we particularly call out threats to the integrity of government systems, processes and governance arrangements.

The report highlights the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit.

A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.

Fast facts

72 audits included in the Audit Insights 2018–2022 analysis
4 years of audits tabled by the Auditor-General for New South Wales
6 key themes for Audit Insights 2018–2022.

picture of Margaret Crawford Auditor-General for New South Wales in black dress with city skyline as background I am pleased to present the Audit Insights 2018–2022 report. This report describes key findings, trends and lessons learned from the last four years of audit. It seeks to inform the New South Wales Parliament of key risks identified and to provide insights and suggestions to the agencies we audit to improve performance across the public sector.

The report is framed by a very clear recognition that governments have been responding to significant events, in number, character and scale, over recent years. Further, it acknowledges that public servants at both state and council levels generally bring their best selves to work and diligently strive to deliver great outcomes for citizens and communities. The role of audit in this context is to provide necessary assurance over government spending, programs and services, and make suggestions for continuous improvement.

However, in this report we particularly call out threats to the integrity of government systems, processes and governance arrangements. We highlight the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit. Arguably, these considerations are never more important than in an increasingly complex environment and in the face of significant emergency events and they will be key areas of focus in our future audit program.

While we have acknowledged the challenges of the last few years have required rapid responses to address the short-term impacts of emergency events, there is much to be learned to improve future programs. I trust that the insights developed in this report provide a helpful resource to public sector agencies and local government across New South Wales. I would be pleased to receive any feedback you may wish to offer.

Margaret Crawford
Auditor-General for New South Wales

Integrity and transparency	Performance and monitoring	Governance and oversight	Cyber security and data	System planning	Resource management
Insufficient documentation of decisions reduces the ability to identify, or rule out, misconduct or corruption.	Failure to apply lessons learned risks mistakes being repeated and undermines future decisions on the use of public funds.	The control environment should be risk-based and keep pace with changes in the quantum and diversity of agency work.	Building effective cyber resilience requires leadership and committed executive management, along with dedicated resourcing to build improvements in cyber security and culture.	Priorities to meet forecast demand should incorporate regular assessment of need and any emerging risks or trends. Absence of an overarching strategy to guide decision-making results in project-by-project decisions lacking coordination.	Governments must weigh up the cost of reliance on consultants at the expense of internal capability, and actively manage contracts and conflicts of interest.
Government entities should report to the public at both system and project level for transparency and accountability.	Government activities benefit from a clear statement of objectives and associated performance measures to support systematic monitoring and reporting on outcomes and impact.	Management of risk should include mechanisms to escalate risks, and action plans to mitigate risks with effective controls.	In implementing strategies to mitigate cyber risk, agencies must set target cyber maturity levels, and document their acceptance of cyber risks consistent with their risk appetite.	Service planning should establish future service offerings and service levels relative to current capacity, address risks to avoid or mitigate disruption of business and service delivery, and coordinate across other relevant plans and stakeholders.	Negotiations on outsourced services and major transactions must maintain focus on integrity and seeking value for public funds.
Entities must provide balanced advice to decision-makers on the benefits and risks of investments.	Benefits realisation should identify responsibility for benefits management, set baselines and targets for benefits, review during delivery, and evaluate costs and benefits post-delivery.	Active review of policies and procedures in line with current business activities supports more effective risk management.	Governments hold repositories of valuable data and data capabilities that should be leveraged and shared across government and non-government entities to improve strategic planning and forecasting.	Formal structures and systems to facilitate coordination between agencies is critical to more efficient allocation of resources and to facilitate a timely response to unexpected events.	Transformation programs can be improved by resourcing a program management office.
Clear guidelines and transparency of decisions are critical in distributing grant funding.	Quality assurance should underpin key inputs that support performance monitoring and accounting judgements.	Governance arrangements can enable input into key decisions from both government and non-government partners, and those with direct experience of complex issues.			Workforce planning should consider service continuity and ensure that specialist and targeted roles can be resourced and allocated to meet community need.
Governments must ensure timely and complete provision of information to support governance, integrity and audit processes.
Read more	Read more	Read more	Read more	Read more	Read more

This report brings together a summary of key findings arising from NSW Audit Office reports tabled in the New South Wales Parliament between July 2018 and February 2022. This includes analysis of financial audits, performance audits, and compliance audits tabled over this period.

Financial audits provide an independent opinion on the financial statements of NSW Government entities, universities and councils and identify whether they comply with accounting standards, relevant laws, regulations, and government directions.
Performance audits determine whether government entities carry out their activities effectively, are doing so economically and efficiently, and in accordance with relevant laws. The activities examined by a performance audit may include a selected program or service, all or part of an entity, or more than one government entity. Performance audits can consider issues which affect the whole state and/or the local government sectors.
Compliance audits and other assurance reviews are audits that assess whether specific legislation, directions, and regulations have been adhered to.

This report follows our earlier edition titled 'Performance Audit Insights: key findings from 2014–2018'. That report sought to highlight issues and themes emerging from performance audit findings, and to share lessons common across government. In this report, we have analysed the key findings and recommendations from our reports over the past four years. The full list of reports is included in Appendix 1. The analysis included findings and recommendations from 58 performance audits, as well as selected financial and compliance reports tabled between July 2018 and February 2022. The number of recommendations and key findings made across different areas of activity and the top issues are summarised at Exhibit 1.

The past four years have seen unprecedented challenges and several emergency events, and the scale of government responses to these events has been wide-ranging involving emergency response coordination, service delivery, governance and policy. While these emergencies are having a significant impact today, they are also likely to continue to have an impact into the future. There is much to learn from the response to those events that will help the government sector to prepare for and respond to future disruption. The following chapters bring together our recommendations for core elements of good practice across a number of areas of government activity, along with relevant examples from recent audit reports.

This 'Audit Insights 2018–2022' report does not make comparative analysis of trends in public sector performance since our 2018 Insights report, but instead highlights areas where government continues to face challenges, as well as new issues that our audits have identified since our 2018 report. We will continue to use the findings of our Insights analysis to shape our future audit priorities, in line with our purpose to help Parliament hold government accountable for its use of public resources in New South Wales.

Appendix two – About this report

Copyright notice

22 June 2022

Published

Local Government 2021

Local Government

Asset valuation

Cyber security

Financial reporting

Information technology

What the report is about

Results of the local government sector council financial statement audits for the year ended 30 June 2021.

What we found

Unqualified audit opinions were issued for 126 councils, 13 joint organisation audits and nine county councils in 2020–21.

A qualified audit opinion was issued for Central Coast Council who was unable to provide evidence to support the carrying value of $5.5 billion of roads, bridges, footpaths, bulk earthworks, stormwater drainage, water supply and sewerage network assets.

The audit of Kiama Municipal Council is still in progress as at the date of this report due to significant accounting issues not resolved resulting in corrections to the financial statements and prior period errors.

Forty-one councils and joint organisations (2020: 16) received extensions to submit audited financial statements to the Office of Local Government (OLG).

Councils were impacted by recent emergency events, including bushfires, floods and the COVID-19 pandemic. The financial implications from these events varied across councils. Councils adapted systems, processes and controls to enable staff to work flexibly.

What the key issues were

There were 1,277 audit findings reported to councils in audit management letters.

Ninety-two high-risk matters were identified across the sector:

69 high-risk matters relating to asset management (see page 30)
six high-risk matters relating to information technology (see page 39)
six high-risk matters relating to financial reporting (see page 26)
six high-risk matters to council governance procedures (see page 22)
five high-risk matters relating to financial accounting (see page 28).

More needs to be done to reduce the number of errors identified in financial reports. Twenty-nine councils required material adjustments to correct errors in previous audited financial statements.

Rural firefighting equipment

Sixty-eight councils did not record rural firefighting equipment estimated to be $145 million in their financial statements.

The financial statements of the NSW Total State Sector and the NSW Rural Fire Service do not include these assets, as the State is of the view that rural firefighting equipment that has been vested to councils under the Rural Fires Act 1997 is not controlled by the State. In reaching this conclusion, the State argued that on balance it would appear the councils control rural firefighting equipment that has been vested to them.

The continued non-recording of rural firefighting equipment in financial management systems of some councils increases the risk that these assets are not properly maintained and managed.

What we recommended

Councils should perform a full asset stocktake of rural firefighting equipment, including a condition assessment for 30 June 2022 financial reporting purposes and recognise this equipment as assets in their financial statements.

Consistent with OLG’s role to assess council’s compliance with legislative responsibilities, standards or guidelines, OLG should intervene where councils do not recognise rural firefighting equipment.

Fast facts

150 councils and joint organisations in the sector
99% unqualified audit opinions issued for the 30 June 2021 financial statements
489 monetary misstatements reported in 2020–21
54 prior period errors reported
92 high-risk management letter findings identified
53% of reported issues were repeat issues.

Early financial reporting procedures

Fifty-nine per cent of councils performed some early financial reporting procedures, less than the prior year.

What we recommended

OLG should require early financial reporting procedures across the local government sector by April 2023. Policy requirements should be discussed with key stakeholders to ensure benefits of the procedures are realised.

Asset valuations

Audit management letters reported 288 findings relating to asset management. Fifty-eight councils had deficiencies in their processes to revalue infrastructure assets.

Thirty-five councils corrected errors relating to revaluations amounting to $1 billion and 13 councils had prior period errors relating to asset revaluations that amounted to $253 million.

What we recommended

Councils should have all asset revaluations completed by April of the financial year subject to audit.

Integrity/completeness of asset records

Sixty-seven councils had weak processes over maintenance, completeness and security of fixed asset registers.

Thirty-five councils corrected errors to the financial statements relating to poor record keeping of asset data that amounted to $102.1 million. Nineteen councils had 27 prior period financial statement errors that amounted to $417.1 million relating to the quality of asset records such as found and duplicate assets.

What we recommended

Councils need to improve controls and processes to ensure integrity and completeness of asset source records.

Cybersecurity

Our audits found that cybersecurity frameworks and related controls were not in place at 65 councils.

These councils have yet to implement basic governance and internal controls to manage cybersecurity such as having a cybersecurity framework, policy and procedure, register of cyber incidents, system penetrations testing and training.

What we recommended

OLG needs to develop a cybersecurity policy to be applied by councils as a matter of high priority in order to ensure cybersecurity risks over key data and IT assets are appropriately managed across councils and key data is safeguarded.

Councils should monitor the implementation of recommendations

Fifty-three per cent of total findings reported in 2020–21 audit management letters were repeat or partial repeat findings from prior years.

What we recommended

Councils and those charged with governance should track the progress of implementing recommendations from financial audits, performance audits and public inquiries.

Key financial information

In 2020–21, councils:

collected $7.6b in rates and annual charges
received $5.1b in grants and contributions
incurred $4.8b of employee benefits and on costs
held $15.3b of cash and investments
managed $161.7b of infrastructure, property, plant and equipment
entered into $3.4b of borrowings.

Pursuant to the Local Government Act 1993 I present my report Local Government 2021. My report provides the results of the 2020–21 financial audits of 127 councils, 13 joint organisations and nine county councils.

Unqualified audit opinions were issued for 126 councils, 13 joint organisation and nine county councils in 2020–21. My independent auditor’s opinion was qualified for Central Coast Council who was unable to provide evidence to support the carrying value of $5.5 billion of roads, bridges, footpaths, bulk earthworks, stormwater drainage, water supply and sewerage network assets.

The 2020–21 year was challenging from many perspectives, not least being the continuing impact of and response to the recent emergency events, including bushfires, floods and the COVID-19 pandemic. We appreciate the efforts of council staff and management right across local government and they must be congratulated for their responsiveness and resilience in meeting their financial reporting obligations in such challenging circumstances.

This report makes a number of recommendations to councils and to the regulator, the Office of Local Government within the Department of Planning and Environment. These are intended to support councils to further improve the timeliness, accuracy and strength of financial reporting and their governance arrangements. Arguably, when faced with challenges, it is even more important to prioritise and invest in systems and processes to protect the integrity of councils' operations and promote accurate and transparent reporting.

I look forward to continuing engagement and constructive dialogue with councils in 2022–23 and beyond.

Margaret Crawford
Auditor-General for New South Wales

Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines audit observations related to the financial reporting of councils and joint organisations.

Highlights

One hundred and nine councils and joint organisations (2020: 133) lodged audited financial statements with OLG by the statutory deadline of 31 October (2020: 30 November).
Forty-one councils and joint organisations (2020: 16) received extensions to submit audited financial statements to OLG.
Unqualified audit opinions were issued for 126 councils, 13 joint organisations and nine county councils in 2020–21. A qualified audit opinion was issued for Central Coast Council in both 2019–20 and 2020–21.
The audit of Kiama Municipal Council is still in progress as at the date of this report due to significant accounting issues.
Fifty-nine per cent of councils performed some early financial reporting procedures, less than the prior year. We recommended that OLG should require early close procedures across the local government sector by 30 April 2023.
The total number and dollar value of corrected financial statement errors increased compared with the prior year, however uncorrected financial statement errors and prior period financial statement errors decreased compared to the prior year.
Sixty-eight councils (2020: 68 councils) did not record rural firefighting equipment in their financial statements worth an estimated $145 million (2020: $119 million). The NSW Government has confirmed these assets are not controlled by the NSW Rural Fire Service and are not recognised in the financial records of the NSW Government. We recommended that consistent with the OLG's role to assess council’s compliance with legislative responsibilities, standards or guidelines, OLG should intervene where councils do not recognise rural firefighting equipment. Councils should perform a full asset stocktake of rural firefighting equipment, including a condition assessment for 30 June 2022 financial reporting purposes.

A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations, and support ethical government.

This chapter outlines the overall trends in governance and internal control findings across councils, county councils and joint organisations in 2020–21.

Financial audits focus on key governance matters and internal controls supporting the preparation of councils' financial statements. Audit findings are reported to management and those charged with governance through audit management letters.

Highlights

Total number of audit findings reported in audit management letters decreased from 1,435 in 2019–20 to 1,277 in 2020–21.
No extreme risk audit findings were identified in 2020–21 (2019–20: 1).
Total number of high-risk audit findings increased from 53 in 2019–20 to 92 in 2020–21. Sixty of the high-risk findings in 2020–21 related to the non-recording of rural firefighting equipment in councils' financial statements. Twenty-six per cent of the high-risk findings identified in 2019–20 were reported as high-risk findings in 2020–21.
Fifty-three per cent of findings reported in audit management letters were repeat or partial repeat findings. We recommend councils and those charged with governance should track progress of implementing recommendation from our audits.
Governance, asset management and information technology comprise over 62% of findings and continue to be key areas requiring improvement.
A number of recommendations were made relating to asset valuations and integrity of asset data records, in response to the findings that:
- 67 councils had weak processes over maintenance and security of fixed asset registers
- 58 councils had deficiencies in their processes to revalue infrastructure assets.
Sixty-five councils have yet to implement basic governance and internal controls to manage cybersecurity. We recommended that OLG needs to develop a cybersecurity policy to be applied by councils as a matter of high priority.

Total number of findings reported in audit management letters decreased

In 2020–21, 1,277 audit findings were reported in audit management letters (2019–20: 1,435 findings). No extreme audit risk findings were identified this year. The extreme risk relating to Central Coast Council's use of externally restricted funds in 2019–20 was partially addressed by management and has been rated as a high-risk for 2020–21. The total number of high-risk findings increased to 92 (2019–20: 53 high-risk findings).

Findings are classified as new, repeat or ongoing, based on:

new findings were first reported in 2020–21 audits
repeat findings were first reported in prior year audits, but remain unresolved in 2020–21
ongoing findings were first reported in prior year audits, but the action due dates to address the findings are after 2020–21.

Findings are categorised as governance, financial reporting, financial accounting, asset management, purchases and payables, payroll, cash and banking, revenue and receivables, or information technology. The high-risk and common audit findings across these areas are explored further in this chapter.

Audit Office’s annual work program for 2021–22 onwards

Focus on integrity of systems, good governance and good advice

We have a fundamental role in helping the Parliament hold government accountable for the use of public resources. In doing so, we examine whether councils' systems and processes are effective in supporting integrity, accountability and transparency. Key aspects of integrity that we expect to through conduct of our financial and performance audits over the next three years include the integrity of systems, good governance and good advice. These focus areas have arisen from the collation of key findings and recommendations from our past reports.

Focus on local councils' continued response to recent emergencies

The COVID-19 pandemic continues to have a significant impact on the people and the public sector of New South Wales. Local councils are continuing to assist communities in their recovery from the 2019–20 bushfires and subsequent and recent flooding. The full extent of some of these events remain unclear and will likely continue to have an impact into the future.

Image of a bus stop that's been completely burned because of a bushfire

The Office of Local Government within the Department of Planning and Environment continues to work with other state agencies to assist local councils and their communities to recover from these unprecedented events.

The increasing and changing risk environment presented by these events has meant that we have recalibrated and focused our efforts on providing assurance on how effectively aspects of responses to these emergencies have been delivered.

This includes financial and governance risks arising from the scale and complexity of government responses to these events.

We will take a phased approach to ensure our financial and performance audits address the following elements of the emergencies and the Local Government's responses:

local councils' planning and preparedness for emergencies
local councils' initial responses to support people and communities impacted by COVID-19 and the 2019–20 bushfires and recent floods
governance and oversight risks that arise from the need for quick decision-making and responsiveness to emergencies
effectiveness and robustness of processes to direct resources toward recovery efforts and ensure good governance and transparency in doing so
the mid to long-term impact of government responses to the natural disasters and COVID-19
whether government investment has achieved desired outcomes.

Focus on the effectiveness of cybersecurity in local government

The increasing global interconnectivity between computer networks has dramatically increased the risk of cybersecurity incidents. Such incidents can harm local government service delivery and may include theft of information, denial of access to critical technology, or even hijacking of systems for profit or malicious intent.

Outdated IT systems and capability present risks to government cybersecurity. Local councils need to be alert to the need to update and replace legacy systems, and regularly train and upskill staff in their use. To add to this, cybersecurity risks have been exacerbated by recent emergencies, which have resulted in greater and more diverse use of digital technology.

Our approach to auditing cybersecurity across in the sector involves:

considering how local councils are responding to the risks associated with cybersecurity across our financial audits
examining the effectiveness of cybersecurity planning and governance arrangements within local councils
conducting deep-dive performance audits of the effectiveness of cybersecurity measures in selected councils.

Local government elections

Local government elections took place in 2021–22

The local government elections were deferred for one year due to the COVID-19 pandemic and were held on 4 December 2021.

As part of our audits, we will consider the impact of any significant change on key decisions and activities for councils, county councils and joint organisations following the local government elections.

New rate peg methodology to support growing councils

The Independent Pricing and Regulatory Tribunal (IPART) has completed its review of the local government rate peg methodology to include population growth.

On 10 September 2021, IPART provided the final report on this review to the Minister for Local Government.

The minister has endorsed the new rate peg methodology and has asked IPART to give effect to it in setting the rate peg from the 2022–23 financial year.

As part of our audits, we will consider the impact of these changes on the financial statements and on key decisions and activities for councils, county councils and joint organisations.

Appendix one – Response from the Office of Local Government within the Department of Planning and Environment

Appendix two – Status of previous recommendations

Appendix three – Status of audits

Copyright notice

20 May 2022

Published

COVID-19: response, recovery and impact

Community Services

Education

Health

Justice

Premier and Cabinet

Transport

Treasury

Whole of Government

Cross-agency collaboration

Financial reporting

Management and administration

Service delivery

Shared services and collaboration

What the report is about

This report draws together the financial impact of COVID-19 on the agencies integral to responses across the state government sector of New South Wales.

What we found

Since the COVID-19 pandemic hit NSW in January 2020, and until 30 June 2021, $7.5 billion was spent by state government agencies for health and economic stimulus. The response was largely funded by borrowings.

The key areas of spending since the start of COVID-19 in NSW to 30 June 2021 were:

direct health response measures – $2.2 billion
personal protective equipment – $1.4 billion
small business grants – $795 million
quarantine costs – $613 million
increases in employee expenses and cleaning costs across most agencies
vaccine distribution, including vaccination hubs – $71 million.

The COVID-19 pandemic significantly impacted the financial performance and position of state government agencies.

Decreases in revenue from providing goods and services were offset by increases in appropriations, grants and contributions, for health and economic stimulus funding in response to the pandemic.

Most agencies had expense growth, due to additional operating requirements to manage and respond to the pandemic along with implementing new or expanded stimulus programs and initiatives.

Response measures for COVID-19 have meant the NSW Government is unlikely to meet targets in the Fiscal Responsibility Act 2012 being:

annual expense growth kept below long-term average revenue growth
elimination of State’s unfunded superannuation liability by 2030.

Fast facts

First COVID-19 case in NSW on 25 January 2020
COVID-19 vaccinations commenced on 21 February 2021
By 31 December 2021, 25.2 million PCR tests had been performed in NSW and 13.6 million vaccines administered, with 93.6% of the 16 and over population receiving two doses
During 2020–21, NSW Health employed an extra 4,893 full-time staff and incurred $28 million in overtime mainly in response to COVID-19
During 2020–21, $1.2 billion was spent on direct health COVID-19 response measures and $532 million was spent on quarantine for incoming international travellers

Section highlights

Up to 30 June 2021, $7.5 billion has been spent by state government agencies for health and economic stimulus.
Revenue increased for most agencies as falling revenue from providing goods and services was offset by additional funding from appropriations, grants and contributions.
Expenses increased as most agencies incurred additional costs to manage and respond to the pandemic along with delivering stimulus and support programs.
Borrowings of $7.5 billion over the last two years helped to fund the response to COVID-19.

Section highlights

NSW Government unlikely to meet targets in Fiscal Responsibility Act 2012.

6 May 2022

Published

Transport 2021

Transport

Asset valuation

Compliance

Financial reporting

Information technology

Infrastructure

Internal controls and governance

What the report is about

The results of the Transport cluster agencies’ financial statement audits for the year ended 30 June 2021.

What we found

Unmodified financial statement audit opinions were issued for all Transport cluster agencies. Resolution of issues delayed signing the Transport Asset Holding Entity of NSW (TAHE) until 24 December 2021. Matters relating to TAHE are also reported in the report on State Finances 2021.

Emphasis of Matter - TAHE

An Emphasis of Matter paragraph was included in TAHE's audit opinion to draw attention to uncertainty associated with:

future access and licence fees that are subject to re-signed agreements
an additional $4.1 billion of funding that is outside the forward estimates period
a significant portion of the fair value of TAHE’s non-financial assets is reflected in the terminal value, which is outside the ten-year contract period to 30 June 2031, and the risk that TAHE will not be able to negotiate contract terms to support current projections.

TAHE's transition from RailCorp also changed its valuation of assets to an income approach, resulting in a $20.3 billion decrease to the fair value. The fair value decrease was because the cash flows were not sufficient to support the previous recorded value.

TAHE corrected a misstatement of $1.2 billion relating to the valuation of its assets. This followed significant deliberation on key judgements and assumptions, with TAHE adopting risk assumptions in its valuation that were not in line with comparable benchmarks.

Emphasis of Matter - State Transit Authority of New South Wales

An Emphasis of Matter paragraph was included in the State Transit Authority of NSW's (the Authority) audit opinion to draw attention to the financial statements not prepared on a going concern basis. This was because the NSW Government put the Authority's bus contracts out to competitive tender and accordingly, management assessed the Authority's principal activities are not expected to operate for a full 12 months after 30 June 2021.

The implementation of AASB 1059 ‘Service Concession Arrangements: Grantors’ resulted in a net increase in assets of $23.5 billion across the Transport cluster.

The 2020–21 audits identified six high-risk and 45 moderate risk issues across the cluster. Fourteen of the moderate risk issues were repeat issues, including information technology controls around management of user access for key financial systems and payroll processes.

The high-risk issues, in addition to those related to TAHE and previously reported in the report on State Finances 2021, include:

absence of conflict of declarations related to land acquisition processes at Transport for NSW
no evidence of conflict of interest declarations obtained by TAHE from consultants and contractors regarding involvement in other engagements.

What we recommended

TAHE needs to:

finalise revised commercial agreements to reflect fees detailed in a Heads of Agreement signed on 18 December 2021
prepare robust projections and business plans to support the required rate of return.

NSW Treasury and TAHE should monitor the risk that control of TAHE assets could change in the future.

Transport for NSW needs to significantly improve its processes to ensure all key information is identified and shared with the Audit Office.

Transport agencies should implement a process to ensure conflicts of interest declarations are completed for land acquisitions and applied consistently across the cluster.

Transport agencies should implement a process to capture all contracts and agreements entered to ensure:

agencies are aware of contractual obligations
financial reporting implications are assessed, particularly with respect to leases, revenue and service concession arrangements.

Fast facts

The Transport cluster plans and delivers infrastructure and integrated services across all modes of transport. This includes road, rail, bus, ferry, light rail, cycling and walking. There are 11 agencies in the cluster.

$128b road and maritime system infrastructure assets as at 30 June 2021
100% unqualified audit opinions were issued on agencies 30 June 2021 financial statements
26 monetary misstatements were reported in 2020–21
$24.9b rail systems infrastructure assets as at 30 June 2021
6 high-risk management letter findings were identified
37% of reported issues were repeat issues

This report provides Parliament and other users of the transport cluster (the cluster) agencies’ financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the cluster for 2021.

Section highlights

Unqualified audit opinions were issued on all Transport agencies' financial statements.
An 'Emphasis of Matter' paragraph was included in the Transport Asset Holding Entity of New South Wales' (TAHE) Independent Auditor's Report to draw attention to significant uncertainty associated with the judgements, estimates and assumptions supporting the valuation of TAHE’s property, plant and equipment (PPE) and intangible assets.
In 2020–21, the former RailCorp transitioned to TAHE, a for-profit state-owned corporation. When TAHE became a for-profit entity, it was required to change its valuation approach. The value of a for-profit entity's assets cannot exceed the cash flows they might realise either through their sale or continued use. This change in the basis of valuation resulted in a decrease of $20.3 billion in the fair value of the assets. The decrease in fair value was because the cash flows, which support measurement under the income approach, were insufficient to support the previous valuation based on the current replacement cost of those assets.
TAHE also corrected a misstatement of $1.2 billion relating to the valuation of its assets after significant deliberation on key judgements and assumptions, with TAHE adopting higher risk assumptions in its valuation when compared to the relevant market benchmarks.
On 18 December 2021, a Heads of Agreement (HoA) was signed between TAHE, Transport for NSW, Sydney Trains and NSW Trains. This HoA reflected TAHE's intention to negotiate higher access and licence fees in order to meet the shareholding ministers' revised expectation of a higher rate of return. This matter resolved the treatment of a significant accounting issue in the State’s consolidated (whole-of-government) financial statements. Refer to the Report on State Finances tabled on 9 February 2022. The expectation of an additional $5.2 billion in fees added to the valuation of TAHE's PPE and intangibles, with a final value of $17.15 billion.
The implementation of AASB 1059 ‘Service Concession Arrangements: Grantors’ resulted in a net increase in assets of $23.5 billion across the cluster. AASB 1059 had a significant impact on Transport for NSW, Sydney Metro, Sydney Ferries and TAHE's 2020–21 financial statements.
TAHE corrected a misstatement of $97.2 million relating to the application of AASB 1059 'Service Concession Arrangements: Grantors' for the Airport Link Company Contract.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the cluster.

Section highlights

The number of findings reported to management increased from 56 in 2019–20 to 73 in 2020–21.
Thirty-seven per cent were repeat findings. Many repeat issues related to information technology controls around user access management and payroll processes. These included deficiencies in the monitoring of privileged user access to key financial systems, review of user access to key financial systems and segregation of duties between preparer and reviewer for new employee hires.
Six new high-risk issues were identified in 2020–21, an increase of three compared to last year.
One high-risk issue related to conflicts of interests not being declared by all officers involved in the land acquisition process at Transport for NSW.
Five high-risk issues arose from the audit of TAHE, with respect to:
- control over TAHE assets and operations
- asset valuations
- access price build up
- detailed business modelling to support returns
- conflict of interest management.
Based on the access and licence agreements signed at 30 June 2021 between TAHE, Sydney Trains and NSW Trains, our review of the expected returns calculated by NSW Treasury did not support the assumption that there was a reasonable expectation that a sufficient rate of return could be achieved from the NSW Government's investment in TAHE.
On 14 December 2021 the shareholding ministers' increased their expectations as to TAHE's target average return from 1.5 per cent to the expected long-term inflation rate of 2.5 per cent.
On 18 December 2021 the revised shareholder expectations were confirmed in a signed Heads of Agreement. The Heads of Agreement will increase access fees paid by rail operators to TAHE by $5.2 billion.
TAHE's access and licence agreements specified fees that were well short of the IPART regulated maximum (ceiling price).
The finalisation of the access and licence agreements with Sydney Trains and NSW Trains resulted in a significant write-down of TAHE's asset value by $20.3 billion. The revaluation loss will need to be recovered as part of the shareholders’ rate of return of 2.5 per cent in order to sustain the whole-of-government accounting treatment of cash contributions recorded as an equity contribution and not a grant expense.
There was a significant adjustment to TAHE’s valuation between the financial statements originally submitted for the audit and the final, signed financial statements due to differences in risk assumptions resulting in a correction of a $1.2 billion misstatement.

Findings reported to management

The number of findings reported to management has increased, and 37 per cent of all issues were repeat issues

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.

In 2020–21, there were 73 findings raised across the cluster (56 in 2019–20) and 37 per cent of all issues were repeat issues (43 per cent in 2019–20).

In view of the recent performance audit ‘Managing Cyber Risks’ and compliance audit ‘Compliance with the NSW Cyber Security Policy’ involving the cluster, it is noted with concern that the most common repeat issues related to weaknesses in controls over information technology user access administration and password management. Moderate risk issues included completeness and accuracy of contract registers, accounting for assets and management of supplier and payroll masterfiles.

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports, and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Control deficiencies may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation, and central agency policies.

The table below describes the common issues identified across the cluster by category and risk rating.

Risk rating	Issue
Information technology
Moderate: 7 new, 4 repeat**	The financial audits identified opportunities for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with: monitoring of privileged user access user access management password configuration management.
Low: 4 new, 1 repeat***
Internal control deficiencies or improvements
High: 1 new*	The financial audits identified internal control deficiencies across key business processes, including: declarations of conflicts of interest over land acquisitions (see further details below) management of contracts and agreement register accounting for assets management of payroll and supplier masterfiles payroll processes.
Moderate: 15 new, 8 repeat**
Low: 2 new, 5 repeat***
Financial reporting
High: 3 new*	The financial audits identified opportunities for agencies to strengthen financial reporting, including: asset valuations (see further details below) detailed business modelling to support returns (see further details below) access price build-up (see further details below) timely capitalisation of completed assets.
Moderate: 3 new, 1 repeat**
Low: 2 new***
Governance and oversight
High: 1 new*	The financial audits identified opportunities for agencies to improve governance and oversight processes, including: control over TAHE assets and operations governance over Cyber Security.
Moderate: 2 new**
Non-compliance with key legislation and/or central agency policies
High: 1 new*	The financial audits identified the need for agencies to improve its compliance with key legislation and central agency policies, including: conflict of interest (COI) management outdated policies and procedures incomplete probation procedures.
Moderate: 4 new, 1 repeat**
Low: 1 new, 7 repeat***

* High-risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
** Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
*** Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based either on final management letters issued to agencies.

2020–21 audits identified six high-risk findings

High-risk findings were reported at the following cluster agencies.

Agency	Description
2020–21 findings
Transport for NSW (new finding)	Declaration of conflicts of interest in the land acquisition process In 2021, we conducted a performance audit over the Acquisition of 4–6 Grand Avenue, Camellia which examined: whether Transport for NSW conducted an effective process to purchase 4–6 Grand Avenue, Camellia whether Transport for NSW has effective processes and procedures to identify and acquire property required to deliver the NSW Government’s major infrastructure projects. The report made several recommendations over Transport for NSW’s internal policies and procedures to guide the land acquisition process. As part of the financial audit, we obtained an understanding of key controls and processes relating to the acquisition of land, relevant to the audit of the financial statements. We found that conflicts of interests were not always declared by all officers involved in the land acquisition process. Furthermore, processes for declaring conflicts of interests are not consistently applied across cluster agencies. Out of a sample of 19 land acquisitions tested, we identified: 14 instances where there was no evidence of declarations of conflicts of interests made by the team members involved in the acquisition process 2 instances where conflicts of interest declarations were completed by key members of the acquisition team only at a project level 1 instance where conflicts of interest declarations were only completed by the property negotiator and the valuer, but not the other members of the acquisition team. Management advised that the land acquisition processes, at the time of the land acquisitions, did not require formal conflicts of interests to be declared as they believe that as per Transport for NSW code of conduct, declaration is only required where the staff member considers that a potential or perceived Conflict of Interest exists. However, Transport for NSW's Procurement Policy requires the documentation of formal declarations from all staff involved in procurement activities to formally disclose any conflicts of interest or state that they do not have a conflict of interest. This matter has been included as a high-risk finding in the management letter as absence of rigorous and consistent management of conflicts of interests, and non-compliance with established policies increases the risk that Transport for NSW may be exposed to reputational damage or financial losses in relation to land acquisitions. Furthermore, this may result in lack of probity or value-for money considerations during the land acquisition process. Further details are elaborated below under 'Land acquisitions'.
Transport Asset Holding Entity of New South Wales (new finding)	Control over TAHE assets and operations The State-Owned Corporations Act 1989 maintains that all decisions relating to the operation of a statutory state-owned corporation (SOC) are to be made by or under the authority of the board. However, under the Transport Administration Act 1988 (TAA), the functions of TAHE may only be exercised under one or more operating licences issued by the portfolio minister. The current Operating Licence confers terms and conditions for TAHE to carry out its functions, and imposes constraints on TAHE, including (but not limited to): railway operations not permitted transport services not permitted TAHE must not carry out maintenance of its assets. Such operating licences are short term in nature, and the TAA allows the transport minister (portfolio minister) to grant one or more operating licences to TAHE and may amend, substitute, or impose, amend or revoke conditions of the operating licence. For the current year, the legal form of the arrangements established in its first year of operation imply TAHE has control over the assets based on the Implementation Deed and the agreements signed with the public operators. However, risks remain as TAHE is in its early stages, and the actual substance of operations will need to be observed and considered. Given the restrictions that can be placed on the entity through the Operating Licence, and the ability to make further changes to the Operating Licence and Statement of Expectations set by the portfolio minister, there is a risk there could be limitations placed on the Board of Directors to operate with sufficient independence in its decision-making with respect to the operations of TAHE. Over time, this may further impact the degree of control required by TAHE to satisfy the recognition criteria over its assets. It may also fundamentally change the presentation of TAHE’s financial statements. Future limitations to the degree of control TAHE, and its Board, can exercise over its functions may impact the degree of control TAHE has over its assets going forward. As part of the 2021–22 audit, we will monitor and assess whether, in substance, these assets continue to be controlled by TAHE and whether, in substance, TAHE can operate as an independent SOC. We require management continue to demonstrate that TAHE continues to maintain control over its assets and has the ability to operate as an independent SOC. Further details are described below under 'Transport Asset Holding Entity'.
Transport Asset Holding Entity of New South Wales (new finding)	Asset valuation The final updated valuation was based on cash flows that were in a signed Heads of Agreement, which stated that it set out the proposed indicative future access and licence fees which will form the basis of the negotiations between TAHE, Transport for NSW, Sydney Trains and NSW Trains, who will work together to review access fees and licence fees payable under the agreements and to make all necessary changes to the Operating Agreements by 1 July 2022. This adds uncertainty in the cash flows. It is crucial that TAHE formalises these updated fees in legally binding signed access and licence agreements with the relevant parties as soon as possible. Refer below for further details on the Heads of Agreement.
Transport Asset Holding Entity of New South Wales (new finding)	Conflict of interest (COI) management For procurement transactions through direct negotiation with single quotes, there was no evidence of COI declarations obtained from the consultants and contractors regarding involvement in other engagements. Contractors and consultants are required to declare actual COI. However, there was no requirement to confirm nil conflict of interest. In addition, there is a risk that perceived COI may not be adequately assessed or managed. TAHE is expected to operate as an independent SOC and would need to ensure any perceived or actual conflict of interest is adequately addressed. Management should implement a process to: ensure conflicts of interest declarations are completed when engaging all consultants and contractors (including involvement with other engagements and confirmation of nil conflicts of interests) ensure probity is undertaken to identify any actual or perceived conflicts of interest. The declarations should consider individuals and relationships that may create, or may be perceived to create, conflicts of interest.
Transport Asset Holding Entity of New South Wales (new finding)	Detailed business modelling to support returns On 18 December 2021, Transport for NSW, TAHE and the operators, Sydney Trains and NSW Trains entered into a Heads of Agreement (HoA). This HoA forms the basis of negotiations to revise the pricing within the existing 10-year contracts and deliver upon the shareholders' expectation of a return of 2.5 per cent per annum of contributed equity, including recovering the revaluation loss incurred in 2020–21. TAHE needs to revise its business plan and include detailed business modelling that supports the shareholding ministers' revised expectations of return (2.5 per cent return on the State’s equity injections and recovery of the write-down of assets over the average useful life of those assets) and align the business plan and Statement of Corporate Intent. This requires more detailed projections, estimates and plans that support how TAHE expects to recover the asset write-down and expected returns to government. The current modelling for ten years needs to be enhanced with modelling over the expected recovery period of approximately 33 years.
Transport Asset Holding Entity of New South Wales (new finding)	Access price build-up Management explained that in determining access and licence fees for the agreements with Sydney Trains and NSW Trains, assets prior to the commencement of equity injections in 2015–16 were excluded from the calculations. Management explained the premise being that these assets were previously funded by government through capital grants. The replacement and refurbishment of these assets is expected to be through government funded maintenance performed through the public rail operators and/or the equity injections from NSW Treasury rather than through access and licence fees.

The number of moderate risk findings increased from prior year

Forty-five moderate risk findings were reported in 2020–21, representing a 73.1 per cent increase from 2019–20. Of these, 14 were repeat findings, and 31 were new issues.

Key moderate risk findings related to:

weaknesses in user access management to key financial systems
management of contracts and agreements register
management of supplier and payroll masterfiles
accounting for assets
control deficiencies at service organisations
segregation of duties relating to the hiring of employees
conflict of interest management
annual leave management
review of internal audit charter
disaster recovery planning.

Transport Asset Holding Entity of New South Wales

Background

The establishment of TAHE was originally announced by the NSW Government in the 2015–16 State Budget. On 1 July 2020, the former Rail Corporation New South Wales (RailCorp), a not-for-profit entity, transitioned to the Transport Asset Holding Entity of New South Wales (TAHE), a for-profit statutory state-owned corporation under the Transport Administration Act 1988. There was no change in the structure of TAHE as a new entity was not created. Ownership remains fully with the government. TAHE, and the former RailCorp, were both classified as Public Non-Financial Corporation (PNFC) entities within the Total State Sector Accounts.

Prior to 1 July 2015, the government paid appropriations to Transport for NSW, a General Government Sector (GGS) agency, to construct transport assets. When completed, these assets were granted to the former RailCorp, a not for-profit entity within the PNFC sector. The grants to the former RailCorp were recorded as an expense in the State’s GGS budget result.

From 1 July 2015, the government announced the creation of TAHE (a dedicated asset manager). Funding for new capital projects was to be provided through equity injections and was no longer recorded as an expense to the GGS budget, even though the business model was yet to be determined. The change, as explained in the 2015–16 State Budget, was due to the expectation that the former RailCorp will transition to TAHE, which was intended, over time to provide a commercial return. That Budget also highlighted how the change, which was largely a change in the basis of accounting, was intended to improve the GGS budget result each year. In total, the GGS has contributed approximately $11.1 billion to TAHE since 2015–16. This includes the equity injections from the GGS to TAHE made in the current year of $2.4 billion.

NSW Treasury initially set a timetable for the stand-up of TAHE of 1 July 2019, which included finalising the business model, operating model and contracts for the use of TAHE's assets. The enactment of the Transport Administration Act 1988 resulted in RailCorp transitioning to TAHE on 1 July 2020, 12 months after its originally planned operational date. Contributions paid to the former RailCorp and subsequently to TAHE by the GGS were treated as equity investments from July 2015 forward. This treatment continued, despite delays in settling the business model. In 2020, the Audit Office raised a high-risk finding due to the significance of the financial reporting impacts and business risks for NSW Treasury and TAHE.

The business model adopted and the flow of funds between transport agencies in the GGS and PNFC sectors is shown in the diagram below. For further details refer to the Report on State Finances 2021.

Appendix one – Misstatements in financial statements submitted for audit

Appendix three – Financial data

Copyright notice

13 April 2022

Published

Building regulation: combustible external cladding

Finance

Local Government

Planning

Compliance

Infrastructure

Regulation

Risk

What the report is about

The report focuses on how effectively the Department of Customer Service (DCS) and Department of Planning and Environment (DPE) led reforms addressing the unsafe use of combustible external cladding on existing residential and public buildings.

Nine local councils were included in the audit because they have responsibilities and powers needed to implement the NSW Government’s reforms.

What we found

After the June 2017 Grenfell Tower fire in London, the NSW Government committed to a ten-point action plan, which included establishing the NSW Cladding Taskforce, chaired by DCS, and with DPE as a key member. The Taskforce co-ordinates and oversees the implementation of the plan.

Depending on the original source of development approval, either individual local councils or DPE are responsible for ensuring that buildings are identified, assessed, and remediated. NSW Government-owned buildings are the responsibility of each department.

Identifying buildings potentially at risk was complex and resource intensive. However, on balance, it is likely that most affected buildings have now been identified.

By October 2021, around 40 per cent of assessed high-risk buildings that are the responsibility of local councils had either been remediated or found not to pose an unacceptable fire risk.

By February 2022, almost 50 per cent of affected NSW Government-owned buildings, and 90 per cent of buildings that are the responsibility of DPE, have either been cleared or are in the process of being remediated.

Earlier guidance on some key issues could have been provided by DCS and DPE in the two years after the Grenfell Tower fire. This may have reduced confusion and inconsistency across local councils we audited, and in some NSW Government departments. This especially relates to the application of the Fair Trading Commissioner's product use ban.

Given the inherent risks posed by combustible external cladding, buildings initially assessed as low-risk may also still warrant further action.

While most high-risk buildings have likely been identified, poor information handling makes it difficult to keep track of all buildings from identification, through to risk assessment and remediation.

What we recommended

DCS and DPE should:

address the confusion surrounding the application of the Commissioner for Fair Trading's product use ban for aluminium composite panels with polyethylene content greater than 30 per cent
develop an action plan to address buildings assessed as low-risk
improve information systems to track all buildings from identification through to remediation.

Fast facts

Authority responsible for ensuring that owners make their buildings safe	Approximate number of buildings referred for further investigation*	Approximate percentage of buildings remediated or assessed to be safe
Local councils	1,200	40%
NSW Government owned	66	50%
DPE under delegation from the Minister for Planning	137	90%

*After initial inspection by Fire and Rescue NSW, and/or preliminary inquiries by the consent authority, it was identified that the building may be at high-risk of
fire from combustible external cladding.

NSW Government's response to the risks posed by combustible external cladding

The NSW Government first became aware of the potential heightened risks posed by combustible external cladding on building exteriors after the 2014 Lacrosse Tower fire in Melbourne. However, it was the tragic loss of life from the Grenfell Tower fire in London, in June 2017, that gave added urgency to the need to address these risks.

Within six weeks of the London fire, the NSW Government committed to a ten-point plan of action for NSW to:

identify and remediate any buildings with combustible external cladding
ensure that regulation prevented the unsafe use of such cladding
ensure that experts involved in providing advice and certifying fire safety measures had the necessary skills and experience.

One of the actions in the ten-point plan was the creation of the NSW Government's Fire Safety and External Wall Cladding Taskforce (the Cladding Taskforce) chaired by the Department of Customer Service (DCS) and with the Department of Planning and Environment (DPE) as a key member.

The ten-point plan also specified that NSW Government departments would be responsible, in regard to buildings they owned to '…audit their buildings and determine if they have aluminium cladding'.

Local councils play a key role in implementing the Government's reforms, given their responsibilities and powers under the Environmental Planning and Assessment Act 1979 (EPA Act) and Local Government Act 1993 (Local Government Act) to approve building works (as 'consent authorities'), as well as to ensure fire safety standards are met. DPE plays an equivalent role for a smaller number of 'State Significant Developments' for which it is the consent authority under delegation from the Minister for Planning.

Commissioner for Fair Trading's building product use ban

On 18 December 2017, the Building Products (Safety) Act 2017 (BPS Act) came into effect in NSW, introducing new laws to prevent the use of unsafe building products. Notably, the BPS Act gave the Secretary of DCS and the Commissioner for Fair Trading the power to ban unsafe uses of building products.

After an extensive consultative process, the Commissioner for Fair Trading used these powers to issue a product use ban on 15 August 2018. This banned the use of external wall cladding of aluminium composite panels with a core comprised of more than 30 per cent polyethylene by mass on new buildings, unless the proposed use was subject to independent fire propagation testing of the specific product and method of application to a building in accordance with relevant Australian Standards.

Buildings occupied before the product use ban came into force are not automatically required to have the banned product removed. Under the BPS Act, consent authorities may determine necessary actions to eliminate or minimise the risk posed by the banned material on existing buildings.

Project Remediate

Project Remediate is a three-year NSW Government program announced in November 2020. The program was designed by the NSW Government to assist building owners of multi-storey apartments (two storeys or more) with high-risk combustible cladding to remediate their building to a high standard and for a fair price.

The scheme is voluntary and includes government paying for the interest on ten-year loans, as well as incorporating assurance and project management services to provide technical and practical support to owners’ corporations and strata managing agents. Building remediations under the program are expected to commence in 2022.

About this audit

This audit assessed whether DCS and DPE effectively led reforms to manage the fire safety risk of combustible external cladding on existing residential and public buildings.

In making this assessment, we considered whether the expressed policy intent of the NSW Government's ten-point plan for fire safety reform had been achieved by asking:

are the fire safety risks of combustible external cladding on existing buildings identified and remediated?
is there a comprehensive building product safety scheme that prevents the dangerous use of combustible external cladding products on existing buildings?
is fire safety certification for combustible external cladding on existing buildings carried out impartially, ethically and in the public interest by qualified experts?

Consistent with the focus of the Cladding Taskforce on multi-storey residential buildings and public buildings, the scope of our audit is limited to buildings categorised under the Building Code of Australia (BCA) as class 2, 3 and 9. These classes are defined in detail in section 1.2, but include: multi-unit residential apartments, hotels, motels, hostels, back-packers, and buildings of a public nature, including health care buildings, schools, and aged care buildings. The scope was also limited to existing buildings, which is defined as buildings occupied by 22 October 2018.

Auditees

The Department of Customer Service chairs the NSW Government's Cladding Taskforce, which is responsible for coordinating the combustible external cladding reforms. The Commissioner of Fair Trading sits within DCS and DCS regulates the industry accreditation scheme for fire safety practitioners, as well as administering the BPS Act.

The Department of Planning and Environment administers the EPA Act and the Environmental Planning and Assessment Regulation 2000 (EPA Regulation), which regulate the building development process. As well as being the delegated consent authority for State Significant Developments, DPE is also responsible for maintaining the mandatory cladding register requiring building owners of multi-storey (BCA class 2, 3 or 9) buildings to register buildings with combustible external cladding on an online portal.

Functions and responsibilities between DCS and DPE varied over time. For example, in October 2019, the DPE building policy team responsible for co-ordinating the DPE response to the combustible cladding issue was transferred to DCS, following changes to agency responsibilities resulting from machinery of government changes. DPE advised this resulted in a lessening of DPE's subsequent policy work on combustible cladding and its involvement in the Cladding Taskforce.

While the focus of the audit was on the oversight and coordination provided by DCS and DPE, nine councils were also auditees for this performance audit. Councils play an essential part as consent authorities for building development approvals in NSW, as well as having responsibilities and powers to ensure fire safety standards. To fully understand how well their activities were overseen and coordinated, a sample of councils was included as auditees.

Nine councils were selected to represent both metropolitan and regional areas, noting that there are very few in-scope buildings in rural areas. The audited councils were:

Bayside Council
City of Canterbury Bankstown Council
Cumberland City Council
Liverpool City Council
City of Newcastle Council
City of Parramatta Council
City of Ryde Council
City of Sydney Council
Wollongong City Council.

Terminology

The two NSW Government department auditees have, over time, been subject to machinery of government changes, which have changed some of their functions and what the departments are called.

Relevant to this audit, the effect of these changes has been:

the Department of Finance, Services, and Innovation (DFSI) became the Department of Customer Services (DCS) on 1 July 2019
on 1 July 2019, the Department of Planning and Environment became the Department of Planning, Industry, and Environment (DPIE)
on 21 December 2021, DPIE became the Department of Planning and Environment (DPE).

To avoid confusion, we use the titles by which these departments are known at the date of this report: the Department of Customer Service and the Department of Planning and Environment.

Conclusion

At July 2017, immediately after the Grenfell Tower fire, there was no reliable source to identify buildings that may have had combustible external cladding. However, it is now likely that most high-risk buildings have been identified.

Following the 2014 Lacrosse Tower fire in Melbourne, the NSW Government recognised that there was a need to be able to identify buildings in NSW that could have combustible external cladding.

The process of identifying buildings that could have combustible external cladding has been complex, resource-intensive, and inefficient principally due to the lack of centralised and coordinated building records in NSW. In total, approximately 1,200 BCA class 2, 3 and 9 buildings have been brought to the attention of councils by either Fire and Rescue NSW (FRNSW), the Cladding Taskforce, or through councils' own inspection for possible further action. In addition, approximately 2,000 more buildings were inspected by FRNSW but not referred to local councils because they either had no combustible external cladding or had combustible external cladding not assessed as being high-risk.

A multi-pronged approach to identifying buildings has been used by the DCS and DPE, through the Cladding Taskforce. While it is impossible to know the full scope of potentially affected buildings, the approach appears thorough in having identified most relevant buildings.

The process of clearing buildings with combustible external cladding has been inconsistent.

In the more than four years since the NSW Government's ten-point plan was announced, around 40 per cent of the buildings brought to the attention of councils have been cleared by either rectification or being found not to pose an unacceptable fire risk. Also, around 50 per cent of NSW Government-owned buildings identified with combustible external cladding and almost 90 per cent of identified buildings for which DPE is consent authority have been cleared or remediation is underway.

While DCS and DPE did seek to work cooperatively with councils and provided high-level guidance on the NSW Government’s fire safety reforms, it took until September 2019 before a model process and other detailed advice was provided to councils to encourage consistent processes. DCS and DPE advice to councils and NSW Government-building owners should have been more timely on two key issues:

the use of experts in the process of assessing and remediating existing buildings, and
the implementation of the product use ban on aluminium composite panels with polyethylene content 30 per cent or greater.

Clarifying the application of the product use ban may require consent authorities and building owners to revisit how some buildings have been cleared.

The management of buildings assessed as low-risk by FRNSW, estimated to be over 500, has not been a priority of the Cladding Taskforce to date, despite those buildings potentially posing unacceptable fire risks.

Information management by the Cladding Taskforce is inadequate to provide a high-level of assurance that all known affected buildings have been given proper attention.

While most high-risk buildings have likely been identified, information management is not sufficiently robust to reliably track all buildings through the process from identification, through to risk assessment and, where necessary, remediation.

Reforms to certifier registration schemes are limited to new buildings and do not apply to the existing buildings covered by this audit.

While reforms are limited in application to new buildings, some consent authorities took steps to obtain greater assurance on the quality of the work done by fire safety experts regarding combustible external cladding on existing buildings. For example, by requiring fire safety experts to be appropriately qualified and requiring peer review of cladding risk assessments and proposed remediation plans.

This chapter considers the part played by DCS and DPE as key members of the Cladding Taskforce in ensuring that buildings with combustible external cladding were effectively identified and remediated through processes implemented by:

local councils or DPE, where those bodies were consent authorities under the EPA Act for the relevant buildings
in the case of NSW Government buildings, the departments that owned those buildings.

This chapter considers what has been done to deliver a comprehensive building product safety scheme that prevents the dangerous use of combustible external cladding products.

This chapter considers whether reforms have ensured that only people with the necessary skills and experience are certifying buildings and signing off on fire-safety.

Inspections of existing buildings and development of any subsequent action plans to address combustible external cladding are not activities covered by accreditation or registration schemes for building certifiers

Almost all the risk assessment and remediation work done on buildings in the scope of this audit have been undertaken under fire safety orders issued by consent authorities using their powers under the EPA Act. This has been the recommended approach by DPE and DCS since at least 2016 (that is, before the Grenfell Tower fire in London).

While there have been reforms to certifier registrations scheme, these were not intended to ensure that combustible cladding-remediation on existing buildings is supported by people with the necessary skills and experience in fire safety under the fire safety order process. Instead, they are focused on offering better assurance for work done in respect to new building projects where accredited experts certify that building work is carried out in accordance with BCA under the DCS managed certifier registration schemes.

No steps have been taken to ensure the quality of the work done by experts inspecting, assessing the fire risk and developing action plans to address combustible external cladding on existing buildings, other than where consent authorities have chosen to exercise their discretion. This includes requiring fire safety experts to be appropriately qualified and requiring peer review of some cladding risk assessments and remediation plans.

Consent authorities determine whether individuals with accreditation are required for combustible cladding inspection, risk assessments and remediation on existing buildings

Whether an individual with certifier accreditation participates in a cladding inspection, risk assessment, or remediation for an existing building will be determined by what councils as consent authorities specify in their fire safety orders unless building owners opt to use such experts without being directed to do so by the consent authority.

As discussed earlier, councils acting as consent authorities vary in whether they require building owners to engage individuals with certifier accreditation. In most of the councils we audited, A1 or C10 accredited experts were either required, or recommended, to perform functions such as auditing suspected combustible cladding, or conducting fire safety risk assessments and developing plans to rectify combustible cladding.

However, these types of work are not functions covered by the accreditation or registration schemes that apply to building and development certifiers.

Certifier accreditation schemes do not cover cladding remediation work done under fire safety orders

While councils may require or recommend that independent accredited A1 or C10 certifiers be engaged by building owners for cladding risk assessment and remediation, they are not performing those functions as certifiers — they are, in effect, more akin to expert consultants. Accordingly, how they perform their functions and duties is not covered by the legislation supporting the accreditation scheme for certifiers that was operated until July 2020 by the Building Professional Board.

Instead, their use in this process is a convenient and practical way for consent authorities to ensure that building owners use appropriate experts who have the qualifications, skills and experience needed to investigate and identify combustible cladding, and then to formulate appropriate action to deal with such cladding. However, these individuals are not performing regulated or accredited work, are not subject to regulatory oversight, and are not accountable to any accreditation body for the quality of the work they perform.

While councils could (and sometimes do) choose to decline poor quality or incomplete cladding-related work prepared by A1 or C10 certifiers, the burden of resolving poor quality would fall on the building owner, who would have to seek amended or additional risk assessments or rectification plans.

In the absence of regulatory oversight, disincentives for poor quality cladding-related work, may include litigation being commenced by the property owner, harm to the expert's reputation in a small and competitive market, and the potential impact on whether the individual could retain their professional indemnity insurance at a reasonable cost (especially in an environment when many insurance providers withdrew coverage for cladding related work).

Reforms impact on regulated experts doing work on new buildings

The reforms that commenced on 1 July 2020, replaced categories of accreditation with classes of registration, and varied the classes such that:

accredited building surveyor category A1 became registered building surveyor-unrestricted
accredited certifier—fire safety engineer category C10 became registered certifiers-fire safety.

The legislation that introduced these reforms, the Building and Development Certifiers Act 2018, also repealed the pre-existing Building Professionals Act 2005 and abolished the Building Professionals Board. The new Act was accompanied by the Building and Development Certifiers Regulation 2020.

While the scope of this audit is limited to existing buildings, we note that there are buildings with combustible external cladding that are yet to be remediated. Just as these processes previously drew on the expertise of A1 and C10 category certifiers, it seems inevitable that the remediation of existing buildings will continue to draw on the expertise of the equivalent new classes of registered building surveyor-unrestricted and registered certifier-fire safety.

Appendix one – Response from agencies

Appendix two – About the audit

Appendix three – Performance auditing

Copyright notice

Parliamentary reference - Report number #364 - released 13 April 2022.

17 December 2021

Published

Planning, Industry and Environment 2021

Environment

Industry

Local Government

Planning

Asset valuation

Financial reporting

Information technology

Internal controls and governance

Risk

This report analyses the results of our audits of the Planning, Industry and Environment cluster agencies for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no outstanding matters relating to audits in the Planning, Industry and Environment cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.

What the report is about

The results of the Planning, Industry and Environment cluster agencies' financial statements audits for the year ended 30 June 2021.

What we found

Unmodified audit opinions were issued for all completed 30 June 2021 financial statements audits of cluster agencies. Three audits are ongoing.

An 'Other Matter' paragraph was included in the Independent Planning Commission's (the IPC) audit opinion because the prior year comparative figures were not audited. Prior to 2020–21, the IPC was not required to prepare separate financial statements under the Public Finance and Audit Act 1983 (PF&A Act). The financial reporting provisions of the Government Sector Finance Act 2018 now require the IPC to prepare financial statements.

The number of identified misstatements increased from 51 in 2019–20 to 54 in 2020–21.

The 2010–11 to 2019–20 audits of the Water Administration Ministerial Corporation’s (the Corporation) financial statements are incomplete due to insufficient records and evidence to support the transactions of the Corporation, particularly for the earlier years. Management has commenced actions to improve the governance and financial management of the Corporation. These audits are currently in progress and the 2020–21 audit will commence shortly.

There are 609 State controlled Crown land managers (CLMs) across New South Wales that predominantly manage small parcels of Crown land.

Eight CLMs prepared and submitted 2019–20 financial statements by the revised deadline of 30 June 2021. A further 24 CLMs did not prepare financial statements in accordance with the PF&A Act. The remaining CLMs were not required to prepare 2019–20 financial statements as they met NSW Treasury's financial reporting exemption criteria.

The Department of Planning, Industry and Environment's (the department) preliminary assessment indicates that 60 CLMs are required to prepare financial statements in 2020–21. To date, no CLMs have prepared and submitted financial statements for audit in 2020–21.

There are also 120 common trusts that have never submitted financial statements for audit. Common trusts are responsible for the care, control and management of land that has been set aside for specific use in a certain locality, such as grazing, camping or bushwalking.

What the key issues were

The number of matters we reported to management increased from 135 in 2019–20 to 180 in 2020–21, of which 40 per cent were repeat findings.

Seven high-risk issues were identified in 2020–21:

system control deficiencies at the department relating to user access to HR and payroll management systems, vendor master data management and journal processing, which require manual reviews to mitigate risks
deficiencies related to the Centennial Park and Moore Park Trust's tree assets valuation methodology
the Lord Howe Island Board did not regularly review and monitor privileged user access rights to key information systems
the Natural Resources Access Regulator identified and adjusted three prior period errors retrospectively, which indicate deficiencies within the financial reporting processes
deficiencies relating to the Parramatta Park Trust's tree assets valuation methodology
lease arrangements have not been confirmed between the Planning Ministerial Corporation and Office of Sport regarding the Sydney International Regatta Centre
the Wentworth Park Sporting Complex land manager (the land manager) has a $6.5 million loan with Greyhound Racing NSW (GRNSW). GRNSW requested the land manager to repay the loan. However, the land manager subsequently requested GRNSW to convert the loan to a grant. Should this request be denied, the land manager would not be able to continue as a going concern without financial support. This matter remains unresolved for many years.

There continues to be significant deficiencies in Crown land records. The department uses the Crown Land Information Database (CLID) to record key information relating to Crown land in New South Wales that are managed and controlled by the department and land managers (including councils and land managers controlled by the state). The CLID system was not designed to facilitate financial reporting and the department is required to conduct extensive adjustments and reconciliations to produce accurate information for the financial statements.

The department is implementing a new system to record Crown land (the CrownTracker project). The department advised that the project completion date will be confirmed by June 2022.

What we recommended

The department should ensure CLMs and common trusts meet their statutory reporting obligations.

Cluster agencies should prioritise and action recommendations to address internal control deficiencies, with a focus on addressing high-risk and repeat issues.

The department should prioritise action to ensure the Crown land database is complete and accurate. This will allow the department and CLMs to be better informed about the Crown land they control.

Fast facts

The Planning, Industry and Environment cluster aims to make the lives of people in New South Wales better by developing well-connected communities, preserving the environment, supporting industries and contributing to a strong economy.

There are 54 agencies, 609 State controlled Crown land managers that predominantly manage small parcels of Crown land and 120 common trusts in the cluster.

42% of the area of NSW is Crown land
$33.2b water and electricity infrastructure as at 30 June 2021
100% unqualified audit opinions were issued for all completed 30 June 2021 financial statements audits
7 high-risk management letter findings were identified
54 monetary misstatements were reported in 2020–21
40% of reported issues were repeat issues

This report provides parliament and other users of the Planning, Industry and Environment cluster (the cluster) agencies’ financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning, Industry and Environment cluster (the cluster) for 2021.

Section highlights

Unmodified audit opinions were issued for all completed 30 June 2021 financial statements audits of cluster agencies. Three audits are ongoing.
An 'Other Matter' paragraph was included in the Independent Planning Commission’s (the IPC) audit opinion because the prior year comparative figures were not audited. Prior to 2020–21, the IPC was not required to prepare separate financial statements under the Public Finance and Audit Act 1983. From 2020–21, the IPC is required to prepare financial statements under the Government Sector Finance Act 2018.
The 2010–11 to 2019–20 audits of the Water Administration Ministerial Corporation’s (the Corporation) financial statements were incomplete due to insufficient records and evidence to support the transactions of the Corporation, particularly for the earlier years. These audits are currently underway, and the 2020–21 audit will commence shortly.
The Department of Planning, Industry and Environment's (the department) preliminary assessment indicates that 60 State controlled Crown land managers (CLMs) are required to prepare financial statements in 2020–21. To date, no CLMs have prepared and submitted financial statements for audit in 2020–21. All 120 common trusts have never submitted their financial statements for audit. The department needs to do more to ensure that the CLMs and common trusts meet their statutory reporting obligations.
Nine agencies that were required to perform early close procedures did not complete a total of 20 mandatory procedures. The most common incomplete early close procedures include the revaluation of property, plant and equipment, documenting all significant management judgments and assumptions, and the implementation of new and updated accounting standards.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statements audits of agencies in the Planning, Industry and Environment cluster.

Section highlights

The number of findings reported to management has increased from 135 in 2019–20 to 180 in 2020–21, and 40 per cent were repeat issues.
Seven high-risk issues were identified in 2020–21, and three high-risk findings were repeat issues.
There continues to be significant deficiencies in Crown land records. The department should prioritise action to ensure the Crown land database is complete and accurate.

Appendix one - Misstatements in financial statements submitted for audit

Appendix one – Misstatements in financial statements submitted for audit

Copyright notice

16 December 2021

Published

Stronger Communities 2021

Justice

Community Services

Financial reporting

Internal controls and governance

This report analyses the results of our audits of the Stronger Communities cluster agencies for the year ended 30 June 2021.

As there are no outstanding matters relating to audits in the Stronger Communities cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.

What the report is about

The results of the Stronger Communities cluster agencies' financial statement audits for the year ended 30 June 2021.

What we found

Unqualified audit opinions were issued for all 30 June 2021 financial statements of cluster agencies.

Eleven of the 15 cluster agencies required to submit 2020–21 early close financial statements and other mandatory procedures did not meet the statutory deadline. Five agencies did not perform all mandatory procedures.

The implementation of AASB 1059 'Service Concession Arrangements: Grantors' had a significant impact on the Department of Communities and Justice's (the department) 2020–21 financial statements. The department applied a modified retrospective approach upon initial adoption at 1 July 2020 and recognised service concession assets and liabilities of $1.0 billion and $1.2 billion respectively (relating to three correctional centres with private sector operators).

The department was, this year for the first time, able to reliably measure Incurred But Not Reported (IBNR) claims relating to its Victims Support Scheme. The department recorded a liability of $200 million at 30 June 2021. Liabilities for Child Sexual Assault IBNR claim continue to be not recorded on the basis they are unable to be reliably measured.

The number of monetary misstatements identified during the audit of the financial statements for the cluster increased from 61 in 2019–20 to 72 in 2020–21.

What the key issues were

The number of issues reported to management decreased from 191 in 2019–20 to 172 in 2020–21. However, 45 per cent were repeat issues related to information technology, governance and oversight controls.

Seven high risk issues were identified in 2020–21, an increase of five compared to last year. High risk issues related to deficiencies in IT access controls at Sydney Cricket and Sports Ground Trust; a lack of a formal agreement between the Office of Sport and Planning Ministerial Corporation over the management of a sporting venue; asset revaluations at both Fire and Rescue NSW and the Trustees of the Anzac Memorial Building; and three issues related to revenue recognition control deficiencies at New South Wales Aboriginal Land Council and two of its subsidiaries.

What we recommended

Cluster agencies should ensure all applicable mandatory early close procedures are completed and the outcomes provided to the audit team in accordance with the deadlines set by NSW Treasury.

We recommend cluster agencies action recommendations to address internal control weaknesses promptly. Focus should be given to addressing high risk and repeat issues.

Fast facts

The Stronger Communities cluster, consisting of 28 agencies, aims to deliver community services that support a safe and just New South Wales.

$14.0b property, plant and equipment as at 30 June 2021
$20.9b total expenditure incurred in 2020–21
100% unqualified audit opinions were issued for all 30 June 2021 financial statements
7 high risk management letter findings were identified
72 monetary misstatements were reported in 2020–21
45% of reported issues were repeat issues.

This report provides Parliament and other users of the Stronger Communities cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster (the cluster) for 2021.

Section highlights

Unqualified audit opinions were issued for all 30 June 2021 financial statements of cluster agencies including the acquittal and compliance audits for the Legal Aid Commission of New South Wales and Crown Solicitor's Office.
An 'Other Matter' paragraph was included within the Multicultural NSW and Office of the Ageing and Disability Commissioner’s Independent Auditor's Report. While the paragraph did not modify the audit opinion, it noted the agencies did not have a signed instrument of delegation from their responsible Minister(s) to incur expenditure for the 2020–21 financial year and therefore were non‑compliant with section 5.5 of the Government Sector Finance Act 2018 .
11 of the 15 cluster agencies required to submit 2020–21 early close financial statements and all other mandatory procedures did not meet the statutory deadlines. The agencies cited changes in key staff, delays in finalising actuarial and valuation work and the timing of Audit and Risk Committee meetings as the main reasons for not meeting the deadlines. Five agencies did not complete all mandatory procedures.
The Department of Communities and Justice (the department) was, for the first time, able to reliably measure and record a liability of $200 million at 30 June 2021 for Incurred But Not Reported (IBNR) claims relating to its Victims Support Scheme. Child Sexual Assault IBNR claim liabilities continue to be not recorded on the basis they are still unable to be reliably measured.
The International Financial Reporting Standards Interpretations Committee released an agenda decision on 'Configuration or customisation costs in a cloud computing arrangement' (the IFRIC agenda decision). The department treated the financial impacts of the IFRIC agenda decision as a change in accounting policy and retrospectively recorded prepaid assets and expenses of $52.3 million and $90.5 million respectively relating to intangible assets they had previously capitalised.
The implementation of AASB 1059 'Service Concession Arrangements: Grantors' had a significant impact on the department's 2020–21 financial statements. The department applied a modified retrospective approach upon initial adoption at 1 July 2020 and recognised service concession assets and liabilities of $1.0 billion and $1.2 billion respectively in relation to three correctional centres with private sector operators.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.

Section highlights

The number of issues reported to management has decreased from 191 in 2019–20 to 172 in 2020–21, and 45 per cent were repeat issues. Many repeat issues related to information technology, governance and oversight controls.
Seven high risk issues were identified in 2020–21, an increase of five compared to last year.
The two high risk issues identified in 2019–20 relating to New South Wales Institute of Sport were resolved.

Findings reported to management

The overall number of findings has decreased, but the level of repeat issues increased

In 2020–21, there were 172 findings raised across the cluster (191 in 2019–20). 45 per cent of all issues were repeat issues (32 per cent in 2019–20).

Repeat issues largely related to weaknesses in controls over information technology (IT), governance and oversight.

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision‑making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.

2020–21 audits identified seven high risk findings

High risk findings were reported at the following cluster agencies. Two high risk findings reported in 2019–20 were resolved.

Agency	Description
2020–21 findings
Sydney Cricket and Sports Ground Trust (new finding) *	The audit of Sydney Cricket and Sports Ground Trust's IT access controls identified: activity (audit) logs of privileged access within iPOS (purchasing system) and Microsoft Dynamics (sales system) are not maintained and periodically reviewed by an independent officer the review of privileged activity logs of booking system Event Business Management Software (EBMS) is not formally documented 8 generic super user accounts are being shared across four IT systems including iPOS, Microsoft Dynamics, EBMS and SUN (accounting system). The matter has been included as a high risk finding in the management letter as there is an increased risk of: unauthorised transactions and changes to financial data unauthorised users gaining access to financial systems data breaches or financial loss.
Fire and Rescue NSW (new finding)	Fire and Rescue NSW (FRNSW) completed a comprehensive revaluation of its fire appliances in 2020–21. The audit of the revaluation found there was inadequate analysis and quality control by management over the valuation process prior to the outcomes being included in the financial statements. FRNSW had 57 fleet assets that have not been revalued due to problems with data supplied by the valuer. The written down value: did not agree to the valuer's calculations for 28 assets was provided by the valuer for 29 assets, but there were no supporting calculations. These assets have been left at their previous book values of $3.0 million. The accounting standards require the entire class of assets to be revalued when a revaluation is performed. The review also found: inconsistent valuation of vehicles of the same make, model, age and specifications errors had been made when the previous valuation was uploaded into the fixed asset register the valuer incorrectly included additional equipment in the replacement cost estimate for vehicles that did not have that equipment. The matter has been included as a high risk finding as it resulted in monetary misstatements and caused delays to the overall timeframes for the audit.
New South Wales Aboriginal Land Council (NSWALC) (new finding)	The audit of NSWALC's revenue identified there was no formal assessment of relevant contracts for the nature, amount and timing of revenue recognition before preparing the financial statements. This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to revenue transactions.
NSWALC Employment and Training Limited (new finding)	The audit of NSWALC Employment and Training Limited's revenue found: there was no formal assessment of relevant contracts for the nature, amount and timing of revenue recognition before preparing the financial statements the financial statements' preparation did not include updated accounting policies reflecting the requirements of AASB 15 'Revenue from Contracts with Customers' (AASB 15) and AASB 1058 'Income of Not-for-Profit Entities' (AASB 1058). This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to revenue transactions.
NSWALC Housing Limited (new finding)	The audit of NSWALC Housing Limited's revenue identified it: did not perform formal assessments of relevant contracts for the nature, amount and timing of revenue recognition before preparing the financial statements deferred revenue recognition for funding received from NSWALC (the parent entity). There are no sufficiently specific performance obligations in the funding letter, hence revenue should be recognised on receipt of the funding recognised rental income from managing properties from the Aboriginal Housing Office (AHO) without considering the agreement, which requires remittance of profit to the AHO the financial statements did not include updated accounting policies according to the requirements of AASB 15 and AASB 1058. This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to revenue transactions.
Office of Sport (new finding)	The Olympic Co-ordination Authority Dissolution Act 2002 transferred the assets, rights and liabilities relating to the Sydney International Regatta Centre (SIRC) to the Planning Ministerial Corporation (the Corporation) effective from 1 July 2002. The Corporation recognised the related land assets but did not recognise any of the built assets at the time of transfer. The total value of the land and built assets at 30 June 2021 was $13.8 million and $11.2 million (written down value) respectively. The SIRC has been managed by the Office of Sport (the Office) for many years in accordance with a not yet executed management agreement. It appears there was a clear intention in 2005 that the control of SIRC built assets was to be transferred from the then Department of Planning to the then Department of Tourism, Sport and Recreation (a predecessor of the Office), through the exchange of letters between the relevant Ministers and an Administrative Order (the Order). The Order transferred the SIRC staff from the then Department of Planning to the then Department of Tourism, Sport and Recreation. However, it was silent on whether the relevant built assets were transferred. Currently, the Office recognises the SIRC built assets in the financial statements whilst the Corporation recognises the land assets as the legal owner of the property. This matter has been included as a high risk finding as the lack of a formal management agreement casts doubt over the accounting treatment of SIRC property.
The Trustees of the Anzac Memorial Building (new finding)	The audit of the Trustees of the Anzac Memorial Building's property, plant and equipment identified: the fixed assets register for plant and equipment had not previously included sufficient detail about the individual assets to which costs related to reconcile it to the work performed by management's valuation expert the financial statements did not meet the requirement of AASB 108 ‘Accounting Policies, Changes in Accounting Estimates and Errors’ to disclose the nature and reason why it corrected a prior period error of $778,000. This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to property, plant and equipment.

* The finding related to the former Sydney Cricket and Sports Ground Trust (based on the completion audit for the period 1 March 2020 to 30 November 2020). This agency was dissolved and transferred to Venues NSW on 1 December 2020.

Recommendation (repeat issue)

We recommend cluster agencies action recommendations to address internal control weaknesses promptly. Focus should be given to addressing high risk and repeat issues.

The table below describes issues commonly identified across the cluster by category and risk rating.

Risk rating	Issue
Information technology
High³ 1 new	The financial audits identified weaknesses in information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues with: user access administration cyber security including governance arrangements, monitoring of third-party system access and patch management password security and policy parameters development, review and testing of disaster recovery plans.
Moderate² 8 new, 22 repeat
Low¹ 5 new, 6 repeat
Internal control deficiencies or improvements
High³ 1 new	The financial audits identified internal control weaknesses across the following key business processes: expenditure, including the approval of purchase requisitions and review of open purchase orders supplier and employee masterfile maintenance segregation of duties.
Moderate² 6 new, 3 repeat
Low¹ 23 new, 7 repeat
Financial reporting
High³ 4 new	The financial audits identified weaknesses in financial reporting processes, including: fully depreciated assets still in use, indicating the need to perform more frequent assessments of useful lives of assets robustness of property, plant and equipment asset revaluations incomplete or inaccurate recording of balances in the financial statements.
Moderate² 9 new, 1 repeat
Low¹ 11 new, 5 repeat
Governance and oversight
High³ 1 new	The financial audits identified areas where agencies could strengthen governance and oversight processes, including: review and update of policies and procedures formalising existing key business arrangements records management practices.
Moderate² 5 new, 11 repeat
Low¹ 12 new, 8 repeat
Non-compliance with key legislation and/or central agency policies
Moderate² 7 new, 6 repeat	The financial audits identified the need for agencies to improve their compliance with key legislation and/or central agency policies, including: management of excessive annual leave balances existence of and compliance with financial delegations related party transactions disclosures from key management personnel.
Low¹ 2 new, 8 repeat

⁴ Extreme risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.

³High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
² Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
¹ Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.

The number of moderate risk findings decreased from prior year

Seventy‑eight moderate risk findings were reported in 2020–21, representing a 22 per cent decrease from 2019–20. Of these, 43 were repeat findings, and 35 were new issues.

Moderate risk findings reported in 2020–21 include:

weaknesses in governance arrangements, including outdated policies and procedures and arrangements that do not align with NSW Government guidelines, such as the NSW Government Procurement Policy Framework and NSW Cyber Security Policy
weaknesses in user access administration including:
- user access reviews
- monitoring of privileged user access and activities
- password policy configuration
cyber security improvements including:
- implementation and update of governance arrangements
- monitoring of third‑party system access
- patch management improvement
outdated instruments of financial delegation and non‑compliance with established financial delegations
weaknesses in supplier and employee masterfile maintenance.