Reports
Planning, Industry and Environment 2021
This report analyses the results of our audits of the Planning, Industry and Environment cluster agencies for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no outstanding matters relating to audits in the Planning, Industry and Environment cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.
What the report is about
The results of the Planning, Industry and Environment cluster agencies' financial statements audits for the year ended 30 June 2021.
What we found
Unmodified audit opinions were issued for all completed 30 June 2021 financial statements audits of cluster agencies. Three audits are ongoing.
An 'Other Matter' paragraph was included in the Independent Planning Commission's (the IPC) audit opinion because the prior year comparative figures were not audited. Prior to 2020–21, the IPC was not required to prepare separate financial statements under the Public Finance and Audit Act 1983 (PF&A Act). The financial reporting provisions of the Government Sector Finance Act 2018 now require the IPC to prepare financial statements.
The number of identified misstatements increased from 51 in 2019–20 to 54 in 2020–21.
The 2010–11 to 2019–20 audits of the Water Administration Ministerial Corporation’s (the Corporation) financial statements are incomplete due to insufficient records and evidence to support the transactions of the Corporation, particularly for the earlier years. Management has commenced actions to improve the governance and financial management of the Corporation. These audits are currently in progress and the 2020–21 audit will commence shortly.
There are 609 State controlled Crown land managers (CLMs) across New South Wales that predominantly manage small parcels of Crown land.
Eight CLMs prepared and submitted 2019–20 financial statements by the revised deadline of 30 June 2021. A further 24 CLMs did not prepare financial statements in accordance with the PF&A Act. The remaining CLMs were not required to prepare 2019–20 financial statements as they met NSW Treasury's financial reporting exemption criteria.
The Department of Planning, Industry and Environment's (the department) preliminary assessment indicates that 60 CLMs are required to prepare financial statements in 2020–21. To date, no CLMs have prepared and submitted financial statements for audit in 2020–21.
There are also 120 common trusts that have never submitted financial statements for audit. Common trusts are responsible for the care, control and management of land that has been set aside for specific use in a certain locality, such as grazing, camping or bushwalking.
What the key issues were
The number of matters we reported to management increased from 135 in 2019–20 to 180 in 2020–21, of which 40 per cent were repeat findings.
Seven high-risk issues were identified in 2020–21:
- system control deficiencies at the department relating to user access to HR and payroll management systems, vendor master data management and journal processing, which require manual reviews to mitigate risks
- deficiencies related to the Centennial Park and Moore Park Trust's tree assets valuation methodology
- the Lord Howe Island Board did not regularly review and monitor privileged user access rights to key information systems
- the Natural Resources Access Regulator identified and adjusted three prior period errors retrospectively, which indicate deficiencies within the financial reporting processes
- deficiencies relating to the Parramatta Park Trust's tree assets valuation methodology
- lease arrangements have not been confirmed between the Planning Ministerial Corporation and Office of Sport regarding the Sydney International Regatta Centre
- the Wentworth Park Sporting Complex land manager (the land manager) has a $6.5 million loan with Greyhound Racing NSW (GRNSW). GRNSW requested the land manager to repay the loan. However, the land manager subsequently requested GRNSW to convert the loan to a grant. Should this request be denied, the land manager would not be able to continue as a going concern without financial support. This matter remains unresolved for many years.
There continues to be significant deficiencies in Crown land records. The department uses the Crown Land Information Database (CLID) to record key information relating to Crown land in New South Wales that are managed and controlled by the department and land managers (including councils and land managers controlled by the state). The CLID system was not designed to facilitate financial reporting and the department is required to conduct extensive adjustments and reconciliations to produce accurate information for the financial statements.
The department is implementing a new system to record Crown land (the CrownTracker project). The department advised that the project completion date will be confirmed by June 2022.
What we recommended
The department should ensure CLMs and common trusts meet their statutory reporting obligations.
Cluster agencies should prioritise and action recommendations to address internal control deficiencies, with a focus on addressing high-risk and repeat issues.
The department should prioritise action to ensure the Crown land database is complete and accurate. This will allow the department and CLMs to be better informed about the Crown land they control.
Fast facts
The Planning, Industry and Environment cluster aims to make the lives of people in New South Wales better by developing well-connected communities, preserving the environment, supporting industries and contributing to a strong economy.
There are 54 agencies, 609 State controlled Crown land managers that predominantly manage small parcels of Crown land and 120 common trusts in the cluster.
- 42% of the area of NSW is Crown land
- $33.2b water and electricity infrastructure as at 30 June 2021
- 100% unqualified audit opinions were issued for all completed 30 June 2021 financial statements audits
- 7 high-risk management letter findings were identified
- 54 monetary misstatements were reported in 2020–21
- 40% of reported issues were repeat issues
This report provides parliament and other users of the Planning, Industry and Environment cluster (the cluster) agencies’ financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Planning, Industry and Environment cluster (the cluster) for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statements audits of agencies in the Planning, Industry and Environment cluster.
Section highlights
|
Appendix one - Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Stronger Communities 2021
This report analyses the results of our audits of the Stronger Communities cluster agencies for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no outstanding matters relating to audits in the Stronger Communities cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.
What the report is about
The results of the Stronger Communities cluster agencies' financial statement audits for the year ended 30 June 2021.
What we found
Unqualified audit opinions were issued for all 30 June 2021 financial statements of cluster agencies.
Eleven of the 15 cluster agencies required to submit 2020–21 early close financial statements and other mandatory procedures did not meet the statutory deadline. Five agencies did not perform all mandatory procedures.
The implementation of AASB 1059 'Service Concession Arrangements: Grantors' had a significant impact on the Department of Communities and Justice's (the department) 2020–21 financial statements. The department applied a modified retrospective approach upon initial adoption at 1 July 2020 and recognised service concession assets and liabilities of $1.0 billion and $1.2 billion respectively (relating to three correctional centres with private sector operators).
The department was, this year for the first time, able to reliably measure Incurred But Not Reported (IBNR) claims relating to its Victims Support Scheme. The department recorded a liability of $200 million at 30 June 2021. Liabilities for Child Sexual Assault IBNR claim continue to be not recorded on the basis they are unable to be reliably measured.
The number of monetary misstatements identified during the audit of the financial statements for the cluster increased from 61 in 2019–20 to 72 in 2020–21.
What the key issues were
The number of issues reported to management decreased from 191 in 2019–20 to 172 in 2020–21. However, 45 per cent were repeat issues related to information technology, governance and oversight controls.
Seven high risk issues were identified in 2020–21, an increase of five compared to last year. High risk issues related to deficiencies in IT access controls at Sydney Cricket and Sports Ground Trust; a lack of a formal agreement between the Office of Sport and Planning Ministerial Corporation over the management of a sporting venue; asset revaluations at both Fire and Rescue NSW and the Trustees of the Anzac Memorial Building; and three issues related to revenue recognition control deficiencies at New South Wales Aboriginal Land Council and two of its subsidiaries.
What we recommended
Cluster agencies should ensure all applicable mandatory early close procedures are completed and the outcomes provided to the audit team in accordance with the deadlines set by NSW Treasury.
We recommend cluster agencies action recommendations to address internal control weaknesses promptly. Focus should be given to addressing high risk and repeat issues.
Fast factsThe Stronger Communities cluster, consisting of 28 agencies, aims to deliver community services that support a safe and just New South Wales.
|
This report provides Parliament and other users of the Stronger Communities cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster (the cluster) for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.
Section highlights
|
Findings reported to management
The overall number of findings has decreased, but the level of repeat issues increased
Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.
In 2020–21, there were 172 findings raised across the cluster (191 in 2019–20). 45 per cent of all issues were repeat issues (32 per cent in 2019–20).
Repeat issues largely related to weaknesses in controls over information technology (IT), governance and oversight.
A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision‑making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.
2020–21 audits identified seven high risk findings
High risk findings were reported at the following cluster agencies. Two high risk findings reported in 2019–20 were resolved.
| Agency | Description |
| 2020–21 findings | |
| Sydney Cricket and Sports Ground Trust (new finding) * | The audit of Sydney Cricket and Sports Ground Trust's IT access controls identified:
|
| Fire and Rescue NSW (new finding) | Fire and Rescue NSW (FRNSW) completed a comprehensive revaluation of its fire appliances in 2020–21. The audit of the revaluation found there was inadequate analysis and quality control by management over the valuation process prior to the outcomes being included in the financial statements. FRNSW had 57 fleet assets that have not been revalued due to problems with data supplied by the valuer. The written down value:
The review also found:
|
| New South Wales Aboriginal Land Council (NSWALC) (new finding) | The audit of NSWALC's revenue identified there was no formal assessment of relevant contracts for the nature, amount and timing of revenue recognition before preparing the financial statements. This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to revenue transactions. |
| NSWALC Employment and Training Limited (new finding) | The audit of NSWALC Employment and Training Limited's revenue found:
|
| NSWALC Housing Limited (new finding) | The audit of NSWALC Housing Limited's revenue identified it:
|
| Office of Sport (new finding) |
The Olympic Co-ordination Authority Dissolution Act 2002 transferred the assets, rights and liabilities relating to the Sydney International Regatta Centre (SIRC) to the Planning Ministerial Corporation (the Corporation) effective from 1 July 2002. The Corporation recognised the related land assets but did not recognise any of the built assets at the time of transfer. The total value of the land and built assets at 30 June 2021 was The SIRC has been managed by the Office of Sport (the Office) for many years in accordance with a not yet executed management agreement. It appears there was a clear intention in 2005 that the control of SIRC built assets was to be transferred from the then Department of Planning to the then Department of Tourism, Sport and Recreation (a predecessor of the Office), through the exchange of letters between the relevant Ministers and an Administrative Order (the Order). The Order transferred the SIRC staff from the then Department of Planning to the then Department of Tourism, Sport and Recreation. However, it was silent on whether the relevant built assets were transferred. Currently, the Office recognises the SIRC built assets in the financial statements whilst the Corporation recognises the land assets as the legal owner of the property. This matter has been included as a high risk finding as the lack of a formal management agreement casts doubt over the accounting treatment of SIRC property. |
| The Trustees of the Anzac Memorial Building (new finding) |
The audit of the Trustees of the Anzac Memorial Building's property, plant and equipment identified:
This matter has been included as a high risk finding as it contributed to material monetary misstatements and disclosure deficiencies relating to property, plant and equipment. |
Recommendation (repeat issue)We recommend cluster agencies action recommendations to address internal control weaknesses promptly. Focus should be given to addressing high risk and repeat issues. |
The table below describes issues commonly identified across the cluster by category and risk rating.
| Risk rating | Issue |
| Information technology | |
|
High3 |
The financial audits identified weaknesses in information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues with:
|
|
Moderate2 |
|
| Low1 5 new, 6 repeat |
|
| Internal control deficiencies or improvements | |
|
High3 |
The financial audits identified internal control weaknesses across the following key business processes:
|
|
Moderate2 |
|
|
Low1 |
|
| Financial reporting | |
|
High3 |
The financial audits identified weaknesses in financial reporting processes, including:
|
|
Moderate2 |
|
|
Low1 |
|
| Governance and oversight | |
| High3 1 new |
The financial audits identified areas where agencies could strengthen governance and oversight processes, including:
|
| Moderate2 5 new, 11 repeat |
|
| Low1 12 new, 8 repeat |
|
| Non-compliance with key legislation and/or central agency policies | |
| Moderate2 7 new, 6 repeat |
The financial audits identified the need for agencies to improve their compliance with key legislation and/or central agency policies, including:
|
| Low1 2 new, 8 repeat |
|
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
1 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.
The number of moderate risk findings decreased from prior year
Seventy‑eight moderate risk findings were reported in 2020–21, representing a 22 per cent decrease from 2019–20. Of these, 43 were repeat findings, and 35 were new issues.
Moderate risk findings reported in 2020–21 include:
- weaknesses in governance arrangements, including outdated policies and procedures and arrangements that do not align with NSW Government guidelines, such as the NSW Government Procurement Policy Framework and NSW Cyber Security Policy
- weaknesses in user access administration including:
- user access reviews
- monitoring of privileged user access and activities
- password policy configuration
- cyber security improvements including:
- implementation and update of governance arrangements
- monitoring of third‑party system access
- patch management improvement
- outdated instruments of financial delegation and non‑compliance with established financial delegations
- weaknesses in supplier and employee masterfile maintenance.
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Regional NSW 2021
This report analyses the results of our audits of the Regional NSW cluster agencies for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no outstanding matters relating to audits in the Regional NSW cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.
What the report is about
The results of the Regional NSW cluster (the cluster) agencies’ financial statement audits for the year ended 30 June 2021.
What we found
Unmodified audit opinions were issued for all completed 30 June 2021 financial statement audits of cluster agencies. Four audits are ongoing.
The number of misstatements identified in the financial statements of cluster agencies decreased from 27 in 2019–20 to seven in 2020–21.
The Department corrected an understatement of $82.2 million in prepaid income related to the Bushfire Clean-up Program.
What the key issues were
Local Land Services (LLS) undertook a comprehensive revaluation of asset improvements on land reserves used for moving stock (travelling stock reserves).
The revaluation process identified that improvements on land reserves, with a value of $93.0 million, had not been previously recognised in the financial statements. LLS corrected this error by restating the 2019–20 comparative balances in its 2020–21 financial statements.
The Forestry Corporation of NSW revalued its biological assets that comprise approximately 225,000 hectares of softwood plantations and 34,000 hectares of hardwood forests. The current year valuation resulted in $71.4 million decrement in the total biological assets from $824.9 million in 2019–20 to $753.5 million in 2020–21.
The number of matters reported to management decreased from 36 in 2019–20 to 19 in 2020–21. Twelve moderate risk issues were identified and 47 per cent of reported issues were repeat issues.
What we recommended
Cluster agencies should prioritise and action recommendations to address internal control deficiencies.
Fast factsThe Regional NSW cluster plans and delivers regional programs and infrastructure to respond to regional issues, creating and preserving regional jobs, driving regional economy, growing existing and supporting emerging industries. There are 31 agencies in the cluster.
|
This report provides Parliament and other users of the Regional NSW cluster agencies’ financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Regional NSW cluster for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Regional NSW cluster.
Section highlights
|
Appendix one - Misstatements in financial statements submitted for audit
Appendix two - Early close procedures
Appendix three - Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Fast-tracked Assessment Program
What the report is about
This report examines the effectiveness of the Fast-tracked Assessment Program, administered by the Department of Planning, Industry and Environment (DPIE) between April 2020 and October 2020.
The program aimed to support the construction industry during the COVID-19 crisis by accelerating the final assessment stages for planning proposals and development applications.
DPIE selected projects and planning proposals for fast tracked assessment that demonstrated the potential to:
- deliver jobs
- progress to the next stage of development within six months of determination
- deliver public benefit.
The audit assessed whether the Fast-tracked Assessment Program achieved its objectives while complying with planning controls.
What we found
Through tranches three to six of the program, DPIE successfully accelerated the final stages of 53 assessments. DPIE reported that 89 per cent of these proceeded to the next stage of development within six months.
Assessment of projects and planning proposals was compliant with legislation and other requirements. However, the audit found gaps in DPIE's management of conflicts of interest.
DPIE has not evaluated or costed the program and is not able to demonstrate the extent to which it provided support to the construction industry during COVID-19.
Aspects of the program have been incorporated into longer term reforms to create a new level of transparency over the progress and status of planning assessments.
What we recommended
DPIE should:
- strengthen controls over conflicts of interest
- evaluate the Fast-tracked Assessment Program.
Fast facts
Construction industry support
- The program aimed at providing immediate support to the construction industry during the COVID-19 crisis
59 fast-tracked projects
- 59 projects and 42 planning proposals projects were assessed in six tranches
89% of all fast-tracked assessments in tranches three to six progressed to the next stage of the planning process within six months of determination
In April 2020, the Department of Planning, Industry and Environment (DPIE) introduced programs aimed at providing immediate support to the construction industry during the COVID-19 crisis. One of these was the Fast-tracked Assessment Program. This program identified planning proposals and development applications (DAs), across six tranches, that were partially-assessed and could be accelerated to determination.
In accordance with the program objectives, the planning proposals and DAs selected for fast-tracked assessment had to:
- deliver jobs – particularly in the construction industry
- be capable of progressing to the next stage of development within six months of determination
- deliver public benefit.
At the same time, the Fast-tracked Assessment Program was to lay a foundation for future reform of the planning system by piloting changes in the assessment process that could be adopted in the medium to long term.
This audit assessed whether the Fast-tracked Assessment Program achieved its objectives while complying with planning controls. The audit focused on tranches three to six of the program, which were determined between July 2020 and October 2020. The rationale for focusing on these four tranches was that the program design had been slightly modified after the first two tranches to address identified risks.
Conclusion
Through tranches three to six of the Fast-tracked Assessment Program, DPIE successfully accelerated the final stages of 53 assessments. DPIE’s internal monitoring indicates that 31 DAs and 16 planning proposals selected in these tranches proceeded to the next stage of development within six months of determination. DPIE achieved this while also successfully managing the risk of non-compliance with planning controls arising from the accelerated process. While DPIE has incorporated components of the Fast-tracked Assessment Program into other longer-term reforms, it has not evaluated the program and is not able to demonstrate the extent to which the program provided support to the construction industry during COVID-19.
Between April and October 2020, DPIE adopted a case management approach to accelerate the final stages of assessment for 42 planning proposals and 59 DAs in six tranches. Tranches three to six were the focus of this audit and included 22 planning proposals and 31 DAs. Applicants involved in the program were expected to progress their projects to the next stage of development within six months of determination. While DPIE had no way of compelling applicants to do this and relied on non-binding commitments obtained from applicants, DPIE’s internal monitoring indicates that 47 of the 53 applicants selected in tranches three to six honoured this commitment.
Fast-tracked assessment only applied to the final stages of assessment and required DPIE staff and other stakeholders to work towards a determination deadline. DPIE effectively used a case management approach to manage the risk that the accelerated timeframe could result in planning controls not being fully compliant with legislation. There is some room for improvement in the process, as four of 28 staff assessing planning proposals and DAs had not lodged current conflict of interest declarations.
Based on the results of and learnings from the Fast-tracked Assessment Program, DPIE has incorporated some elements of the program into other longer-term reforms. There is now increased transparency about when applicants can expect to receive a planning determination and DPIE has also introduced a case management approach for strategic and high priority planning applications. Applicants benefiting from case-managed assessment are now required to commit to a formal service charter that specifies the obligations of both DPIE and the applicant.
DPIE has not evaluated the Fast-tracked Assessment Program to understand the costs and benefits of the program, nor which aspects of the program were most effective as a basis for future reform.
Appendix one – Response from agency
Appendix two – Planning determination pathways
Appendix three – About the audit
Appendix four – Performance auditing
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #354 - released (27 July 2021).
Addressing public inquiry recommendations - Emergency response agencies
The Auditor-General for New South Wales, Margaret Crawford, released a report today examining how effectively NSW emergency response agencies address public inquiry recommendations.
The audit found that agencies’ governance arrangements to address public inquiry recommendations have important and consistent gaps.
The agencies did not sufficiently verify that they had implemented accepted recommendations as intended, and in line with the outcomes sought. This creates a risk that issues with disaster prevention or responses highlighted by public inquiries are not addressed in a complete or timely way and may persist or recur in the future.
The audit also found that agencies did not always nominate milestone dates or priority rankings for accepted recommendations, and so could not demonstrate they were managing or monitoring them effectively.
The audit examined how five emergency response agencies – Fire and Rescue NSW, National Parks and Wildlife Service, NSW Rural Fire Service, NSW State Emergency Service and Resilience NSW – have addressed accepted recommendations from public inquiries over the last ten years. The audit assessed the effectiveness of governance arrangements to track recommendation implementation.
The report makes six recommendations to improve disaster response agency arrangements to address public inquiry recommendations.
While the focus of this audit was agencies that responded to natural disasters, the findings and recommendations from this report have the potential to be applied across the NSW public sector in response to public inquiries related to other areas of government activity.
Major disasters and emergencies often trigger public post-event inquiries and reviews. The purpose of these reviews is to identify the causes of disaster or emergency events and areas for future improvement in prevention, preparedness, response and recovery. Areas identified for future improvement are then the subject of recommendations to government or government agencies and, when accepted, become public commitments to action.
Responses to the bushfires of 2019–20 followed this pattern, producing both NSW and Australian Government commissioned inquiries: the NSW Bushfire Inquiry and the Royal Commission into National Natural Disaster Arrangements. Both highlighted the significant volume of inquiries in recent years. Both asked whether agency responses to previous inquiries were improving Australia's capacity to prevent, prepare for, respond to and recover from natural disasters. The inquiries reflected on the difficulty of answering this question due to insufficient clarity and transparency on whether the improvements and risks that inquiries identified have been addressed in practice.
This audit stems from similar questions about how effectively government agencies in NSW are delivering on public inquiry recommendations. It assessed how five emergency response agencies have addressed accepted recommendations from 17 public inquiries over the last ten years. For this audit, we considered inquiries and reviews that affected agencies' operational capacity to respond to and recover from bushfire, floods and storms. The in scope public inquiries for this audit relate to:
- the 2013–14, the 2016–17 and the 2017–18 bushfire seasons
- severe storms and floods in 2015, 2016 and 2017
- workforce issues affecting the ability of agencies to respond to natural disasters.
The public inquiries we reviewed included coronial inquiries and inquests, parliamentary inquiries, independent reports and reviews, performance audits and recovery coordinator reports. In total, we looked at the processes that agencies used to implement 191 recommendations from these 17 public inquiries.
The objective of this audit was to determine how effective emergency response agencies are in addressing accepted recommendations from public inquiries. To answer our audit objective, we asked two questions:
- Do agencies have effective governance arrangements in place to respond to, monitor and implement accepted recommendations from public reviews and inquiries?
- Do agencies provide timely and accurate information on the implementation of accepted inquiry recommendations to senior decision makers and the public?
The agencies reviewed were:
- Fire and Rescue NSW
- NSW National Parks and Wildlife Service (now a division of the Department of Planning, Industry and Environment)
- NSW Rural Fire Service
- NSW State Emergency Service
- Resilience NSW (formerly the Ministry for Police and Emergency Services; and the Office of Emergency Management).
While the focus of this audit was agencies that respond to natural disasters (flood, bushfire and storms), the findings and recommendations from this report have the potential to be applied across the NSW public sector in response to public inquiries related to other areas of government activity.
Conclusion
The arrangements used by NSW emergency response agencies to address public inquiry recommendations have important and consistent gaps.
For two-thirds of the recommendations reviewed as part of this audit, the agencies did not sufficiently verify that they had been implemented as intended, and in line with the outcomes sought. This exposes risks that gaps in disaster responses are not addressed in a complete or timely way and persist or recur in the future.
Two-thirds of the recommendations reviewed as part of this audit had also not been allocated milestone dates or priority rankings, and as such the audited agencies are less accountable and could not demonstrate they were managing or monitoring them effectively.
None of the agencies publicly report the status of actions taken to address public inquiry recommendations, limiting accountability and transparency.
The agencies subject to this audit all address accepted recommendations from public inquiries with varying degrees of formality and transparency. No agency maintained a central and comprehensive approach – such as a register – to track recommendations for all public inquiries.
The agencies do not consistently review evidence that recommendations have been implemented effectively, and in line with the intention of the inquiry. The agencies also often failed to set milestone dates or test that recommendations had been actioned as committed. This increases the risk that recommendations are overlooked or not addressed in line with the intent, priority and risk of the recommendation. In turn, this raises the possibility that gaps and issues identified by public inquiries are not adequately resolved and could persist or recur in future disasters.
None of the audited agencies published a summary of progress made in implementing accepted recommendations to update the public. There are transparency and accountability benefits in doing so. This echoes the findings of the NSW Bushfire Inquiry and the Royal Commission into National Natural Disaster Arrangements. Both inquiries noted that it is difficult, and sometimes impossible, to determine the implementation status for many recommendations by publicly available information.
One factor hindering agencies from publishing this information is the lack of a consistent means of tracking public inquiry recommendation implementation. Adopting a consistent approach, within and across agencies, should help to overcome this barrier in the future.
This chapter reviews the way agencies have responded to, monitored and ensured they have implemented accepted recommendations from public inquiries.
This chapter reviews how agencies provided information to senior decision makers, agency Audit and Risk Committees and the public on the implementation of accepted recommendations from public inquiries.
Appendix one – Response from agencies
Appendix two – Identifying in scope inquiries
Appendix three – In scope inquiries
Appendix four – Recommendations reported by agencies as still in progress (detail)
Appendix five – Agency reported recommendation implementation status (unaudited)
Appendix six – About the audit
Appendix seven – Performance auditing
Copyright Notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #348 - released (22 April 2021).
Industry 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the Industry cluster. The report focuses on key observations and findings from the most recent financial audits of agencies in the cluster. Cluster agencies received unqualified audit opinions for 41 out of the 47 financial statements presented for audit for 30 June 2018. Six audits remain incomplete. 'While it is pleasing to note that unqualified audit opinions have been issued, the timeliness of financial reporting needs to be improved through better oversight, prompt resolution of issues, and an increased focus on early close procedures', the Auditor-General said.
This report analyses the results of our audits of financial statements of the Industry cluster for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the Industry cluster agencies' financial statements with the results of our audits, including our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- service delivery.
The Department of Industry (the Department) is the lead agency in a cluster of 50 agencies. Other significant agencies in the cluster include Local Land Services, New South Wales Rural Assistance Authority, Technical and Further Education Commission (TAFE NSW), various sporting agencies, Forestry Corporation NSW and Water NSW.
The cluster:
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Industry cluster for 2018.
| Observation | Conclusions and recommendations |
| 2.1 Quality of financial reporting | |
| Unqualified audit opinions were issued for 41 out of 47 financial statement audits. Six audits are continuing. The number of misstatements identified in financial statements submitted for audit increased from 73 in 2016–17 to 92 in 2017–18. |
Conclusion: Agencies continue to address financial reporting issues and ensure significant matters that may impact the audit opinion are appropriately dealt with. The increase in the number of misstatements indicates a renewed focus on quality is required. |
| 2.2 Timeliness of financial reporting | |
| Nineteen out of 37 audit opinions were issued within the statutory deadline. Delays occurred due to the time required to resolve issues identified during the audit, or to obtain appropriate evidence to support balances or disclosures in the financial statements. There were also delays in receiving the signed certification from the agency, required before we can issue an audit opinion. We reviewed the conduct of early close procedures at 17 agencies. Fifteen of these agencies were assessed as not fully addressing mandatory early close procedures. |
Recommendation: Timeliness of financial reporting should be improved through better oversight of the preparation of financial statements, prompt resolution of issues, and an increased focus on early close procedures. |
| 2.3 Key financial reporting issues | |
| Information system limitations continue at TAFE NSW. TAFE NSW implemented additional processes to verify the accuracy and completeness of revenue from student fees. | Conclusion: Procedures to address system limitations are costly, causing delays in financial reporting and increased resource commitments for staff, contractors and audit. |
| Misstatements and internal control issues continue to be identified in accounting for Crown land. | The information system used to record Crown land was not designed to facilitate efficient financial reporting. These limitations and other control weaknesses impacted the completeness and accuracy of the Department's financial statements. Recommendation: The Department should address system limitations and control weaknesses to ensure complete and accurate reporting for Crown land. |
| Unprocessed Aboriginal land claims continue to increase. | Recommendation (repeat issue): The Department should reduce unprocessed Aboriginal land claims. |
| 2.4 Financial information and sustainability | |
| Cluster agencies recorded a combined surplus of $58.0 million compared to a combined deficit of $86.0 million in the previous year. |
|
| We identified five agencies with potential sustainability issues such as low liquidity or negative net assets. | Conclusion: Adequate arrangements are in place to mitigate potential sustainability issues. These arrangements include a commitment from the Department to provide financial support if required. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Industry cluster for 2018
- the areas of focus identified in the Audit Office work program.
The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
| Observation | Conclusions and recommendations |
| 3.1 Internal control | |
| Almost one in three internal control issues identified in 2017–18 were repeat issues. | Recommendation (repeat issue): Recommendations to management to address internal control issues from prior years should be addressed promptly to reduce risks and improve processes. |
| 3.2 Information technology controls | |
| User access administration over financial systems remains an area of weakness. Two high risk and 18 moderate risk issues related to user access administration across nine agencies were identified. | Recommendation (repeat issue): Agencies' controls over administration of user access to critical systems should:
|
| 3.3 Annual work program | |
| Errors continue to be identified in the Crown land database. Instances were identified where Crown land was not recognised by the appropriate entity, or was recognised by more than one entity. |
Recommendation: The Department should ensure the Crown land database is complete and accurate so state agencies and local government councils are better informed about the Crown land they control. |
| Approximately 700 managers of Crown land do not submit financial statements required by the Public Finance and Audit Act 1983. | NSW Treasury and the Department are continuing work to clarify reporting arrangements for these entities. |
| 3.4 Managing maintenance | |
| Some cluster agencies do not monitor their backlog maintenance. Consequently, the total backlog maintenance in the Industry cluster is unknown. This impacts the reliability and consistency of information about assets and their condition. | When backlog maintenance is unknown, it is difficult for agencies to develop an accurate and effective maintenance plan that focuses on areas of highest need. It also means agencies' maintenance plans are reactive rather than preventative. Effective maintenance planning helps agencies to:
|
| Maintenance budgets in some cluster agencies are not set based on actual maintenance needs. | Recommendation: Cluster agencies should set their maintenance budgets based on identified maintenance needs to more accurately budget and prioritise expenditure. |
Agencies in the Industry cluster provide services across a wide variety of areas. This chapter outlines certain service delivery outcomes for 2017–18 for the Industry cluster. It provides important contextual information about the cluster's operation, but the data on activity levels and performance is provided by Cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited.
In our recent performance audit, Progress and measurement of Premier's Priorities, we identified 12 limitations of performance measurement and performance data. We recommended that the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all agency data sources.
Family and Community Services 2018
The Auditor-General for New South Wales, Margaret Crawford released her report today on the Family and Community Services cluster. The report focuses on key observations and findings from the most recent financial audits of agencies in the cluster. Cluster entities received unqualified audit opinions for their 30 June 2018 financial statements. Opportunities to improve the quality of financial reporting were identified and reported to management.
This report analyses the results of our audits of financial statements of the Family and Community Services cluster for the year ended 30 June 2018. The table below summarises our key observations.
This report provides NSW Parliament and other users of the financial statements of Family and Community Services' agencies with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- service delivery.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Family and Community Services cluster for 2018.
| Observation | Conclusions and recommendations |
| 2.1 Quality of financial reporting | |
| Unqualified audit opinions were issued for all cluster agencies' financial statements. | Conclusion: Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement. |
| Agencies complied with NSW Treasury’s mandatory early close requirements. Completing other early close procedures was inconsistent and not always supported by adequate evidence. |
Conclusion: There are opportunities for agencies to improve the quality of financial reporting by:
|
| 2.2 Timeliness of financial reporting | |
| Agencies completed revaluations of property, plant and equipment and submitted 31 March 2018 financial statements by the due date as required by NSW Treasury. Agencies submitted year-end financial statements by the statutory deadline. |
Conclusion: Early revaluations of property, plant and equipment contributes to agencies meeting the year-end statutory reporting deadline. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Family and Community Services cluster for 2018
- the areas of focus identified in the Audit Office annual work program.
The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each NSW Government cluster.
| Observation | Conclusions and recommendations |
| 3.1 Internal controls | |
| The 2017–18 audits reported 47 internal control weaknesses. While none were high risk, there were 15 repeat issues. |
Conclusion: Management accepted audit findings and advised they are actioning recommendations. Timely action is important to ensure internal controls operate effectively. |
| Twenty-two of these internal control weaknesses related to information technology processes and control environment. | Conclusion: Control weaknesses in information systems may compromise the integrity and security of financial data used for decision making and financial reporting. Recommendation: Agencies should strengthen user access administration to prevent inappropriate access to key IT systems by:
|
| The Department, NSW Land and Housing Corporation (LAHC) and three other cluster agencies’ contract registers are incomplete and/or inaccurate. | Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations. |
| 3.2 Audit Office annual work program | |
| Financial impact of the commissioning approach. The transfer of disability services to the National Disability Insurance Scheme and other commissioning of service delivery has contributed to a 36 per cent decrease in frontline employee numbers since 2015–16. Similarly, corporate services’ employee numbers reduced by 34 per cent. The Department’s salary costs have reduced by $232 million or 18 per cent from 2016–17. |
Conclusion: The ratio of corporate services employee numbers to support frontline and support services has remained at 1:10 since 2015–16, which indicates restructures have been planned to align with the transfer of disability services. |
| Impact of the new social housing maintenance contract Maintenance expenses have increased by about 40 per cent since the new maintenance contract commenced in April 2016. LAHC measures the benefits of the new maintenance contract such as improved tenant satisfaction. |
Conclusion: The new maintenance contract has contributed to some positive social outcomes such as tenants being employed by the contractors to conduct maintenance, as call centre operators and in administration. However, more can be done to ensure value for money is being achieved. |
| ChildStory IT Project Whilst phase one of the ChildStory IT project went 'live' in 2017–18, the planned timetable has not been met and the revised date for full implementation is end of 2018. According to the 2014–15 NSW Budget, the budget for ChildStory was $100 million over a four-year period. During the design and implementation stage, this amount was revised to $128 million, with approval of the Expenditure Review Committee. The actual cost incurred over the four years until 30 June 2018, is approximately $131 million. We identified issues with the data migration from the legacy systems to ChildStory. |
Conclusion: To inform future IT projects, we understand the Department is capturing our findings, along with the findings from the Department of Finance, Services and Innovation’s ‘Healthchecks’. |
This chapter outlines certain service delivery outcomes for 2017–18. The data on activity levels and performance is provided by Cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited.
In our recent performance audit, Progress and measurement of Premier's Priorities, we identified 12 limitations of performance measurement and performance data. We recommended that the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all agency data sources.
Central Agencies 2018
The Auditor-General for New South Wales, Margaret Crawford, released her report today on the results of the financial audits of NSW Government central agencies. The report focuses on key observations and findings from the most recent financial statement audits of agencies in the Treasury, Premier and Cabinet, and Finance, Services and Innovation clusters. While clear audit opinions were issued on all agency financial statements, the report notes that some complex accounting requirements caused significant errors in agency financial statements submitted for audit, which were corrected before the financial statements were approved.
This report analyses the results of our audits of the Treasury, Premier and Cabinet and Finance, Services and Innovation cluster agencies for the year ended 30 June 2018. The table below summarises our key observations.
This report provides parliament and other users of the NSW Government's central agencies and their cluster agencies financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- liquidity risk management
- government financial services.
The central agencies and their key responsibilities are set out below.
| Central agencies | Key central agency responsibilities | Cluster responsibilities |
| The Treasury |
|
The cluster:
|
| Department of Premier and Cabinet |
|
The cluster:
|
| Department of Finance, Services and Innovation |
|
The cluster:
|
| Public Service Commission |
|
|
A full list of agencies that this report covers by relevant cluster is included in Appendix three.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Treasury, Premier and Cabinet and Finance, Services and Innovation clusters for 2018.
| Observation | Conclusions and recommendations |
| 2.1 Quality of financial reporting | |
| Unqualified opinions were issued for all agencies' financial statements submitted to the Audit Office. Complex accounting requirements caused significant errors in some agency financial statements, which were corrected before the financial statements were approved. |
Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement. Recommendation: Agencies should respond to key accounting issues when they are identified by preparing accounting papers and engaging with Treasury, the Audit Office and their Audit and Risk Committee when these matters are identified. |
| 2.2 Timeliness of financial reporting | |
| Most agencies complied with the statutory timeframe for completion of early close procedures, 48 agencies in the Treasury cluster did not comply with the statutory requirement to prepare financial statements, and the audits of nine agencies in the Treasury cluster were not completed within the statutory timeframe. All financial statement information of the 48 agencies that did not prepare financial statements has been captured in the consolidated financial statements of their parent entity, which was subject to audit. |
Early close procedures allow financial reporting issues and risks to be addressed early in the audit process. The timeliness of financial reporting can be improved by performing more robust early close procedures. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from:
- our financial statement audits of agencies in the Treasury, Premier and Cabinet and Finance, Services and Innovation cluster for 2018
- the areas of focus identified in the Audit Office work program.
The Audit Office work program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.
| Observation | Conclusions and recommendations |
| 3.1 Internal controls | |
| The 2017–18 audits found one high risk issue and 83 moderate risk issues across the agencies. Nineteen per cent of all issues were repeat issues. | Agencies should focus on rectifying repeat issues. |
| The high risk issue at Service NSW related to several deficiencies in procurement and contract management processes. | Service NSW may not be achieving value-for-money from their procurement and contract management activities. The high risk issue should be rectified as a matter of priority. This includes updating and implementing its procurement, vendor and contract management frameworks and delivering training to key staff involved in procurement and contract management activities. |
| Property NSW has implemented several controls during the year to rectify the high risk issue identified last year related to its transition to a new property and facility management service provider. However, the service providers performance remains below expectations and there are further opportunities to improve oversight and lift performance. | Property NSW can better define roles and accountabilities with the service provider and formalise policies and processes associated with its monitoring and oversight of the service provider. Implementing relevant KPIs, receiving timely reports and providing timely review and feedback to the service provider may help to lift performance. |
| GovConnect received unqualified opinions from their service auditor on all business process controls, except for information technology controls provided by Unisys, where a qualified opinion was received from the service auditor. A qualified opinion was received because of several deficiencies in user access controls. | These internal control deficiencies increase the risk of unauthorised access to key business systems, and increase audit effort and costs associated with addressing the risks arising from the deficiencies. |
| 3.2 Audit Office annual work program | |
|
Remediation of the Barangaroo site is now estimated to cost the Barangaroo Delivery Authority in excess of net $400 million. |
Measuring the remaining costs to remediate requires the use of estimation techniques and judgements, making the actual outcome inherently uncertain. We reviewed evidence to support the provision for remediation, including future costs estimates and this evidence supported management’s estimate. |
| The State Insurance Regulatory Authority have administered the refund of $138 million in Green slip refunds to policy holders through Service NSW during 2017–18. At 30 June 2018, $112 million in refunds are yet to be claimed. We reviewed the systems and processes supporting the refund process. While we found that this supports the disbursement of refunds to policyholders there were some deficiencies in Service NSW’s project controls when the program was being developed. |
Service NSW should apply the lessons learnt from this program to other programs it is delivering or will be delivering for agencies. |
| Revenue NSW recorded $30.4 billion from taxes, fines and fees in 2017–18 ($30.0 billion in 2016–17) to support the State’s finances. |
Crown revenue has steadily increased over the last five years predominately driven by rises in payroll tax and land tax and responsibility for collection of the Emergency Services Levy transferring to Revenue NSW under the Emergency Services Levy Act 2017 effective from July 2017. |
| 3.3 Managing maintenance | |
| Place Management NSW manages significant commercial and retail leases and maintains public domain spaces and other assets around the harbour foreshore. It has consistently underspent its asset maintenance budget. In 2017–18, asset maintenance expenses were only 34 per cent of budgeted maintenance expense. Currently, Place Management NSW does not use any ratios or benchmarks to determine the adequacy of its maintenance spend or to monitor whether it is achieving its budgeted maintenance program. |
This may be contributing to a high proportion of unplanned maintenance, which Place Management NSW reports was 38 per cent of total maintenance expense in 2017–18. Place Management NSW is outsourcing its property and facilities management function from 1 December 2018 to an external service provider. |
This chapter outlines our audit observations, conclusions and recommendations specific to NSW Government agencies providing financial services.
| Observation | Conclusions and recommendation |
| 5.1 Superannuation funds | |
| The SAS Trustee Corporation (STC) Pooled Fund and the Parliamentary Contributory Superannuation (PCS) Fund are not required to comply with the prudential and reporting standards issued by the Australian Prudential Regulation Authority (APRA). However, legislation allows the responsible Minister to prescribe prudential standards, reporting and audit requirements. |
Structured and comprehensive prudential oversight of these Funds is important as they operate in a volatile financial sector, have 103,000 members and manage investments of $43.3 billion. Recommendation: Treasury should consult with the Trustees of the STC Pooled Fund and PCS Fund to prescribe appropriate prudential standards and requirements, including oversight arrangements. |
| 5.2 Insurance and compensation | |
| Nominal Insurer and NSW Self Insurance Corporation investment performance marginally exceeded benchmark over the past five years. | Investment returns can impact on the premiums required to maintain an adequate funding ratio in addition to other factors such as claims experience and discount rates. |
| The Workers Compensation Nominal Insurer (Nominal Insurer) and NSW Self Insurance Corporation's net collected premiums and contributions decreased over the past five years. | The insurance schemes' investment performance and stable claim payments have enabled less reliance on net collected premiums and contributions as a source of funding, over the past five years. |
| Reforms were introduced to manage the Home Warranty Scheme's financial sustainability risks. | The Home Warranty Scheme has not collected sufficient premiums to fund expected claims costs, since commencing operations in 2011. In 2017–18, the Crown contributed $181 million for historical shortfalls. New reforms started on 1 January 2018 enabling the Scheme to price premiums based on risk. |
Internal Controls and Governance 2018
The Auditor-General for New South Wales Margaret Crawford found that as NSW state government agencies’ digital footprint increases they need to do more to address new and emerging information technology (IT) risks. This is one of the key findings to emerge from the second stand-alone report on internal controls and governance of the 40 largest NSW state government agencies.
This report analyses the internal controls and governance of the 40 largest agencies in the NSW public sector for the year ended 30 June 2018.
This report covers the findings and recommendations from our 2017–18 financial audits that relate to internal controls and governance at the 40 largest agencies (refer to Appendix three) in the NSW public sector.
This report offers insights into internal controls and governance in the NSW public sector
This is our second report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. The way agencies deliver services increasingly relies on contracts and partnerships with the private sector. Many of these arrangements deliver front line services, but others provide less visible back office support. For example, an agency may rely on an IT service provider to manage a key system used to provide services to the community. The contract and service level agreements are only truly effective where they are actively managed to reduce risks to continuous quality service delivery, such as interruptions caused by system outages, cyber security attacks and data security breaches.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures, and report on those that present heightened risks for agencies to mitigate. This report divides these into the following five areas:
- Internal control trends
- Information technology (IT), including IT vendor management
- Transparency and performance reporting
- Management of purchasing cards and taxis
- Fraud and corruption control.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2018 cluster financial audit reports, which will be tabled in Parliament from November to December 2018.
The focus of the report has changed since last year
Last year's report topics included asset management, ethics and conduct, and risk management. We are reporting on new topics this year. We plan to introduce new topics and re-visit our previous topics in subsequent reports on a cyclical basis. This will provide a baseline against which to measure the NSW public sectors’ progress in implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Agencies selected for the volume account for 95 per cent of the state's expenditure
While we have covered only 40 agencies in this report, those selected are a large enough group to identify common issues and insights. They represent about 95 per cent of total expenditure for all NSW public sector agencies.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume presents this year’s controls and governance findings in more detail.
| Observation | Conclusions and recommendations |
|---|---|
| 2.1 High risk findings | |
| We found six high risk findings (seven in 2016–17), one of which was repeated from both last year and 2015–16. | Recommendation: Agencies should reduce risk by addressing high risk internal control deficiencies as a priority. |
| 2.2 Common findings | |
| We found several internal controls and governance findings common to multiple agencies. | Conclusion: Central agencies or the lead agency in a cluster can play a lead role in helping ensure agency responses to common findings are consistent, timely, efficient and effective. |
| 2.3 New and repeat findings | |
| Although internal control deficiencies decreased over the last four years, this year has seen a 42 per cent increase in internal control deficiencies. | The increase in new IT control deficiencies and repeat IT control deficiencies signifies an emerging risk for agencies. |
| IT control deficiencies feature in this increase, having risen by 63 per cent since last year. The number of repeat IT control deficiencies has doubled and is driven by the increasing digital footprint left by agencies as government prioritises on-line interfaces with citizens, and the number of transactions conducted through digital channels increases |
Recommendation: Agencies should reduce IT risks by:
|
Government agencies’ financial reporting is now heavily reliant on information technology (IT). IT is also increasingly important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our audits reviewed whether agencies have effective controls in place to manage both key financial systems and IT service contracts.
| Observation | Conclusions and recommendations |
|---|---|
| 3.1 Management of IT vendors | |
| Contract management framework Although 87 per cent of agencies have a contract management policy to manage IT vendors, one fifth require review. |
Conclusion: Agencies can more effectively manage IT vendor contracts by developing policies and procedures to ensure vendor management frameworks are kept up to date, plans are in place to manage vendor performance and risk, and compliance with the framework is monitored by:
|
| Contract risk management Forty-one per cent of agencies are not using contract management plans and do not assess contract risks. Half of the agencies that did assess contract risks, had not updated the risk assessments since the commencement of the contract. |
Conclusion: Instead of applying a 'set and forget' approach in relation to management of contract risks, agencies should assess risk regularly and develop a plan to actively manage identified risks throughout the contract lifecycle - from negotiation and commencement, to termination. |
|
Performance management Only 24 per cent of agencies sought assurance about the accuracy of vendor reporting against KPIs, yet sixty-seven per cent of the IT contracts allow agencies to determine performance based payments and/or penalise underperformance. |
Conclusion: Agencies are monitoring IT vendor performance, but could improve outcomes and more effectively manage under-performance by:
|
|
Transitioning services Where IT vendor contracts do make provision for transitioning-out, only 28 per cent of agencies have developed a transitioning-out plan with their IT vendor. |
Conclusion: Contract transition/phase out clauses and plans can mitigate risks to service disruption, ensure internal controls remain in place, avoid unnecessary costs and reduce the risk of 'vendor lock-in'. |
| Contract Registers Eleven out of forty agencies did not have a contract register, or have registers that are not accurate and/or complete. |
Conclusion: A contract register helps to manage an agency’s compliance obligations under the Government Information (Public Access) Act 2009 (the GIPA Act). However, it also helps agencies more effectively manage IT vendors by:
Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations. |
| 3.2 IT general controls | |
| Governance Ninety-five per cent of agencies have established policies to manage key IT processes and functions within the agency, with ten per cent of those due for review. |
Conclusion: Regular review of IT policies ensures risks are considered and appropriate strategies and procedures are implemented to manage these risks on a consistent basis. An absence of policies can lead to ad-hoc responses to risks, and failure to consider emerging IT risks and changes to agency IT environments. |
|
User access administration
|
Recommendation: Agencies should strengthen the administration of user access to prevent inappropriate access to key systems. |
| Privileged access Forty per cent of agencies do not periodically review logs of the activities of privileged users to identify suspicious or unauthorised activities. |
Recommendation: Agencies should:
|
| Password controls Twenty-three per cent of agencies did not comply with their own policy on password parameters. |
Recommendation: Agencies should ensure IT password settings comply with their password policies. |
| Program changes Fifteen per cent of agencies had deficient IT program change controls mainly related to segregation of duties and authorisation and testing of IT program changes prior to deployment. |
Recommendation: Agencies should maintain appropriate segregation of duties in their IT functions and test system changes before they are deployed. |
This chapter outlines our audit observations, conclusions and recommendations from our review of how agencies reported their performance in their 2016–17 annual reports. The Annual Reports (Statutory Bodies) Regulation 2015 and Annual Reports (Departments) Regulation 2015 (annual reports regulation) currently prescribes the minimum requirements for agency annual reports.
| Observation | Conclusion or recommendation |
| 4.1 Reporting on performance | |
|
Only 57 per cent of agencies linked reporting on performance to their strategic objectives. The use of targets and reporting performance over time was limited and applied inconsistently. |
Conclusion: There is significant disparity in the quality and consistency of how agencies report on their performance in their annual reports. This limits the reliability and transparency of reported performance information. Agencies could improve performance reporting by clearly linking strategic objectives to reported outcomes, and reporting on performance against targets over time. NSW Treasury may need to provide more guidance to agencies to support consistent and high-quality performance reporting in annual reports. |
|
There is no independent assurance that the performance metrics agencies report in their annual reports are accurate. Prior performance audits have noted issues related to the collection of performance information. For example, our 2016 Report on Red Tape Reduction highlighted inaccuracies in how the dollar-value of red tape reduction had been reported. |
Conclusion: The ability of Parliament and the public to rely on reported information as a relevant and accurate reflection of an agency's performance is limited. The relevance and accuracy of performance information is enhanced when:
|
| 4.2 Reporting on reports | |
|
Agency reporting on major projects does not meet the requirements of the annual reports regulation. Forty-seven per cent of agencies did not report on costs to date and estimated completion dates for major works in progress. Of the 47 per cent of agencies that reported on major works, only one agency reported detail about significant cost overruns, delays, amendments, deferments or cancellations. |
NSW Treasury produce an annual report checklist to help agencies comply with their annual report obligations. Recommendation: Agencies should comply with the annual reports regulation and report on all mandatory fields, including significant cost overruns and delays, for their major works in progress. |
|
The information the annual reports regulation requires agencies to report deals only with major works in progress. There is no requirement to report on completed works. Sixteen of 30 agencies reported some information on completed major works. |
Conclusion: Agencies could improve their transparency if they reported, or were required to report:
|
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency preventative and detective controls over purchasing card and taxi use for 2017–18.
| Observation | Conclusion or recommendation |
| 5.1 Management of purchasing cards | |
| Volume of credit card spend Purchasing card expenditure has increased by 76 per cent over the last four years in response to a government review into the cost savings possible from using purchasing cards for low value, high volume procurement. |
Conclusion: The increasing use of purchasing cards highlights the importance of an effective framework for the use and management of purchasing cards. |
| Policy framework We found all agencies that held purchasing cards had a policy in place, but 26 per cent of agencies have not reviewed their purchasing card policy by the scheduled date, or do not have a scheduled revision date stated within their policy. |
Recommendation: Agencies should mitigate the risks associated with increased purchasing card use by ensuring policies and purchasing card frameworks remain current and compliant with the core requirements of TPP 17–09 'Use and Management of NSW Government Purchasing Cards'. |
| Preventative controls We found that:
|
Agencies have designed and implemented preventative controls aimed at deterring the potential misuse of purchasing cards. Conclusion: Further opportunities exist for agencies to better control the use of purchasing cards, such as:
|
|
Detective controls Major reviews, such as data analytics (29 per cent of agencies) and independent spot checks (49 per cent of agencies) are not widely used. |
Agencies have designed and implemented detective controls aimed at identifying potential misuse of purchasing cards. Conclusion: More effective monitoring using purchasing card data can provide better visibility over spending activity and can be used to:
|
| 5.2 Management of taxis | |
| Policy framework Thirteen per cent of agencies have not developed and implemented a policy to manage taxi use. In addition:
|
Conclusion: Agencies can promote savings and provide more options to staff where their taxi use policies:
|
| Detective controls All agencies approve taxi expenditure by expense reimbursement, purchasing card and Cabcharge, and have implemented controls around this approval process. However, beyond this there is minimal monitoring and review activity, such as data monitoring, independent spot checks or internal audit reviews. |
Conclusion: Taxi spend at agencies is not significant in terms of its dollar value, but it is significant from a probity perspective. Agencies can better address the probity risk by incorporating taxi use into a broader purchasing card or fraud monitoring program. |
Fraud and corruption control is one of the 17 key elements of our governance lighthouse. Recent reports from ICAC into state agencies and local government councils highlight the need for effective fraud control and ethical frameworks. Effective frameworks can help protect an agency from events that risk serious reputational damage and financial loss.
Our 2016 Fraud Survey found the NSW Government agencies we surveyed reported 1,077 frauds over the three year period to 30 June 2015. For those frauds where an estimate of losses was made, the reported value exceeded $10.0 million. The report also highlighted that the full extent of fraud in the NSW public sector could be higher than reported because:
- unreported frauds in organisations can be almost three times the number of reported frauds
- our 2015 survey did not include all NSW public sector agencies, nor did it include any NSW universities or local councils
- fraud committed by citizens such as fare evasion and fraudulent state tax self-assessments was not within the scope of our 2015 survey
- agencies did not estimate a value for 599 of the 1,077 (56 per cent) reported frauds.
Commissioning and outsourcing of services to the private sector and the advancement of digital technology are changing the fraud and corruption risks agencies face. Fraud risk assessments should be updated regularly and in particular where there are changes in agency business models. NSW Treasury Circular TC18-02 NSW Fraud and Corruption Control Policy now requires agencies develop, implement and maintain a fraud and corruption control framework, effective from 1 July 2018.
Our Fraud Control Improvement Kit provides guidance and practical advice to help organisations implement an effective fraud control framework. The kit is divided into ten attributes. Three key attributes have been assessed below; prevention, detection and notification systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency fraud and corruption controls for 2017–18.
| Observation | Conclusion or recommendation |
| 6.1 Prevention systems | |
|
Prevention systems Only 54 per cent of agencies have an employment screening policy and all agencies have IT security policies, but gaps in IT security controls could undermine their policies. |
Conclusion: Most agencies have implemented fraud prevention systems to reduce the risk of fraud. However poor IT security along with other gaps in agency prevention systems, such as employment screening practices heightens the risk of fraud and inappropriate use of data. Agencies can improve their fraud prevention systems by:
|
| Twenty-three per cent of agencies were not performing fraud risk assessments and some agency fraud risk assessments may not be as robust as they could be. | Conclusion: Agencies' systems of internal controls may be less effective where new and emerging fraud risks have been overlooked, or known weaknesses have not been rectified. |
| 6.2 Detection systems | |
| Detection systems Several agencies reported they were developing a data monitoring program, but only 38 per cent of agencies had already implemented a program. |
Studies have shown data monitoring, whereby entire populations of transactional data are analysed for indicators of fraudulent activity, is one of the most effective methods of early detection. Early detection decreases the duration a fraud remains undetected thereby limiting the extent of losses. Conclusion: Data monitoring is an effective tool for early detection of fraud and is more effective when informed by a comprehensive fraud risk assessment. |
| 6.3 Notification systems | |
| Notification system All agencies have notification systems for reporting actual or suspected fraud and corruption. Most agencies provide multiple reporting lines, provide training and publicise options for staff to report actual or suspected fraud and corruption. |
Conclusion: Training staff about their obligations and the use of fraud notification systems promotes a fraud-aware culture |
Procurement and reporting of consultancy services
NSW Government agencies engage consultants to provide professional advice to inform their decision‑making. The spend on consultants is measured and reported in different ways for different purposes and the absence of a consistently applied definition makes quantification difficult.
The NSW Government’s procurement principles aim to help agencies obtain value for money and be fair, ethical and transparent in their procurement activities. All NSW Government agencies, with the exception of State Owned Corporations, must comply with the NSW Procurement Board’s Direction when engaging suppliers of business advisory services. Business advisory services include consultancy services. NSW Government agencies must disclose certain information about their use of consultants in their annual reports. The table below illustrates the detailed procurement and reporting requirements.
| Relevant guidance | Requirements | |
|---|---|---|
| Procurement of consultancy services | PBD 2015 04 Engagement of major suppliers of consultancy and other services (the Direction) including the Standard Commercial Framework (revised on 31 January 2018, shortly before it was superseded by 'PBD 2018 01') |
Required agencies to seek the Agency Head or Chief Financial Officer's approval for engagements over $50,000 and report the engagements in the Major Suppliers' Portal (the Portal). |
| PBD 2018 01 Engagement of professional services suppliers (replaced 'PBD 2015 04' in May 2018) |
Requires agencies to seek the Agency Head or Chief Financial Officer's approval for engagements that depart from the Standard Commercial Framework and report the engagements in the Portal. Exhibit 3 in the report includes the key requirements of these three Directions. |
|
| Reporting of consultancy expenditure | Annual Reports (Departments) Regulation 2015 and Annual Reports (Statutory Bodies) Regulation 2015 | Requires agencies to disclose, in their annual reports, details of consultants engaged in a reporting year. |
| Premier's Memorandum 'M2002 07 Engagement and Use of Consultants' |
Outlines additional reporting requirements for agencies to describe the nature and purpose of consultancies in their annual reports. |
We examined how 12 agencies complied with their procurement and reporting obligations for consultancy services between 1 July 2016 and 31 March 2018. Participating agencies are listed in Appendix two. We also examined how NSW Procurement supports the functions of the NSW Procurement Board within the Department of Finance, Services and Innovation.
This audit assessed:
- agency compliance with relevant procurement requirements for their use of consultants
- agency compliance with disclosure requirements about consultancy expenditure in their annual reports
- the effectiveness of the NSW Procurement Board (the Board) in fulfilling its functions to oversee and support agency procurement of consultancy services.
