What this report is about

Result of the Transport portfolio of agencies' financial statement audits for the year ended 30 June 2023.

The audit found

Unqualified audit opinions were issued for all Transport portfolio agencies.

An 'emphasis of matter' paragraph was included in the Transport Asset Holding Entity of New South Wales' (TAHE) independent auditor's report, which draws attention to management's disclosure regarding proposed changes to TAHE's operating model.

Government's decision to convert TAHE into a non-commercial Public Non-Financial Corporation may impact the future valuation and the control of TAHE's assets.

Transport for NSW's valuation of roads and bridges resulted in a net increase to its asset value by $15.7 billion.

Transport for NSW and Sydney Metro have capitalised over $300 million of tender bid costs paid to unsuccessful tender bidders relating to significant infrastructure projects. Whilst NSW Treasury policy provides clarity on the reimbursement of unsuccessful bidders' costs, clearer guidance on how to account for these costs in agency's financial statements is required.

The key audit issues were

The number of issues reported to management decreased from 53 in 2021–22 to 49 in 2022–23.

High-risk findings include:

• gaps in how Sydney Metro manages its contractors and how conflicts of interest are recorded and managed
• future financial reporting implications to account for government's proposed changes to TAHE's future operating model, including asset valuations and control assessments of assets and operations
• Parramatta Park Trust's tree assets' valuation methodology needs to be addressed.

Recommendations were made to address the identified deficiencies.

This report provides Parliament and other users of the Transport portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Transport portfolio of agencies (the portfolio) for 2023.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Transport portfolio.

Appendix one – Misstatements in financial statements submitted for audit 

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting 

Appendix four – Financial data 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What this report is about

The report assesses whether the Department of Customer Service (the department) complied with legislation and NSW government policy when it directly negotiated with Duncan Solutions to procure backend services relating to the Park'nPay app.

The Park'nPay app, developed by the department, enables users to locate and pay for parking remotely using their smart mobile device.

The audit found

The department failed to establish the grounds for entering a direct negotiation procurement strategy, without any competitive tendering, for services for the Park'nPay app. It rushed a decision to trial the app in The Rocks, without considering how this might affect its procurement obligations.

There is no evidence that the procurement achieved value for money. Despite being required by legislation, as well as mandatory NSW government policy, the department did not consider how it would ensure value for money, nor did it demonstrate an adequate understanding of what is meant by value for money on this occasion.

The department failed to implement key probity requirements. There was no effective management of conflicts of interest. Key decisions were not documented. There was a lack of clarity, transparency, and oversight of the relationship between the Minister's office and staff in the department.

The audit made recommendations about

1. making and retaining complete and accurate records, particularly on decisions to commit or expend public money
2. ensuring department staff understand how to exercise their financial delegations and procurement processes
3. ensuring that only staff with appropriate delegations are committing or approving the spending of public money
4. consistency with the contract extension provisions of the NSW Government Procurement Policy Framework, particularly regarding ensuring value for money
5. protocols to guide the interactions between department staff and Minister and Minister's staff
6. the need for proper management and oversight of contingent workers, such as contractors.

On 27 February 2019 the then Minister for Finance, Services and Property announced the commencement of a Park’nPay app trial in The Rocks precinct of Sydney.

The app was intended to enable users to locate and pay for parking remotely, using their smart mobile device such as a phone or tablet, rather than needing to physically be at a parking meter.

In July 2019, following a direct negotiation procurement conducted by the then Department of Finance, Services and Innovation, a contract was executed with Duncan Solutions for an estimated value of $1,260,600 over three-years, with three single-year options to extend. The contract required Duncan Solutions to provide development services to link the Park'nPay app to its Parking Enterprise Management System platform and to provide ongoing software support services.

This audit assessed whether the department complied with the procurement obligations that applied at the time it procured these services from Duncan Solutions.

This audit focussed on the department's processes and decision-making relating to:

• the direct negotiation with Duncan Solutions at the exclusion of any other potential supplier
• the negotiation, execution and management of the contract with Duncan Solutions.

As this audit focusses on the department's procurement and contract management processes, it does not comment on the activities of Duncan Solutions. The detailed audit objective, criteria and audit approach are in Appendix three.

The auditee is the Department of Customer Service. As a result of machinery of government changes, the Department of Finance, Services, and Innovation became the Department of Customer Service from 1 July 2019. To avoid confusion, this report simply uses ‘the department’ to refer to either. Where the report refers to the Minister, it relates to the former Minister in office at the time.

Appendix one – Response from auditee

Appendix two – Key requirements of the department's procurement manual 

Appendix three – About the audit 

Appendix four– Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #387 - released 14 December 2023

What this report is about

Results of the Stronger Communities financial statement audits for the year ended 30 June 2023.

What we found

Unqualified audit opinions were issued on all completed Stronger Communities portfolio agencies.

Machinery of government changes during the year returned the sports-related agencies to the Stronger Communities portfolio.

Resilience NSW was abolished on 16 December 2022 with most of its functions transferred to the newly created NSW Reconstruction Authority.

The Trustee for the First Australian Mortgage Acceptance Corporation (FANMAC) is a prescribed entity under the Government Sector Finance Regulation 2018. The Trustee should have presented the FANMAC's financial statements for audit after it became a GSF agency on 1 July 2020.

The number of monetary misstatements identified in our audits decreased from 42 in 2021–22 to 29 in 2022–23.

What the key issues were

In 2022–23, agencies in the portfolio recorded net revaluation uplifts to land and buildings totalling $643 million.

Out of home care and permanency support grant expenditure has increased by 27% since 2019–20. An upcoming performance audit report will focus on the timeliness and quality of the child protection services provided by the department and its non-government service providers.

A high-risk matter was raised for the department over segregation of duties deficiencies in the Justice Link system.

Four high-risk matters reported in 2021–22 have been resolved.

Thirty-three agencies were onboarded into a new government-wide enterprise resource planning system. Additional agencies will be onboarded in three tranches from April 2024 through to October 2024.

What we recommended

Portfolio agencies should:

• ensure any changes to employee entitlements are assessed for their financial statement impact under the relevant Australian Accounting Standards
• prioritise and address internal control deficiencies identified in our management letters.

This report provides Parliament and other users of the Stronger Communities portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities portfolio of agencies (the portfolio) for 2023.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities portfolio.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

This report is about

Results of the local government sector financial statement audits for the year ended 30 June 2022.

What we found

Unqualified audit opinions were issued for 83 councils, 11 joint organisations and nine county councils' financial statements.

The financial audits for two councils and two joint organisations are in progress due to accounting issues.

Fifty-seven councils and joint organisations (2021: 41) required extensions to submit their financial statements to the Office of Local Government (OLG), within the Department of Planning and Environment (the department).

The audit opinion on Kiama Municipal Council's 30 June 2021 financial statements was disclaimed due to deficient books and records.

Qualified audit opinions were issued on 43 councils' financial statements due to non-recognition of rural firefighting equipment vested under section 119 (2) of the Rural Fires Act 1997. Forty-seven councils appropriately recognised this equipment.

What we recommended

Consistent with the NSW Government's accounting position and the department's role of assessing councils' compliance with legislative responsibilities, standards or guidelines, the department should intervene where councils do not recognise vested rural firefighting equipment.

The key issues

There were 1,045 audit findings reported to councils in audit management letters, with 52% being unresolved from prior years.

What we recommended

Councils need to track progress of implementing audit recommendations, giving priority to high-risk and repeat issues.

Ninety-three high-risk matters were identified across the sector mainly relating to asset management, information technology, financial accounting and council governance procedures.

Asset valuations

Audit management letters reported 267 findings relating to asset management. Fifty-three councils had deficiencies in processes that ensure assets are fairly stated.

What we recommended

Councils need to complete timely asset valuations (repeat recommendation).

Integrity and completeness of asset source records

Fifty-two councils had weak processes over the integrity of fixed asset registers.

What we recommended

Councils need to improve controls that ensure integrity of asset records (repeat recommendation).

Cybersecurity

Our audits found that 47% of councils did not have a cyber security plan.

What we recommended

All councils need to prioritise creation of a cyber security plan to ensure data and assets are safeguarded.

Pursuant to the Local Government Act 1993 I am pleased to present my Auditor-General's report on Local Government 2022. My report provides the results of the 2021–22 financial audits of 126 councils, 11 joint organisations and nine county councils. The audits for two councils and two joint organisations are in progress due to significant accounting issues.

Unqualified audit opinions were issued for 83 councils, 11 joint organisations and nine county councils' 2021–22 financial statements. The statements for 43 councils were qualified due to non-recognition of rural firefighting equipment vested under section 119 (2) of the Rural Fires Act 1997. And the audit opinion on Kiama Municipal Council's 30 June 2021 financial statements was disclaimed due to deficiencies in books and records.

This year has again been challenging for many New South Wales local councils still recovering from the impact of emergency events and facing cost and resourcing pressures. We appreciate the efforts of council staff and management in meeting their financial reporting obligations. We share a mutual interest in raising the standard of financial management in this sector, and the importance of accurate and transparent reporting.

Disappointingly, accounting for the value of rural firefighting equipment vested in councils continued to be an unnecessary distraction and resulted in 43 councils having their financial statements qualified. We continue to recommend that the Office of Local Government should intervene where councils fail to comply with Australian Accounting Standards by not recognising assets vested to them under section 119(2) of the Rural Fires Act 1997.

Sound financial management is critical to councils' ability to instil trust and properly serve their communities. The recommendations in this report are intended to further improve their financial management and reporting capability, and encourage sound governance arrangements and cyber resilience. I am committed to continuing this work with councils in the 2022–23 year and beyond.

Margaret Crawford PSM

Auditor-General for New South Wales

Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines audit observations related to the financial reporting audit results of councils and joint organisations.

A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations, and support ethical government.

This chapter outlines the overall trends in governance and internal controls across councils and joint organisations in 2021–22.

Financial audits focus on key governance matters and internal controls supporting the preparation of councils’ financial statements. Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues are reported to management and those charged with governance through audit management letters. These letters include our observations, related implications, recommendations and risk ratings.

Total number of findings reported in audit management letters decreased

The following shows the overall findings of the 2021–22 audits reported in management letters compared with the previous year.

Appendix one – Response from the Office of Local Government within the Department of Planning and Environment

Appendix two – Status of audits

Appendix three – Councils received qualified audit opinions

Appendix four – Common reasons for council extensions

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What this report is about

Results of the financial statement audits of the public universities in NSW for the year ended 31 December 2022.

What we found

Unmodified audit opinions were issued for all ten universities.

Nine universities reported net deficits in 2022, and all showed a decline from their 2021 results.

Results were impacted by a decline in investment income and government grants.

Wage remediation provisions across the universities increased by 116% to $110 million at 31 December 2022.

Expenditure increased as universities transitioned back to face-to-face teaching with the lifting of most COVID-19 restrictions.

Revenue from overseas students decreased by 0.5% overall in 2022, although not all universities were impacted equally.

Nearly 42% of fees and charges revenue came from overseas student revenue from three countries of origin (43% in 2021).

What the key issues were

We reported 88 findings to universities on internal control deficiencies (105 in 2021).

Six high risk findings were identified (four in 2021), relating to:

• IT control deficiencies in monitoring privileged user access
• password configuration
• cyber security process improvements
• lack of security over access to EFT payment files
• the status of a university's work in assessing its liability for underpayment of staff
• inadequate review of contracts leading to incorrect accounting treatments.

Two out of 13 entities reported financial losses from cyber incidents in 2022.

Retention policies on personally identifiable information (PII) vary and universities can further reduce their PII exposure risk from cyber attack.

What we recommended

Universities should:

• conduct a comprehensive assessment of their employment agreements and historical pay practices to identify potential underpayments
• prioritise actions to address repeat findings on internal control deficiencies in a timely manner
• review their PII retention policies to ensure PII stored is limited to the entity's needs, held only for the minimum duration it is legally and operationally required, and access is strictly limited.

This report provides Parliament with the results of our financial audits of universities in New South Wales and their controlled entities in 2022, including our analysis, observations and recommendations in the following areas:

• financial reporting
• internal controls and governance
• teaching and research.

Financial reporting is an important element of good governance. Confidence and transparency in university sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of universities in NSW for 2022.

Appropriate financial controls help to ensure the efficient and effective use of resources and administration of policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of NSW universities.

Our audits do not review all aspects of internal controls and governance every year. The more significant issues and risks are included in this chapter. These, along with the less significant matters, are reported to universities for management to address.

Universities' primary objectives are teaching and research. They invest most of their resources aiming to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and their standing in international and Australian rankings.

This chapter outlines teaching and research outcomes for universities in NSW for 2022.

Appendix one – List of 2022 recommendations

Appendix two – Status of 2021 recommendations

Appendix three – Universities' controlled entities 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What the report is about

This audit assessed the effectiveness of the NSW Rural Fire Service (RFS) and local councils in planning and managing equipment for bushfire prevention, mitigation, and suppression.

What we found

The RFS has focused its fleet development activity on modernising and improving the safety of its firefighting fleet, and on the purchase of new firefighting aircraft.

There is limited evidence that the RFS has undertaken strategic fleet planning or assessment of the capability of the firefighting fleet to respond to current bushfire events or emerging fire risks.

The RFS does not have an overarching strategy to guide its planning, procurement, or distribution of the firefighting fleet.

The RFS does not have effective oversight of fleet maintenance activity across the State, and is not ensuring the accuracy of District Service Agreements with local councils, where maintenance responsibilities are described.

What we recommended

1. Develop a fleet enhancement framework and strategy that is informed by an assessment of current fleet capability, and research into appropriate technologies to respond to emerging fire risks.
2. Develop performance measures to assess the performance and capabilities of the fleet in each RFS District by recording and publicly reporting on fire response times, fire response outcomes, and completions of fire hazard reduction works.
3. Report annually on fleet allocations to RFS Districts, and identify the ways in which fleet resources align with district-level fire risks.
4. Develop a strategy to ensure that local brigade volunteers are adequate in numbers and appropriately trained to operate fleet appliances in RFS Districts where they are required.
5. Establish a fleet maintenance framework to ensure regular update of District Service Agreements with local councils.
6. Review and improve processes for timely recording of fleet asset movements, locations, and maintenance status.

This audit assessed how effectively the NSW Rural Fire Service (the RFS) plans and manages the firefighting equipment needed to prevent, mitigate, and suppress bushfires. This audit also examined the role of local councils in managing bushfire equipment fleet assets. Local councils have vested legal ownership of the majority of the land-based firefighting fleet, including a range of legislated responsibilities to carry out fleet maintenance and repairs. The RFS has responsibilities to plan and purchase firefighting fleet assets, and ensure they are ready for use in response to fires and other emergencies.

This report describes the challenges in planning and managing the firefighting fleet, including a confusion of roles and responsibilities between the RFS and local councils in relation to managing certain land-based rural firefighting fleet – a point that has been made in our Local Government financial audits over several years. This role confusion is further demonstrated in the responses of the RFS and local councils to this audit report – included at Appendix one.

The lack of cohesion in roles and responsibilities for managing rural firefighting vehicles increases the risk that these firefighting assets are not properly maintained and managed, and introduces a risk that this could affect their readiness to be mobilised when needed.

While the audit findings and recommendations address some of the operational and organisational inefficiencies in relation to rural firefighting equipment management, they do not question the legislative arrangements that govern them. This is a matter for the NSW Government to consider in ensuring the fleet arrangements are fit for purpose, and are clearly understood by the relevant agencies.

The NSW Rural Fire Service (hereafter the RFS) is the lead combat agency for bushfires in New South Wales, and has the power to take charge of bushfire prevention and response operations anywhere in the State. The RFS has responsibilities to prevent, mitigate and suppress bushfires across 95% of the State, predominantly in the non-metropolitan areas of New South Wales. Fire and Rescue NSW is responsible for fire response activity in the cities and large townships that make up the remaining five per cent of the State.

The RFS bushfire fleet is an integral part of the agency's overall bushfire risk management. The RFS also uses this fleet to respond to other emergencies such as floods and storms, motor vehicle accidents, and structural fires. Fleet planning and management is one of a number of activities that is necessary for fire mitigation and suppression.

The Rural Fires Act 1997 (Rural Fires Act) imposes obligations on all landowners and land managers to prevent the occurrence of bushfires and reduce the risk of bushfires from spreading. Local councils have fire prevention responsibilities within their local government areas, principally to reduce fire hazards near council owned or managed assets, and minor roads.

The RFS is led by a Commissioner and is comprised of both paid employees and volunteer rural firefighters. Its functions are prescribed in the Rural Fires Act and related legislation such as the State Emergency Rescue Management Act 1989. The RFS functions are also described in Bush Fire Risk Management Plans, the State Emergency Management Plan, District Service Agreements, and RFS procedural documents. Some of the core responsibilities of the RFS include:

• preventing, mitigating, and suppressing fires across New South Wales
• recruiting and managing volunteer firefighters in rural fire brigades
• purchasing and allocating firefighting fleet assets to local councils
• establishing District Service Agreements with local councils to give the RFS permissions to use the fleet assets that are vested with local councils
• carrying out fleet maintenance and repairs when authorised to do so by local councils
• inspecting the firefighting fleet
• supporting land managers and private property owners with fire prevention activity.

In order to carry out its legislated firefighting functions, the RFS relies on land-based vehicles, marine craft, and aircraft. These different firefighting appliance types are referred to in this report as the firefighting fleet or fleet assets.

RFS records show that in 2021 there were 6,345 firefighting fleet assets across NSW. Most of the land-based appliances commonly associated with firefighting, such as water pumpers and water tankers, are purchased by the RFS and vested with local councils under the Rural Fires Act. The vesting of firefighting assets with local councils means that the assets are legally owned by the council for which the asset has been purchased. The RFS is able to use the firefighting assets through District Service Agreements with local councils or groups of councils.

In addition to the land-based firefighting fleet, the RFS owns a fleet of aircraft with capabilities for fire mitigation, suppression, and reconnaissance during fire events. The RFS hires a fleet of different appliances to assist with fire prevention and hazard reduction works. These include aircraft for firefighting and fire reconnaissance, and heavy plant equipment such as graders and bulldozers for hazard reduction. Hazard reduction works include the clearance of bush and grasslands around major roads and protected assets, and the creation and maintenance of fire trails and fire corridors to assist with fire response activity.

The RFS is organised into 44 RFS Districts and seven Area Commands. The RFS relies on volunteer firefighters to assist in carrying out most of its firefighting functions. These functions may include the operation of the fleet during fire response activities and training exercises, and the routine inspection of the fleet to ensure it is maintained according to fleet service standards. Volunteer fleet inspections are supervised by the RFS Fire Control Officer.

In 2021 there were approximately 73,000 volunteers located in 1,993 rural fire brigades across the State, making the RFS the largest volunteer fire emergency service in Australia. In addition to brigade volunteers, the RFS has approximately 1,100 salaried staff who occupy leadership and administrative roles at RFS headquarters and in the 44 RFS Districts.

Local councils have legislative responsibilities relating to bushfire planning and management. Some of the core responsibilities of local councils include:

• establishing and equipping rural fire brigades
• contributing to the Rural Fire Fighting Fund
• vested ownership of land-based rural firefighting equipment
• carrying out firefighting fleet maintenance and repairs
• conducting bushfire prevention and hazard reduction activity.

The objective of this audit was to assess the effectiveness of the RFS and local councils in planning and managing equipment for bushfire prevention, mitigation, and suppression. From the period of 2017 to 2022 inclusive, we addressed the audit objective by examining whether the NSW RFS and local councils effectively:

• plan for current and future bushfire fleet requirements
• manage and maintain the fleet required to prevent, mitigate, and suppress bushfires in NSW.

This audit did not assess:

• the operational effectiveness of the RFS bushfire response
• the effectiveness of personal protective equipment and clothing
• the process of vesting of rural firefighting equipment with local councils
• activities of any other statutory authorities responsible for managing bushfires in NSW.

As the lead combat agency for the bushfire response in NSW, the RFS has primary responsibility for bushfire prevention, mitigation, and suppression.

Three local councils were selected as case studies for this audit, Hawkesbury City Council, Wagga Wagga City Council and Uralla Shire Council. These case studies highlight the ways in which the RFS and local councils collaborate and communicate in rural fire districts.

The RFS has not made significant changes to the size or composition of the firefighting fleet in the past five years and does not have an overarching strategy to drive fleet development

Since 2017, the RFS has made minimal changes to its firefighting fleet volumes or vehicle types. The RFS is taking a fleet renewal approach to fleet planning, with a focus on refurbishing and replacing ageing firefighting assets with newer appliances and vehicles of the same classification and type. While the RFS has adopted a fleet renewal approach, driven by its Appliance Replacement Program Guide, it does not have a strategy or framework to guide its future-focused fleet development. There is no document that identifies and analyses bushfire events and risks in NSW, and matches fleet resources and fleet technologies to meet those risks. The RFS does not have fleet performance measures or targets to assess whether the size and composition of the fleet is meeting current or emerging bushfire climate hazards, or fuel load risks across its 44 NSW Fire Districts.

The RFS fleet currently comprises approximately 4,000 frontline, operational firefighting assets such as tankers, pumpers, and air and marine craft, and approximately 2,300 logistical vehicles, such as personnel transport vehicles and specialist support vehicles. Of the land-based firefighting vehicles, the RFS has maintained a steady number of approximately 3,800 tankers and 65 pumpers, year on year, for the past five years. This appliance type is an essential component of the RFS land-based, firefighting fleet with capabilities to suppress and extinguish fires.

Since 2017, most RFS fleet enhancement activity has been directed to upgrades and the modernisation of older fleet assets with new safety features. There is limited evidence of research into new fleet technologies for modern firefighting. The RFS fleet volumes and fleet types have remained relatively static since 2017, with the exception of the aerial firefighting fleet. Since 2017, the RFS has planned for, and purchased, six additional aircraft to add to the existing three aircraft in its permanent fleet.

While the RFS has made minimal changes to its fleet since 2017, in 2016 it reduced the overall number of smaller transport vehicles, by purchasing larger vehicles with increased capacity for personnel transport. The consolidation of logistical and transport vehicles accounts for an attrition in fleet numbers from 7,058 in 2016, to 6,315 in 2017 as shown in Exhibit 2.

The firefighting fleet management system is not always updated in a timely manner due to insufficient RFS personnel with permissions to make changes in the system

The RFS uses a fleet management system known as SAP EAM to record the location and status of firefighting fleet assets. The system holds information about the condition of the firefighting fleet, the home location of each fleet asset, and the maintenance, servicing, and inspection records of all assets. The RFS uses the system for almost all functions related to the firefighting fleet, including the location of vehicles so that they can be dispatched during operational exercises or fire responses.

Staff at RFS Headquarters are responsible for creating and maintaining asset records in the fleet management system. RFS District staff have limited permissions in relation to SAP EAM. They are able to raise work orders for repairs and maintenance, upload evidence to show that work has been done, and close actions in the system.

RFS District staff are not able to enter or update some fleet information in the system, such as the location of vehicles. When an RFS District receives a fleet appliance, it cannot be allocated to a brigade until the location of the asset is accurately recorded in the system. The location of the asset must be updated in the SAP EAM system by staff at RFS Headquarters. District staff can request system support from staff at RFS Headquarters to enter this information. At the time of writing, the position responsible for updating the fleet management system at RFS Headquarters was vacant, and RFS District personnel reported significant wait times in response to their service requests.

The RFS conducts annual audits of SAP EAM system information to ensure data is accurate and complete. RFS staff are currently doing data cleansing work to ensure that fleet allocations are recorded correctly in the system.

Communication between brigades, local councils and the RFS needs improvement to ensure that fleet information is promptly updated in the fleet management system

RFS brigade volunteers do not have access to the fleet management system. When fleet assets are used or moved, volunteers report information about the location and condition of the fleet to RFS District staff using a paper-based form, or by email or phone. Information such as vehicle mileage, engine hours, and defects are all captured by volunteers in a logbook which is scanned and sent to RFS District staff. RFS District staff then enter the relevant information into the fleet management system, or raise a service ticket with RFS Headquarters to enter the information.

Brigade volunteers move fleet assets for a range of reasons, including for fire practice exercises. If volunteers are unable to report the movement of assets to RFS District staff in a timely manner, this can lead to system inaccuracies. Lapses and backlogs in record keeping can occur when RFS staff at district offices or at Headquarters are not available to update records at the times that volunteers report information. A lack of accurate record keeping can potentially impact on RFS operational activities, including fire response activity.

Brigade volunteers notify RFS District staff when fleet appliances are defective, or if they have not been repaired properly. District staff then enter the information into the fleet management system. The inability of volunteers to enter information into the system means they have no visibility over their requests, including whether they have been approved, actioned, or rejected.

Local councils are responsible for servicing and maintaining the firefighting fleet according to the Rural Fires Act, but this responsibility can be transferred to the RFS through arrangements described in local service agreements. Council staff record all fleet servicing and maintenance information in their local systems. The types of fleet information that is captured in local council records can vary between councils. RFS staff described the level of council reporting, and the effectiveness of this process, as 'mixed'.

Councils use different databases and systems to record fleet assets, and some councils are better resourced for this activity than others

Firefighting fleet information is recorded in different asset management systems across NSW. Each council uses its own asset management system to record details about the vested fleet assets. All three councils that were interviewed for this audit had different systems to record information about the fleet. In addition, the type of information captured by the three councils was varied.

Local councils have varying levels of resources and capabilities to manage the administrative tasks associated with the firefighting fleet. Some of the factors that impact on the ability of councils to manage administrative tasks include: the size of the council; the capabilities of the information management systems, the size of the staff team, and the levels of staff training in asset management.

Uralla Shire Council is a small rural council in northern NSW. This council uses financial software to record information about the firefighting fleet. While staff record information about the condition of the asset, its replacement value, and its depreciation, staff do not record the age of the asset, or its location. Staff manually enter fleet maintenance information into their systems. Uralla Shire Council would like to purchase asset maintenance software that generates work orders for fleet repairs and maintenance. However, the council does not have trained staff in the use of asset management software, and the small size of the fleet may not make it financially worthwhile.

The Hawkesbury City Council uses a single system to capture financial and asset information associated with the firefighting fleet. Hawkesbury is a large metropolitan council located north-west of Sydney, with a relatively large staff team in comparison with Uralla Shire Council. The Hawkesbury City Council has given RFS District staff access to their fleet information system. RFS District staff can directly raise work orders for fleet repairs and maintenance through the council system, and receive automated notifications when the work is complete.

Two of the three audited councils report that they conduct annual reviews of fleet assets to assess whether the information they hold is accurate and up-to-date.

More than half of the fleet maintenance service agreements between the RFS and local councils have not been reviewed in ten years, and some do not reflect local practices

Local councils have a legislated responsibility to service, repair, and maintain the firefighting fleet to service standards set by the RFS. Councils may transfer this responsibility to the RFS through District Service Agreements. The RFS Districts are responsible for ensuring that the service agreements are current and effective.

The RFS does not have monitoring and quality control processes to ensure that service agreements with local councils are reviewed regularly. The RFS has 73 service agreements with local councils or groups of councils. Sixty-three per cent of service agreements had not been reviewed in the last ten years. Only four service agreements specify an end date and, of those, one agreement expired in 2010 and had not been reviewed at the time of this audit.

The RFS does not have a framework to ensure that service agreements with local councils reflect actual practices. Of the three councils selected for audit, one agreement does not describe the actual arrangements for fleet maintenance practices in RFS Districts. The service agreement with Hawkesbury City Council specifies that the RFS will maintain the firefighting fleet on behalf of council when, in fact, council maintains the firefighting fleet. The current agreement commenced in 2012, and at the time of writing had not been updated to reflect local maintenance practices.

When District Service Agreements are not reviewed periodically, there is a risk that neither local councils nor the RFS have clear oversight of the status of fleet servicing, maintenance, and repairs.

RFS District Service Agreements set out a requirement that RFS and local councils establish a liaison committee. Liaison committees typically include council staff, RFS District staff, and RFS brigade volunteers. While service agreements state that liaison committees must meet periodically to monitor and review the performance of the service agreement, committee members determine when and how often the committee meets.

RFS District staff and staff at the three audited councils are not meeting routinely to review or update their service agreements. At Wagga Wagga City Council, staff meet with RFS District staff each year to report on activity to fulfil service agreement requirements. Uralla Shire Council staff did not meet routinely with RFS District staff before 2021. When liaison committees do not meet regularly, there is a risk that the RFS and local councils have incorrect or outdated information about the location, status, or condition of the firefighting fleet. Given that councils lack systems to track and monitor fleet locations, regular communication between the RFS and local councils is essential.

The RFS has not established processes to ensure that local councils and RFS District personnel meet and exchange information about the fleet. Of the three councils selected for this audit, one council had not received information about the number, type, or status of the fleet for at least five years, and did not receive an updated list of appliances until there was a change in RFS District personnel. This has impacted on the accuracy of council record keeping. Councils do not always receive notification about new assets or information about the location of assets from the RFS, and therefore cannot reflect this information in their accounting and reporting.

RFS area commands audit system records to ensure fleet inspections occur as planned, but central systems are not always updated, creating operational risks

RFS District staff are required by the Rural Fires Act to ensure the firefighting fleet is inspected at least once a year. Regular inspections of the fleet are vital to ensure that vehicles are fit-for-purpose and safe for brigade volunteers. Inspections are also fundamental to the operational readiness and capability of RFS to respond to fire incidents.

RFS Area Command personnel conduct audits of fleet maintenance data to ensure that fleet inspections are occurring as planned. These inspections provide the RFS with assurance that the fleet is being maintained and serviced by local council workshops, or third-party maintenance contractors.

Some RFS Districts run their own fleet management systems outside of the central management system. They do this to manage their fleet inspection activity effectively. Annual fleet inspection dates are programmed by staff at RFS Headquarters. Most of the inspection dates generated by RFS Headquarters are clustered together and RFS Districts need to separate inspection times to manage workloads over the year. Spreading inspection dates is necessary to avoid exceeding the capacity of local council workshops or third party contractors, and to ensure that fleet are available during the bushfire season.

The fleet inspection records at RFS Headquarters are not always updated in a timely manner to reflect actual inspection and service dates of vehicles. District staff are not able to change fleet inspection and service dates in the central management system because they do not have the necessary permissions to access the system. The usual practice is for RFS District staff to notify staff at RFS Headquarters, and ask them to retrospectively update the system. As there is a lag in updating the central database, at a point in time, the actual inspection and service dates of vehicles can be different to the dates entered in the central fleet management system.

Fleet inspection and maintenance records must be accurately recorded in the central RFS management system for operational reasons. RFS Headquarters personnel need to know the location and maintenance status of fleet vehicles at all times in order to dispatch vehicles to incidents and fires. The RFS fleet management system is integrated with a new Computer Aided Dispatch System. The Computer Aided Dispatch System assigns the nearest and most appropriate vehicles to fire incidents. The system relies on accurate fleet locations and fleet condition information in order to dispatch these vehicles.

There is a risk that RFS Headquarters' systems do not contain accurate information about the location and status of vehicles. Some may be in workshops for servicing and repair, while the system may record them as available for dispatch. As there are many thousands of fleet vehicles, all requiring an annual service and inspection, a lack of accurate record keeping has wide implications for State fire operations.

RFS is currently exploring ways to improve the ways in which fleet inspections are programmed into the fleet management system.

RFS provides funds to councils to assist with maintaining the firefighting fleet, but does not receive fleet maintenance cost information from all local councils

Each year the RFS provides local councils with a lump sum to assist with the cost of repairing and maintaining the firefighting fleet. This lump sum funding is also used for meeting the costs of maintaining brigade stations, utilities, and other miscellaneous matters associated with RFS business.

In 2020–21, the RFS provided NSW local councils with approximately $23 million for maintenance and repairs of appliances, buildings, and utilities. Ninety councils were provided with lump sum funding in 2021, receiving on average $257,000. The amounts received by individual councils ranged from $56,200 to $1,029,884.

Some councils provide itemised repairs and maintenance reports to RFS District staff, showing the work completed and the cost of that work. However, not all councils collect this information or provide it to the RFS. Local councils collect fleet maintenance information in their local council systems. In some cases, the responsibility for fleet maintenance is shared across a group of councils, and not all councils have oversight of this process.

The RFS has not taken steps to require local councils to provide itemised maintenance costings for the firefighting fleet. Thus, the RFS does not have a clear understanding of how local councils are spending their annual fleet maintenance funding allocations. The RFS does not know if the funding allocations are keeping pace with the actual cost of repairing and maintaining the fleet.

RFS District staff report that funding shortfalls are impacting on the prioritisation of fleet servicing and maintenance works in some council areas. When fleet servicing and maintenance is not completed routinely or effectively, there is a risk that it can negatively impact the overall condition and lifespan of the vehicle. Poor processes in relation to fleet maintenance and repair risk impacting on the operational capabilities of the fleet during fire events.

The timeliness and effectiveness of fleet servicing and maintenance is affected by resource levels in RFS Districts and local councils

Local councils have a legislated responsibility to service and maintain the firefighting fleet to the service standards set by the RFS. Fleet maintenance is usually done by the entity with the appropriate workshops and resources, and the maintenance arrangements are described in District Service Agreements. RFS District staff conduct annual inspections to ensure that the firefighting fleet has been serviced and maintained appropriately, and is safe for use by brigade volunteers. If the fleet has not been maintained to RFS service standards or timelines, RFS District staff may work with local councils to support or remediate these works.

The effectiveness of this quality control activity is dependent on relationships and communication between the RFS Districts and local councils. While some RFS staff reported having positive relationships with local councils, others said they struggled to get fleet maintenance work done in a timely manner. Some councils reported that funding shortfalls for fleet maintenance activity was impacting on the prioritisation of RFS fleet maintenance works. When fleet maintenance work is not completed routinely or effectively, it can negatively impact on the overall condition and lifespan of the vehicle. It can also reduce the capacity of the RFS to respond to fire events.

Fleet quality control activities are carried out by RFS District staff. In some of the smaller RFS Districts, one person is responsible for liaising with local councils and brigade volunteers about fleet maintenance and repairs. In the regions where resources are limited, there is less ability to maintain ongoing communication. This is impacting on fleet service and maintenance timelines and the timeliness of fleet monitoring activity.

The RFS has mutual support arrangements with agencies in NSW and interstate, though shared fleet levels are yet to be quantified

The RFS has arrangements with state, federal, and international fire authorities to provide mutual support during fire incidents. In NSW, the RFS has agreements with the three statutory authorities – Fire and Rescue NSW, the Forestry Corporation of NSW, and the NSW National Parks and Wildlife Service. The agreement with Fire and Rescue NSW provides a framework for cooperation and joint operations between the agencies. The agreements with the Forestry Corporation of NSW and the NSW National Parks and Wildlife Service describe the control and coordination arrangements for bush and grass fires across NSW. These arrangements are set out in legislation and incorporated into local Bush Fire Risk Management Plans.

The RFS has agreements with fire authorities in three of the four Australian states and territories that share a border with NSW – the Australian Capital Territory, Queensland, and South Australia. Each agreement sets out the arrangements for mutual assistance and joint operations, including arrangements for sharing aircraft. The agreement between the RFS and Victoria had lapsed. The RFS told the NSW Bushfire Inquiry that the agreement with Victoria would be finalised by June 2020. In June 2022, the RFS reported that the agreement was in the process of being finalised.

The arrangements for mutual aid from Western Australia, Northern Territory and Tasmania, are managed by the National Resource Sharing Centre. These agreements set out the arrangements for interstate assistance between Australian fire services, emergency services, and land management agencies in those states and territories.

These mutual support arrangements may assist during state-based fire events. However, when there are competing demands for resources, such as during the bushfires of 2019–2020, there can be limits on fleet availability. During the 2019–2020 fires, resources were stretched in all jurisdictions as these fires affected NSW, Victoria, and Queensland.

There are opportunities for the RFS and other NSW agencies to quantify fleet resources across the State and identify assets that can be mobilised for different fire activities. This form of fleet planning may be used to enhance surge capabilities during times of high fire activity. There are also opportunities for the RFS and other agencies to match the levels of shared assets to projected bushfire risks.

Appendix one – Responses from agencies 

Appendix two – About the audit 

Appendix three – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #376 - released 27 February 2023

What the report is about

Cyber Security NSW is part of the Department of Customer Service, and aims to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats.

This audit assessed the effectiveness of Cyber Security NSW's arrangements in contributing to the NSW Government's commitments under the NSW Cyber Security Strategy, in particular, increasing the NSW Government's cyber resiliency. The audit asked:

• Are internal planning and governance processes in place to support Cyber Security NSW meet its objectives? 
• Are Cyber Security NSW's roles and responsibilities defined and understood across the public sector?

What we found

Cyber Security NSW has a clear purpose that is in line with wider government policy and objectives. However, it does not clearly and consistently communicate its key objectives, with too few reliable and meaningful ways of measuring progress toward those objectives.

Cyber Security NSW does not provide adequate assurance of the cyber security maturity self assessments performed by NSW Government agencies. Department heads are accountable for ensuring their agency's compliance with NSW government policy.

Cyber Security NSW has a remit to assist local government to improve cyber resilience. However, it cannot mandate action and does not have a strategic approach guiding its efforts.

What we recommended

By 30 June 2023 the Department of Customer Service should:

1. implement an approach that provides reasonable assurance that NSW government agencies are assessing and reporting their compliance with the NSW Government Cyber Security Policy in a manner that is consistent and accurate
2. ensure that Cyber Security NSW has a strategic plan that clearly demonstrates how the functions and services provided by Cyber Security NSW contribute to meeting its purpose and achieving NSW government outcomes
3. ensure that Cyber Security NSW has a detailed, complete and accessible catalogue of services available to agencies and councils
4. develop a comprehensive engagement strategy and plan for the local government sector, including councils, government bodies, and other relevant stakeholders. 

The NSW Cyber Security Strategy details a vision for ‘…NSW to become a world leader in cyber security, protecting, growing, and advancing our digital economy’. Cyber Security NSW, located within the Department of Customer Service, has lead responsibility for one of the four commitments in the strategy: to increase the NSW Government’s cyber resilience.

Cyber Security NSW ‘aims to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats’. It does not provide broader consumer-focused services.

In August 2020, the NSW Government approved a business case to enhance the funding and remit of Cyber Security NSW to include a broader range of services and functions. As a result, Cyber Security NSW is receiving $60 million in funding from 2020–21 to 2022–23, an increase from its previous funding of around $5 million per year (which had been sourced from contributions from each NSW Government department).

The objective of this performance audit was to assess the effectiveness of Cyber Security NSW’s arrangements in contributing to the NSW Government’s commitments under the NSW Cyber Security Strategy, in particular, to increase the NSW Government’s cyber resilience.

We assessed this objective through two lines of inquiry:

1. Are internal planning and governance processes in place to support Cyber Security NSW meet its objectives?
2. Are Cyber Security NSW roles and responsibilities defined and understood across the public sector?

The Audit Office of New South Wales has reported on the topic of cyber security previously. Most recently, the Internal Controls and Governance 2022 report included findings and recommendations relating to cyber security internal controls and governance at 25 of the largest agencies in the NSW public sector. While that report is multi-agency and sought to assess the level of cyber security attained in selected agencies, this current performance audit report focuses specifically on Cyber Security NSW and how well-equipped it is to meet its whole-of-government cyber security leadership and coordination roles.

Cyber security is an evolving landscape where the nature and scale of threats are increasing. The Australian Cyber Security Centre (ACSC), the Australian Government lead agency for cyber security, reported in its in 2020–21 annual report that it received over 67,500 cybercrime reports, equating to one report of a cyber attack every eight minutes, with no sector of the economy or type of government agency immune.

Citizens of NSW are increasingly accessing online government services in this context, providing different types of sensitive personal information. This reliance and transition to digital services has increased in recent times, particularly during the COVID-19 pandemic. The NSW Legislative Council’s Portfolio Committee (the Committee) noted in the March 2021 inquiry report into cyber security in NSW that ‘a failure to get cyber security right in New South Wales represents a significant risk to the State’s economy, business and community, and will affect public trust in government’.

The Committee noted that sound cyber security practices across NSW Government agencies, which Cyber Security NSW was established to drive, will enable the State and community to leverage opportunities from the digital world. Indeed, NSW aims to become a world leader in cyber security by protecting, growing and advancing the digital economy.

Establishment of Cyber Security NSW

Prior to the establishment of Cyber Security NSW, the Office of the Government Chief Information Security Officer was responsible for cyber security across the NSW government sector. This role was announced in March 2017 and was tasked with ‘identifying areas of high risk of attack, and working across NSW agencies to share intelligence, facilitate minimum security standards, and ultimately ensure that citizens can trust in the NSW Government’s delivery of digital transformation’. At the time of this appointment, the Minister for Customer Service and Digital Government stated that ‘cyber security and risk has emerged as one of the most high-profile, borderless and rapidly evolving risks facing government’.

The Office of the Government Chief Information Security Officer was renamed on 20 May 2019 to Cyber Security NSW. Governance updates at the time note that this was undertaken to ‘better reflect the leadership and coordination role required to uplift cyber security and decision-making across NSW Government’. The establishment of Cyber Security NSW was also partly in response to the Audit Office of New South Wales 2018 performance audit report on ‘Detecting and Responding to Cyber Security Incidents’. That audit found that there was no whole-of-government capability to detect and respond effectively to cyber security incidents. Cyber Security NSW is relatively new and is established as a branch within the Department of Customer Service (DCS).

The Office of the Government Chief Information Security Officer, and subsequently Cyber Security NSW, was initially funded through a levy imposed on clusters. Funding arrangements for Cyber Security NSW changed with the announcement in August 2020 of $240 million over three years for the stated purpose of bolstering the NSW Government’s cyber security capability and creating a world leading cyber industry. This funding included direct investment of $60 million from 2020–21 to 2022–23 for Cyber Security NSW to increase its capability and capacity, with the size of the team at the time expected to grow from 25 to 100 staff. In announcing this funding, the Minister for Customer Service and Digital Government stated that ‘…this is the biggest single cyber security investment in national history and will strengthen the government's capacity to detect and respond to the fast-moving cyber threat landscape’.

Cyber Security NSW is divided into two directorates, with one directorate having a focus on operations, and the other on policy and awareness. In turn, there are seven teams within the two directorates. As at March 2022, Cyber Security NSW had 76 ongoing positions filled, five contractors and 22 vacancies.

Cyber Security NSW states that its aim ‘…is to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats. By building a stronger cyber resilience across whole-of-government, Cyber Security NSW is able to support the economic growth prosperity and efficiency of NSW’.

NSW Government Cyber Security Strategy

The NSW Government Cyber Security Strategy was released in September 2018 to ‘…guide and inform the safe management of government’s growing cyber footprint’. The 2018 Cyber Security Strategy also set out an action plan with success criteria against each of the six themes of the NSW cyber security framework. Based on a framework from the US National Institute of Standards and Technology (NIST), these themes are:

• lead
• prepare
• prevent
• detect 
• respond 
• recover.

The Strategy was revised in 2021 and combined with the Cyber Security Industry Development Strategy. The aim of this current strategy is to ‘…outline the key strategic objectives, guiding principles, and high-level focus areas that the NSW Government will use to align existing and future programs of work’. The strategy includes four NSW Government commitments to:

• increase NSW Government cyber resiliency
• help NSW cyber security businesses grow
• enhance cyber security skills and workforce 
• support cyber security research and innovation.

Cyber Security NSW has responsibility as ‘lead agency’ on the first commitment. This role requires it to set commitment objectives and focus areas for the strategy and provide central leadership and coordination of programs and initiatives.

NSW Government Cyber Security Policy

The NSW Government’s Cyber Security Policy was released in February 2019, replacing the former Digital Information Security Policy. All NSW Government agencies must comply with the Cyber Security Policy, and it was recommended for adoption by State Owned Corporations (SOC), local councils, and universities.

The current version of the Cyber Security Policy sets out a range of mandatory requirements for agencies, including: 

• annual reporting of their self-assessed levels of maturity against all the mandatory requirements of the Policy and the Australian Cyber Security Centre’s ‘Essential Eight’ requirements 
• that agencies must provide a list of their ‘crown jewels’ and high and extreme risks to their cluster Chief Information Security Officer (CISO).

The Policy sets out that Cyber Security NSW:

• may assist agencies with their implementation of the Policy with an FAQ document and guidelines on several cyber security topics
• will summarise the maturity reports provided by agencies and provide the results to the relevant governance bodies including the Cyber Security Steering Group, Secretaries’ Board, relevant committees of Cabinet, Cyber Security Senior Officers’ Group, and the ICT and Digital Leadership Group, as well as use these reports to identify common themes and areas for improvement across NSW Government.

As discussed further in Chapter 3, a mandatory guideline issued by the Secretary of the Department of Customer Service in 2020 established that departments and agencies will be subject to audits by Cyber Security NSW. This is to test compliance with the Cyber Security Policy and report these outcomes to the Secretaries’ Board.

This chapter considers whether the Department of Customer Service has a strategic plan for Cyber Security NSW that includes a consistent hierarchy of priorities, which are then reflected in workplans, and inform decisions about specific functions and activities. It also considers whether:

• there was a sound, evidence-based rationale for why Cyber Security NSW was established
• the specific services and functions Cyber Security NSW provides are adequately targeted to agency and council needs
•  there is adequate performance assessment of how the services and functions performed by Cyber Security NSW contribute to uplifting cyber maturity and increasing cyber resilience.

This chapter considers the distribution of responsibility for cyber security in the NSW public sector, as well as whether the responsibilities and roles of Cyber Security NSW are clear and understood by agencies and councils. It also considers whether Cyber Security NSW has sufficient authority and mandate to fulfill its responsibilities for both NSW Government agencies and the local government sector.

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #374 - released 8 February 2023

What the report is about

The Transport Asset Holding Entity (TAHE) is the State's custodian of rail assets. It is a state owned corporation and commenced operating on 1 July 2020.

This audit assessed the effectiveness of NSW Government agencies' design and implementation of TAHE. We audited TAHE, Transport for NSW (TfNSW) and NSW Treasury.

Separate and related audits on TAHE are reported in 'State Finances 2022', 'State Finances 2021' and 'Transport and Infrastructure 2022' reports.

What we found

The design and implementation of TAHE, which spanned seven years, was not effective.

The process was not cohesive or transparent. It delivered an outcome that is unnecessarily complex in order to support an accounting treatment to meet the NSW Government's short-term Budget objectives, while creating an obligation for future governments.

The benefits of TAHE were claimed in the 2015–16 NSW Budget before the enabling legislation was passed by Parliament in 2017. This committed the agencies to implement a solution that justified the 2015–16 Budget impacts, regardless of any challenges that arose.

Rail safety arrangements were a priority throughout TAHE's design and implementation, and risks were raised and addressed.

Agencies relied heavily on consultants on matters related to the creation of TAHE, but failed to effectively manage these engagements. Agencies failed to ensure that consultancies delivered independent advice as an input to decision-making. A small number of firms were used repeatedly to provide advice on the same topic. The final cost of TAHE-related consultancies was $22.6 million compared to the initial estimated cost of $12.9 million.

What we recommended

We recommended that the audited agencies should:

• improve accountability and transparency for major new fiscal transformation initiatives
• ensure entities do not reflect the financial impact of significant initiatives in the Budget when there is uncertainty, or it creates perverse incentives
• review record keeping practices, systems and policies to ensure compliance with the State Records Act 1998, and the NSW Government Information Classification, Labelling and Handling Guidelines
• review procurement policies to ensure that consultant use complies with all NSW Government policy requirements.

The NSW Government established the Transport Asset Holding Entity (TAHE), a statutory State Owned Corporation (SOC), on 1 July 2020 to replace the former rail infrastructure owner – RailCorp. It is the State's custodian of rail network assets, including rail tracks and other infrastructure, rolling stock, land, train stations and facilities, retail space, and signal and power systems, within metropolitan and regional New South Wales. It is responsible for $2.8 billion of major capital projects in 2022–23.

TAHE was established under Part 2 of the Transport Administration Act 1988 and is governed by a decision-making board. The Treasurer and the Minister for Finance and Employee Relations are the Shareholding Ministers of TAHE, and they annually agree performance expectations articulated in a Statement of Corporate Intent.

Whereas TAHE is the custodian of rail assets, Sydney Trains and NSW Trains operate public rail services. TAHE does not have responsibility for the operation of the heavy rail network or train services, nor does it have network control functions. TAHE, Sydney Trains and NSW Trains are in the Transport and Infrastructure cluster in the public sector (formerly the Transport cluster and renamed in April 2022), which also includes Sydney Metro and Transport for NSW (TfNSW).

TfNSW leads the Transport and Infrastructure cluster. Its role is to set the strategic direction for transport across the State. This involves the shaping of planning, policy, strategy, regulation, resource allocation and other service and non-service delivery functions for all modes of transport.

TAHE's Operating Licence is granted by the Portfolio Minister and authorises the entity to perform the functions required to acquire, develop, finance, divest and hold assets, pursuant to the Transport Administration Act 1988. The Portfolio Minister also issues a Statement of Expectations which outlines the government’s expectation for the business for the next three to five years.

TAHE's original Portfolio Minister was the Minister for Transport who approved, on 30 June 2020, the issuing of an interim 12-month Operating Licence to enable TAHE to commence operating on 1 July 2020. The Portfolio Minister then granted TAHE's current Operating Licence in 2021. After TAHE requested a 12-month extension to its current Operating Licence, its next Operating Licence is due on 1 July 2024. The current Portfolio Minister is the Minister for Infrastructure, Cities and Active Transport.

About this audit

This audit assessed the effectiveness of NSW Government agencies' design and implementation of TAHE. In making this assessment, we considered whether: 

• the process of designing and implementing TAHE was cohesive and transparent, and delivered an effective outcome
• agencies' roles and responsibilities were clear in the planning of TAHE
• agencies effectively identified and managed certain risks.

Appendix one – Responses from audited agencies, and Audit Office clarification of matters raised in the TAHE formal response 

Appendix two – Classification of government entities 

Appendix three – About the audit 

Appendix four – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #372 - released 24 January 2023

The urban renewal projects on former railway land in the Newcastle city centre are well targeted to support the objectives of the Newcastle Urban Transformation and Transport Program (the Program), according to a report released today by the Auditor-General for New South Wales, Margaret Crawford. The planned uses of the former railway land achieve a balance between the economic and social objectives of the Program at a reasonable cost to the government. However, the evidence that the cost of the light rail will be justified by its contribution to the Program is not convincing.

The Newcastle Urban Transformation and Transport Program (the Program) is an urban renewal and transport program in the Newcastle city centre. The Hunter and Central Coast Development Corporation (HCCDC) has led the Program since 2017. UrbanGrowth NSW led the Program from 2014 until 2017. Transport for NSW has been responsible for delivering the transport parts of the Program since the Program commenced. All references to HCCDC in this report relate to both HCCDC and its predecessor, the Hunter Development Corporation. All references to UrbanGrowth NSW in this report relate only to its Newcastle office from 2014 to 2017.

This audit had two objectives:

1. To assess the economy of the approach chosen to achieve the objectives of the Program.
2. To assess the effectiveness of the consultation and oversight of the Program.

We addressed the audit objectives by answering the following questions:

a) Was the decision to build light rail an economical option for achieving Program objectives?
b) Has the best value been obtained for the use of the former railway land?
c) Was good practice used in consultation on key Program decisions?
d) Did governance arrangements support delivery of the program?

Appendix one - Response from agencies    

Appendix two - About the audit

Appendix three - Performance auditing

Parliamentary reference - Report number #310 - released 12 December 2018

The Auditor-General for New South Wales, Margaret Crawford released her report today on the Family and Community Services cluster. The report focuses on key observations and findings from the most recent financial audits of agencies in the cluster. Cluster entities received unqualified audit opinions for their 30 June 2018 financial statements. Opportunities to improve the quality of financial reporting were identified and reported to management.

This report analyses the results of our audits of financial statements of the Family and Community Services cluster for the year ended 30 June 2018. The table below summarises our key observations.

This report provides NSW Parliament and other users of the financial statements of Family and Community Services' agencies with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations
• service delivery.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Family and Community Services cluster for 2018.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from:

• our financial statement audits of agencies in the Family and Community Services cluster for 2018
• the areas of focus identified in the Audit Office annual work program.

The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each NSW Government cluster.

This chapter outlines certain service delivery outcomes for 2017–18. The data on activity levels and performance is provided by Cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited.

In our recent performance audit, Progress and measurement of Premier's Priorities, we identified 12 limitations of performance measurement and performance data. We recommended that the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all agency data sources.

Appendix one - List of 2018 recommendations

Appendix two - Status of previous recommendations    

Appendix three - Summary financial information

Appendix four - Cluster information