Refine search Expand filter

Audit progress

- Any -

Sector

- Any -

Year

- Any -

Report type

- Any -

Topic

- Any -

Reports

Published

Planning and Environment 2023

Planning
Environment
Industry
Asset valuation
Compliance
Financial reporting
Information technology
Infrastructure
Internal controls and governance
Management and administration
Risk
Shared services and collaboration

What this report is about

Results of the Planning and Environment portfolio financial statement audits for the year ended 30 June 2023.

The audit found

Unqualified audit opinions were issued for all completed Planning and Environment portfolio agencies. Seven audits are ongoing.

The Catholic Metropolitan Cemeteries Trust (CMCT) did not comply with its obligations under the Government Sector Finance Act 2018 (GSF Act) to prepare and submit financial statements for audit.

The Department of Planning and Environment (the department) has not yet provided their assessment of the financial reporting requirements for the 579 Category 2 Statutory Land Managers (SLMs) for 2022–23.

One-hundred-and-nineteen Commons Trusts are non-compliant with the GSF Act as they have not submitted their financial statements for audit.

We issued unqualified opinions on the Water Administration Ministerial Corporation's 2020–21, 2021–22 and 2022–23 financial statements.

The number of monetary misstatements identified in our audits decreased from 59 in 2021–22 to 51 in 2022–23, however the gross value of misstatements increased.

The key audit issues were

The former Resilience NSW and NSW Reconstruction Authority (the Authority) re-assessed the accounting implications arising from contractual agreements relating to temporary housing assets associated with the Northern Rivers Temporary Homes Program. This resulted in adjustments to recognise the associated assets and liabilities.

We continue to identify significant deficiencies in NSW Crown land information records.

The department has not been effective in addressing the differing practices for the financial reporting of rural firefighting equipment vested to councils under section 119 (2) of the Rural Fires Act 1997.

The number of findings across the portfolio reported to management increased from 132 in 2021–22 to 140 in 2022–23. Thirty per cent of issues were repeated from the prior year.

Seven high-risk issues were identified. These related to the findings outlined above, deficiencies in quality reviews of asset valuations, internal control processes and IT general controls.

The audit recommended

Recommendations were made to the department and portfolio agencies to address these deficiencies.

This report provides Parliament and other users of the Planning and Environment portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting

  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment portfolio of agencies (the portfolio) for 2023.

Section highlights

  • Unqualified audit opinions were issued on all completed 30 June 2023 financial statements audits of portfolio agencies. Seven audits are ongoing.

  • We have been unable to commence audits of the Catholic Metropolitan Cemeteries Trust (CMCT). NSW Treasury's position remains that the Catholic CMCT is a controlled entity of the State for financial reporting purposes. This means CMCT is a Government Sector Finance (GSF) agency and is obliged under Section 7.6 of the Government Sector Finance Act 2018 (GSF Act) to prepare financial statements and submit them to the Auditor-General for audit. To date, CMCT has not met its statutory obligations under the GSF Act.

  • The Department of Planning and Environment has not yet provided their assessment against the reporting exemption requirements in the Government Sector Finance Regulation 2018 (GSF Regulation) for the estimated 579 Category 2 Statutory Land Managers (SLMs) or 119 Commons Trusts for 2022–23 and no Category 2 SLM or Commons Trust has submitted its 2022–23

    financial statements for audit. Consequently, the lack of compliance with reporting requirements by these 698 agencies presents a challenge to obtaining reliable financial data for these agencies for the purposes of consolidation to the Total State Sector Accounts.

  • The audits of the Water Administration Ministerial Corporation's (WAMC) financial statements for the years ended 30 June 2021 and 30 June 2022 were completed in June 2023 and unqualified audit opinions issued. The 30 June 2023 audit was completed and an unqualified audit opinion was issued on 12 October 2023.

  • The number of reported corrected misstatements decreased from 46 in 2021–22 to 36, however the gross value of misstatements increased from $73 million in 2021–22 to $491.8 million in 2022–23.

  • Portfolio agencies met the statutory deadline for submitting their 2022–23 early close financial statements and other mandatory procedures.

  • A change to the NSW paid parental leave scheme, effective October 2023, created a new legal obligation that needed to be recognised by impacted government agencies. Impact to the agencies' financial statements were not material.

 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the portfolio.

Section highlights 

  • The number of findings across the portfolio reported to management increased from 132 in 2021–22 to 140 in 2022–23 and 30% were repeat issues (34% in 2021–22).

  • The 2022–23 audits identified seven high-risk and 76 moderate risk issues across the portfolio. Four of the high-risk issues were repeat issues, one was a repeat issue with the risk rating reassessed to high-risk in the current year and two were new findings in 2022–23.

  • The former Resilience NSW and NSW Reconstruction Authority had previously assessed that they did not control the temporary housing assets associated with the administration of the Northern Rivers Temporary Homes Program, under relevant accounting standards. A re-assessment of the agreements was made subsequent to the submission of the Authority’s 2022–23 financial statements for audit, which determined that the Authority was the appropriate NSW Government agency to recognise these assets and associated liabilities not previously recognised by the Authority or the former Resilience NSW.

  • There continues to be significant deficiencies in Crown land records. The department should continue to implement their data strategy and action plan to ensure the Crown land database is complete and accurate.

  • Since 2017, the Audit Office has recommended that the department, through OLG should address the differing practices for the financial reporting of rural firefighting equipment vested to councils under section 119 (2) of the Rural Fires Act 1997. The department has not been effective in resolving this issue. In 2023, twenty-six of 108 completed audits of councils received qualified audit opinions on their 2023 financial statements (43 of 146 completed audits in 2022). Six councils had their qualifications for not recognising vested rural firefighting equipment removed in 2022–23.

 

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures 

Appendix three – Timeliness of financial reporting 

Appendix four – Financial data

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Regional NSW 2023

Industry
Environment
Planning
Whole of Government
Asset valuation
Compliance
Cyber security
Financial reporting
Fraud
Information technology
Infrastructure
Procurement
Regulation
Risk
Service delivery
Shared services and collaboration

What this report is about

Results of the Regional NSW financial statements audits for the year ended 30 June 2023.

What we found

Unqualified audit opinions were issued on all completed audits in the Regional NSW portfolio agencies.

The number of monetary misstatements identified in our audits increased from 28 in 2021–22 to 30 in 2022–23.

What the key issues were

Effective 1 July 2023, staff employed in the Northern Rivers Reconstruction Corporation Division of the Department of Regional NSW transferred to the NSW Reconstruction Authority Staff Agency.

The Regional NSW portfolio agencies were migrated into a new government wide enterprise resourcing planning system.

The total number of audit management letter findings across the portfolio of agencies decreased from 36 to 23.

A high risk matter was raised for the NSW Food Authority to improve the internal controls in the information technology environment including monitoring and managing privilege user access.

What we recommended

Local Land Services should prioritise completing all mandatory early close procedures.

Portfolio agencies should:

  • ensure any changes to employee entitlements are assessed for their potential financial statements impact under the relevant Australian Accounting Standards
  • prioritise and address internal control deficiencies identified in audit management letters.

This report provides Parliament and other users of the Regional NSW portfolio of agencies financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Regional NSW portfolio of agencies (the portfolio) for 2023.

Section highlights

  • Unqualified audit opinions were issued on all completed 30 June 2023 financial statements audits of the portfolio agencies. Two audits are ongoing.
  • The total number of errors (including corrected and uncorrected) in the financial statements increased compared to the prior year.
  • Portfolio agencies met the statutory deadline for submitting their 2022–23 early close financial statements and other mandatory procedures.
  • Portfolio agencies continue to provide financial assistance to communities affected by natural disasters.
  • A change to the NSW paid parental leave scheme, effective October 2023, created a new legal obligation that needed to be recognised by impacted government agencies. Impact to the agencies' financial statements were not material. 

 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Regional NSW portfolio.

Section highlights

  • The 2022–23 audits identified one high risk and nine moderate risk issues across the portfolio. Of these, one was a moderate risk repeat issue.
  • The total number of findings decreased from 36 to 23 which mainly related to deficiencies in internal controls.
  • The high risk matter relates to the monitoring and managing of privilege user access at NSW Food Authority. 

 

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Natural disasters

Community Services
Environment
Finance
Local Government
Planning
Transport
Treasury
Whole of Government
Asset valuation
Compliance
Financial reporting
Infrastructure
Regulation
Risk
Service delivery

What this report is about

This report draws together the financial impact of natural disasters on agencies integral to the response and impact of natural disasters during 2021–22.

What we found

Over the 2021–22 financial year $1.4 billion from a budget of $1.9 billion was spent by the NSW Government in response to natural disasters.

Total expenses were less than the budget due to underspend in the following areas:

  • clean-up assistance, including council grants
  • anticipated temporary accommodation support
  • payments relating to the Northern Rivers Business Support scheme for small businesses.

Natural disaster events damaged council assets such as roads, bridges, waste collection centres and other facilities used to provide essential services. Additional staff, contractors and experts were engaged to restore and repair damaged assets and minimise disruption to service delivery.

At 30 June 2022, the estimated damage to council infrastructure assets totalled $349 million.

Over the first half of the 2022–23 financial year, councils experienced further damage to infrastructure assets due to natural disasters. NSW Government spending on natural disasters continued with a further $1.1 billion spent over this period.

Thirty-six councils did not identify climate change or natural disaster as a strategic risk despite 22 of these having at least one natural disaster during 2021–22.

Section highlights

  • $1.4 billion from a budget of $1.9 billion was spent by the NSW Government in response to natural disasters during 2021–22.
  • Budget underspent for temporary housing and small business support as lower than expected need.

Section highlights

  • 83 local council areas were impacted by natural disasters during 2021–22, with 58 being impacted by more than one type of natural disaster.
  • $349 million damage to council infrastructure assets at 30 June 2022.

 

Published

Planning and Environment 2022

Environment
Industry
Local Government
Planning
Asset valuation
Compliance
Financial reporting
Information technology
Infrastructure
Internal controls and governance
Management and administration
Risk

What the report is about

Result of the Planning and Environment cluster agencies' financial statements audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for all completed 30 June 2022 financial statements audits of cluster agencies. Seven audits are ongoing.

Disclaimed audit opinions were issued for the 2010–11 to 2015–16 financial statements of the Water Administration Ministerial Corporation (WAMC), as management was unable to certify that the financial statements exhibit a true and fair view of WAMC's financial position and financial performance.

Qualified audit opinions were issued for WAMC's 2016–17 and 2017–18 financial statements due to insufficient evidence to support the completeness and valuation of water meters infrastructure assets, the impairment of water meters, and the completeness of buildings at Nimmie Caira.

Unqualified audit opinions were issued for WAMC's 2018–19 and 2019–20 financial statements.

The Department of Planning and Environment (the department) assessed 45 Category 2 Statutory Land Managers (SLM) did not meet the reporting exemption criteria and therefore were required to prepare 2021–22 financial statements. None of these 45 Category 2 SLMs prepared and submitted their 30 June 2022 financial statements by the statutory reporting deadline.

All 119 Commons Trusts have never submitted their financial statements for audit as required by the Government Sector Finance Act 2018 (GSF Act).

NSW Treasury has confirmed that the Catholic Metropolitan Cemeteries Trust (CMCT) is a controlled entity of the State. To date, CMCT has not met its obligations to prepare financial statements under the GSF Act and it has not submitted financial statements to the Auditor-General for audit.

What the key issues were

Since 2017, the Audit Office has recommended the department address the different practices across the local government sector in accounting for rural firefighting equipment. Despite repeated recommendations, the department did little to resolve this issue. At the time of writing, 32 of 118 completed council audits received qualified audit opinions on their 30 June 2022 financial statements.

There continues to be significant deficiencies in Crown land records. The department uses the Crown Land Information Database (CLID) to record key information relating to Crown land in New South Wales that is managed and controlled by the department and land managers. The CLID system was not designed to facilitate financial reporting, and the department is required to conduct extensive adjustments and reconciliations to produce accurate information for the financial statements.

The department implemented the CrownTracker system as a replacement for CLID. The project was finalised in June 2022, but it has not achieved the intended outcomes.

Nine high-risk issues were identified across the cluster related to the findings outlined above and weaknesses in IT general controls, financial reporting, governance processes and internal controls.

Recommendations were made to address these deficiencies.

This report provides Parliament and other users of the Planning and Environment cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued for all completed 30 June 2022 financial statements audits of cluster agencies. Seven audits are ongoing. The audit of the Catholic Metropolitan Cemeteries Trust(CMCT) has not been able to commence, despite repeated requests to do so.
     
  • The audits of the Water Administration Ministerial Corporation's (WAMC) financial statements for the years ended 30 June 2011 to 30 June 2020 were completed in November 2022. These audits had been long outstanding due to insufficient records and evidence to support the transactions and balances of WAMC, particularly for the earlier years. In recent years, management commenced actions to improve WAMC's governance and financial management, and finalise the outstanding audits.

    Disclaimed audit opinions were issued on the 2010–11 to 2015–16 financial statements as management was unable to certify that the financial statements exhibit a true and fair view of WAMC's financial position and financial performance.

    Qualified audit opinions were issued for the 2016–17 and 2017–18 financial statements due to insufficient evidence to support the completeness and valuation of water meters infrastructure assets, the impairment of water meters, and the completeness of buildings at Nimmie Caira.

    Unqualified audit opinions were issued for the 2018–19 and 2019–20 financial statements.

    The 2020–21 and 2021–22 WAMC audits are in progress.
     
  • The Department of Planning and Environment (the department) assessed 45 Category 2 Statutory Land Managers (SLM) did not meet the reporting exemption criteria and therefore were required to prepare 2021–22 financial statements. None of these 45 Category 2 SLMs prepared and submitted their 30 June 2022 financial statements by the statutory reporting deadline.

    All 119 Commons Trusts have never submitted their financial statements for audit as required by the Government Sector Finance Act 2018 (GSF Act).

    The department needs to do more to ensure Category 2 SLMs and Commons Trusts meet their statutory reporting obligations.

    The department and Category 2 SLMs should finalise their reporting exemption assessments earlier to allow sufficient time for the non-exempted SLMs to prepare and submit annual financial statements by the statutory reporting deadline.
     
  • NSW Treasury has met with the Catholic Metropolitan Cemeteries Trust (CMCT) to consider their perspective as part of confirming CMCT is a controlled entity of the State for the purposes of financial reporting. NSW Treasury has confirmed that the CMCT is a controlled entity of the State. This means that the CMCT is statutorily obliged under section 7.6 of the GSF Act to prepare financial statements in accordance with the GSF Act and Treasurer's Directions, and give them to the Auditor-General for audit pursuant to the Government Sector Audit Act 1983 (GSA Act). Section 34 of the GSA Act requires the Auditor-General to furnish an audit report on these financial statements.

    The department wrote to CMCT to request it work with, and offer full assistance to, the Auditor-General in the exercise of her duties. To date, the CMCT has not met its obligations to prepare financial statements under the GSF Act as it has not submitted its financial statements to the Auditor-General for audit despite repeated requests, and has not provided access to its books and records for the purposes of a financial audit. The CMCT contends that they are not a GSF agency as defined by the GSF Act and therefore not a controlled entity of the State.
     
  • Six agencies required to perform early close procedures did not complete a total of 11 mandatory procedures. Incomplete procedures included the delayed resolution of matters raised in prior years and two agencies did not record movements in the fair value of physical assets in the financial statements.

 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Planning and Environment cluster.

Section highlights

  • Since 2017, the Audit Office of New South Wales has recommended that the Department of Planning and Environment (the department) address the different practices across the local government sector in accounting for rural firefighting equipment. Despite repeated recommendations, the department did little to resolve this issue, and in 2022, 32 of 118 completed audits of councils received qualified audit opinions on their 2022 financial statements.
    Consistent with the department’s role to assess councils' compliance with legislative responsibilities, standards or guidelines, the department should intervene where councils do not recognise rural firefighting equipment.
  • There continues to be significant deficiencies in Crown land records. The department should implement an action plan to ensure the Crown land database is complete and accurate.
  • The number of findings reported to management decreased from 161 in 2020–21 to 132 in 2021–22. Eight high-risk findings were identified during 2021–22, of which six were repeat issues. One new high-risk finding related to deficiencies in governance processes and internal controls identified as a part of the Water Administration Ministerial Corporation's 2011–2020 financial statements audits.
  • The department and NSW Treasury did not comply with section 35 of the Energy and Utilities Administration Act 1987 (EUA Act). However, complying with the EUA Act could create non-compliance with other pieces of legislation. Amendments to the EUA Act have been made to resolve this inconsistency. The amendment took effect from April 1999.

 

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

Appendix five – Councils received qualified audit opinions 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Stronger Communities 2022

Justice
Community Services
Asset valuation
Compliance
Cyber security
Financial reporting
Information technology
Internal controls and governance
Management and administration
Procurement
Project management
Risk

What the report is about

Results of the Stronger Communities cluster agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unqualified audit opinions were issued on all completed 30 June 2022 financial statement audits. One audit is ongoing.

All 13 cluster agencies that have accommodation arrangements with Property NSW derecognised right-of-use assets and lease liabilities of $917 million and $1 billion respectively. The agencies also collectively recorded a gain on derecognition of $136 million.

The Department of Communities and Justice (the department) assumed the responsibility for delivery of the Process and Technology Harmonisation program from the Department of Customer Service. In 2021–22, the department incurred costs of $42.8 million in relation to the project, which remains ongoing.

The number of monetary misstatements identified during the audits decreased from 50 in 2020–21 to 48 in 2021–22.

What the key issues were

Six of the 15 cluster agencies required to submit 2021–22 mandatory early close procedures did not meet the statutory deadlines. One agency did not complete all mandatory procedures.

Five high-risk findings were identified in 2021–22. They related to deficiencies in:

  • user access administration at the department, NSW Rural Fire Service and New South Wales Aboriginal Land Council (NSWALC)
  • segregation of duties at the NSW Trustee and Guardian and NSWALC.

Recommendations were made to those agencies to address these control deficiencies.

This report provides Parliament and other users of the Stronger Communities cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued on all completed 30 June 2022 financial statement audits of cluster agencies, including the acquittal and compliance audits for the Legal Aid Commission of New South Wales and Crown Solicitor's Office. One audit is ongoing.

  • Reported corrected misstatements decreased from 30 in 2020–21 to 23 with a gross value of $187 million in 2021–22 ($101 million in 2020–21). Reported uncorrected misstatements increased from 20 in 2020–21 to 25 with a gross value of $92.3 million in 2021–22 ($107 million in 2020–21).

  • Six of the 15 cluster agencies required to submit 2021–22 early close financial statements and all other mandatory procedures did not meet the statutory deadlines. One agency did not complete all mandatory procedures.

  • All 13 cluster agencies that have accommodation arrangements with Property NSW accepted the changes in the Client Acceptance Letters, resulting in the derecognition of right-of-use assets and lease liabilities of $917 million and $1 billion respectively. The agencies also collectively recorded a gain on derecognition of $136 million.

  • The Department of Communities and Justice (the department) assumed the responsibility to deliver the Process and Technology Harmonisation program from the Department of Customer Service. In 2021–22, the department incurred costs of $42.8 million in relation to the project.

  • In 2021–22, the department continued to implement the International Financial Reporting Standards Interpretations Committee's agenda decision on 'Configuration or customisation costs in a cloud computing arrangement'. The department's review of the remaining arrangements, with a net book value of $233 million at 30 June 2021, resulted in the recognition as an expense (through accumulated funds at 1 July 2020) of previously capitalised intangible assets totalling $106 million.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.

Section highlights

  • The number of issues reported to management has decreased from 130 in 2020–21, to 110 in 2021–22, and 43% were repeat issues (51% in 2020–21). Many repeat issues related to information technology, governance and oversight controls, and non-compliance with key legislation and/or agency policies.

  • Five high-risk issues were identified in 2021–22, all of which are repeat issues and related to user access administration and segregation of duties.

  • Of the 24 newly identified moderate risk issues, 11 related to information technology. The rest related to governance and oversight controls and internal control deficiencies or improvements in payroll, asset management and other processes.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Regional NSW 2022

Environment
Industry
Planning
Asset valuation
Compliance
Financial reporting
Fraud
Information technology
Infrastructure
Internal controls and governance
Management and administration
Regulation
Risk
Shared services and collaboration

What the report is about

Result of the Regional NSW cluster agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for Regional NSW cluster agencies. Two audits are ongoing.

What the key issues were

The Department of Regional NSW (the department) and Local Land Services (LLS) accepted changes to their office leasing arrangements managed by Property NSW.

These changes resulted in the collective derecognition of $100.6 million of rights-of-use-assets and $110.4 million of lease liabilities.

In 2021–22, the cluster agencies continued to assist communities in their recovery from recent weather emergencies, including significant flooding in New South Wales.

The Northern Rivers Reconstruction Corporation was established in May 2022 to rebuild communities in the Lismore and Northern Rivers region impacted by floods.

The number of matters reported to management decreased from 36 in 2020–21 to 14 in 2021–22.

Five moderate risk issues were identified and 14% of reported issues were repeat issues.

One moderate risk issue was a repeat issue related to Local Land Services' annual fair value assessment of the asset improvements on land reserves used for moving stock.

This report provides Parliament and other users of the Regional NSW cluster financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Regional NSW cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued on the financial statements of cluster agencies. Two audits are ongoing.
  • Cluster agencies completed all required early close procedures.
  • Changes to accommodation arrangements managed by Property NSW on behalf of the department and cluster agencies resulted in the collective derecognition of approximately $100.6 million in right-of-use assets and corresponding lease liabilities totalling $110.4 million from the balance sheets of these agencies.
  • Cluster agencies continue to provide financial assistance to communities affected by natural disasters.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Regional NSW cluster.

Section highlights

  • The 2021–22 audits identified five moderate issues across the cluster. One moderate risk issue was a repeat issue related to Local Land Services' annual fair value assessment of the asset improvements on land reserves used for moving stock.
  • Of the four newly identified moderate rated issues, one related to internal control deficiencies and improvements and three related to financial reporting.
  • The number of findings reported to management has decreased from 36 in 2020–21 to 14 in 2021–22.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

Published

Planning, Industry and Environment 2021

Environment
Industry
Local Government
Planning
Asset valuation
Financial reporting
Information technology
Internal controls and governance
Risk

This report analyses the results of our audits of the Planning, Industry and Environment cluster agencies for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no outstanding matters relating to audits in the Planning, Industry and Environment cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.

What the report is about

The results of the Planning, Industry and Environment cluster agencies' financial statements audits for the year ended 30 June 2021.

What we found

Unmodified audit opinions were issued for all completed 30 June 2021 financial statements audits of cluster agencies. Three audits are ongoing.

An 'Other Matter' paragraph was included in the Independent Planning Commission's (the IPC) audit opinion because the prior year comparative figures were not audited. Prior to 2020–21, the IPC was not required to prepare separate financial statements under the Public Finance and Audit Act 1983 (PF&A Act). The financial reporting provisions of the Government Sector Finance Act 2018 now require the IPC to prepare financial statements.

The number of identified misstatements increased from 51 in 2019–20 to 54 in 2020–21.

The 2010–11 to 2019–20 audits of the Water Administration Ministerial Corporation’s (the Corporation) financial statements are incomplete due to insufficient records and evidence to support the transactions of the Corporation, particularly for the earlier years. Management has commenced actions to improve the governance and financial management of the Corporation. These audits are currently in progress and the 2020–21 audit will commence shortly.

There are 609 State controlled Crown land managers (CLMs) across New South Wales that predominantly manage small parcels of Crown land.

Eight CLMs prepared and submitted 2019–20 financial statements by the revised deadline of 30 June 2021. A further 24 CLMs did not prepare financial statements in accordance with the PF&A Act. The remaining CLMs were not required to prepare 2019–20 financial statements as they met NSW Treasury's financial reporting exemption criteria.

The Department of Planning, Industry and Environment's (the department) preliminary assessment indicates that 60 CLMs are required to prepare financial statements in 2020–21. To date, no CLMs have prepared and submitted financial statements for audit in 2020–21.

There are also 120 common trusts that have never submitted financial statements for audit. Common trusts are responsible for the care, control and management of land that has been set aside for specific use in a certain locality, such as grazing, camping or bushwalking.

What the key issues were

The number of matters we reported to management increased from 135 in 2019–20 to 180 in 2020–21, of which 40 per cent were repeat findings.

Seven high-risk issues were identified in 2020–21:

  • system control deficiencies at the department relating to user access to HR and payroll management systems, vendor master data management and journal processing, which require manual reviews to mitigate risks
  • deficiencies related to the Centennial Park and Moore Park Trust's tree assets valuation methodology
  • the Lord Howe Island Board did not regularly review and monitor privileged user access rights to key information systems
  • the Natural Resources Access Regulator identified and adjusted three prior period errors retrospectively, which indicate deficiencies within the financial reporting processes
  • deficiencies relating to the Parramatta Park Trust's tree assets valuation methodology
  • lease arrangements have not been confirmed between the Planning Ministerial Corporation and Office of Sport regarding the Sydney International Regatta Centre
  • the Wentworth Park Sporting Complex land manager (the land manager) has a $6.5 million loan with Greyhound Racing NSW (GRNSW). GRNSW requested the land manager to repay the loan. However, the land manager subsequently requested GRNSW to convert the loan to a grant. Should this request be denied, the land manager would not be able to continue as a going concern without financial support. This matter remains unresolved for many years.

There continues to be significant deficiencies in Crown land records. The department uses the Crown Land Information Database (CLID) to record key information relating to Crown land in New South Wales that are managed and controlled by the department and land managers (including councils and land managers controlled by the state). The CLID system was not designed to facilitate financial reporting and the department is required to conduct extensive adjustments and reconciliations to produce accurate information for the financial statements.

The department is implementing a new system to record Crown land (the CrownTracker project). The department advised that the project completion date will be confirmed by June 2022.

What we recommended

The department should ensure CLMs and common trusts meet their statutory reporting obligations.

Cluster agencies should prioritise and action recommendations to address internal control deficiencies, with a focus on addressing high-risk and repeat issues.

The department should prioritise action to ensure the Crown land database is complete and accurate. This will allow the department and CLMs to be better informed about the Crown land they control.

Fast facts

The Planning, Industry and Environment cluster aims to make the lives of people in New South Wales better by developing well-connected communities, preserving the environment, supporting industries and contributing to a strong economy.

There are 54 agencies, 609 State controlled Crown land managers that predominantly manage small parcels of Crown land and 120 common trusts in the cluster.

  • 42% of the area of NSW is Crown land
  • $33.2b water and electricity infrastructure as at 30 June 2021
  • 100% unqualified audit opinions were issued for all completed 30 June 2021 financial statements audits
  • 7 high-risk management letter findings were identified
  • 54 monetary misstatements were reported in 2020–21
  • 40% of reported issues were repeat issues

This report provides parliament and other users of the Planning, Industry and Environment cluster (the cluster) agencies’ financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning, Industry and Environment cluster (the cluster) for 2021.

Section highlights

  • Unmodified audit opinions were issued for all completed 30 June 2021 financial statements audits of cluster agencies. Three audits are ongoing.
  • An 'Other Matter' paragraph was included in the Independent Planning Commission’s (the IPC) audit opinion because the prior year comparative figures were not audited. Prior to 2020–21, the IPC was not required to prepare separate financial statements under the Public Finance and Audit Act 1983. From 2020–21, the IPC is required to prepare financial statements under the Government Sector Finance Act 2018.
  • The 2010–11 to 2019–20 audits of the Water Administration Ministerial Corporation’s (the Corporation) financial statements were incomplete due to insufficient records and evidence to support the transactions of the Corporation, particularly for the earlier years. These audits are currently underway, and the 2020–21 audit will commence shortly.
  • The Department of Planning, Industry and Environment's (the department) preliminary assessment indicates that 60 State controlled Crown land managers (CLMs) are required to prepare financial statements in 2020–21. To date, no CLMs have prepared and submitted financial statements for audit in 2020–21. All 120 common trusts have never submitted their financial statements for audit. The department needs to do more to ensure that the CLMs and common trusts meet their statutory reporting obligations.
  • Nine agencies that were required to perform early close procedures did not complete a total of 20 mandatory procedures. The most common incomplete early close procedures include the revaluation of property, plant and equipment, documenting all significant management judgments and assumptions, and the implementation of new and updated accounting standards.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statements audits of agencies in the Planning, Industry and Environment cluster.

Section highlights

  • The number of findings reported to management has increased from 135 in 2019–20 to 180 in 2020–21, and 40 per cent were repeat issues.
  • Seven high-risk issues were identified in 2020–21, and three high-risk findings were repeat issues.
  • There continues to be significant deficiencies in Crown land records. The department should prioritise action to ensure the Crown land database is complete and accurate.

Appendix one - Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Regional NSW 2020

Environment
Industry
Compliance
Financial reporting
Information technology
Management and administration
Risk

This report analyses the results of our audits of financial statements of entities within the Regional NSW cluster for the year ended 30 June 2020. The table below summarises our key observations and recommendations.

1. Machinery of Government (MoG) changes
Creation of Regional NSW cluster MoG changes on 2 April 2020 created the Department of Regional NSW (the Department). The Department of Planning, Industry and Environment (DPIE) staff employed in the Regions, Industry, Agriculture and Resources Group, together with associated functions, assets and liabilities were transferred to the new Department. A number of agencies moved from the Planning, Industry and Environment cluster to the new Regional NSW cluster. The Department deals with major issues affecting regional communities, including the coordination of support for people, businesses and farmers who have faced drought, bushfires, flood and the COVID-19 pandemic.
The Department is still in the process of implementing changes The Department continues to receive corporate services support from DPIE. The Department has indicated it will transition to its own policies and procedures by June 2021.

2. Financial reporting
Audit opinions Unqualified audit opinions were issued for all cluster agencies' 30 June 2020 financial statements audits.
Timeliness of financial reporting Nine of the ten cluster agencies subject to statutory reporting deadlines met the revised timeline for submitting the financial statements. The Department and a number of cluster agencies obtained NSW Treasury’s approval to delay submission of their 30 June 2020 financial statements due to delays resulting from accounting and administrative complexities created by the Machinery of Government changes that separated the Department from DPIE. The deadlines were moved from 5 August 2020 to either 10 August 2020 or 12 August 2020. New South Wales Rural Assistance Authority missed the revised deadline by one day. All agencies that were required to perform early close procedures had met the revised timeline. Due to issues identified during audit, four financial statements audit were not completed and audit opinions issued by the statutory deadline.
New accounting standards

Agencies implemented three new accounting standards during the year. Our audit of the Department identified there was a lack of quality assurance over the accuracy of lease information provided by Property NSW.

Recommendation:

The Department should:

  • quality assure and validate the leasing information provided by Property NSW
  • ensure changes made by Property NSW to lease data are supported and that assumptions and judgements applied are appropriate
  • document their review of the data supplied.

3. Audit observations
Internal control deficiencies

We identified 30 internal control issues, including 16 findings that were raised with former agencies in previous years. Two matters from previous years have been elevated to high risk during 2019–20. Both matters related to Local Land Services:

  • not completing all mandatory requirements as part of its early close procedures at 31 March 2020
  • not performing annual fair value assessment of asset improvements on land reserves used for moving livestock.

Recommendation:

Management letter recommendations to address internal control weaknesses should be actioned promptly, with a focus on addressing high-risk and repeat issues.
Agency responses to emergency events The Department's executive leadership committee along with support from DPIE crisis management team managed the recovery from the bushfires and impact of COVID-19. Social distancing and other infection control measures were put in place. The Forestry Corporation of New South Wales accelerated a fire salvage timber program in response to the bushfire emergency. The Department and cluster agencies received additional funding for bushfire recovery and COVID-19 pandemic response.

The Regional NSW cluster aims to respond to regional issues, creating and preserving regional jobs, driving regional economy, growing existing and supporting emerging industries. The key areas of focus across the New South Wales (NSW) State is shown below:

MoG changes impact on Department of Regional NSW

The Department was created as result of the MoG changes during 2019–20. The Administrative Arrangements Order 2020, effective on 2 April 2020 created the Department of Regional NSW. These changes had a significant administrative impact on the cluster agencies. The MoG change resulted in a transfer of net assets ($446 million) and budget ($284 million) from DPIE to the newly created Department of Regional NSW on 2 April 2020. A summary of the MoG impacts on the Regional NSW cluster is shown below.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

The COVID-19 Legislation Amendment (Emergency Measures–Treasurer) Act 2020 amended legislation administered by the Treasurer to implement further emergency measures as a result of the COVID-19 pandemic. These amendments:

  • allowed the Treasurer to authorise payments from the consolidated fund until the enactment of the 2020–21 budget – impacting the going concern assessments of cluster agencies
  • revised budgetary and financial and annual reporting time frames – impacting the timeliness of financial reporting
  • exempted certain statutory bodies and departments from preparing financial statements.

This chapter outlines our audit observations related to the financial reporting of agencies in the Regional NSW cluster for 2020, including any financial implications from the recent emergency events.

Section highlights

  • Unqualified audit opinions were issued for all cluster agencies' 30 June 2020 financial statements audits.
  • Nine of the ten cluster agencies subject to statutory reporting deadlines met the revised timeline for submitting the financial statements. New South Wales Rural Assistance Authority missed the revised deadline by one day.
  • Due to issues identified during audit, four financial statements audit were not completed and audit opinions issued by the statutory deadline.
  • Emergency legislation allowing the Treasurer to continue authorising payments from the consolidated fund under the existing Appropriations Act enabled cluster agencies to prepare financial statements on a going concern basis.

 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our:

  • observations and insights from our financial statement audits of agencies in the Regional NSW cluster
  • assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies.

Section highlights

  • Two high-risk issues were identified during our audits. Both related to Local Land Services for:
    − not completing all mandatory requirements as part of its early close procedures at 31 March 2020
    − not performing annual fair value assessment of asset improvements on land reserves used for moving livestock
  • More than one in two issues identified and reported to management in 2019–20 were raised in the former agencies.

Appendix one - List of 2020 recommendations

Appendix two - Financial data

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Family and Community Services 2018

Community Services
Compliance
Financial reporting
Information technology
Management and administration
Project management
Risk
Service delivery
Workforce and capability

The Auditor-General for New South Wales, Margaret Crawford released her report today on the Family and Community Services cluster. The report focuses on key observations and findings from the most recent financial audits of agencies in the cluster. Cluster entities received unqualified audit opinions for their 30 June 2018 financial statements. Opportunities to improve the quality of financial reporting were identified and reported to management.

This report analyses the results of our audits of financial statements of the Family and Community Services cluster for the year ended 30 June 2018. The table below summarises our key observations.

This report provides NSW Parliament and other users of the financial statements of Family and Community Services' agencies with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations
  • service delivery.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Family and Community Services cluster for 2018.

Observation Conclusions and recommendations
2.1 Quality of financial reporting
Unqualified audit opinions were issued for all cluster agencies' financial statements. Conclusion: Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement.
Agencies complied with NSW Treasury’s mandatory early close requirements.

Completing other early close procedures was inconsistent and not always supported by adequate evidence.		 Conclusion: There are opportunities for agencies to improve the quality of financial reporting by:
  • documenting all significant judgements and assumptions used when preparing the financial statements
  • regularly reconciling inter-agency balances and transactions
  • reconciling key account balances on a timely basis
  • quantifying the impact of new and revised accounting standards.
2.2 Timeliness of financial reporting
Agencies completed revaluations of property, plant and equipment and submitted 31 March 2018 financial statements by the due date as required by NSW Treasury.

Agencies submitted year-end financial statements by the statutory deadline.		 Conclusion: Early revaluations of property, plant and equipment contributes to agencies meeting the year-end statutory reporting deadline.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from:

  • our financial statement audits of agencies in the Family and Community Services cluster for 2018
  • the areas of focus identified in the Audit Office annual work program.

The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each NSW Government cluster.

Observation Conclusions and recommendations
3.1 Internal controls
The 2017–18 audits reported 47 internal control weaknesses. While none were high risk, there were 15 repeat issues.

Conclusion: Management accepted audit findings and advised they are actioning recommendations. Timely action is important to ensure internal controls operate effectively.
Twenty-two of these internal control weaknesses related to information technology processes and control environment. Conclusion: Control weaknesses in information systems may compromise the integrity and security of financial data used for decision making and financial reporting.

Recommendation: Agencies should strengthen user access administration to prevent inappropriate access to key IT systems by:
  • ensuring privileged user access is limited to those requiring access to maintain the IT systems
  • monitoring privileged user access to address risks from unauthorised activity
  • ensuring IT password settings comply with password policies
  • ensuring timely removal of access to business systems for terminated and casual employees.
The Department, NSW Land and Housing Corporation (LAHC) and three other cluster agencies’ contract registers are incomplete and/or inaccurate. Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations.
3.2 Audit Office annual work program
Financial impact of the commissioning approach.

The transfer of disability services to the National Disability Insurance Scheme and other commissioning of service delivery has contributed to a 36 per cent decrease in frontline employee numbers since 2015–16. Similarly, corporate services’ employee numbers reduced by 34 per cent.

The Department’s salary costs have reduced by $232 million or 18 per cent from 2016–17.		 Conclusion: The ratio of corporate services employee numbers to support frontline and support services has remained at 1:10 since 2015–16, which indicates restructures have been planned to align with the transfer of disability services.
Impact of the new social housing maintenance contract

Maintenance expenses have increased by about 40 per cent since the new maintenance contract commenced in April 2016. LAHC measures the benefits of the new maintenance contract such as improved tenant satisfaction.		 Conclusion: The new maintenance contract has contributed to some positive social outcomes such as tenants being employed by the contractors to conduct maintenance, as call centre operators and in administration. However, more can be done to ensure value for money is being achieved.
ChildStory IT Project

Whilst phase one of the ChildStory IT project went 'live' in 2017–18, the planned timetable has not been met and the revised date for full implementation is end of 2018.

According to the 2014–15 NSW Budget, the budget for ChildStory was $100 million over a four-year period. During the design and implementation stage, this amount was revised to $128 million, with approval of the Expenditure Review Committee. The actual cost incurred over the four years until 30 June 2018, is approximately $131 million.

We identified issues with the data migration from the legacy systems to ChildStory.		 Conclusion: To inform future IT projects, we understand the Department is capturing our findings, along with the findings from the Department of Finance, Services and Innovation’s ‘Healthchecks’.

This chapter outlines certain service delivery outcomes for 2017–18. The data on activity levels and performance is provided by Cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited.

In our recent performance audit, Progress and measurement of Premier's Priorities, we identified 12 limitations of performance measurement and performance data. We recommended that the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all agency data sources.

Appendix one - List of 2018 recommendations

Appendix two - Status of previous recommendations    

Appendix three - Summary financial information

Appendix four - Cluster information

Published

Internal Controls and Governance 2017

Finance
Education
Community Services
Health
Justice
Whole of Government
Asset valuation
Compliance
Cyber security
Information technology
Internal controls and governance
Project management
Risk

Agencies need to do more to address risks posed by information technology (IT).

Effective internal controls and governance systems help agencies to operate efficiently and effectively and comply with relevant laws, standards and policies. We assessed how well agencies are implementing these systems, and highlighted opportunities for improvement.
 

1. Overall trends

New and repeat findings

 The number of reported financial and IT control deficiencies has fallen, but many previously reported findings remain unresolved.

High risk findings

 Poor systems implementations contributed to the seven high risk internal control deficiencies that could affect agencies.

Common findings

 Poor IT controls are the most commonly reported deficiency across agencies, followed by governance issues relating to cyber security, capital projects, continuous disclosure, shared services, ethics and risk management maturity.

2. Information Technology

IT security

 Only two-thirds of agencies are complying with their own policies on IT security. Agencies need to tighten user access and password controls.

Cyber security

 Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat.

Other IT systems

 Agencies can improve their disaster recovery plans and the change control processes they use when updating IT systems.

3. Asset Management

Capital investment

 Agencies report delays delivering against the significant increase in their budgets for capital projects.

Capital projects

 Agencies are underspending their capital budgets and some can improve capital project governance.

Asset disposals

 Eleven per cent of agencies were required to sell their real property through Property NSW but didn’t. And eight per cent of agencies can improve their asset disposal processes.

4. Governance

Governance arrangements

 Sixty-four per cent of agencies’ disclosure policies support communication of key performance information and prompt public reporting of significant issues.

Shared services

 Fifty-nine per cent of agencies use shared services, yet 14 per cent do not have service level agreements in place and 20 per cent can strengthen the performance standards they set.

5. Ethics and Conduct

Ethical framework

 Agencies can reinforce their ethical frameworks by updating code‑of‑conduct policies and publishing a Statement of Business Ethics.

Conflicts of interest

 All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour.

6. Risk Management 

Risk management maturity

 All agencies have implemented risk management frameworks, but with varying levels of maturity.

Risk management elements

 Many agencies can improve risk registers and strengthen their risk culture, particularly in the way that they report risks to their lead agency.

This report covers the findings and recommendations from our 2016–17 financial audits related to the internal controls and governance of the 39 largest agencies (refer to Appendix three) in the NSW public sector. These agencies represent about 95 per cent of total expenditure for all NSW agencies and were considered to be a large enough group to identify common issues and insights.

The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2017 cluster financial audit reports tabled in Parliament from October to December 2017.

This new report offers strategic insight on the public sector as a whole

In previous years, we have commented on internal control and governance issues in the volumes we published on each ‘cluster’ or agency sector, generally between October and December. To add further value, we then commented more broadly about the issues identified for the public sector as a whole at the start of the following year.

This year, we have created this report dedicated to internal controls and governance. This will help Parliament to understand broad issues affecting the public sector, and help agencies to compare their own performance against that of their peers.

Without strong control measures and governance systems, agencies face increased risks in their financial management and service delivery. If they do not, for example, properly authorise payments or manage conflicts of interest, they are at greater risk of fraud. If they do not have strong information technology (IT) systems, sensitive and trusted information may be at risk of unauthorised access and misuse.

These problems can in turn reduce the efficiency of agency operations, increase their costs and reduce the quality of the services they deliver.

Our audits do not review every control or governance measure every year. We select a range of measures, and report on those that present the most significant risks that agencies should mitigate. This report divides these into the following six areas:

  1. Overall trends
  2. Information technology
  3. Asset management
  4. Governance
  5. Ethics and conduct
  6. Risk management.

Internal controls are processes, policies and procedures that help agencies to:

  • operate effectively and efficiently
  • produce reliable financial reports
  • comply with laws and regulations.

This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume then illustrates this year’s controls and governance findings in more detail.

Issues

Recommendations

1.1 New and repeat findings

The number of internal control deficiencies reduced over the past three years, but new higher-risk information technology (IT) control deficiencies were reported in 2016–17.

Deficiencies repeated from previous years still make up a sizeable proportion of all internal control deficiencies.

Recommendation

Agencies should focus on emerging IT risks, but also manage new IT risks, reduce existing IT control deficiencies, and address repeat internal control deficiencies on a more timely basis.

1.2 High risk findings

We found seven high risk internal control deficiencies, which might significantly affect agencies.

Recommendation

Agencies should rectify high risk internal control deficiencies as a priority

1.3 Common findings

The most common internal control deficiencies related to poor or absent IT controls.

We found some common governance deficiencies across multiple agencies.

Recommendation

Agencies should coordinate actions and resources to help rectify common IT control and governance deficiencies.

Information technology (IT) has become increasingly important for government agencies’ financial reporting and to deliver their services efficiently and effectively. Our audits reviewed whether agencies have effective controls in place over their IT systems. We found that IT security remains the source of many control weakness in agencies.

Issues Recommendations

2.1 IT security

User access administration

While 95 per cent of agencies have policies about user access, about two-thirds were compliant with these policies. Agencies can improve how they grant, change and end user access to their systems.

Recommendation

Agencies should strengthen user access administration to prevent inappropriate access to sensitive systems. Agencies should:

  • establish and enforce clear policies and procedures
  • review user access regularly
  • remove user access for terminated staff promptly
  • change user access for transferred staff promptly.

Privileged access

Sixty-eight per cent of agencies do not adequately manage who can access their information systems, and many do not sufficiently monitor or restrict privileged access.

Recommendation

Agencies should tighten privileged user access to protect their information systems and reduce the risks of data misuse and fraud. Agencies should ensure they:

  • only grant privileged access in line with the responsibilities of a position
  • review the level of access regularly
  • limit privileged access to necessary functions and data
  • monitor privileged user account activity on a regular basis.

Password controls

Forty-one per cent of agencies did not meet either their own standards or minimum standards for password controls.

Recommendation

Agencies should review and enforce password controls to strengthen security over sensitive systems. As a minimum, password parameters should include:

  • minimum password lengths and complexity requirements
  • limits on the number of failed log-in attempts
  • password history (such as the number of passwords remembered)
  • maximum and minimum password ages.

2.2 Cyber Security

Cyber security framework

Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat.

Recommendation

The Department of Finance, Services and Innovation should revisit its existing framework to develop a shared cyber security terminology and strengthen the current reporting requirements for cyber incidents.

Cyber security strategies

While 82 per cent of agencies have dedicated resources to address cyber security, they can strengthen their strategies, expertise and staff awareness.

Recommendations

The Department of Finance, Services and Innovation should:

  • mandate minimum standards and require agencies to regularly assess and report on how well they mitigate cyber security risks against these standards
  • develop a framework that provides for cyber security training.

Agencies should ensure they adequately resource staff dedicated to cyber security.

2.3 Other IT systems

Change control processes

Some agencies need to improve change control processes to avoid unauthorised or inaccurate system changes.

Recommendation

Agencies should consistently perform user acceptance testing before system upgrades and changes. They should also properly approve and document changes to IT systems.

Disaster recovery planning

Agencies can do more to adequately assess critical business systems to enforce effective disaster recovery plans. This includes reviewing and testing their plans on a timely basis.

Recommendation

Agencies should complete business impact analyses to strengthen disaster recovery plans, then regularly test and update their plans.

Agency service delivery relies on developing and renewing infrastructure assets such as schools, hospitals, roads, or public housing. Agencies are currently investing significantly in new assets. Agencies need to manage the scale and volume of current capital projects in order to deliver new infrastructure on time, on budget and realise the intended benefits. We found agencies can improve how they:

  • manage their major capital projects
  • dispose of existing assets.
Issues Recommendations or conclusions

3.1 Capital investment

Capital asset investment ratios

Most agencies report high capital investment ratios, but one-third of agencies’ capital investment ratios are less than one.

Recommendation

Agencies with high capital asset investment ratios should ensure their project management and delivery functions have the capacity to deliver their current and forward work programs.

Volume of capital spending

Most agencies have significant forward spending commitments for capital projects. However, agencies’ actual capital expenditure has been below budget for the last three years.

Conclusion

The significant increase in capital budget underspends warrant investigation, particularly where this has resulted from slower than expected delivery of projects from previous years.

3.2 Capital projects

Major capital projects

Agencies’ major capital projects were underspent by 13 percent against their budgets.

Conclusion

The causes of agency budget underspends warrant investigation to ensure the NSW Government’s infrastructure commitment is delivered on time.

Capital project governance

Agencies do not consistently prepare business cases or use project steering committees to oversee major capital projects.

Conclusion

Agencies that have project management processes that include robust business cases and regular updates to their steering committees (or equivalent) are better able to provide those projects with strategic direction and oversight.

3.3. Asset disposals

Asset disposal procedures

Agencies need to strengthen their asset disposal procedures.

Recommendations

Agencies should have formal processes for disposing of surplus properties.

Agencies should use Property NSW to manage real property sales unless, as in the case for State owned corporations, they have been granted an exemption.

Governance refers to the high-level frameworks, processes and behaviours that help an organisation to achieve its objectives, comply with legal and other requirements, and meet a high standard of probity, accountability and transparency.

This chapter sets out the governance lighthouse model the Audit Office developed to help agencies reach best practice. It then focuses on two key areas: continuous disclosure and shared services arrangements. The following two chapters look at findings related to ethics and risk management.

Issues Recommendations or conclusions

4.1 Governance arrangements

Continuous disclosure

Continuous disclosure promotes improved performance and public trust and aides better decision-making. Continuous disclosure is only mandatory for NSW Government Businesses such as State owned corporations.

Conclusion

Some agencies promote transparency and accountability by publishing on their websites a continuous disclosure policy that provides for, and encourages:

  • regular public disclosure of key performance information
  • disclosure of both positive and negative information
  • prompt reporting of significant issues.

4.2 Shared services

Service level agreements

Some agencies do not have service level agreements for their shared service arrangements.

Many of the agreements that do exist do not adequately specify controls, performance or reporting requirements. This reduces the effectiveness of shared services arrangements.

Conclusion

Agencies are better able to manage the quality and timeliness of shared service arrangements where they have a service level agreement in place. Ideally, the terms of service should be agreed before services are transferred to the service provider and:

  • specify the controls a provider must maintain
  • specify key performance targets
  • include penalties for non-compliance.

Shared service performance

Some agencies do not set performance standards for their shared service providers or regularly review performance results.

Conclusion

Agencies can achieve better results from shared service arrangements when they regularly monitor the performance of shared service providers using key measures for the benefits realised, costs saved and quality of services received.

Before agencies extend or renegotiate a contract, they should comprehensively assess the services received and test the market to maximise value for money.

All government sector employees must demonstrate the highest levels of ethical conduct, in line with standards set by The Code of Ethics and Conduct for NSW government sector employees.

This chapter looks at how well agencies are managing these requirements, and where they can improve their policies and processes.

We found that agencies mostly have the appropriate codes, frameworks and policies in place. But we have highlighted opportunities to improve the way they manage those systems to reduce the risks of unethical conduct.

Issues Recommendations or conclusions

5.1 Ethical framework

Code of conduct

All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour.

Recommendation

Agencies should regularly review their code-of-conduct policies and ensure they keep their codes of conduct up-to-date.

Statement of business ethics

Most agencies maintain an ethical framework, but some can enhance their related processes, particularly when dealing with external clients, customers, suppliers and contractors.

Conclusion

Agencies can enhance their ethical frameworks by publishing a Statement of Business Ethics, which communicates their values and culture.

5.2 Potential conflicts of interest

Conflicts of interest

All agencies have a conflicts-of-interest policy, but most can improve how they identify, manage and avoid conflicts of interest.

Recommendation

Agencies should improve the way they manage conflicts of interest, particularly by:

  • requiring senior executives to make a conflict-of-interest declaration at least annually
  • implementing processes to identify and address outstanding declarations
  • providing annual training to staff
  • maintaining current registers of conflicts of interest.

Gifts and benefits

While all agencies already have a formal gifts-and-benefits policy, we found gaps in the management of gifts and benefits by some that increase the risk of unethical conduct.

Recommendation

Agencies should improve the way they manage gifts and benefits by promptly updating registers and providing annual training to staff.

Risk management is an integral part of effective corporate governance. It helps agencies to identify, assess and prioritise the risks they face and in turn minimise, monitor and control the impact of unforeseen events. It also means agencies can respond to opportunities that may emerge and improve their services and activities.

This year we looked at the overall maturity of the risk management frameworks that agencies use, along with two important risk management elements: risk culture and risk registers.

Issues Recommendations or conclusions

6.1 Risk management maturity

All agencies have implemented risk management frameworks, but with varying levels of maturity in their application.

Agencies’ averaged a score of 3.1 out of five across five critical assessment criteria for risk management. While strategy and governance fared best, the areas that most need to improve are risk culture, and systems and intelligence.

Conclusion

Agencies have introduced risk management frameworks and practices as required by the Treasury’s:

  • 'Risk Management Toolkit for the NSW Public Sector'
  • 'Internal Audit and Risk Management Policy for the NSW Public Sector'.

However, more can be done to progress risk management maturity and embed risk management in agency culture.

6.2 Risk management elements

Risk culture

Most agencies have started to embed risk management into the culture of their organisation. But only some have successfully done so, and most agencies can improve their risk culture.

 

 

Conclusion

Agencies can improve their risk culture by:

  • setting an appropriate tone from the top
  • training all staff in effective risk management
  • ensuring desired risk behaviours and culture are supported, monitored, and reinforced through business plans, or the equivalent and employees' performance assessments.

Risk registers and reporting

Some agencies do not report their significant risks to their lead agency, which may impair the way resources are allocated in their cluster. Some agencies do not integrate risk registers at a divisional and whole-of-enterprise level.

Conclusion

Agencies not reporting significant risks at the cluster level increases the likelihood that significant risks are not being mitigated appropriately.

Effective risk management can improve agency decision-making, protect reputations and lead to significant efficiencies and cost savings. By embedding risk management directly into their operations, agencies can also derive extra value for their activities and services.

Appendix one - List of 2017 recommendations

Appendix two - Status of 2016 recommendations

Appendix three - Agencies selected for this volume

View our audit program
View audit program
EXPLORE
upcoming audits
Have your say
CONTRIBUTE