The Auditor-General for New South Wales, Margaret Crawford, released a report today examining the effectiveness of Service NSW’s handling of customers’ personal information to ensure its privacy.

The audit found that Service NSW is not effectively handling personal customer and business information to ensure its privacy. Service NSW continues to use business processes that pose a risk to the privacy of personal information. This includes the routine emailing of personal information between Service NSW service centres and other agencies, which is one of the processes that contributed to the data breach earlier this year. The audit found that previously identified risks and recommended solutions had not been implemented on a timely basis.

The Auditor-General made eight recommendations aimed at ensuring improved processes, technologies, and governance arrangements for how Service NSW handles customers’ personal information.

The Hon. Victor Dominello, MP, Minister for Customer Service, requested this audit under section 27(B)(3)(c) of the Public Finance and Audit Act 1983 following public reports in May 2020 of a cyber security attack which had led to a breach of Service NSW customer information. This audit also included the Department of Customer Service which supports Service NSW with privacy, risk and governance functions.

Service NSW was established in 2013 with the intention that it would, over time, 'become the primary interaction point for customers accessing New South Wales Government transaction services'.

Service NSW's functions are set out in the Service NSW (One stop Access to Government Services) Act 2013. This legislation allows for other NSW Government agencies to delegate to and enter into agreements with the Chief Executive Officer of Service NSW in order for Service NSW to undertake service functions for the agency.

Service NSW now has agreements with 36 NSW Government client agencies to facilitate over 1,200 types of interactions and transactions for the community.

The nature of each agreement between Service NSW and its client agencies varies. Some client agencies have delegated authority to allow Service NSW staff to conduct transactions on their behalf in the agencies' systems. Other arrangements do not include the same degree of delegation. In these cases, Service NSW provides services such as responding to enquiries and validating documents.

In addition, Service NSW conducts transactions for its own programs, such as the Seniors Card. Personal information for these programs, as well as information for customers' MyServiceNSW accounts, are stored by Service NSW on its Salesforce Customer Relationship Management (CRM) system.

In March 2020, Service NSW suffered two cyber security attacks in short succession. Technical analysis undertaken by the Department of Customer Service (DCS) concluded that these attacks resulted from a phishing exercise through which external threat actors gained access to the email accounts of 47 staff members. These attacks resulted in the breach of a large amount of personal customer information that was contained in these email accounts. See Section 1.1 for further details.

This audit is being conducted in response to a request from the Hon. Victor Dominello, Minister for Customer Service, under section 27B(3)(c) of the Public Finance and Audit Act 1983. Minister Dominello requested that the Auditor General conduct a performance audit in relation to Service NSW's handling of sensitive customer and business information.

This audit assessed how effectively Service NSW handles personal customer and business information to ensure its privacy.

It addressed the following:

• Does Service NSW have processes and governance in place to identify and manage risks to the privacy of personal customer and business information?
• Does Service NSW have policies, processes and systems in place that support the effective handling of personal customer and business information to ensure its privacy?
• Has Service NSW effectively implemented its policies, processes and systems for managing personal customer and business information?

1. Key findings

Service NSW identifies privacy risks, but the controls and processes it put in place to mitigate these privacy risks were not adequate to prevent or limit the extent of the data breach that occurred in March 2020

Service NSW’s approach to risk management is framed by its Risk Management Guideline, which defines 'privacy and compliance' as one of the key types of risk for the agency. Service NSW's enterprise risk register identifies four strategic privacy related risks. Service NSW has set out a zero level appetite for privacy risk in its risk appetite statement.

Service NSW has assessed the adequacy of its controls for privacy risks as needing improvement. To be fully effective, the Risk Management Guideline says that these controls should have a focus that is ‘largely preventative and address the root causes’.

One of the business processes that was a key contributing factor to the data breach was the emailing of personal information by Service NSW staff to client agencies.

This process had been identified as a risk prior to the breach and some steps had been put in place to mitigate the risk. In particular, staff were required to manually delete emails that contained personal information. However, these measures were ineffective in preventing the breach, as the external threat actors still gained access to 47 staff email accounts that contained a large amount of personal information.

It is unclear why Service NSW did not effectively mitigate this risk prior to the breaches. However, Service NSW has advised that it implemented measures in June and October 2020 to automatically archive emails likely to contain personal information. This is expected to limit the quantity of information retained in email accounts for extended periods.

Service NSW has not put in place any technical or other solutions to avoid Service NSW staff having to scan and email personal information to some client agencies. Urgent action is needed to remove the requirement for staff to email personal information to client agencies, thereby mitigating the risk inherent in sending and storing this information using email.

There are weaknesses in the general IT and security controls implemented by Service NSW over its Salesforce CRM system, which holds the personal information of over four million customers

There are weaknesses in the general IT and security controls implemented by Service NSW over its Salesforce CRM system. These weaknesses include deficiencies in governance of role based access, monitoring and audit of staff access, and partitioning of program specific transaction information. These deficiencies create an increased risk of unauthorised access to the personal information of over four million customers which is stored in this system.

In addition, there is an absence of important controls to safeguard customers' privacy, such as multi factor authentication and reviewable logs of access history to their information. Such controls, when properly implemented, would enhance the control that customers are able to exercise over their personal information.

A privacy impact assessment conducted on Service NSW’s Salesforce CRM system in 2015 recommended that the system include the ability for customers to review access history to their personal information, as well as the option for customers to apply multi factor authentication to their accounts. While both these recommendations appeared positively received by Service NSW, neither have been implemented.

Since its inception, Service NSW’s use of Salesforce has extended to storing transaction data, particularly for transactions for which Service NSW is responsible, such as the Seniors Card. It also holds details of over four million MyServiceNSW account holders, including name, email address and phone number, and optional address details. It was not originally intended for the system to hold this volume and nature of customer information.

Lines of responsibility for meeting privacy obligations are unclear between Service NSW and its client agencies

Service NSW's privacy management plan does not clearly set out the privacy obligations of Service NSW and its client agencies. It sets out that 'compliance with the privacy principles will primarily be the responsibility of that [client] agency'. However, Service NSW has its own obligations under the security principles of the Privacy and Personal Information Protection Act 1998 (PPIP Act) to take reasonable steps to prevent unauthorised access to personal information, which is not made clear in the privacy management plan.

The agreements between Service NSW and client agencies reviewed for this audit only include general and high level references to privacy. Most do not include details of each parties' privacy responsibilities such as: which agency will provide the customer with a privacy notice explaining how their personal information will be handled, how personal information will be kept secure, how long Service NSW will retain information, what processes will be followed for internal reviews, and what specific planning is in place to respond to data breaches.

Service NSW's privacy management plan has not been updated to include new programs and governance changes

Service NSW's privacy management plan includes most of the matters required by law or good practice, with some exceptions. It does not explain any exemptions that the agency commonly relies on under the PPIP Act and does not address any health information that Service NSW may handle. It had also not been updated to reflect governance changes and the fact that, at the time this audit commenced, Service NSW was disclosing the content of internal review applications (the formal expression for 'complaints') to the Department of Customer Service (DCS). These governance changes were part of the centralisation of Service NSW's corporate support functions into DCS in late 2019, though internal review staff were seconded back into Service NSW during the course of this audit.

The current July 2019 privacy management plan has also not been updated since the rollout of a number of major new initiatives in 2020. These include 2019–20 bushfire emergency recovery initiatives (such as small business grants) and COVID 19 pandemic response initiatives (such as small business grants, border permits and the COVID safe check in app).

Service NSW routinely conducts privacy impact assessments for new initiatives, though privacy risks remain in legacy systems and processes

Service NSW routinely conducts privacy impact assessments for major new initiatives and the assessments reviewed for this audit largely accorded with good practice guidance.

Service NSW does not routinely review existing processes and systems to ensure that they are effective in ensuring the privacy of customer personal information. Business processes that create the highest risk to privacy, such as emailing of personal information, are more common in these longstanding legacy systems.

Service NSW's significant and rapid growth has outpaced the establishment of a robust control environment which has exacerbated privacy risks

Since it was established in 2013, Service NSW has experienced significant growth in the number and diversity of the types of transactions it provides, as well as the number of client agencies with which it works. The pace and extent of this growth has contributed to important controls not being properly implemented on a timely basis, which has heightened privacy risks, particularly in regard to existing, legacy systems and processes.

The pace of change and increasing demand for new program implementation has limited the opportunity for Service NSW, in collaboration with its client agencies, to revisit and redesign legacy business practices which pose a greater privacy risk. This includes the scanning and emailing of personal information.

While 2019–20 has seen additional demands placed on Service NSW in responding to the 2019–20 bushfire emergency and COVID 19 pandemic, it is the nature of the agency’s work that it operates in a fast paced and complex environment, where it is required to respond to multiple client agencies and stakeholders. Ensuring customer privacy should be integral to Service NSW’s business as usual operations.

2. Recommendations

Service NSW commissioned a number of external reviews and investigations stemming from the data breaches. The Auditor General's recommendations below have taken these other reviews into account. In order to offer assurance that it is appropriately protecting the privacy of its customers, Service NSW should address the full breadth of findings and recommendations made across all relevant reviews.

As a matter of urgency, Service NSW should:

1. in consultation with relevant client agencies and the Department of Customer Service, implement a solution for a secure method of transferring personal information between Service NSW and client agencies

2. review the need to store scanned copies of personal information and, if still required, implement a more secure method of storing this information and regular deletion of material.

By March 2021, Service NSW should:

3. ensure that all new agreements entered into with client agencies from 1 April 2021 address the deficiencies identified in this audit, including that they provide clarity on:

• the content and provision of privacy collection notices
• the terms by which personal information will be retained, stored, archived, and disposed of when no longer required
• steps that will be taken by each agency to ensure that personal information is kept secure
• the circumstances in which, and processes by which, applications for internal review will be referred by one agency to the other
• how identified breaches of privacy will be handled between agencies

4. in collaboration with the Department of Customer Service, review its privacy management plan to address the deficiencies raised in this audit, including:

• to clarify Service NSW's understanding of how responsibility for meeting privacy obligations are delineated between Service NSW and client agencies
• to better reflect the full scope and complexity of personal information handled by Service NSW
• to better explain how applications for internal review are handled between Service NSW and the Department of Customer Service
• to ensure regular ongoing review, either according to a schedule or when Service NSW experiences substantial change to its programs and handling of personal information

5. in consultation with the Department of Customer Service, review its policies and processes for the management of privacy risks, including to:

• ensure that there are appropriate mechanisms to escalate identified privacy risks from business units to the Executive Leadership Team
• ensure that there are action plans to address strategic privacy risks that are assessed as having ineffective controls.

By June 2021, Service NSW should:

6. address deficiencies in the controls over, and security for, its Salesforce customer relationship management and related systems that hold customer personal information, including:

• establish policies and processes for regular access reviews and monitoring of user activity in these systems, including for privileged users
• enable partitioning and role based access restrictions to personal information collected for different programs
• provide customers the choice to use multi factor authentication to further secure their MyServiceNSW accounts
• enable customers to view the transaction history of their personal information to detect possible mishandling.

By December 2021, Service NSW should:

7. ensure that all existing agreements with client agencies address the deficiencies identified in this audit, including that they provide clarity on:

• the content and provision of privacy collection notices
• the terms by which personal information will be retained, stored, archived, and disposed of when no longer required
• steps that will be taken by each agency to ensure that personal information is kept secure
• the circumstances in which, and processes by which, applications for internal review will be referred by one agency to the other
• how identified breaches of privacy will be handled between agencies

8. carry out a risk assessment of all processes, systems and transactions that involve the handling of personal information and undertake a privacy impact assessment for those that:

• are identified as high risk and have not previously had a privacy impact assessment
• have had major changes or updates since the privacy impact assessment was completed.

Appendix one – Responses from agencies

Appendix two – About the audit

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

This report provides parliament and other users of the Transport cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations
• the impact of emergencies and the pandemic.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Transport cluster for 2020, including any financial implications from the recent emergency events.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our:

• observations and insights from our financial statement audits of agencies in the Transport cluster
• assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies.

Appendix one – List of 2020 recommendations

Appendix two – Status of 2019, 2018 and 2017 recommendations

Appendix three – Management letter findings

Appendix four – Financial data

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

The Auditor-General for New South Wales, Margaret Crawford today released her report on the findings and recommendations from the 2019–20 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector.

The bushfire and flood emergencies and the COVID‑19 pandemic continue to have a significant impact on the people and public sector of New South Wales. The scale of the government response to these events has been significant. The report focuses on the effectiveness of internal controls and governance processes, including relevant agencies’ response to the emergencies. In particular, the report focuses on:

• financial and information technology controls
• business continuity and disaster recovery planning arrangements
• procurement, including emergency procurement
• delegations that support timely and effective decision-making.

Due to the ongoing impact of COVID‑19 agencies have not yet returned to a business‑as‑usual environment. ‘Agencies will need to assess their response to the recent emergencies and update their business continuity, disaster recovery and other business resilience frameworks to reflect the lessons learnt from these events’ the Auditor-General said.

The report noted that special procurement provisions were put in place to allow agencies to better respond to the COVID-19 pandemic. The Auditor-General recommended agencies update their procurement policies to reflect the current requirements of the NSW Procurement Framework and the emergency procurement requirements.

Read the PDF report

This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2020. These 40 agencies constitute an estimated 85 per cent of total expenditure for all NSW public sector agencies.

1. Internal control trends

2. Information technology controls

3. Business continuity and disaster recovery planning

4. Procurement, including emergency procurement

5. Delegations

6. Status of 2019 recommendations

Internal controls are processes, policies and procedures that help agencies to:

• operate effectively and efficiently
• produce reliable financial reports
• comply with laws and regulations
• support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency business continuity and disaster recovery planning arrangements.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of procurement agency procurement policies and procurement activity.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency compliance with financial and human resources delegations.

Appendix one – List of 2020 recommendations 

Appendix two – Status of 2019 recommendations

Appendix three – Cluster agencies

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

The Auditor-General for New South Wales, Margaret Crawford, released her report today on State Finances for the year ended 30 June 2020.

‘I am pleased to once again report that I issued an unmodified audit opinion on the State’s consolidated financial statements,’ the Auditor-General said.

The report acknowledges this has been a challenging year, with New South Wales impacted by natural disasters and the COVID-19 pandemic.

The State’s Budget Result, reported in the financial statements, was a deficit of $6.9 billion. This is different to the 2019-20 budget forecast surplus of $1.0 billion and is an outcome of the government’s significant response to bushfires and COVID-19.

The report summarises a number of audit and accounting matters arising from the audit of the Total State Sector Accounts, a sector that comprises 291 entities controlled by the NSW Government with total assets of $495 billion and total liabilities of $256 billion.

Read full report (PDF)

Our audit opinion on the State’s 2019–20 financial statements was unmodified

An unmodified audit opinion was issued on the State’s 2019–20 consolidated financial statements.

The State extended signing its financial statements by six weeks.

Natural disasters, the COVID-19 pandemic and other factors impacted the State’s 2019–20 reporting timetable. The State extended signing its financial statements by six weeks, compared with 2018–19.

All agencies were also given a two-week extension to prepare their financial statements compared with 2018–19. Further extensions beyond two weeks were subsequently approved for the following 11 agencies (7 in 2018–19) to submit completed financial statements for audit:

• Department of Communities and Justice
• Department of Customer Service
• Department of Planning, Industry and Environment
• Department of Regional NSW
• Department of Transport
• Environment Protection Authority
• Infrastructure NSW
• Lord Howe Island Board
• NSW Crown Holiday Parks Land Manager
• Service NSW
• Water Administration Ministerial Corporation.

The extensions reflected that the COVID-19 pandemic impacted agencies’ work environments during the first six months of 2020. This was at a time when many were still implementing machinery of government changes and preparing to implement three significant new accounting standards:

• AASB 15 Revenue from Contracts with Customers (issued December 2014, effective 1 July 2019)
• AASB 16 Leases (issued February 2016, effective 1 July 2019)
• AASB 1058 Income of Not-for-profit entities (issued December 2016, effective 1 July 2019).

These new accounting standards were issued some years before they became effective, to allow reporting entities sufficient time to prepare for implementation. Notwithstanding this, some agencies had not fully implemented the new accounting standards in time for early close procedures, and the unforeseen impact of COVID-19 further complicated the year-end financial reporting processes for the State and its agencies.

The graph below shows the number of reported errors exceeding $20 million over the past five years in agencies’ financial statements presented for audit.

In 2019–20, agency financial statements presented for audit contained 19 errors exceeding $20 million (six in 2018–19). The total value of these errors increased to $1.4 billion ($927 million in 2018–19).

The errors resulted from:

• incorrectly applying Australian Accounting Standards and Treasury Policies
• incorrect judgements and assumptions when valuing noncurrent physical assets and liabilities
• incorrectly interpreting the accounting treatment for unspent stimulus funding.

Errors in agency financial statements exceeding $20m (2016–2020)

$4.1 billion in stimulus funding was allocated in 2019–20

The government implemented an economic stimulus package primarily to mitigate the impacts of the COVID-19 pandemic on New South Wales.

The COVID-19 pandemic and bushfires had a significant impact on the State’s finances, reducing its revenue and increasing its expenses especially in sectors directly responsible for responding to the COVID-19 pandemic, such as Health.

The government announced a $4.1 billion health and economic stimulus package in 2019–20. This primarily included:

• $2.2 billion in health measures including purchases of essential medical equipment and increasing clinical health capacity (like intensive care spaces)
• $1.0 billion in small business and land tax relief
• $355 million in extra cleaning services and quarantine costs.

Cluster agencies had spent $3.0 billion (just under 75 per cent) of the COVID-19 stimulus package by 30 June 2020.

The Health cluster incurred most of this expenditure.

Total spend relating to bushfires was $1.3 billion in 2019–20.

The graph below shows the total allocation and spend by cluster to 30 June 2020.

Economic stimulus allocation and spend by cluster to 30 June 2020

Deficit of $6.9 billion compared with a budgeted surplus of $1.0 billion

An outcome of the government’s overall activity and policies is its net operating balance (Budget Result). This is the difference between the cost of general government service delivery and the revenue earned to fund these sectors.

The General Government Sector, which comprises 199 entities, generally provides goods and services funded centrally by the State.

The Non-General Government Sector, which comprises 92 government businesses, generally provides goods and services, such as water, electricity and financial services that consumers pay for directly.

The Budget Result for the 2019–20 financial year was a deficit of $6.9 billion. The original budget forecast, set before the COVID-19 pandemic and bushfires, was a $1.0 billion surplus. The main driver of the change in result was:

• $1.3 billion of higher employee costs, mainly due to:
  • increased workers compensation claims
  • additional personnel required (mainly in the Health sector) to respond to the COVID-19 pandemic
• $2.3 billion of higher operating expenses, mainly due to:
  • $828 million from first time recognition of a child abuse claim liability
  • $507 million from additional insurance claims from the NSW bushfires
  • $343 million from COVID-19 claims by agencies for loss of revenue.
• $1.8 billion in higher grants and subsidy expenses, mainly due to:
  • small business grants
  • COVID-19 quarantine compliance measures
  • costs incurred in response to the 2019–20 bushfires, drought and disaster relief payments
  • third party-controlled assets that were subsequently transferred to councils and utility providers, mainly arising from construction of the CBD and South East Light Rail.

The deficit was further driven by:

• $1.9 billion less taxation revenue, mainly resulting from:
  • $1.3 billion less in payroll tax due to relief measures introduced by the government as part of its COVID-19 economic stimulus
  • $424 million less in gambling and betting taxes, due to venue closures required by COVID-19 public health orders
• $523 million less in dividends and income tax revenue from the Non-General Government Sector, due to lower dividends received from NSW Treasury Corporation and from the State’s other commercial government businesses
• lower fines, regulatory fees and other revenue, due to a $305 million decrease in mining royalties, largely driven by lower coal prices.

Main drivers of the 2019–20 actual vs. budget variance

Revenues increased $209 million to $86.3 billion

In 2019–20, the State’s total revenues increased by $209 million to $86.3 billion, 0.2 per cent higher than in 2018–19. COVID-19 impacted taxation revenue, which fell by $1.1 billion and revenue from the sale of goods and services, which fell by $1.1 billion. These falls were offset by a $2.5 billion (7.7 per cent) increase in grants and subsidies from the Australian Government, mainly in the form of additional stimulus funding.

Taxation revenue fell 3.5 per cent

Taxation revenue fell by $1.1 billion, mainly due to a:

• $861 million fall in payroll tax as a result of COVID-19 relief (reduced payroll tax payments for eligible small businesses)
• $430 million fall in stamp duty collections, driven by lower than expected growth in the property market
• $427 million decline in gambling and betting taxes, mainly due to venue closures driven by COVID-19 public health orders.

Stamp duties of $8.8 billion were the largest source of taxation revenue, $473 million higher than payroll tax, the second-largest source of taxation revenue.

Australian Government grants and subsidies

The State received $34.2 billion in grants and subsides which are mainly from the Australian Government, $2.4 billion more than in 2018–19.

The increase was driven by a $1.1 billion increase in Commonwealth Specific Purpose Payments to support the Health cluster respond to the COVID-19 pandemic. Commonwealth National Partnership Payments increased by a similar amount to provide the State with Natural Disaster relief.

Sales of goods and services

In 2019–20, sales of goods and services fell $1.1 billion. This was due to the COVID-19 pandemic reducing:

• patronage and related transport passenger revenue
• health billing activities with elective surgery being put on hold

Fines, regulatory fees and other revenues

Fines, regulatory fees and other revenues fell $505 million. This was mainly due to a $409 million decrease in mining royalties attributed to a drop in thermal coal prices during 2019–20.

Other dividends and distributions

Other dividends and distributions rose by $616 million due to higher distributions received from the State’s investments. This was due to an additional $1.3 billion held in the State’s investment portfolio compared with last year.

Expenses increased $8.2 billion to $96.0 billion

The State’s expenses increased 9.3 per cent compared with 2018–19. Most of the increase was due to higher employee expenses, other operating costs and grants and subsidies.

Employee expenses, including superannuation, increased 5.7 per cent to $42.6 billion.

Salaries and wages increased to $42.6 billion from $40.3 billion in 2018–19. This was mainly due to increases in staff numbers and a 2.5 per cent increase in pay rates across the sector. Salaries and wages for the Education and Health sectors increased by $659 million and $732 million in each sector respectively.

The Health sector employed an additional 2,763 full time staff in 2019–20. It also incurred more overtime in response to COVID-19. Education increased staff numbers by 4,866 full time equivalents and paid a one off 11 per cent pay rise to school administration staff in 2019–20. Historically, the government wages policy aims to limit growth in employee remuneration and other employee related costs to no more than 2.5 per cent per annum.

Operating expenses increased 8.7 per cent to $27.0 billion.

Operating expenses increased to $27.0 billion in 2019–20 ($24.8 billion in 2018–19) due to higher operating activities in Health. The higher level of activities and related costs is attributed to a full year of operations at the Northern Beaches Hospital (opened November 2018), and responding to COVID-19. The response to COVID-19 involved the State providing viability payments to private hospitals, higher visiting medical officer costs due to additional overtime hours and spending more on equipment to set up COVID-19 testing clinics.

Insurance claims increased by $2.0 billion. This was mainly due to NSW Self Insurance Corporation (SiCorp) recognising a liability for child abuse claims incurred but not reported for the first time, and claims for the 2019–20 bushfires, floods and COVID-19.

Health costs remain the State’s highest expense.

Total expenses of the State were $96 billion ($87.8 billion in 2018–19). Traditionally, the following clusters have the highest expenses as a percentage of total government expenses:

• Health – 24.3 per cent (25.8 per cent in 2018–19)
• Education – 17.6 per cent (19.3 per cent in 2018–19)
• Transport - 12.8 per cent (12.6 per cent in 2018–19).

General public service expenses as a percentage of total State expenses is higher due to a $2.0 billion increase in SiCorp’s accrued claim expenses.

Other expenses increased due to additional grant funding by the State for drought relief and COVID-19 stimulus spend.

Health expenses increased by $632 million compared with 2018–19 but fell as a proportion of total State expenses.

Education expenses remained stable compared with last year due to savings in student transportation costs primarily driven by COVID-19. This led to a decrease in the proportion of the State’s costs relating to education activities.

Grants and subsidies increased $2.5 billion to $14.1 billion.

The increase in grants and subsidies was due to payments the State made to support businesses and local communities in the face of COVID-19 and bushfires. In addition, the State transferred CBD and South East Light Rail assets to councils and utility providers during 2019–20 as it no longer controlled these.

Depreciation expense increased $1.0 billion to $9.2 billion.

Depreciation increased to $9.2 billion from $8.0 billion in 2018–19. At 1 July 2019, the State implemented the new leases standard recognising a right of use (ROU) asset and related lease liability in its financial statements. The value of ROU assets are amortised over the term of the lease. This contributed to $980 million of the increase in 2019–20 depreciation expense. Last year, these costs were previously reported within other operating expenses.

Assets grew by $28.0 billion to $495 billion

The State’s assets primarily include physical assets such as land, buildings and infrastructure, and financial assets such as cash, and other financial instruments and equity investments. The value of total assets increased by $28.0 billion to $495 billion. This was a six per cent increase compared with 2018–19, mostly due to changes in asset carrying values.

Of the State’s $28.0 billion increase in asset values, $9.3 billion was due to a new accounting standard requirement for operating leases to be valued and recorded on balance sheet for the first time.

AASB 16 Leases requires entities recognise values for right-ofuse assets (ROU) for the first time. An ROU asset is a lessee’s right to use an asset, the value of which is amortised over the term of the lease. This standard came into effect from 1 July 2019.

Valuing the State’s physical assets

The value of the State’s physical assets increased by $14.1 billion to $365 billion in 2019–20. The assets include land and buildings ($168 billion), infrastructure ($180 billion) and plant and equipment ($16.7 billion). A prior period error relating to the valuation of RMS infrastructure assets reduced the reported values by $1.0 billion from $352 billion to $351 billion at 30 June 2019.

The movement in physical asset values between years includes additions, disposals, depreciation and valuation adjustments. Other movements include reclassification of physical assets leased under finance leases to right of use assets upon adoption of AASB 16 Leases on 1 July 2019.

Movements in physical asset values

Liabilities increased $38.4 billion to $256 billion

The State borrowed additional funds in response to natural disasters and COVID-19.

The State’s borrowings rose by $33.9 billion to $113.8 billion at 30 June 2020. This accounted for most of the increase in the State’s total liabilities.

The value of TCorp bonds on issue increased by $25.2 billion to $97.0 billion to largely fund capital expenditure and costs associated with the bushfires, drought and COVID-19.

TCorp bonds are actively traded in financial markets and are guaranteed by the NSW Government.

Over 2019–20, TCorp continued to take advantage of lower interest rates, buying back short-term bonds and replacing them with longer dated debt. This lengthens the portfolio matching liabilities with the funding requirements for infrastructure assets.

With effect from 1 July 2019, AASB 16 Leases required the State to recognise liabilities for operating leases for the first time. This increased total lease liabilities from $5.3 billion at 30 June 2019 to $11.8 billion at 30 June 2020.

More than a third of the State’s liabilities relate to its employees. They include unfunded superannuation and employee benefits, such as long service and recreation leave.

Valuing these obligations involves complex estimation techniques and significant judgements. Small changes in assumptions and other variables, such as a lower discount rate, can materially impact the valuation of liability balances in the financial statements.

The State’s unfunded superannuation liability rose $300 million from $70.7 billion to $71.0 billion at 30 June 2020. This was mainly due to a lower discount rate of 0.87 per cent (1.32 per cent in 2018–19). The State’s unfunded superannuation liability represents the value of its obligations to past and present employees less the value of assets set aside to fund those obligations.

The State maintained its AAA credit rating

The object of the Fiscal Responsibility Act 2012 is to maintain the State’s AAA credit rating.

The government manages New South Wales’ finances in accordance with the Fiscal Responsibility Act 2012 (the Act).

The Act establishes the framework for fiscal responsibility and the strategy to maintain the State’s AAA credit rating and service delivery to the people of New South Wales.

The legislation sets out targets and principles for financial management to achieve this.

This year, the State’s credit rating from Standard & Poor’s changed from AAA/Stable to AAA/Negative. Moody’s Investors Service credit rating of Aaa/Stable did not change from the previous year.

The fiscal target for achieving this objective is that General Government annual expenditure growth should be lower than long term average revenue growth.

The State did not achieve its fiscal target of maintaining annual expenditure growth below the long-term revenue growth rate target of 5.6 per cent.

In 2019–20, General Government expenditure grew by 9.7 per cent (5.5 per cent in 2018–19).

Expenditure items that contributed most to the growth rate include:

• recurrent grants and subsidies (20.4 per cent)
• other operating expenses (9.5 per cent)
• employee costs (including superannuation) (5.6 per cent)

Recurrent grant and subsidy expenses increased by $2.8 billion in 2019–20 mainly due to the COVID-19 and natural disaster payments. Other operating expenses increased mainly due to a $2.0 billion increase in SiCorp insurance claims. This included the $828 million provision for child abuse claims incurred but not reported. The bushfires and COVID-19 pandemic also increased the number and cost of claims in 2019–20.

Superannuation funding position since inception of the Act - AASB 1056 Valuation

Appendix one - Prescribed entities

Appendix two - Legal opinions

This is a follow-up to the Auditor-General's November 2016 report on the CBD South East Sydney Light Rail project. This follow-up report assessed whether Transport for NSW has updated and consolidated information about project costs and benefits.

The audit found that Transport for NSW has not consistently and accurately updated project costs, limiting the transparency of reporting to the public.

The Auditor-General reports that the total cost of the project will exceed $3.1 billion, which is above the revised cost of $2.9 billion published in November 2019. $153.84 million of additional costs are due to omitted costs for early enabling works, the small business assistance package and financing costs attributable to project delays.

The report makes four recommendations to Transport for NSW to publicly report on the final project cost, the updated expected project benefits, the benefits achieved in the first year of operations and the average weekly journey times.

Read full report (PDF)

The CBD and South East Light Rail is a 12 km light rail network for Sydney. It extends from Circular Quay along George Street to Central Station, through Surry Hills to Moore Park, then to Kensington and Kingsford via Anzac Parade and Randwick via Alison Road and High Street.

Transport for NSW (TfNSW) is responsible for planning, procuring and delivering the Central Business District and South East Light Rail (CSELR) project. In December 2014, TfNSW entered into a public private partnership with ALTRAC Light Rail as the operating company (OpCo) responsible for delivering, operating and maintaining the CSELR. OpCo engaged Alstom and Acciona, who together form its Design and Construct Contractor (D&C).

On 14 December 2019, passenger services started on the line between Circular Quay and Randwick. Passenger services on the line between Circular Quay and Kingsford commenced on 3 April 2020.

In November 2016, the Auditor-General published a performance audit report on the CSELR project. The audit found that TfNSW would deliver the CSELR at a higher cost with lower benefits than in the approved business case, and recommended that TfNSW update and consolidate information about project costs and benefits and ensure the information is readily accessible to the public.

In November 2018, the Public Accounts Committee (PAC) examined TfNSW's actions taken in response to our 2016 performance audit report on the CSELR project. The PAC recommended that the Auditor-General consider undertaking a follow-up audit on the CSELR project. The purpose of this follow-up performance audit is to assess whether TfNSW has effectively updated and consolidated information about project costs and benefits for the CSELR project.

Appendix one – Response from agency

Appendix two – Governance and reporting arrangements for the CSELR

Appendix three – 2018 CSELR governance changes

Appendix four – About the audit

Appendix five – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #335 - released 11 June 2020

This report focuses on how Transport for NSW and Sydney Trains manage crowding at selected metropolitan train stations.

The audit found that while Sydney Trains has identified platform crowding as a key strategic risk, it does not have an overarching strategy to manage crowding in the short to medium term. Sydney Trains 'do not have sufficient oversight to know if crowding is being effectively managed’, the Auditor-General said.

Sydney Trains' operational response to crowding involves restricting customer access to platforms or station entries before crowding reaches unsafe levels or when it impacts on-time running. Assuming rail patronage increases, it is likely that Sydney Trains will restrict more customers from accessing platforms or station entries, causing customer delay. ‘Restricting customer access to platforms or station entries is not a sustainable approach to manage station crowding’, said the Auditor-General.

The Auditor-General made seven recommendations to improve Transport for NSW and Sydney Trains' management of station crowding. Transport for NSW have accepted these recommendations on behalf of the Transport cluster.

Public transport patronage has been impacted by COVID-19. This audit was conducted before these impacts occurred.

Read full report (PDF)

Sydney Trains patronage has increased by close to 34 per cent over the last five years, and Transport for NSW (TfNSW) expects the growth in patronage to continue over the next 30 years. As patronage increases there are more passengers entering and exiting stations, moving within stations to change services, and waiting on platforms. As a result, some Sydney metropolitan train stations are becoming increasingly crowded.

There are three main causes of station crowding:

• patronage growth exceeding the current capacity limits of the rail network
• service disruptions
• special events.

Crowds can inhibit movement, cause discomfort and can lead to increased health and safety risks to customers. In the context of a train service, unmanaged crowds can affect service operation as trains spend longer at platforms waiting for customers to alight and board services which can cause service delays. Crowding can also prevent customers from accessing services.

Our 2017 performance audit, ‘Passenger Rail Punctuality’, found that rail agencies would find it hard to maintain train punctuality after 2019 unless they significantly increased the capacity of the network to carry trains and people. TfNSW and Sydney Trains have plans to improve the network to move more passengers. These plans are set out in strategies such as More Trains, More Services and in the continued implementation of new infrastructure such as the Sydney Metro. Since 2017, TfNSW and Sydney Trains have introduced 1,500 more weekly services to increase capacity. Additional network capacity improvements are in progress for delivery from 2022 onwards.

In the meantime, TfNSW and Sydney Trains need to use other ways of managing crowding at train stations until increased capacity comes on line.

This audit examined how effectively TfNSW and Sydney Trains are managing crowding at selected metropolitan train stations in the short and medium term. In doing so, the audit examined how TfNSW and Sydney Trains know whether there is a crowding problem at stations and how they manage that crowding.

TfNSW is the lead agency for transport in NSW. TfNSW is responsible for setting the standard working timetable that Sydney Trains must implement. Sydney Trains is responsible for operating and maintaining the Sydney metropolitan heavy rail passenger service. This includes operating, staffing and maintaining most metropolitan stations. Sydney Trains’ overall responsibility is to run a safe rail network to timetable.

Appendix one – Response from agency

Appendix two – Sydney rail network

Appendix three – Rail services contract

Appendix four – Crowding pedestrian modelling

Appendix five – Airport Link stations case study

Appendix six – About the audit

Appendix seven – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #333 - released 30 April 2020

This report details the results of the financial audits of NSW Government's Transport cluster for the financial year ended 30 June 2019. The report focuses on key observations and findings from the most recent financial statement audits of agencies in the Transport cluster.

Unqualified audit opinions were issued for all agencies' financial statements. However, valuations of assets continue to create challenges across the cluster. The Audit Office identified some deficiencies in relation to asset valuations at Transport for NSW, Roads and Maritime Services, Rail Corporation New South Wales and Sydney Metro.

The Audit Office noted an increase in findings on internal controls across the Transport cluster. Key themes related to information technology, asset management and employee leave entitlements. The report also highlights the status of significant infrastructure projects across the Transport cluster.

The report makes several recommendations including:

• agency finance teams need to be consulted on major business decisions and commercial transactions at the time of their execution to assess the financial reporting impacts
• the Department of Transport should ensure consistent accounting policies are applied across its controlled entities.

Download the Transport 2019 report (PDF)

This report analyses the results of our audits of financial statements of the Transport cluster for the year ended 30 June 2019. The table below summarises our key observations.

1. Machinery of Government changes

2. Financial reporting

3. Audit observations

This report provides parliament and other users of the Transport cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

This cluster was impacted by the Machinery of Government changes on 1 July 2019. The NSW Government announced its intention to integrate Roads and Maritime Services (RMS) into Transport for NSW (TfNSW). This report is focused on the Transport cluster prior to these changes. Please refer to the section on Machinery of Government changes for more details.

Machinery of Government refers to how the government organises the structures and functions of the public service. Machinery of Government changes are where the government reorganises these structures and functions, and are given effect by Administrative orders.

The Transport cluster was impacted by recent Machinery of Government changes. These changes were announced by the Department of Premier and Cabinet but were not included in the Administrative Orders as the Transport Administration Act 1988 No. 109 governs the composition of the Transport cluster. It was the intention of government to transfer the functions of the RMS into TfNSW. This requires legislative changes to the Transport Administration Act 1988 No. 109.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Transport cluster for 2019.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Transport cluster.

Appendix one – Timeliness of financial reporting by agency 

Appendix two – Management letter findings by agency 

Appendix three – List of 2019 recommendations 

Appendix four – Status of 2017 and 2018 recommendations 

Appendix five – Cluster agencies 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

This report covers the findings and recommendations from the 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector. The 40 agencies selected for this report constitute around 84 per cent of total expenditure for all NSW public sector agencies.

The report provides insights into the effectiveness of controls and governance processes across the NSW public sector. It evaluates how agencies identify, mitigate and manage risks related to:

• financial controls
• information technology controls
• gifts and benefits
• internal audit
• contingent labour
• sensitive data.

The Auditor-General recommended that agencies do more to prioritise and address vulnerabilities in their internal controls and governance. The Auditor-General also recommended agencies increase the transparency of their management of gifts and benefits by publishing their registers on their websites.

This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2019.

1. Internal control trends

2. Information technology controls

3. Gifts and benefits

4. Internal audit

5. Managing contingent labour

6. Managing sensitive data

This report covers the findings and recommendations from our 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies (refer to Appendix three) in the NSW public sector. The 40 agencies selected for this volume constitute around 84 per cent of total expenditure for all NSW public sector agencies.

Although the report includes several agencies that have changed as a result of the Machinery of Government changes that were effective from 1 July 2019, its focus on sector wide issues and insights means that its findings remain relevant to NSW public sector agencies, including newly formed agencies that have assumed the functions of abolished agencies.

This report offers insights into internal controls and governance in the NSW public sector

This is the third report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:

• highlighting the potential risks posed by weaknesses in controls and governance processes
• helping agencies benchmark the adequacy of their processes against their peers
• focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.

Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. For example, if they do not have strong information technology controls, sensitive information may be at risk of unauthorised access and misuse.

Areas of specific focus of the report have changed since last year

Last year's report topics included transparency and performance reporting, management of purchasing cards and taxi use, and fraud and corruption control. We are reporting on new topics this year and re-visiting agency management of gifts and benefits, which we first covered in our 2017 report. Re-visiting topics from prior years provides a baseline to show the NSW public sectors’ progress implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.

Our audits do not review all aspects of internal controls and governance every year. We select a range of measures and report on those that present heightened risks for agencies to mitigate. This year the report focusses on:

• internal control trends
• information technology controls, including access to agency systems
• protecting sensitive information held within agencies
• managing large and diverse workforces (controls around employing and managing contingent workers)
• maintaining an ethical culture (management of gifts and benefits)
• effectiveness of internal audit function and its oversight by Audit and Risk Committees.

The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, internal controls and audit observations are included in the individual 2019 cluster financial audit reports, which will be tabled in parliament from November to December 2019.

Internal controls are processes, policies and procedures that help agencies to:

• operate effectively and efficiently
• produce reliable financial reports
• comply with laws and regulations
• support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage gifts and benefits. 

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency internal audit functions.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to on-board, manage and off-board contingent labour.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of governance and processes in relation to the management of sensitive data.

Appendix one – List of 2019 recommendations 

Appendix two – Status of 2018 recommendations

Appendix three – In-scope agencies

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

The Auditor-General, Margaret Crawford, has released her report on the State Finances for the year ended 30 June 2019.

‘I am pleased to once again report that I issued an unmodified audit opinion on the State’s consolidated financial statements,’ the Auditor-General said.

The report acknowledges NSW Treasury and agency efforts to reduce the number and value of errors compared with the previous year. ‘Strong financial management and transparent reporting are key elements of our system of government. Treasury and agency finance teams need to be consulted on major business decisions at the time of their execution. This will ensure agencies assess the accounting implications earlier and support accurate financial statements being presented for audit on a timely basis,’ said the Auditor-General.

The report summarises the financial audit result of the Total State Sector Accounts. The Total State Sector comprises 304 entities controlled by the NSW Government with total assets of $468 billion and total liabilities of $218 billion.

The General Government sector comprises 212 entities that provide goods and services that are funded centrally by the State. General Government expenditure grew by 5.5 per cent in 2018-19, which was below the long-term revenue growth of 5.6 per cent target established by the Fiscal Responsibility Act 2012.

Download PDF of State Finances 2019 report

Pursuant to the Public Finance and Audit Act 1983, I present my Report on State Finances 2019.

Strong financial management and transparent reporting are key elements of our system of government.

I am pleased to once again report that I issued an unmodified audit opinion on the State’s consolidated financial statements. 

The number of errors in agencies’ 2018–19 financial statements fell to six compared to the 23 recorded in 2017–18. This reflects Treasury’s focus on early close and the resolution of complex accounting matters before submission. Agency finance teams need to be consulted on major business decisions and commercial transactions to assess their accounting impacts at the time of their execution, rather than at the end of a financial year. This would improve the quality of financial reporting and avoid the need for extensions for agencies to submit their financial statements for audit.

To further increase transparency, a Key Audit Matters section was included in my Independent Auditor Report on the Total State Sector Accounts this year. This explains those matters considered most significant to the conduct of the audit and requiring significant management judgement.

Looking forward, certain factors have the potential to impact the accuracy and completeness of the Total State Sector Accounts in coming years. First, three new accounting standards are effective from 1 July 2019 and a fourth from 1 July 2020. Transitioning to new standards requires significant planning and resources to ensure the impacts are appropriately assessed and accounted for. Second, the Government Sector Finance Act 2018 will be implemented in stages over three years to 2020–21. This Act is intended to focus on performance, transparency, accountability, and efficiency of financial management in the government sector. I encourage agencies to build their awareness of this important reform and ensure their alignment with the principles of the Act. 

I want to thank Treasury staff for the way they engaged with my staff in the conduct of the audit. Our partnership is critical to ensuring the quality of financial management and reporting.

Margaret Crawford
Auditor-General, 10 October 2019

Our audit opinion on the State’s 2018–19 financial statements was unmodified. There were fewer reported errors but earlier resolution of accounting matters is still required.

Our audit opinion on the State’s 2018–19 financial statements was unmodified.

This year, six errors exceeding $20 million were found in agencies’ 2018–19 financial statements that make up the State’s consolidated financial statements. The total value of these errors was $927 million compared to $3.8 billion in 2017–18. The errors identified in 2018–19 resulted from:

• incorrectly applying Australian Accounting Standards and Treasury Policies
• using inappropriate assumptions and inaccurate data
• incorrectly assessing the fair value of non-current physical assets.

The introduction of mandatory ‘early close procedures’ in 2011–12, saw the number of errors in agencies’ financial statements fall progressively, to a low of five in 2015–16.

In 2016–17, Treasury narrowed the scope of its mandatory early close procedures to focus on non-current physical asset valuations and pro-forma financial statements. Following this, the number of significant errors increased to 23 in 2017–18, the

highest number in six years and similar to the numbers identified before mandatory early close procedures were introduced.

In 2018–19, Treasury and agencies’ refocused their efforts around early close procedures and other year-end processes resulting in this year’s lower error total of six.

Errors in agency financial statements exceeding $20m (2015–2019)

Correction of prior year’s reported values    

Correction of earthwork assets ($2.1 billion)

Some of the State’s earthworks were first valued in 2016–17. These included earth excavations and embankments for the Country Rail and Metropolitan Network created before the year 2000 and dating back to the early 1900s.

For many years, the State did not account for earthworks because it believed the value could not be reliably measured. In 2016–17, the State engaged an external valuer who identified a methodology showing the earthworks could be valued. That valuer performed a valuation using topography maps for the Country Rail Network (CRN) because information in this earthworks database was of poor quality and incomplete. The valuation resulted in the State recognising $7.5 billion of earthworks for the first time in 2016–17. This was disclosed as a prior period error.

Over the following years, the State improved the quality of the CRN earthworks database by engaging an engineering firm to perform more detailed earthworks surveys. The work involved the use of technology to survey most of the CRN lines.

In 2018–19, the State once again engaged an external valuer to assess the fair value of the CRN earthworks. The valuer determined that incorrect assumptions were used in the 2016–17 valuation. These primarily related to land elevations, which were corrected in the earthworks database and this resulted in a new fair value of $5.4 billion, $2.1 billion less than the previous valuation. The error reported in the 2017–18 value has been corrected in the 2018–2019 financial statements to reflect the revised value.

Previously reported value for earthworks reduced from $7.5 billion to $5.4 billion.

Correction of museum collection assets ($27 million)

The Australian Museum’s collection assets were restated by $27 million to $800 million in 2017–18.

After the 2017–18 financial statements were published, the Australian Museum identified additional collection assets that were not included in the original valuation. This resulted in a $27 million error relating to collection asset values. As last year’s valuation was based on an incomplete listing of collection assets, the 2017-18 value has been corrected in the 2018–19 financial statements to reflect the revised value.

Correction of lease liability ($46.2 million)

On 1 July 1995, the Department of Justice entered into a 25-year lease arrangement with an option to extend for a further 15 years.

The Department accounted for the arrangement as a finance lease by recognising a building asset and a corresponding finance lease liability for the period of 25 years. The Department depreciated the leased asset based on a useful life of 40 years.

As it was reasonably certain the Department would exercise the lease option at inception, it should have recognised a liability that reflected the entire 40 year lease period. To correct the prior year error and properly reflect the extended lease period, the Department of Justice increased the lease liability and decreased retained earnings by $46.2 million as at 1 July 2017.

Abuse Claims remain a significant contingent liability of the State

The State discloses a contingent liability in its financial statements when the possibility of settling the liability in the future is considered less than probable, but more likely than remote, or the amount of the obligation cannot be measured with sufficient reliability.

If the expected settlement subsequently becomes probable and reliably estimable, a provision is recognised.

The State has numerous contingent liabilities. Some are quantifiable while others are not. As contingent liabilities are potentially material future liabilities of the State, every effort should be made to quantify these as accurately as possible. They also need to be monitored closely to ensure that they are recognised and brought on balance sheet as they crystallise.

At 30 June 2019, NSW Self Insurance Corporation (SiCorp) could not reliably measure the claims liability arising from past incidences of abuse that occurred within NSW Government institutions which have not yet been reported. These are referred to as incurred but not reported claims (IBNR).

Since 1 July 2018, victims of child sexual abuse can opt to claim compensation through the National Redress Scheme, or to lodge a civil claim. Civil claims for incidents that occurred within NSW Government institutions may be covered by SiCorp. An estimate of an IBNR for child abuse claims within SiCorp will be impacted by the extent that victims claim compensation through redress as compared to civil claims.

Recent legislative changes have added further uncertainty to estimating the extent of IBNR claims. SiCorp requires more reliable data on the number of IBNR child abuse claims and the expected average size of the related payments. As such, the liabilities presented in the SiCorp and the State financial statements do not include an allowance for IBNR abuse claims.

As more information becomes available it may be possible for SiCorp to reasonably estimate the value of abuse claim liabilities. It is possible that such an estimate may be material to SiCorp and the State’s financial statements. 

TAFE update

In prior years we reported on information system limitations at TAFE NSW, specifically relating to its student administration system. TAFE NSW continues to implement additional processes to verify the accuracy and completeness of revenue from student fees for the 2018–19 financial year.

In 2017–18 TAFE NSW started implementing a new student management system. Significant delays have occurred in implementing this system, mainly due to the complexity of integrating the vendor solution with the requirements of TAFE. TAFE will now bring the final commissioning and operation of the system in house. Final project delivery timeframes and estimated completion costs are being reviewed. Costs incurred to date amount to $67 million. The original budget for this new system is $89.4 million.

Light Rail settlement

The CBD and South East Light Rail is a new twelve kilometre light rail network for Sydney, currently under construction. Passenger trips are set to begin on the light rail by December between Circular Quay and Randwick. The second stage from Randwick to Kingsford is planned to open in March 2020. The original budget for construction work of $1.6 billion was revised to $2.1 billion in 2014.

The State Government has been in dispute with the firm responsible for delivering and operating the CBD and South East light rail project. In May 2019, the parties reached a Settlement Arrangement resulting in the State agreeing to pay a settlement amount of $576 million, which is in addition to the revised budget. Transport has advised a final cost is still to be determined following project completion.

The Audit Office has commenced a follow up audit on the CBD South East Light Rail. This audit will consider whether recommendations of our previous audit have been implemented. We will also review the current status and budget of this project.

Sydney Metro Northwest project commissioning

The Sydney Metro North West officially opened in May 2019.

In constructing the metro, some assets were built to facilitate its operation. These included pavements, roadworks, and electricity
and water connections.

When the project was completed, the assets and the responsibility for maintaining them transferred to third parties, primarily Councils and utility providers. In 2018–19, the State expensed (derecognised) the assets, valued at $306 million, because it no longer controlled them.

Financial Reporting by Crown Land Reserve Trusts

Approximately 700 reserve trusts, managed by Trust Boards, did not prepare the financial statements at 30 June 2019 as required by the
Public Finance and Audit Act 1983.

These Crown reserves contain showgrounds, cemeteries, racecourses, local parks, and other community facilities and public areas. Some of the Crown reserves have independent streams of revenue from user charges.

In 2016–17, Treasury determined that NSW cemetery trusts and a holiday park reserve trust were controlled entities of the State. As such, the Public Finance and Audit Act 1983 requires them to prepare financial statements and have these audited by the Auditor-General.

In 2017–18, three reserve trusts accepted NSW Treasury’s view, prepared financial statements and had them audited by the Auditor-General.

However, three cemetery reserve trusts continue to maintain they are not controlled by the State and therefore their financial statements are not audited by the Audit Office. These cemeteries shared their unaudited financial statements with Treasury so they could be incorporated into the State’s financial statements. At 30 June 2019, the value of their combined assets and liabilities, which are not audited by the Audit Office, was $564 million.

The State included an additional $319 million in assets that relate to Crown land values of approximately 700 reserve trusts that did not prepare or submit financial statements.

We performed additional audit procedures to obtain some assurance over the value of these crown lands. The nature and extent of the limitations to the scope of these procedures was not significant enough to impact our audit opinion. Treasury should ensure these trusts comply with the requirements of the Public Finance and Audit Act.

Derecognition of investment in City West Housing

In 2017–18, the State had an equity investment of $680 million in a community housing provider, City West Housing Pty Limited (CWH).

During 2018–19, CWH amended its constitution to ensure alignment with its charitable status. The unintended impact of this change was that on windup the net assets would not be distributed to the State. The accounting implications to the State’s investment was not considered by Treasury at the time of approving the amended constitution. Consequently, the State wrote off its $680 million investment in CWH in 2018–19.

It is important that accounting impacts of such changes are discussed and agreed upon early. At the time of approving the decision to change the constitution, all accounting implications should be made available and understood. Such information is relevant when approving decisions. The theme of what is relevant
information will be explored further in our Performance Audit of ‘Advice on Major Decisions’.

Machinery of government (MoG) changes refers to how the government reorganises agency structures and functions and realigns ministerial responsibilities.

Cluster changes

On 2 April 2019, the Government reorganised public sector agencies into eight clusters (ten in 2017–18) with effect from 1 July 2019.

Prior to 30 June 2019, two subsequent administrative arrangement orders were made to amend and finalise the MoG changes.

The key MoG changes included:

• abolishing the following five departments:
  • Finance, Services and Innovation
  • Industry
  • Planning and Environment
  • Family and Communities
  • Justice
• transferring their functions into three new departments:
  • Department of Customer Service
  • Department of Planning, Industry and Environment
  • Department of Communities and Justice

The State’s consolidated financial statements at 30 June 2019 were not impacted by the changes, as they were effective from 1 July 2019.

The chart below shows the cluster arrangements before and after the MoG changes to the General Government Sector. It compares total budgeted expenses presented in the 2018–19 and 2019–20 Budget Papers (1).

Each cluster’s share of the General Government Sector’s (GGS) total expenditure remains relatively unchanged after the MoG changes. Further details on other functions transferred between clusters are detailed in the 2019–20 Budget Papers.

Of the clusters, Education is affected most by the MoG changes from the perspective of increased expenditure in the 2019–20 budget. This is because the TAFE Commission transferred into this cluster from the former Department of Industry on 1 July 2019, resulting in a corresponding decrease in the new Planning, Industry and Environment cluster’s expenditure.

Cluster expenses

$1.2 billion surplus, $0.2 billion below 2018–19 budget of $1.4 billion

The Total State Sector comprises 304 entities controlled by the NSW Government.

The General Government Sector, which comprises 212 entities, generally provides goods and services funded centrally by the State.
The non-General Government Sector, which comprises 92 Government businesses, generally provides goods and services, such as water, electricity and financial services that consumers pay for directly.

A principal measure of a Government’s overall performance is its Net Operating Balance (Budget Result). This is the difference
between the cost of General Government service delivery and the revenue earned to fund these sectors.

What changed from 2018 to 2019?

The State maintained its AAA credit rating.

The object of the Fiscal Responsibility Act 2012 is to maintain the State’s AAA credit rating.

The Government manages NSW’s finances in accordance with the Fiscal Responsibility Act 2012 (the Act).

The Act establishes the framework for fiscal responsibility and the strategy to protect the State’s AAA credit rating and service delivery to the people of New South Wales.

The legislation sets out targets and principles for financial management to achieve this.

New South Wales has credit ratings of AAA/Stable from Standard & Poor’s and Aaa/Stable from Moody’s Investors Service.

The fiscal targets for achieving this objective are:

General Government annual expenditure growth is lower than long term average revenue growth.

General Government expenditure grew by 5.5 per cent in 2018–19 (5.1 per cent in 2017–18 based on restated balances). This was slightly below the long-term revenue growth rate of 5.6 per cent.

Eliminating unfunded superannuation liabilities by 2030.

The Act sets a target to eliminate unfunded superannuation liabilities by 2030.

The State’s funding plan is to contribute amounts escalated by five per cent each year so the schemes will be fully funded by 2030. In 2018–19, the State made employer contributions of $1.73 billion ($1.67 billion in 2017–18), an increase of $64 million or 3.8 per cent ($52 million or 3.2 per cent in 2017–18). This was under the five per cent target by $19.5 million.

For fiscal responsibility purposes, the State uses AASB 1056: Superannuation Entities. This accounting standard discounts superannuation liabilities using the expected return from the assets backing the liability.

Using this method, the State’s unfunded superannuation liability was $13.2 billion at 30 June 2019 ($14.0 billion).

Superannuation funding position since inception of the Act - AASB 1056 Valuation

State revenues fell $604 million to $86.1 billion in 2018–19    

In the prior years, revenue growth was underpinned by cyclical increases in land tax, payroll tax and one-off large stamp duty receipts from the lease of the State’s electricity network assets. In 2018–19, the State’s revenue fell by $604 million to $86.1 billion ($86.7 million in 2017–18).

Taxation revenue remained relatively stable

Taxation revenue only grew slightly, mainly due to:

• a $517 million increase in payroll tax from NSW wages growth
• a $469 million increase in land tax from growth in land values
• offset by a $1.2 billion decrease in stamp duty due to lower than expected growth in the property market. This decrease would have been higher had the State not received $555 million in stamp duty from the new 51 per cent owner of WestConnex.

The gap between payroll tax and stamp duty reduced significantly in 2018–19. Stamp duty still remains the largest source of revenue for the State at $9.2 billion, only $42 million above payroll tax.

Australian Government grants and subsidies

The State received $31.8 billion in grants and subsidies from the Australian Government, $158 million less than the previous year. This was due to falls in other grants and subsidies of $98 million and GST revenues of $48 million.

GST revenues fell due to weaker growth in national consumption expenditure and a smaller GST pool. The GST pool represents funds made available by the Commonwealth for transfer to the States as untied financial assistance. The allocation of GST is determined by the Commonwealth, not the State.

A $392 million decrease in National Partnership Payments was offset by a $380 million increase in Specific Purpose Payments.
 
In 2018–19, sales of goods and services fell $395 million mainly due to the sale of WestConnex.

Other dividends and distributions fell by $122 million due to lower distributions from associates. This reflected weaker performance in the electricity sector (Ausgrid and Endeavour) resulting in lower distributions paid to the State following changes in the Electricity Network Service Providers regulatory environment and the sale of Snowy Hydro Pty Ltd in 2017–18.

Fines, regulatory fees and other revenues increased by $242 million largely from mineral royalties. The increase was attributed to strong demand across Asian markets for coal exports, which the State expects will continue to experience steady growth.

Expenses increased $4 billion to $87.9 billion in 2018–19    

Overall, the State’s expenses increased 4.8 per cent in 2018–19 compared to 2017–18. Most of the increase was due to higher employee expenses, operating costs and grants and subsidies.

Employee expenses, including superannuation, increased by 3.9 per cent to $40.3 billion.

Salaries and wages increased to $40.3 billion in 2018–19 from $38.8 billion 2017–18. This was mainly due to salary and wage increases. The Government wages policy aims to limit growth in employee remuneration and other employee related costs to no more than 2.5 per cent per annum.

Operating expenses increased 6.1 per cent from 2017–18.

Within operating expenses, payments for supplies, services and other expenses increased due to:

• increased operating costs associated with the commencement of the new Sydney Metro
• higher operating activity levels experienced in the Health sector resulting in higher visiting medical officer costs, surgical supplies and information management costs
• higher school operating expenses in Education, mainly relating to teaching cloud tools and purchase of computer equipment.

Health costs remain the highest expense of the State.

The following clusters have the highest expenses as a percentage of total government expenses:

• Health - 25.8 per cent (24.6 per cent in 2017–18)
• Education - 20 per cent (18.5 per cent)
• Transport - 14.7 per cent (17.6 per cent).

Other, mainly relates to Economic Affairs, Housing and Community, Recreation and Culture functions of the State.

Transport expenses have decreased in 2018–19 mainly due to the sale of WestConnex. This is partially offset by costs associated with the new Sydney Metro, which commenced operations from 1 July 2018. The graph highlights annual expenditure by function in 2018–19 compared to 2017–18.

Grants and subsidies increased by $782 million to $11.7 billion.

This was mainly due to:

• the $239 million Emergency Drought Relief Package
• a $226 million increase in funding to the Human Services sector to deliver key election commitments, including 5,000 more nurses and midwives
• $123 million in funding for sporting facilities and creating NSW Centre's of Excellence.

Assets grew by $26.7 billion to $468 billion in 2018–19    

Overall, the States total assets increased by $26.7 billion to $468 billion in 2018–19. This is a six per cent increase compared to 2017–18. Most of this was due to increases in carrying value of the State’s physical assets and investments.

Valuing the State's physical assets

The State’s physical assets were valued at $352 billion at 30 June 2019.

The State’s physical assets include land and buildings ($166 billion) and infrastructure ($168 billion). The value of the State’s physical assets at 30 June 2018 was restated from $339 billion to $337 billion. The restatement was required to correct errors in the fair value of earthworks previously reported at $7.5 billion and subsequently corrected to $5.4 billion.

Our audits assess the reasonableness and appropriateness of assumptions used to value physical assets. This includes
obtaining an understanding of the valuation methodologies used and judgements made. We also review the completeness of asset registers and the mathematical accuracy of valuation models.

Net movements between years include additions, disposals, depreciation and valuations. The State’s physical assets increased by $15.2 billion compared with 2017–18.

Movement in the State's physical assets

Liabilities increased $28.6 billion to $217.5 billion in 2018–19    

The State relies on actuarial assessments to value its liabilities

Nearly half of the State’s liabilities relate to its employees. They include unfunded superannuation and employee benefits, such as long service and recreation leave.

Valuing these obligations involves complex estimation techniques and significant judgements. Small changes in assumptions can materially impact balances in the financial statements, such as a lower discount rate.

Superannuation obligations rose by $14.3 billion.

The State’s $70.7 billion unfunded superannuation liability represents obligations to past and present employees less the value of assets set aside to meet those obligations. The unfunded superannuation liability rose by $14.3 billion from $56.4 billion at 30 June 2018 to $70.7 billion at 30 June 2019. This was mainly due to a lower discount rate.

Borrowings totalled $79.9 billion at 30 June 2019.

The State’s borrowings of $79.9 billion at 30 June 2019 were $8.6 billion higher than they were at 30 June 2018.

TCorp issues bonds to raise funds for NSW Government agencies. These are actively traded in financial markets, which provides price transparency and liquidity to public sector borrowers and institutional investors. All TCorp bonds are guaranteed by the NSW Government.

The Government manages its debt liabilities through its balance sheet management strategy. The strategy extends to TCorp, which applies an active risk management strategy to the Government’s debt portfolio.

General Government Sector debt has been restructured by replacing shorter-term debt with longer-term debt. This lengthens the portfolio to match liabilities with the funding requirements for infrastructure assets.

Implementing the requirements of new accounting standards will be challenging

Risks to the quality and timeliness of financial reporting

The State and its agencies will be implementing the requirements of new accounting standards shortly. These are likely to have a major impact on the financial positions and operating results of agencies across the sector.

Accounting standards require agencies to assess and disclose where possible, the impact of the new standards in their 2018–19 financial statements.

Our review found agencies needed to do more work on their impact assessments to minimise the risk of errors in the financial statement disclosures. Some agencies disclosed that the new standards would not have a material impact on their reported financial position and performance, but had little evidence to support this.

Each agency is unique and implementing the new standards is not straight forward as many new principles apply. Management judgement is needed to interpret how the principles apply to each agency. As a result, agencies face the following risks and challenges:

• having the required technical skills in house
• having accurate data to assess the impacts
• correctly and consistently interpreting the new requirements
• adequately planning and preparing for their application
• implementing new systems to capture the information needed to meet the new reporting obligations.

To help agencies implement the new standards consistently across the sector, Treasury:

• issued guidance to agencies
• prepared position papers on proposed accounting treatments
• provided briefing sessions to agencies
• mandated which option in the new standards agencies had to adopt on transition.

Key dates

Section 45 of the Public Finance and Audit Act 1983 requires the Auditor-General to perform audits of the financial statements of entities prescribed for the purposes of that section.
The following were prescribed entities as at 30 June 2019:

Three key agencies are not fully complying with the NSW Procurement Board’s Direction for engaging probity practitioners, according to a report released today by the Acting Auditor-General for New South Wales, Ian Goodwin. They also do not have effective processes to achieve compliance or assure that probity engagements achieved value for money.

Probity is defined as the quality of having strong moral principles, honesty and decency. Probity is important for NSW Government agencies as it helps ensure decisions are made with integrity, fairness and accountability, while attaining value for money.

Probity advisers provide guidance on issues concerning integrity, fairness and accountability that may arise throughout asset procurement and disposal processes. Probity auditors verify that agencies' processes are consistent with government laws and legislation, guidelines and best practice principles. 

According to the NSW State Infrastructure Strategy 2018-2038, New South Wales has more infrastructure projects underway than any state or territory in Australia. The scale of the spend on procuring and constructing new public transport networks, roads, schools and hospitals, the complexity of these projects and public scrutiny of aspects of their delivery has increased the focus on probity in the public sector. 

A Procurement Board Direction, 'PBD-2013-05 Engagement of probity advisers and probity auditors' (the Direction), sets out the requirements for NSW Government agencies' use and engagement of probity practitioners. It confirms agencies should routinely take into account probity considerations in their procurement. The Direction also specifies that NSW Government agencies can use probity advisers and probity auditors (probity practitioners) when making decisions on procuring and disposing of assets, but that agencies:

• should use external probity practitioners as the exception rather than the rule
• should not use external probity practitioners as an 'insurance policy'
• must be accountable for decisions made
• cannot substitute the use of probity practitioners for good management practices
• not engage the same probity practitioner on an ongoing basis, and ensure the relationship remains robustly independent. 

The scale of probity spend may be small in the context of the NSW Government's spend on projects. However, government agencies remain responsible for probity considerations whether they engage external probity practitioners or not.

The audit assessed whether Transport for NSW, the Department of Education and the Ministry of Health:

• complied with the requirements of ‘PBD-2013-05 Engagement of Probity Advisers and Probity Auditors’
• effectively ensured they achieved value for money when they used probity practitioners.

These entities are referred to as 'participating agencies' in this report.

We also surveyed 40 NSW Government agencies with the largest total expenditures (top 40 agencies) to get a cross sector view of their use of probity practitioners. These agencies are listed in Appendix two.

There are no professional standards and capability requirements for probity practitioners

NSW Government agencies use probity practitioners to independently verify that their procurement and asset disposal processes are transparent, fair and accountable in the pursuit of value for money. 

Probity practitioners are not subject to regulations that require them to have professional qualifications, experience and capability. Government agencies in New South Wales have difficulty finding probity standards, regulations or best practice guides to reference, which may diminish the degree of reliance stakeholders can place on practitioners’ work.

The NSW Procurement Board provides direction for the use of probity practitioners

The NSW Procurement Board Direction 'PBD-2013-15 for engagement of probity advisers and probity auditors' outlines the requirements for agencies' use of probity practitioners in the New South Wales public sector. All NSW Government agencies, except local government, state owned corporations and universities, must comply with the Direction when engaging probity practitioners. This is illustrated in Exhibit 1 below.

Appendix one – Response from agencies

Appendix two – List of selected agencies

Appendix three – About the audit