Reports
Internal Controls and Governance 2018
The Auditor-General for New South Wales Margaret Crawford found that as NSW state government agencies’ digital footprint increases they need to do more to address new and emerging information technology (IT) risks. This is one of the key findings to emerge from the second stand-alone report on internal controls and governance of the 40 largest NSW state government agencies.
This report analyses the internal controls and governance of the 40 largest agencies in the NSW public sector for the year ended 30 June 2018.
This report covers the findings and recommendations from our 2017–18 financial audits that relate to internal controls and governance at the 40 largest agencies (refer to Appendix three) in the NSW public sector.
This report offers insights into internal controls and governance in the NSW public sector
This is our second report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. The way agencies deliver services increasingly relies on contracts and partnerships with the private sector. Many of these arrangements deliver front line services, but others provide less visible back office support. For example, an agency may rely on an IT service provider to manage a key system used to provide services to the community. The contract and service level agreements are only truly effective where they are actively managed to reduce risks to continuous quality service delivery, such as interruptions caused by system outages, cyber security attacks and data security breaches.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures, and report on those that present heightened risks for agencies to mitigate. This report divides these into the following five areas:
- Internal control trends
- Information technology (IT), including IT vendor management
- Transparency and performance reporting
- Management of purchasing cards and taxis
- Fraud and corruption control.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2018 cluster financial audit reports, which will be tabled in Parliament from November to December 2018.
The focus of the report has changed since last year
Last year's report topics included asset management, ethics and conduct, and risk management. We are reporting on new topics this year. We plan to introduce new topics and re-visit our previous topics in subsequent reports on a cyclical basis. This will provide a baseline against which to measure the NSW public sectors’ progress in implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Agencies selected for the volume account for 95 per cent of the state's expenditure
While we have covered only 40 agencies in this report, those selected are a large enough group to identify common issues and insights. They represent about 95 per cent of total expenditure for all NSW public sector agencies.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume presents this year’s controls and governance findings in more detail.
| Observation | Conclusions and recommendations |
|---|---|
| 2.1 High risk findings | |
| We found six high risk findings (seven in 2016–17), one of which was repeated from both last year and 2015–16. | Recommendation: Agencies should reduce risk by addressing high risk internal control deficiencies as a priority. |
| 2.2 Common findings | |
| We found several internal controls and governance findings common to multiple agencies. | Conclusion: Central agencies or the lead agency in a cluster can play a lead role in helping ensure agency responses to common findings are consistent, timely, efficient and effective. |
| 2.3 New and repeat findings | |
| Although internal control deficiencies decreased over the last four years, this year has seen a 42 per cent increase in internal control deficiencies. | The increase in new IT control deficiencies and repeat IT control deficiencies signifies an emerging risk for agencies. |
| IT control deficiencies feature in this increase, having risen by 63 per cent since last year. The number of repeat IT control deficiencies has doubled and is driven by the increasing digital footprint left by agencies as government prioritises on-line interfaces with citizens, and the number of transactions conducted through digital channels increases |
Recommendation: Agencies should reduce IT risks by:
|
Government agencies’ financial reporting is now heavily reliant on information technology (IT). IT is also increasingly important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our audits reviewed whether agencies have effective controls in place to manage both key financial systems and IT service contracts.
| Observation | Conclusions and recommendations |
|---|---|
| 3.1 Management of IT vendors | |
| Contract management framework Although 87 per cent of agencies have a contract management policy to manage IT vendors, one fifth require review. |
Conclusion: Agencies can more effectively manage IT vendor contracts by developing policies and procedures to ensure vendor management frameworks are kept up to date, plans are in place to manage vendor performance and risk, and compliance with the framework is monitored by:
|
| Contract risk management Forty-one per cent of agencies are not using contract management plans and do not assess contract risks. Half of the agencies that did assess contract risks, had not updated the risk assessments since the commencement of the contract. |
Conclusion: Instead of applying a 'set and forget' approach in relation to management of contract risks, agencies should assess risk regularly and develop a plan to actively manage identified risks throughout the contract lifecycle - from negotiation and commencement, to termination. |
|
Performance management Only 24 per cent of agencies sought assurance about the accuracy of vendor reporting against KPIs, yet sixty-seven per cent of the IT contracts allow agencies to determine performance based payments and/or penalise underperformance. |
Conclusion: Agencies are monitoring IT vendor performance, but could improve outcomes and more effectively manage under-performance by:
|
|
Transitioning services Where IT vendor contracts do make provision for transitioning-out, only 28 per cent of agencies have developed a transitioning-out plan with their IT vendor. |
Conclusion: Contract transition/phase out clauses and plans can mitigate risks to service disruption, ensure internal controls remain in place, avoid unnecessary costs and reduce the risk of 'vendor lock-in'. |
| Contract Registers Eleven out of forty agencies did not have a contract register, or have registers that are not accurate and/or complete. |
Conclusion: A contract register helps to manage an agency’s compliance obligations under the Government Information (Public Access) Act 2009 (the GIPA Act). However, it also helps agencies more effectively manage IT vendors by:
Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations. |
| 3.2 IT general controls | |
| Governance Ninety-five per cent of agencies have established policies to manage key IT processes and functions within the agency, with ten per cent of those due for review. |
Conclusion: Regular review of IT policies ensures risks are considered and appropriate strategies and procedures are implemented to manage these risks on a consistent basis. An absence of policies can lead to ad-hoc responses to risks, and failure to consider emerging IT risks and changes to agency IT environments. |
|
User access administration
|
Recommendation: Agencies should strengthen the administration of user access to prevent inappropriate access to key systems. |
| Privileged access Forty per cent of agencies do not periodically review logs of the activities of privileged users to identify suspicious or unauthorised activities. |
Recommendation: Agencies should:
|
| Password controls Twenty-three per cent of agencies did not comply with their own policy on password parameters. |
Recommendation: Agencies should ensure IT password settings comply with their password policies. |
| Program changes Fifteen per cent of agencies had deficient IT program change controls mainly related to segregation of duties and authorisation and testing of IT program changes prior to deployment. |
Recommendation: Agencies should maintain appropriate segregation of duties in their IT functions and test system changes before they are deployed. |
This chapter outlines our audit observations, conclusions and recommendations from our review of how agencies reported their performance in their 2016–17 annual reports. The Annual Reports (Statutory Bodies) Regulation 2015 and Annual Reports (Departments) Regulation 2015 (annual reports regulation) currently prescribes the minimum requirements for agency annual reports.
| Observation | Conclusion or recommendation |
| 4.1 Reporting on performance | |
|
Only 57 per cent of agencies linked reporting on performance to their strategic objectives. The use of targets and reporting performance over time was limited and applied inconsistently. |
Conclusion: There is significant disparity in the quality and consistency of how agencies report on their performance in their annual reports. This limits the reliability and transparency of reported performance information. Agencies could improve performance reporting by clearly linking strategic objectives to reported outcomes, and reporting on performance against targets over time. NSW Treasury may need to provide more guidance to agencies to support consistent and high-quality performance reporting in annual reports. |
|
There is no independent assurance that the performance metrics agencies report in their annual reports are accurate. Prior performance audits have noted issues related to the collection of performance information. For example, our 2016 Report on Red Tape Reduction highlighted inaccuracies in how the dollar-value of red tape reduction had been reported. |
Conclusion: The ability of Parliament and the public to rely on reported information as a relevant and accurate reflection of an agency's performance is limited. The relevance and accuracy of performance information is enhanced when:
|
| 4.2 Reporting on reports | |
|
Agency reporting on major projects does not meet the requirements of the annual reports regulation. Forty-seven per cent of agencies did not report on costs to date and estimated completion dates for major works in progress. Of the 47 per cent of agencies that reported on major works, only one agency reported detail about significant cost overruns, delays, amendments, deferments or cancellations. |
NSW Treasury produce an annual report checklist to help agencies comply with their annual report obligations. Recommendation: Agencies should comply with the annual reports regulation and report on all mandatory fields, including significant cost overruns and delays, for their major works in progress. |
|
The information the annual reports regulation requires agencies to report deals only with major works in progress. There is no requirement to report on completed works. Sixteen of 30 agencies reported some information on completed major works. |
Conclusion: Agencies could improve their transparency if they reported, or were required to report:
|
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency preventative and detective controls over purchasing card and taxi use for 2017–18.
| Observation | Conclusion or recommendation |
| 5.1 Management of purchasing cards | |
| Volume of credit card spend Purchasing card expenditure has increased by 76 per cent over the last four years in response to a government review into the cost savings possible from using purchasing cards for low value, high volume procurement. |
Conclusion: The increasing use of purchasing cards highlights the importance of an effective framework for the use and management of purchasing cards. |
| Policy framework We found all agencies that held purchasing cards had a policy in place, but 26 per cent of agencies have not reviewed their purchasing card policy by the scheduled date, or do not have a scheduled revision date stated within their policy. |
Recommendation: Agencies should mitigate the risks associated with increased purchasing card use by ensuring policies and purchasing card frameworks remain current and compliant with the core requirements of TPP 17–09 'Use and Management of NSW Government Purchasing Cards'. |
| Preventative controls We found that:
|
Agencies have designed and implemented preventative controls aimed at deterring the potential misuse of purchasing cards. Conclusion: Further opportunities exist for agencies to better control the use of purchasing cards, such as:
|
|
Detective controls Major reviews, such as data analytics (29 per cent of agencies) and independent spot checks (49 per cent of agencies) are not widely used. |
Agencies have designed and implemented detective controls aimed at identifying potential misuse of purchasing cards. Conclusion: More effective monitoring using purchasing card data can provide better visibility over spending activity and can be used to:
|
| 5.2 Management of taxis | |
| Policy framework Thirteen per cent of agencies have not developed and implemented a policy to manage taxi use. In addition:
|
Conclusion: Agencies can promote savings and provide more options to staff where their taxi use policies:
|
| Detective controls All agencies approve taxi expenditure by expense reimbursement, purchasing card and Cabcharge, and have implemented controls around this approval process. However, beyond this there is minimal monitoring and review activity, such as data monitoring, independent spot checks or internal audit reviews. |
Conclusion: Taxi spend at agencies is not significant in terms of its dollar value, but it is significant from a probity perspective. Agencies can better address the probity risk by incorporating taxi use into a broader purchasing card or fraud monitoring program. |
Fraud and corruption control is one of the 17 key elements of our governance lighthouse. Recent reports from ICAC into state agencies and local government councils highlight the need for effective fraud control and ethical frameworks. Effective frameworks can help protect an agency from events that risk serious reputational damage and financial loss.
Our 2016 Fraud Survey found the NSW Government agencies we surveyed reported 1,077 frauds over the three year period to 30 June 2015. For those frauds where an estimate of losses was made, the reported value exceeded $10.0 million. The report also highlighted that the full extent of fraud in the NSW public sector could be higher than reported because:
- unreported frauds in organisations can be almost three times the number of reported frauds
- our 2015 survey did not include all NSW public sector agencies, nor did it include any NSW universities or local councils
- fraud committed by citizens such as fare evasion and fraudulent state tax self-assessments was not within the scope of our 2015 survey
- agencies did not estimate a value for 599 of the 1,077 (56 per cent) reported frauds.
Commissioning and outsourcing of services to the private sector and the advancement of digital technology are changing the fraud and corruption risks agencies face. Fraud risk assessments should be updated regularly and in particular where there are changes in agency business models. NSW Treasury Circular TC18-02 NSW Fraud and Corruption Control Policy now requires agencies develop, implement and maintain a fraud and corruption control framework, effective from 1 July 2018.
Our Fraud Control Improvement Kit provides guidance and practical advice to help organisations implement an effective fraud control framework. The kit is divided into ten attributes. Three key attributes have been assessed below; prevention, detection and notification systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency fraud and corruption controls for 2017–18.
| Observation | Conclusion or recommendation |
| 6.1 Prevention systems | |
|
Prevention systems Only 54 per cent of agencies have an employment screening policy and all agencies have IT security policies, but gaps in IT security controls could undermine their policies. |
Conclusion: Most agencies have implemented fraud prevention systems to reduce the risk of fraud. However poor IT security along with other gaps in agency prevention systems, such as employment screening practices heightens the risk of fraud and inappropriate use of data. Agencies can improve their fraud prevention systems by:
|
| Twenty-three per cent of agencies were not performing fraud risk assessments and some agency fraud risk assessments may not be as robust as they could be. | Conclusion: Agencies' systems of internal controls may be less effective where new and emerging fraud risks have been overlooked, or known weaknesses have not been rectified. |
| 6.2 Detection systems | |
| Detection systems Several agencies reported they were developing a data monitoring program, but only 38 per cent of agencies had already implemented a program. |
Studies have shown data monitoring, whereby entire populations of transactional data are analysed for indicators of fraudulent activity, is one of the most effective methods of early detection. Early detection decreases the duration a fraud remains undetected thereby limiting the extent of losses. Conclusion: Data monitoring is an effective tool for early detection of fraud and is more effective when informed by a comprehensive fraud risk assessment. |
| 6.3 Notification systems | |
| Notification system All agencies have notification systems for reporting actual or suspected fraud and corruption. Most agencies provide multiple reporting lines, provide training and publicise options for staff to report actual or suspected fraud and corruption. |
Conclusion: Training staff about their obligations and the use of fraud notification systems promotes a fraud-aware culture |
State Finances 2018
Pursuant to the Public Finance and Audit Act 1983, I present my Report on State Finances 2018.
I am pleased to once again report that I issued a clear audit opinion on the State’s consolidated financial statements. This demonstrates the Government’s focus on preparing high quality information on the State’s financial position and performance for use by stakeholders.
However, there are two key areas I would like to see addressed to further support the preparation of the State’s financial statements.
Firstly, some complex accounting matters are not being resolved until late in the financial reporting cycle. This has contributed to an increase in the number of errors in the financial statements key agencies are submitting for audit, particularly around assessing the value of physical assets. Better planning and earlier resolution of these matters would lead to more efficient processes.
Secondly, the State needs to implement five new accounting standards over the next two years. Agencies will need to devote significant resources and effort to collect the necessary information and assess the impact at the whole of government level. I will work with Treasury and relevant agencies to help them improve quality assurance controls over their financial reporting.
Throughout 2017-18 my office worked with Treasury on reforms to improve financial governance, budgeting and reporting arrangements across the sector.
The Government Sector Finance Bill 2018 passed both houses of Parliament in June 2018. However, the Legislative Council returned other proposed changes to the Public Finance and Audit Act 1983 to the Legislative Assembly for further consideration. Most of these changes relate to the Public Accounts Committee. At the time of writing, the cognate Bill had not been debated.
The budget result was a $4.2 billion surplus. The consolidated financial statements at 30 June 2018 do not reflect the sale of 51 per cent of the State’s investment in Sydney Motorway Corporation for which it received $9.3 billion. The sale was announced on 31 August 2018.
Finally, I would like to thank the staff of Treasury for the way they approached the audit. Our partnership is critical to ensuring the quality of financial management and reporting.
Margaret Crawford
Auditor-General
19 October 2018
The State's financial statements given a clear audit opinion
Timely and accurate financial reporting enables informed decision making, effective management of public funds and enhances public accountability.
Since the introduction of mandatory ‘early close procedures’ in 2011-12, the number of significant errors in financial statements of agencies had fallen largely due to identifying and resolving complex accounting issues early.
In 2016-17, Treasury narrowed the scope of mandatory procedures to focus on physical asset valuations and pro-forma financial statements. Despite being broadened for 2017-18, we have observed an increase in the number of errors in agency financial statements.
In 2017-18, twenty-three errors exceeding $20 million were found in agencies’ financial statements that make up the State’s consolidated financial statements. This compares to only five in 2015-16.
The errors identified this year were the result of:
- incorrectly applying Australian Accounting Standards
- deficiencies in assessing the value of physical assets
- using inappropriate and inaccurate assumptions when measuring liabilities
- inaccurately reflecting inter-agency payables and receivables.
Quality financial reporting would be enhanced by responding to key accounting issues as soon as they are identified, and preparing accounting position papers for consideration by Treasury, agency Audit and Risk Committees and the Audit Office.
Key accounting matters addressed by the State in 2017-18.
Restatement of some of the State’s previously reported asset and liability values.
The state corrected the previously reported values of some long-term liabilities ($2 billion).
Accounting standards require the State to measure its long-term liabilities at the best estimate of the expenditures required to settle the obligations. The affected liabilities include claims liabilities of the Lifetime Care and Support Authority of NSW and the NSW Self Insurance Corporation, and scheme liabilities of the Long Service Corporation. The liabilities are adjusted by what is referred to as the ‘discount rate’ to reflect the decreasing value of money over time.
In the past, agencies used a variety of rates to discount these liabilities. Some liabilities were discounted using the estimated long-term fair value of 10-year TCorp bond yields while others were discounted using the expected
return on investments. These discount rates did not comply with the requirements of Australian Accounting Standards and underestimated liabilities by $2.0 billion.
In 2017-18, the State assessed the discount rates previously used in the Sector. It determined the market yield on Commonwealth Bonds best met the Accounting Standard requirements and used this rate to discount similar liabilities in relevant agencies. This resulted in a $2.0 billion increase in the previously reported values of these liabilities and a similar decrease in retained earnings at 1 July 2016.
The State corrected previously reported values of certain Library assets ($1.1 billion).The value of the Pictorial Collection of the Library Council of NSW (the Library) was reassessed at 31 January 2018. During the valuation process the Library identified three errors in the 2015 valuations which overstated the previously reported asset values. The errors included:
This resulted in a $1.1 billion decrease in previously reported asset values and a corresponding decrease in the asset revaluation reserve at 1 July 2016. |
Information system limitations continue at TAFE NSW.TAFE NSW has experienced ongoing issues with its student administration system.TAFE NSW has again implemented additional processes to verify the accuracy and completeness of revenue from student fees. TAFE NSW expects to spend up to $89 million on a new information system to address these issues. Modules of the new student enrolment system are planned to be in place by May 2019 |
Risks to the quality and timeliness of financial reporting.
Challenges associated with valuing the State's physical assets.
When we audit financial statements we focus on areas we consider higher risk. These areas often require the use of estimates and judgements.
The valuation of the State’s physical assets is one such area. Fair value estimates are inherently complex and sensitive to assumptions and judgements. In the public sector, this may be exacerbated by the unique nature of its assets, such as land under roads, preserved plant specimens, cultural collections and other heritage assets.
In 2017-18, valuations of physical assets added $24.5 billion to the value of the State’s balance sheet. These assets are now valued at $339.2 billion. Our audits of these valuations identified:
The Library Council of NSW had three errors in the methodology previously used to value their pictorial assets ($1.1 billion error). |
The Royal Botanic Gardens and Domain Trust did not previously recognise a value for their Herbarium assets ($284 million error). |
Some revaluations within the Ministry of Health did not meet the requirements of Australian Accounting Standards or Treasury requirements ($159 million error). |
The Department of Justice used an incorrect valuation
|
Some important matters agencies should consider when planning/conducting asset valuations include:
STARTING OUT
- Planning is important
- Most effective revaluations include early engagement with all stakeholders, including auditors.
- Determine who needs to be involved and advised of progress with the revaluation – e.g. finance, internal audit, audit and risk committee.
- Ensure asset registers are complete and there is evidence to demonstrate the agency controls the assets.
- The effective date of the valuation can be any date after the financial year commences, but well before year end.
MANAGEMENT'S ROLE
- For large mass valuations consider using a suitable project management methodology to ensure the process remains ‘on track’ with sufficient oversight.
- Consider engaging an expert to perform the valuation, but maintain responsibility for the outcomes. Ensure the outcomes are reasonable and quality review the results, including the appropriateness of inputs and key assumptions.
- Compare pre and post valuation results on an individual asset basis. Where changes are significant and/or unexpected, document explanations from the valuer.
- Start revaluations early so they are completed by early close (around March). The timetable must allow time for a quality review of results and for the results to be recorded in the financial records.
- Revaluation workpapers must include the revaluation source data provided to the valuer and a reconciliation of the source data to the general ledger.
USING EXPERTS
- The terms of engagement should be documented in an engagement letter, which clearly details the proposed valuation methodology. It’s important the valuer knows what is required from a policy perspective and clearly understands the accounting framework used to prepare the financial statements.
- Valuation reports should detail the key assumptions used, explain why the valuation approach was adopted and how the use of relevant observable input was maximised.
- Valuation reports should clearly differentiate between assets revalued using a cost approach and those using an income or market approach. They should explain why the approach used was the most relevant for the asset type.
- Consider using representative/statistical sampling for mass valuations and determine the extent of physical inspections that may be required.
- If a sampling technique is used, it should provide sufficient confidence that the sample is representative of the population.
- Significant judgements should be supported by relevant benchmark data or other analysis and observations. A common example in the public sector is to discount asset values to reflect restrictions on use.
- Ensure the valuer has considered the age and condition of the assets, and heritage/cultural aspects and/or other special factors.
WHAT ABOUT INTERVENING YEARS?
- Perform revaluations with sufficient regularity to ensure asset carrying values in the financial statements reflect fair value.
- Indexation alone is not normally a substitute for a full revaluation. A full revaluation may be needed to accurately establish fair values if asset values move significantly when indices are applied to them.
- Where indexation is used between full revaluations, the indices should be appropriate for the type of asset being assessed.
- Indexing can be unreliable in assessing whether the fair value of assets has moved over time. For example, some assets are valued based on re- collection cost estimates, which may fall over time due to improved re-collection methods and technology.
COMMUNICATION
- For mass or complex valuations, key stakeholders, including auditors, should be involved at the scoping stage and invited to planning meetings with valuers.
- Management should meet with the auditors regularly to discuss progress and outcomes.
- When issues are identified, management should consult with and seek advice from Treasury.
The state will need to implement five new accounting standards over the next two years.
The State has started developing processes it considers necessary to effectively implement the requirements of five new accounting standards. The changes are significant and will impact the financial position and results of agencies and the State.
The new requirements increase the risk of errors in the financial statements. To minimise this risk, agencies will need to devote resources and effort to collect the necessary information and assess the impact of the accounting changes at the whole of government level.
Treasury is liaising with and obtaining information from agencies to assess the impact of the new standards at the whole of government level. Treasury is also liaising with other Treasuries throughout Australia on common implementation issues. To help agencies implement the new standards, Treasury is developing guidance, preparing position papers on proposed accounting treatments, and mandating options within the new standards that agencies need to adopt on transition.
A $4.2 billion surplus, $1.5 billion more than was budgeted
The Total State Sector comprises 304 entities controlled by NSW Government
The General Government Sector, which comprises 212 entities, generally provides goods and services funded centrally by the State.
The non-General Government Sector, which comprises 92 Government businesses, generally provides goods and services, such as water, electricity and financial services that consumers pay for directly.
A principal measure of a Government’s overall performance is its Net Operating Balance (Budget Result). This is the difference between the cost of General Government service delivery and the revenue earned to fund these sectors.
WHAT CHANGED FROM 2017 TO 2018?
$4.2b |
2017-18 General Government Budget Result |
Changes in revenues compared to 2016-17
 Dividends and distributions
|
Due to:
|
||
| 2016-2017 | Change | 2017-2018 | |
2.4b |
+1.3b |
3.7b |
|
| Taxation
|
Due to:
|
||
| 2016-2017 | Change | 2017-2018 | |
30.8b |
+537m |
31.3b |
|
 Grants & Subsidies
|
Due to:
|
||
| 2016-2017 | Change | 2017-2018 | |
31.4b |
+509m |
31.9b |
|
 Sale of Goods and services
|
Includes:
|
||
| 2016-2017 | Change | 2017-2018 | |
8.2b |
+349m |
8.5b |
|
5.5b |
-185m |
5.3b |
Other revenues |
Changes to expenses compared to 2016-17
| Recurrent Grants & Subsidies
|
Due to:
|
||
| 2016-2017 | Change | 2017-2018 | |
12.6b |
+1.3b |
13.9b |
|
 Employee costs
|
Due to:
|
||
| 2016-2017 | Change | 2017-2018 | |
34.9b |
+1.2b |
36.1b |
|
 Other operating expenses
|
Includes:
|
||
| 2016-2017 | Change | 2017-2018 | |
18.3b |
+1.4b |
19.7b |
|
6.8b |
+103m |
6.9b |
Other expenses |
$5.7b |
2016-17 General Government Budget Result |
The State maintained its AAA credit rating.
The object of the Fiscal Responsibility Act 2012 is to maintain the State’s AAA credit rating.
The Government manages NSW’s finances in alignment with the Fiscal Responsibility Act 2012 (the Act).
The Act establishes the framework for fiscal responsibility and the strategy to protect the State’s AAA credit rating and service delivery
to the people of NSW.
The legislation sets out targets and principles for financial management to achieve this.
New South Wales has credit ratings of AAA/ Stable from Standard & Poor’s and Aaa/ Stable from Moody’s Investors Service.
THE FISCAL TARGETS FOR ACHIEVING THIS OBJECTIVE ARE:
General Government annual expenditure growth is lower than long term average revenue growth.
General Government expenditure grew by 5.4 per cent in 2017-18. This was lower than the long-term revenue growth rate of 5.6 per cent.
Eliminating unfunded superannuation liabilities by 2030.
The Act sets a target to eliminate unfunded superannuation liabilities by 2030.
The State’s funding plan is to contribute amounts escalated by five per cent each year so the schemes will be fully funded by 2030. In 2017-18, the State made employer contributions of $1.7 billion, which is largely consistent with contributions over the past five years. Treasury expects superannuation liabilities will be fully funded by 2030 based on the funding program at the last triennial review (December 2015).
For fiscal responsibility purposes, the State uses AASB 1056: Superannuation Entities. This standard discounts superannuation liabilities using the expected return on assets backing the liability.
Using this method, the State’s unfunded superannuation liability was $14.0 billion at 30 June 2018 ($15.0 billion at 30 June 2017). The unfunded liability is $3.4 billion less than it was when the Act was introduced.
Revenues increased by $3.2 billion to $86.7 billion in 2017-18.
Revenues were underpinned by growth in taxation and Australian Government grant revenues, but stamp duties fell.
Tax revenue for the Total State Sector increased by $746 million, or 2.5 per cent compared to 2016-17, primarily due to a:
- $582 million increase in land tax from growth in land values
- $562 million increase in payroll tax from NSW employment and wages growth
- $1 billion decrease in stamp duty due to lower than expected growth in property market transactions, volumes and prices. In 2016-17, stamp duty included $718 million from the leases of Ausgrid and Endeavour Energy assets.
The State expects total stamp duties will fall to $9.5 billion in 2018-19, a decrease of almost $2.0 billion from 2016-17.
The State received Australian Government grants and subsidies of $30.9 billion in 2017-18.
The State received $444 million more in grants and subsidies from the Australian Government than it did in 2016-17. This was due to increases in GST revenues ($753 million) and special purpose payments ($683 million).
There was a decrease in National Partnership payments ($992 million), mainly due to the timing of major road projects including the Pacific Highway (Woolgoolga to Ballina), WestConnex and Western Sydney Infrastructure Program.
In 2017-18, sales of goods and services were $1.1 billion higher than in 2016-17. This reflected increased transaction revenue at Sydney Water ($139 million), the Department of Education ($133 million), WestConnex ($145 million), Department of Finance, Services and Innovation ($111 million) and Sydney Trains ($83 million).
Other dividends and distributions were $803 million higher than in 2016-17 mainly reflecting higher investment returns on TCorp investments.
$ |
83.5b |
+3.9% |
86.7b |
Total Revenue |
Key revenues include:
| 2016-2017 | Change% | 2017-2018 | ||
 |
35.4b |
+2.8 |
36.3b |
Taxation, Fees, Fines, and other |
|
31.4b |
+1.6 |
31.9b |
Grants & Subsidies |
|
14.1b |
+8.1 |
15.2b |
Sale of Goods and Services |
Expenses increased $4.9 billion to $84.2 billion in 2017-18
Overall expenses increased 6.1 per cent compared to 2016-17. Most of the increase was due to higher employee and operating costs.
$ |
79.3b |
+6.1% |
84.2b |
Total Expenses |
Salaries and wages increased by 3.6 per cent compared to 2016-17.
Salaries and wages increased to $31.1 billion from $30 billion. This was due to inflation linked salary and wage increases and a reported increase in front line staff.
The Government wages policy aims to limit growth in employee remuneration and other employee related costs to no more than 2.5 per cent per annum.
Operating expenses increased by 7.8 per cent from 2016-17.
Within operating expenses, payments for supplies, services and other expenses increased, in part, due to:
- increased costs of major rail projects, WestConnex, B-Line bus program and a new rail timetable
- addressing the maintenance backlog and higher school operating expenses of the Department of Education.
Key expenses include:
| 2016-2017 | Change% | 2017-2018 | ||
|
32.8b |
+3.8 |
34.1b |
Employee Expenses |
|
21.6b |
+7.8 |
23.3b |
Operating Costs |
|
9.7b |
+12.7 |
10.9b |
Grants & Subsidies |
 |
7.2b |
+6.6 |
7.6b |
Depreciation |
 |
4.6b |
+2.8 |
4.7b |
Superannuation Expense |
Health costs remain the highest expense of the State.
The Australian Bureau of Statistics introduced a revised Classification of the Function of Government Australia Framework (COFOG-A) effective 1 July 2017. This resulted in some re-classification of expenditure between purposes and now shows State expenses are highest in:
- Health (25.5 per cent)
- General Public Services (25.0 per cent)
- Education (19.6 per cent).
General Public Services includes the executive and legislative branches, financial affairs, public debt transactions and general public service transactions.
The graph highlights the annual expenditure by function and the value of assets to deliver those services.
Assets grew by $35.6 billion to $443 billion in 2017-18
Valuing the State’s physical assets.
The State had physical assets with a fair value of $339 billion at 30 June 2018. This includes land and buildings ($161.6b) and Infrastructure ($160.2b).
Our audits assess the reasonableness and appropriateness of assumptions used to value physical assets. This includes obtaining an understanding of the valuation methodologies used and judgements made. We also review the completeness of asset registers and the mathematical accuracy of valuation models.
Net movements between years include additions, disposals, depreciation and valuations. This year, revaluations of physical assets added $24.5 billion to the value of the State’s assets. This was mainly attributable to the following agencies:
- Department of Education - $8.5 billion
- Roads and Maritime Services - $7.4 billion.
The State’s financial assets increased by $308 million in 2017-18 ($27.5 billion in 2016-17).
In 2016-17, the significant increase in financial assets was primarily from the sale or lease of the following government assets and businesses:
- In June 2017, the Government leased 50.4 per cent of Endeavour Energy assets, which followed the long-term lease 50.4 per cent of Ausgrid’s assets in December 2016. The Government received proceeds of $24.0 billion from these transactions.
- A 35-year concession for providing titling and registry services, effective 30 June 2017, was granted to a private sector operator. The Government received $2.6 billion cash for the concession.
The Government implemented reforms relating to the use the State’s financial assets.
In 2017-18, the Asset and Liability Committee, which advises the Government on balance sheet management, recommended the following policy actions and frameworks to help manage the State’s financial risks and opportunities:
- expanding the scope of cash management reforms to give the State a whole-of-government view on the use of surplus funds. Treasury advises these reforms have centralised funds management of approximately $3.0 billion
- endorsing a new whole-of-government Foreign Exchange (FX) Risk Policy (effective 1 July 2018) to effectively manage the State’s FX risk
- expanding management of the State’s debt portfolio to minimise interest rate risks, reduce interest costs where possible, and extend the average weighted life of the General Government’s debt portfolio towards eight years
- endorsing establishment of a ‘sustainability bond’ program to further diversify and expand the State’s bond investor base and raise awareness of the Government’s social and environmental initiatives.
The State has established the NSW Generations Fund to maintain debt at sustainable levels.
The State established the NSW Generations Funds (NGF) in June 2018 to support debt retirement and to fund community-focused initiatives. The Government has indicated it will initially capitalise the NGF with $3.0 billion from its reserves.
The NSW Generations Funds Act 2018 requires an audit of each NSW Generations Fund by the Auditor- General (including a report by the Auditor-General on whether payments from the Funds have been made in accordance with the Act). The first audit of the fund will be for the period up to 30 June 2019.
$ |
407b |
+8.7% |
443b |
Total Assets |
Key assets include:
| 2016-2017 | Change% | 2017-2018 | ||
| Physical Assets | ||||
 |
147.0b |
+9.0 |
160.2b |
Infrastructure |
 |
143.4b |
+12.7 |
161.6b |
Land and Buildings |
| Financial Assets | ||||
 |
27.7b |
- 4.6 |
26.4b |
Equity investments |
|
20.6b |
- 5.2 |
19.5b |
Cash and Recievables |
|
40.5b |
+6.5 |
41.3b |
Investments and Placements |
Liabilities increased $5.1 billion to $189 billion in 2017-18
Valuing the State’s liabilities relies on actuarial assessments.
Nearly half of the State’s liabilities relate to its employees. They include unfunded superannuation, and employee benefits, such as long service and recreation leave.
Valuing these obligations involves complex estimation techniques and significant judgements. Small changes in assumptions can materially impact the values and the financial statements.
The State’s superannuation obligations fell $2.2 billion in 2017-18.
The State’s $56.4 billion unfunded superannuation liability represents obligations to past and present employees less the value of assets set aside to meet those obligations. The unfunded superannuation liability fell from $58.6 billion to $56.4 billion in 2017-18.
The State’s borrowings at 30 June 2018 were $700 million higher than they were at 30 June 2017.
The State’s borrowings totalled $71.3 billion at 30 June 2018.
TCorp issues bonds to raise funds for NSW Government agencies. These are actively traded in financial markets, which provides price transparency and liquidity to public sector borrowers and institutional investors. All TCorp bonds are guaranteed by the NSW Government.
The Government manages its debt liabilities through its balance sheet management strategy. The strategy extends to TCorp, which applies an active risk management strategy to the Government’s debt portfolio.
General Government Sector debt has been restructured by replacing shorter-term debt with longer-term debt. This lengthens the portfolio to match liabilities with the funding requirements for infrastructure assets.
$ |
184b |
+2.8% |
189b |
Total Liabilities |
Key liabilities include:
| 2016-2017 | Change% | 2017-2018 | ||
|
58.6b |
- 3.7 |
56.4b |
Unfunded Superannuation |
|
18.3b |
+4.7 |
19.1b |
Other Employee Benefits |
|
70.6b |
+1.0 |
71.3b |
Borrowings |
Mobile speed cameras
The primary goal of speed cameras is to reduce speeding and make the roads safer. Our 2011 performance audit on speed cameras found that, in general, speed cameras change driver behaviour and have a positive impact on road safety.
Transport for NSW published the NSW Speed Camera Strategy in June 2012 in response to our audit. According to the Strategy, the main purpose of mobile speed cameras is to reduce speeding across the road network by providing a general deterrence through anywhere, anytime enforcement and by creating a perceived risk of detection across the road network. Fixed and red-light speed cameras aim to reduce speeding at specific locations.
Roads and Maritime Services and Transport for NSW deploy mobile speed cameras (MSCs) in consultation with NSW Police. The cameras are operated by contractors authorised by Roads and Maritime Services. MSC locations are stretches of road that can be more than 20 kilometres long. MSC sites are specific places within these locations that meet the requirements for a MSC vehicle to be able to operate there.
This audit assessed whether the mobile speed camera program is effectively managed to maximise road safety benefits across the NSW road network.
The mobile speed camera program requires improvements to key aspects of its management to maximise road safety benefits. While camera locations have been selected based on crash history, the limited number of locations restricts network coverage. It also makes enforcement more predictable, reducing the ability to provide a general deterrence. Implementation of the program has been consistent with government decisions to limit its hours of operation and use multiple warning signs. These factors limit the ability of the mobile speed camera program to effectively deliver a broad general network deterrence from speeding.
Many locations are needed to enable network-wide coverage and ensure MSC sessions are randomised and not predictable. However, there are insufficient locations available to operate MSCs that meet strict criteria for crash history, operator safety, signage and technical requirements. MSC performance would be improved if there were more locations.
A scheduling system is meant to randomise MSC location visits to ensure they are not predictable. However, a relatively small number of locations have been visited many times making their deployment more predictable in these places. The allocation of MSCs across the time of day, day of week and across regions is prioritised based on crash history but the frequency of location visits does not correspond with the crash risk for each location.
There is evidence of a reduction in fatal and serious crashes at the 30 best-performing MSC locations. However, there is limited evidence that the current MSC program in NSW has led to a behavioural change in drivers by creating a general network deterrence. While the overall reduction in serious injuries on roads has continued, fatalities have started to climb again. Compliance with speed limits has improved at the sites and locations that MSCs operate, but the results of overall network speed surveys vary, with recent improvements in some speed zones but not others.
There is no supporting justification for the number of hours of operation for the program. The rate of MSC enforcement (hours per capita) in NSW is less than Queensland and Victoria. The government decision to use multiple warning signs has made it harder to identify and maintain suitable MSC locations, and impeded their use for enforcement in both traffic directions and in school zones.
Appendix one - Response from agency
Appendix two - About the audit
Appendix three - Performance auditing
Parliamentary reference - Report number #308 - released 18 October 2018
Matching skills training with market needs
In 2012, governments across Australia entered into the National Partnership Agreement on Skills Reform. Under the National Partnership Agreement, the Australian Government provided incentive payments to States and Territories to move towards a more contestable Vocational Education and Training (VET) market. The aim of the National Partnership Agreement was to foster a more accessible, transparent, efficient and high quality training sector that is responsive to the needs of students and industry.
The New South Wales Government introduced the Smart and Skilled program in response to the National Partnership Agreement. Through Smart and Skilled, students can choose a vocational course from a list of approved qualifications and training providers. Students pay the same fee for their chosen qualification regardless of the selected training provider and the government covers the gap between the student fee and the fixed price of the qualification through a subsidy paid to their training provider.
Smart and Skilled commenced in January 2015, with the then Department of Education and Communities having primary responsibility for its implementation. Since July 2015, the NSW Department of Industry (the Department) has been responsible for VET in New South Wales and the implementation of Smart and Skilled.
The NSW Skills Board, comprising nine part-time members appointed by the Minister for Skills, provides independent strategic advice on VET reform and funding. In line with most other States and Territories, the Department maintains a 'Skills List' which contains government subsidised qualifications to address identified priority skill needs in New South Wales.
This audit assessed the effectiveness of the Department in identifying, prioritising, and aligning course subsidies to the skill needs of NSW. To do this we examined whether:
- the Department effectively identifies and prioritises present and future skill needs
- Smart and Skilled funding is aligned with the priority skill areas
- skill needs and available VET courses are effectively communicated to potential participants and training providers.
Smart and Skilled is a relatively new and complex program, and is being delivered in the context of significant reform to VET nationally and in New South Wales. A large scale government funded contestable market was not present in the VET sector in New South Wales before the introduction of Smart and Skilled. This audit's findings should be considered in that context.
The Department needs to better use the data it has, and collect additional data, to support its analysis of priority skill needs in New South Wales, and direct funding accordingly.
- funding scholarships and support for disadvantaged students
- funding training in regional and remote areas
- providing additional support to deliver some qualifications that the market is not providing.
The Department needs to evaluate these funding strategies to ensure they are achieving their goals. It should also explore why training providers are not delivering some priority qualifications through Smart and Skilled.
Training providers compete for funding allocations based on their capacity to deliver. The Department successfully manages the budget by capping funding allocated to each Smart and Skilled training provider. However, training providers have only one year of funding certainty at present. Training providers that are performing well are not rewarded with greater certainty.
The Department needs to improve its communication with prospective students to ensure they can make informed decisions in the VET market.
The Department also needs to communicate more transparently to training providers about its funding allocations and decisions about changes to the NSW Skills List.
The Department relies on stakeholder proposals to update the NSW Skills List. Stakeholders include industry, training providers and government departments. These stakeholders, particularly industry, are likely to be aware of skill needs, and have a strong incentive to propose qualifications that address these needs. The Department’s process of collecting stakeholder proposals helps to ensure that it can identify qualifications needed to address material skill needs.
It is also important that the Department ensures the NSW Skills List only includes priority qualifications that need to be subsidised by government. The Department does not have robust processes in place to remove qualifications from the NSW Skills List. As a result, there is a risk that the list may include lower priority skill areas. Since the NSW Skills List was first created, new additions to the list have outnumbered those removed by five to one.
The Department does not always validate information gathered from stakeholder proposals, even when it has data to do so. Further, its decision making about what to include on, or delete from, the NSW Skills List is not transparent because the rationale for decisions is not adequately documented.
The Department is undertaking projects to better use data to support its decisions about what should be on the NSW Skills List. Some of these projects should deliver useful data soon, but some can only provide useful information when sufficient trend data is available.
Recommendation
The Department should:
- by June 2019, increase transparency of decisions about proposed changes to the NSW Skills List and improve record-keeping of deliberations regarding these changes
- by December 2019, use data more effectively and consistently to ensure that the NSW Skills List only includes high priority qualifications
Only qualifications on the NSW Skills List are eligible for subsidies under Smart and Skilled. As the Department does not have a robust process for removing low priority qualifications from the NSW Skills list, some low priority qualifications may be subsidised.
The Department allocates the Smart and Skilled budget through contracts with Smart and Skilled training providers. Training providers that meet contractual obligations and perform well in terms of enrolments and completion rates are rewarded with renewed contracts and more funding for increased enrolments, but these decisions are not based on student outcomes. The Department reduces or removes funding from training providers that do not meet quality standards, breach contract conditions or that are unable to spend their allocated funding effectively. Contracts are for only one year, offering training providers little funding certainty.
Smart and Skilled provides additional funding for scholarships and for training providers in locations where the cost of delivery is high or to those that cater to students with disabilities. The Department has not yet evaluated whether this additional funding is achieving its intended outcomes.
Eight per cent of the qualifications that have been on the NSW Skills List since 2015 are not delivered under Smart and Skilled anywhere in New South Wales. A further 14 per cent of the qualifications that are offered by training providers have had no student commencements. The Department is yet to identify the reasons that these high priority qualifications are either not offered or not taken up by students.
Recommendation
The Department should:
- by June 2019, investigate why training providers do not offer, and prospective students do not enrol in, some Smart and Skilled subsidised qualifications
- by December 2019, evaluate the effectiveness of Smart and Skilled funding which supplements standard subsidies for qualifications on the NSW Skills List, to determine whether it is achieving its objectives
- by December 2019, provide longer term funding certainty to high performing training providers, while retaining incentives for them to continue to perform well.
In a contestable market, it is important for consumers to have sufficient information to make informed decisions. The Department does not provide some key information to prospective VET students to support their decisions, such as measures of provider quality and examples of employment and further education outcomes of students completing particular courses. Existing information is spread across numerous channels and is not presented in a user friendly manner. This is a potential barrier to participation in VET for those less engaged with the system or less ICT literate.
The Department conveys relevant information about the program to training providers through its websites and its regional offices. However, it could better communicate some specific information directly to individual Smart and Skilled training providers, such as reasons their proposals to include new qualifications on the NSW Skills List are accepted or rejected.
While the Department is implementing a communication strategy for VET in New South Wales, it does not have a specific communications strategy for Smart and Skilled which comprehensively identifies the needs of different stakeholders and how these can be addressed.
Recommendation
By December 2019, the Department should develop and implement a specific communications strategy for Smart and Skilled to:
- support prospective student engagement and informed decision making
- meet the information needs of training providers
Appendix one - Response from agency
Appendix two - About the audit
Appendix three - Performance auditing
Parliamentary reference - Report number #305 - released 26 July 2018
HealthRoster benefits realisation
The HealthRoster system is delivering some business benefits but Local Health Districts are yet to use all of its features, according to a report released today by the Auditor-General for New South Wales, Margaret Crawford. HealthRoster is an IT system designed to more effectively roster staff to meet the needs of Local Health Districts and other NSW health agencies.
The NSW public health system employs over 100,000 people in clinical and non-clinical roles across the state. With increasing demand for services, it is vital that NSW Health effectively rosters staff to ensure high quality and efficient patient care, while maintaining good workplace practices to support staff in demanding roles.
NSW Health is implementing HealthRoster as its single state-wide rostering system to more effectively roster staff according to the demands of each location. Between 2013–14 and 2016–17, our financial audits of individual LHDs had reported issues with rostering and payroll processes and systems.
NSW Health grouped all Local Health Districts (LHDs), and other NSW Health organisations, into four clusters to manage the implementation of HealthRoster over four years. Refer to Exhibit 4 for a list of the NSW Health entities in each cluster.
- Cluster 1 implementation commenced in 2014–15 and was completed in 2015–16.
- Cluster 2 implementation commenced in 2015–16 and was completed in 2016–17.
- Cluster 3 began implementation in 2016–17 and was underway during the conduct of the audit.
- Cluster 4 began planning for implementation in 2017–18.
Full implementation, including capability for centralised data and reporting, is planned for completion in 2019.
This audit assessed the effectiveness of the HealthRoster system in delivering business benefits. In making this assessment, we examined whether:
- expected business benefits of HealthRoster were well-defined
- HealthRoster is achieving business benefits where implemented.
The HealthRoster project has a timespan from 2009 to 2019. We examined the HealthRoster implementation in LHDs, and other NSW Health organisations, focusing on the period from 2014, when eHealth assumed responsibility for project implementation, to early 2018.
Business benefits identified for HealthRoster accurately reflect business needs.
NSW Health has a good understanding of the issues in previous rostering systems and has designed HealthRoster to adequately address these issues. Interviews with frontline staff indicate that HealthRoster facilitates rostering which complies with industrial awards. This is a key business benefit that supports the provision of quality patient care. We saw no evidence that any major business needs or issues with the previous rostering systems are not being addressed by HealthRoster.
In the period examined in this audit since 2015, NSW Health has applied appropriate project management and governance structures to ensure that risks and issues are well managed during HealthRoster implementation.
HealthRoster has had two changes to its budget and timeline. Overall, the capital cost for the project has increased from $88.6 million to $125.6 million (42 per cent) and has delayed expected project completion by four years from 2015 to 2019. NSW Health attributes the increased cost and extended time frame to the large scale and complexity of the full implementation of HealthRoster.
NSW Health has established appropriate governance arrangements to ensure that HealthRoster is successfully implemented and that it will achieve business benefits in the long term. During implementation, local steering committees monitor risks and resolve implementation issues. Risks or issues that cannot be resolved locally are escalated to the state-wide steering committee.
NSW Health has grouped local health districts, and other NSW Health organisations, into four clusters for implementation. This has enabled NSW Health to apply lessons learnt from each implementation to improve future implementations.
NSW Health has a benefits realisation framework, but it is not fully applied to HealthRoster.
NSW Health can demonstrate that HealthRoster has delivered some functional business benefits, including rosters that comply with a wide variety of employment awards.
NSW Health is not yet measuring and tracking the value of business benefits achieved. NSW Health did not have benefits realisation plans with baseline measures defined for LHDs in cluster 1 and 2 before implementation. Without baseline measures NSW Health is unable to quantify business benefits achieved. However, analysis of post-implementation reviews and interviews with frontline staff indicate that benefits are being achieved. As a result, NSW Health now includes defining baseline measures and setting targets as part of LHD implementation planning. It has created a benefits realisation toolkit to assist this process from cluster 3 implementations onwards.
NSW Health conducted post-implementation reviews for clusters 1 and 2 and found that LHDs in these clusters were not using HealthRoster to realise all the benefits that HealthRoster could deliver.
By September 2018, NSW Health should:
- Ensure that Local Health Districts undertake benefits realisation planning according to the NSW Health benefits realisation framework
- Regularly measure benefits realised, at state and local health district levels, from the statewide implementation of HealthRoster
- Review the use of HealthRoster in Local Health Districts in clusters 1 and 2 and assist them to improve their HealthRoster related processes and practices.
By June 2019, NSW Health should:
- Ensure that all Local Health Districts are effectively using demand based rostering.
Appendix one - Response from agency
Appendix two - About the audit
Appendix three - Performance auditing
Parliamentary reference - Report number #301 - released 7 June 2018
Managing risks in the NSW public sector: risk culture and capability
The Ministry of Health, NSW Fair Trading, NSW Police Force, and NSW Treasury Corporation are taking steps to strengthen their risk culture, according to a report released today by the Auditor-General, Margaret Crawford. 'Senior management communicates the importance of managing risk to their staff, and there are many examples of risk management being integrated into daily activities', the Auditor-General said.
We did find that three of the agencies we examined could strengthen their culture so that all employees feel comfortable speaking openly about risks. To support innovation, senior management could also do better at communicating to their staff the levels of risk they are willing to accept.
Effective risk management is essential to good governance, and supports staff at all levels to make informed judgements and decisions. At a time when government is encouraging innovation and exploring new service delivery models, effective risk management is about seizing opportunities as well as managing threats.
Over the past decade, governments and regulators around the world have increasingly turned their attention to risk culture. It is now widely accepted that organisational culture is a key element of risk management because it influences how people recognise and engage with risk. Neglecting this ‘soft’ side of risk management can prevent institutions from managing risks that threaten their success and lead to missed opportunities for change, improvement or innovation.
This audit assessed how effectively NSW Government agencies are building risk management capabilities and embedding a sound risk culture throughout their organisations. To do this we examined whether:
- agencies can demonstrate that senior management is committed to risk management
- information about risk is communicated effectively throughout agencies
- agencies are building risk management capabilities.
The audit examined four agencies: the Ministry of Health, the NSW Fair Trading function within the Department of Finance, Services and Innovation, NSW Police Force and NSW Treasury Corporation (TCorp). NSW Treasury was also included as the agency responsible for the NSW Government's risk management framework.
In assessing an agency’s risk culture, we focused on four key areas:
Executive sponsorship (tone at the top)
In the four agencies we reviewed, senior management is communicating the importance of managing risk. They have endorsed risk management frameworks and funded central functions tasked with overseeing risk management within their agencies.
That said, we found that three case study agencies do not measure their existing risk culture. Without clear measures of how employees identify and engage with risk, it is difficult for agencies to tell whether employee's behaviours are aligned with the 'tone' set by the executive and management.
For example, in some agencies we examined we found a disconnect between risk tolerances espoused by senior management and how these concepts were understood by staff.
Employee perceptions of risk management
Our survey of staff indicated that while senior leaders have communicated the importance of managing risk, more could be done to strengthen a culture of open communication so that all employees feel comfortable speaking openly about risks. We found that senior management could better communicate to their staff the levels of risk they should be willing to accept.
Integration of risk management into daily activities and links to decision-making
We found examples of risk management being integrated into daily activities. On the other hand, we also identified areas where risk management deviated from good practice. For example, we found that corporate risk registers are not consistently used as a tool to support decision-making.
Support and guidance to help staff manage risks
Most case study agencies are monitoring risk-related skills and knowledge of their workforce, but only one agency has addressed the gaps it identified. While agencies are providing risk management training, surveyed staff in three case study agencies reported that risk management training is not adequate.
NSW Treasury provides agencies with direction and guidance on risk management through policy and guidelines. In line with better practice, NSW Treasury's principles-based policy acknowledges that individual agencies are in a better position to understand their own risks and design risk management frameworks that address those risks. Nevertheless, there is scope for NSW Treasury to refine its guidance material to support a better risk culture in the NSW public sector.
Recommendation
By May 2019, NSW Treasury should:
- Review the scope of its risk management guidance, and identify additional guidance, training or activities to improve risk culture across the NSW public sector. This should focus on encouraging agency heads to form a view on the current risk culture in their agencies, identify desirable changes to that risk culture, and take steps to address those changes.
Appendix one - Response from agencies
Appendix three - About the audit
Appendix four - Performance auditing
Parliamentary reference - Report number #298 - released 23 April 2018
Detecting and responding to cyber security incidents
A report released today by the Auditor-General for New South Wales, Margaret Crawford, found there is no whole-of-government capability to detect and respond effectively to cyber security incidents. There is very limited sharing of information on incidents amongst agencies, and some agencies have poor detection and response practices and procedures.
The NSW Government relies on digital technology to deliver services, organise and store information, manage business processes, and control critical infrastructure. The increasing global interconnectivity between computer networks has dramatically increased the risk of cyber security incidents. Such incidents can harm government service delivery and may include the theft of information, denial of access to critical technology, or even the hijacking of systems for profit or malicious intent.
This audit examined cyber security incident detection and response in the NSW public sector. It focused on the role of the Department of Finance, Services and Innovation (DFSI), which oversees the Information Security Community of Practice, the Information Security Event Reporting Protocol, and the Digital Information Security Policy (the Policy).
The audit also examined ten case study agencies to develop a perspective on how they detect and respond to incidents. We chose agencies that are collectively responsible for personal data, critical infrastructure, financial information and intellectual property.
Some of our case study agencies had strong processes for detection and response to cyber security incidents but others had a low capability to detect and respond in a timely way.
Most agencies have access to an automated tool for analysing logs generated by their IT systems. However, coverage of these tools varies. Some agencies do not have an automated tool and only review logs periodically or on an ad hoc basis, meaning they are less likely to detect incidents.
Few agencies have contractual arrangements in place for IT service providers to report incidents to them. If a service provider elects to not report an incident, it will delay the agency’s response and may result in increased damage.
Most case study agencies had procedures for responding to incidents, although some lack guidance on who to notify and when. Some agencies do not have response procedures, limiting their ability to minimise the business damage that may flow from a cyber security incident. Few agencies could demonstrate that they have trained their staff on either incident detection or response procedures and could provide little information on the role requirements and responsibilities of their staff in doing so.
Most agencies’ incident procedures contain limited information on how to report an incident, who to report it to, when this should occur and what information should be provided. None of our case study agencies’ procedures mentioned reporting to DFSI, highlighting that even though reporting is mandatory for most agencies their procedures do not require it.
Case study agencies provided little evidence to indicate they are learning from incidents, meaning that opportunities to better manage future incidents may be lost.
Recommendations
The Department of Finance, Services and Innovation should:
- assist agencies by providing:
- better practice guidelines for incident detection, response and reporting to help agencies develop their own practices and procedures
- training and awareness programs, including tailored programs for a range of audiences such as cyber professionals, finance staff, and audit and risk committees
- role requirements and responsibilities for cyber security across government, relevant to size and complexity of each agency
- a support model for agencies that have limited detection and response capabilities
- revise the Digital Information Security Policy and Information Security Event Reporting Protocol by
- clarifying what security incidents must be reported to DFSI and when
- extending mandatory reporting requirements to those NSW Government agencies not currently covered by the policy and protocol, including State owned corporations.
DFSI lacks a clear mandate or capability to provide effective detection and response support to agencies, and there is limited sharing of information on cyber security incidents.
DFSI does not currently have a clear mandate and the necessary resources and systems to detect, receive, share and respond to cyber security incidents across the NSW public sector. It does not have a clear mandate to assess whether agencies have an acceptable detection and response capability. It is aware of deficiencies in agencies and across whole‑of‑government, and has begun to conduct research into this capability.
Intelligence gathering across the public sector is also limited, meaning agencies may not respond to threats in a timely manner. DFSI has not allocated resources for gathering of threat intelligence and communicating it across government, although it has begun to build this capacity.
Incident reporting to DFSI is mandatory for most agencies, however, most of our case study agencies do not report incidents to DFSI, reducing the likelihood of containing an incident if it spreads to other agencies. When incidents have been reported, DFSI has not provided dedicated resources to assess them and coordinate the public sector’s response. There are currently no formal requirements for DFSI to respond to incidents and no guidance on what it is meant to do if an incident is reported. The lack of central coordination in incident response risks delays and increased damage to multiple agencies.
DFSI's reporting protocol is weak and does not clearly specify what agencies should report and when. This makes agencies less likely to report incidents. The lack of a standard format for incident reporting and a consistent method for assessing an incident, including the level of risk associated with it, also make it difficult for DFSI to determine an appropriate response.
There are limited avenues for sharing information amongst agencies after incidents have been resolved, meaning the public sector may be losing valuable opportunities to improve its protection and response.
Recommendations
The Department of Finance, Services and Innovation should:
- develop whole‑of‑government procedure, protocol and supporting systems to effectively share reported threats and respond to cyber security incidents impacting multiple agencies, including follow-up and communicating lessons learnt
- develop a means by which agencies can report incidents in a more effective manner, such as a secure online template, that allows for early warnings and standardised details of incidents and remedial advice
- enhance NSW public sector threat intelligence gathering and sharing including formal links with Australian Government security agencies, other states and the private sector
- direct agencies to include standard clauses in contracts requiring IT service providers report all cyber security incidents within a reasonable timeframe
- provide assurance that agencies have appropriate reporting procedures and report to DFSI as required by the policy and protocol by:
- extending the attestation requirement within the DISP to cover procedures and reporting
- reviewing a sample of agencies' incident reporting procedures each year.
Appendix one - Response from agency
Appendix two - ISMS maturity model
Appendix three - About the audit
Appendix four - Performance auditing
Parliamentary reference - Report number #297 - released 2 March 2018
Managing demand for ambulance services 2017
NSW Ambulance has introduced several initiatives over the past decade to better manage the number of unnecessary ambulance responses and transports to hospital emergency departments. However, there is no overall strategy to guide the development of these initiatives nor do NSW Ambulance's data systems properly monitor their impact. As a result, the Audit Office was unable to assess whether NSW Ambulance's approach to managing demand is improving the efficiency of ambulance services.
NSW Ambulance uses a telephone referral system to manage triple zero calls from people with medical issues that do not require an ambulance. This has the potential to achieve efficiency improvements but there are weaknesses in NSW Ambulance's use and monitoring of this system. Paramedics are now able to make decisions about whether patients need transport to a hospital emergency department. NSW Ambulance does not routinely measure or monitor the decisions paramedics make, so it does not know whether these decisions are improving efficiency. Extended Care Paramedics who have additional skills in diagnosing and treating patients with less urgent medical issues were introduced in 2007. NSW Ambulance analysis indicates that these paramedics have the potential to improve efficiency, but have not been used as effectively as possible.
Our 2013 audit of NSW Ambulance found that accurate monitoring of activity and performance was not being conducted. More than four years later, this remains the case.
NSW Ambulance has recognised the need to change the way it manages demand and has developed initiatives that have the potential to improve efficiency. However, there are significant weaknesses in the strategy for and implementation of its demand management initiatives.
NSW Ambulance has identified the goal of moving from an emergency transport provider to a mobile health service and developed several initiatives to support this. Its demand management initiatives have the potential to contribute to the broader policy directions for the health system in New South Wales. However, there is no clear overall strategy guiding these initiatives and their implementation has been poor.
NSW Ambulance's reasons for changing its approach to demand management have not been communicated proactively to the community. Demand management initiatives that have been operating for over a decade still do not have clear performance measures or targets. Project management of new initiatives has been inadequate, with insufficient organisational resources to oversee them and inadequate engagement with other healthcare providers.
NSW Ambulance uses an in-house Vocational Education and Training course to recruit some paramedics, as well as recruiting paramedics who have completed a university degree. No other Australian ambulance services continue to provide their own Vocational Education and Training qualifications. Paramedics will need more support in several key areas to be able to fulfil their expanded roles in providing a mobile health service. Performance and development systems for paramedics are not used effectively. Up to date technology would help paramedics make better decisions and improve NSW Ambulance's ability to monitor demand management activity.
There are gaps in NSW Ambulance's oversight of the risks of some of the initiatives it has introduced, particularly its lack of information on the outcomes for patients who are not transported to hospital. Weaknesses in the way NSW Ambulance uses its data limit its ability to properly assess the risks of the demand management initiatives it has introduced.
Parliamentary reference - Report number #295 - released 13 December 2017
Health 2017
The following report highlights results of the financial audits of entities in the NSW health cluster. The report focuses on key observations and findings from the most recent audits of these entities.
The report also includes a range of findings on service delivery. Overall, NSW Health is achieving most of their targets. Some local health districts are continuing to experience increased demand for their services and are finding it more difficult to meet their targets. For example, three local health districts had not achieved some emergency department response time targets for three consecutive years.
1. Financial reporting and controls
| Financial Reporting |
All health cluster entities received unqualified audit opinions and the quality of financial reporting remains high across the cluster. Early close procedures were largely completed and all financial statements were submitted by the deadlines. |
| Financial performance |
Overall, NSW Health recorded an operating surplus of $407 million in 2016–17. Eleven local health districts/specialty networks recorded operating deficits in 2016–17, four more than 2015–16. Expenses across NSW Health increased by 4.4 per cent in 2016–17 (6.0 per cent in 2015–16), lower than the expected long term annual expense growth rate. |
| Excess annual leave | Managing excess annual leave is a continual challenge for NSW Health, with thirty–five per cent of the workforce having excess balances. |
| Overtime payments | NSW Health entities are generally managing overtime well; however NSW Ambulance’s overtime payments, $74.6 million in 2016–17, remain significantly higher than other health entities. |
| Time and leave recording practices | Unapproved employee timesheets continue to be a problem for health entities. Weak timesheet approval controls increase the risk of staff claiming and being paid for hours they have not worked. There is also an increased risk of high volumes of roster adjustments, manual pays, salary overpayments and leave not being recorded accurately. |
2. Service Delivery
| Service Agreements | Most of the service agreements between the Secretary of NSW Health and health entities were signed earlier than prior years. |
| Performance monitoring | Five NSW Health entities are not meeting the Ministry of Health’s performance expectations at 30 June 2017. |
| Emergency department performance | Data provided by the Ministry indicates NSW Health, on average, met emergency department triage response time targets across all triage categories for the fourth consecutive year. |
| Ambulance response times | Data provided by the Ministry shows NSW Ambulance response times for imminently life‑threatening incidents of 7.5 minutes in 2016–17 was within the Ministry’s target of 10.0 minutes. Data provided by the Ministry indicates NSW Ambulance response times for potentially life‑threatening incidents did not improve in 2016–17. The median response time of 11.1 minutes in 2016–17 was similar to 2015–16 (11.0 minutes). This is despite the number of Priority 1 responses reducing by 4.3 per cent. |
| Unplanned hospital re-admissions | Data provided by the Ministry shows eight local health districts achieved the Ministry of Health’s unplanned hospital re‑admissions target in 2016–17. The target is for local health districts to reduce re‑admission rates from the previous financial year. |
This report sets out the results of the 30 June 2017 financial statement audits of Health cluster entities.
The report has been structured into two chapters focusing on:
- Financial reporting and controls
- Service delivery.
This chapter outlines audit observations, conclusions and recommendations related to financial reporting and internal controls of entities for 2016-17.
| Observation | Conclusion or recommendation |
|
2.1 Quality of financial reporting |
|
| All cluster entities received unqualified audit opinions and misstatements identified in financial statements fell. | The quality of financial reporting remains high across the cluster. |
|
2.2 Timeliness of financial reporting |
|
| Early close procedures were largely completed and all financial statements were submitted by the deadlines. | Health entities controlled by the Ministry of Health continued submitting their financial statements well ahead of the statutory deadlines. |
|
2.4 Financial and sustainability analysis |
|
|
NSW Health recorded an operating surplus of $407 million in 2016–17.
|
The statewide operating surplus was $84 million higher than 2015–16. Net surpluses contribute to NSW Health’s ability to invest in new facilities, upgrades and redevelopments. The 2016–17 financial results were once again impacted by the NSW Government initiative to improve cash management across the sector. |
| 2.5 Performance against budget | |
| Ten local health districts/specialty networks’ expense budget variance was outside performance expectations agreed with the Ministry at the beginning of 2016–17. | The Ministry continues to manage performance across NSW Health to improve the accuracy of budgeting practices. |
| 2.7 Human Resources | |
|
Thirty-five per cent of NSW Health’s workforce have excess annual leave balances.
NSW Ambulance had the highest average sick leave rate in NSW Health of 85.2 hours per FTE in 2016–17 (78.7 hours in 2015–16). This was higher than the statewide average of 62.1 hours (62.0 hours in 2015–16).
Unapproved employee timesheets continue to be a problem for health entities. Weak timesheet approval controls increase the risk of staff claiming and being paid for hours they have not worked.
|
Managing excess annual leave is a continual challenge for health entities.
Recommendation: NSW Ambulance should further review the effectiveness of its rostering practices to identify strategies to reduce excessive overtime payments. Recommendation: Health entities should conduct a risk‑based review of time and leave recording practices to ensure control weaknesses are identified and fixed. |
This chapter outlines our audit observations, conclusions and recommendations relating to service delivery for 2016–17.
| Observation | Conclusion or recommendation |
| 3.1 Service agreements in NSW Health | |
|
Most of the service agreements between the Secretary of NSW Health and health entities were signed earlier than prior years. Thirteen local health districts/specialty networks signed their service agreements by the 31 July 2017 due date. This is a significant improvement with only seven local health districts/specialty networks meeting the date in 2015–16. |
Having service agreements signed as close as possible to the start of each year provides the Ministry and NSW Health entities with clarity around roles, responsibilities, performance measures, budgets, and service volumes and levels. |
| 3.2 Performance of NSW Health entities | |
| Five NSW Health entities were not meeting the Ministry’s performance expectations at 30 June 2017. | The Ministry is managing the five entities in accordance with its performance review process. |
| 3.4 Emergency department response times | |
|
Data provided by the Ministry indicates NSW Health again, on average, met emergency department triage response time targets across all triage categories for the fourth consecutive year. The Ministry manages performance across NSW Health to ensure patients presenting at emergency departments receive care in a clinically appropriate timeframe. |
Based on the Ministry’s data, local health districts/specialty networks are, on average, meeting triage targets despite increasing emergency department attendances. The data shows eleven local health districts met all triage targets in 2016–17, compared to eight in |
| 3.5 Emergency treatment performance | |
|
The Ministry manages public patient access to emergency services in public hospitals. It has an emergency treatment performance target of 81 per cent of patients leaving emergency departments within four hours. |
Data provided by the Ministry indicates NSW Health maintained its overall emergency treatment performance in 2016–17, but did not achieve its target. The State average emergency treatment performance was 74.2 per cent (74.2 per cent in 2015–16). Based on the Ministry’s data, only four local health districts achieved the target in 2016–17, five in |
| 3.6 Ambulance response times | |
| NSW Ambulance has a response time target of 10.0 minutes for imminently life‑threatening incidents in New South Wales. | Data provided by the Ministry indicates NSW Ambulance response times for imminently life-threatening incidents of 7.5 minutes in 2016–17 was within the Ministry’s target. |
| 3.7 Transfer of care | |
| The Ministry has a target of 90 per cent for the number of ambulance arrivals within a 30 minute ‘transfer of care’ timeframe. | Data provided by the Ministry indicates the rate of ambulance arrivals within a 30 minute 'transfer of care' timeframe improved from 87.6 per cent in 2015–16 to 91.7 per cent in 2016–17, exceeding the Ministry’s target. |
| 3.8 Average length of stay in hospital | |
| Based on the Ministry’s 2016–17 data, the average length of stay for acute episodes was 3.0 days. The average length of stay in New South Wales hospitals is lower than the national average of 3.2 days (in 2015–16). | The Ministry’s data shows the average length of stay by patients for acute episodes has remained stable in New South Wales hospitals for four years. |
| 3.9 Elective surgery access performance | |
| Data provided by the Ministry indicates NSW Health continues to manage waiting times for elective surgery in public hospitals. | The Ministry’s data shows NSW Health improved on‑time admission of patients for elective surgery in 2016–17 despite a 1.8 per cent increase in admissions. While the result improved, only one of the three targets for elective surgery waiting times was met in 2016–17. |
| 3.10 Unplanned hospital re-admissions | |
|
Data provided by the Ministry indicates NSW Health, on average, did not reduce the rate of unplanned hospital re‑admissions in 2016–17. The Ministry has a target of reducing unplanned hospital re‑admissions compared to the previous financial year. Low re‑admission rates may indicate good patient management practices and post-discharge care. |
The Ministry’s data shows eight local health district met the target to reduce the rate of re‑admissions compared to the previous financial year. The statewide average rate increased from 6.3 per cent to 6.4 per cent. |
| 3.11 Post discharge care for acute mental health patients | |
| NSW Health has a goal to increase community-based care to acute mental health patients after they are discharged. Continuity of care in the community can lead to reduced symptom severity, lower re‑admission rates, and improved quality of life. | The Ministry’s 2016–17 data shows the statewide average for post discharge follow-up of acute mental health patients within seven days was 70.0 per cent (66.0 per cent in 2015–16). The statewide average improved and met the NSW Health target of 70 per cent. Nine local health districts exceeded the NSW Health target. |
| 3.12 Mental health acute re-admissions | |
| NSW Health has a goal to reduce acute public sector mental health re-admissions. High re‑admission rates may indicate deficiencies in inpatient treatment and follow up care. | The Ministry’s data shows twelve local health districts did not achieve the NSW Health target of 13 per cent mental health acute re‑admissions in 2016–17. |
| 3.13 Unplanned and emergency re‑presentations | |
|
NSW Health aims to reduce the number of unplanned and emergency re‑presentations to emergency departments. The Ministry’s 2016–17 data shows the State average of emergency department re‑presentations decreased marginally from 5.0 per cent in 2015–16 to 4.9 per cent. |
Patients attending rural emergency departments are more likely to re‑present within 48 hours of being discharged than those in regional or metropolitan emergency departments. |
| 3.14 Healthcare associated infection | |
| The national target for the rate of Staphylococcus aureus (golden staph) bloodstream infection is two cases per 10,000 bed days. | Data provided by the Ministry indicates the rate of golden staph bloodstream infection in New South Wales hospitals continues to be well below the target and national benchmark at 0.72 cases per 10,000 bed days in 2016–17 (0.75 in 2015–16). |
| 3.15 Patient experience and satisfaction | |
|
The Bureau of Health Information analyses and reports on the results of patient surveys. The Bureau’s survey shows 65 per cent of adult admitted patients rated the care they received in hospital as ‘very good’ and 29 per cent rated it as ‘good’. |
NSW Health recognises that patient surveys are an important feedback mechanism on the health care system that can only come from personal experiences. |
Central Agencies 2017
This report highlights the results of the financial audits of NSW Government central agencies. The report focuses on key observations and findings from the most recent financial statement audits of agencies in the Treasury, Premier and Cabinet, and Finance, Services and Innovation clusters.
The report includes a range of findings in respect to service delivery. One repeat finding is that while the Government regularly reports on the 12 Premier's priorities, there is no comprehensive reporting on the 18 State priorities.
1. Financial reporting and controls
| Audit Opinions | Unqualified audit opinions were issued for all agencies' 30 June 2017 financial statements. |
| Early close | Early close procedures continue to facilitate the timely preparation of financial statements and completion of audits, but agencies can make further improvement. |
| Deficient user administration access | User access administration over financial systems remains an area of weakness. Agencies need to strengthen user access administration to critical systems. |
| Transitioning to outsourced service providers | Transitioning of services to outsourced service providers can be improved. Outsourcing services can lead to better outcomes, which may include lower transaction costs and improved services, but it also introduces new risks. |
2. Service delivery
| Premier and State Priorities | A comprehensive report of performance against the 18 State Priorities is yet to be published. While some measures are publicly reported through agency annual reports or other sources, a comprehensive report of performance against the 18 State Priorities would ensure all State Priorities are publicly reported, provide a single and easily accessible source of reference and improve transparency. |
| ICT and digital government | The Digital Government Strategy was released in May 2017. Targets will need to be set to assess and monitor progress against the Strategy. |
| Digital information security | Not all agencies are complying with the NSW Government's information security policy. This increases the risk of noncompliance with legislation, information security breaches and difficulty restoring data or maintaining business continuity in the event of a disaster or disruption. |
| Property and asset utilisation | Property NSW's performance reporting would be enhanced by developing and reporting on customer satisfaction, reporting against set targets and benchmarking cost of service to the private sector. |
3. Government financial services
| Prudential oversight of NSW Government superannuation funds |
Prudential oversight of SAS Trustee Corporation Pooled Fund and Parliamentary Contributory Superannuation Fund has not been prescribed. Structured and comprehensive prudential oversight of these funds remains important as they operate in a specialised, complex and continuously changing investment market sector, have over 106,000 members and manage investments in excess of $42.4 billion. |
| Green slip scheme affordability | Currently, Green Slips in NSW are the most expensive in Australia. However, CTP reforms are expected to reduce the cost of Green Slips. |
This report sets out the results of the 30 June 2017 financial statement audits of NSW Government's central agencies and their cluster agencies.
Central agencies play a key role in ensuring policy coordination, good administrative and people management practices and prudent fiscal management. The central agencies and their key responsibilities are set out below.
Confidence in public sector decision‑making and transparency is enhanced when financial reporting is accurate and timely. Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. This chapter outlines our audit observations, conclusions or recommendations related to financial reporting and controls of agencies for 2016–17.
| Observation | Conclusion or recommendation |
| 2.1 Quality of financial reporting | |
| Unqualified audit opinions were issued for all agency financial statements. | The quality of financial reporting continues to remain strong across the clusters. |
| 2.2 Timeliness of financial reporting | |
| Most agencies complied with the statutory timeframes for completion of early close procedures and preparation and audit of financial statements. | Early close procedures continue to facilitate the timely preparation of financial statements and completion of audits, but agencies can make further improvement. |
| 2.3 Financial performance and sustainability | |
| We assessed the performance of agencies listed in Appendix six against some key financial sustainability indicators. This highlighted two agencies with negative operating margins of more than ten per cent and one agency with a liquidity ratio of less than 0.5. | These agencies have strategies in place to remain financially sustainability and manage their liquidity. Our analysis found that, overall, the agencies are not at high risk of sustainability concerns. |
| 2.4 Internal Controls | |
|
User access administration over financial systems remains an area of weakness. Sixteen moderate risk and ten low risk issues related to user access administration across eight agencies were identified. |
Recommendation: Agencies should review user access administration to critical systems to ensure:
|
|
Transitioning of services to outsourced service providers can be improved. Our 2016–17 audits identified one high risk issue relating to Property NSW's outsourcing of property and facility management services to the private sector. While a high risk issue was identified in 2015–16 from the Department of Finance, Services and Innovation's outsourcing of transactional and information technology services to GovConnect there has been an improvement in GovConnect's internal control environment throughout |
Outsourcing services can lead to better outcomes, which may include lower transaction costs and improved services, but it also introduces new risks. The transition needs to be carefully managed and requires thorough planning and effective project governance. This should be supported by oversight and direction from senior management and independent project assurance. |
| 2.5 Human Resources | |
| The percentage of full‑time equivalent staff with annual leave greater than 30 days in the Finance, Services and Innovation, Premier and Cabinet and the Treasury clusters is 7.9 per cent, 17.1 per cent and 18.4 per cent respectively. | Agencies have strategies in place to reduce annual leave balances that are greater than 30 days. The effectiveness of these strategies will need to be monitored to ensure they are helping to achieve the desired outcome. |
This chapter outlines our audit observations, conclusions and recommendations relating to service delivery for 2016–17.
| Observation | Conclusion or recommendation |
| 3.1 Premier and State priorities | |
|
The Department of Premier and Cabinet monitors the achievement of targets and the implementation of initiatives to deliver the 12 Premier’s Priorities. Responsible ministers and agencies manage the 18 State Priorities. A comprehensive report of performance against the 18 State Priorities is yet to be published. |
While some measures are publicly reported through agency annual reports or other sources, a comprehensive report of performance against the 18 State Priorities would ensure all State Priorities are publicly reported, provide a single and easily accessible source of reference and improve transparency. Where possible, independent sources are used to measure performance, however without independent assurance there is an increased risk that the target measures are inaccurate, not relevant or do not fairly represent actual performance. |
|
Performance against the State Priority to make NSW the easiest state to start a business is not currently published. |
Initiatives, such as easy to do business and red tape reduction are in place to help achieve this priority. The regulatory policy framework is under review following an October 2016 performance audit on ‘Red tape reduction’ that found the regulatory burden of legislation had increased. |
| 3.2 Financial management | |
| Revenue NSW earned record crown revenue of $30.0 billion in 2016–17 to support the state's finances. | Record crown revenue has been driven by the sustained increase in duties revenue, which has increased by 93.7 per cent over the last five years. This is a consequence of the continued strength in the property market over this time and large one off NSW Government business asset sales and leases. |
| 3.3 ICT and digital government | |
| The Digital Government Strategy (the Strategy) was released in May 2017 to build on reforms set out in previous ICT strategies. | The Strategy’s priorities and enablers aim to support digital innovation. Targets and measures will need to be set to assess and monitor progress against the Strategy. |
| The Digital Information Security Policy (DISP) is a key tool that helps ensure a minimum set of information security controls are implemented across NSW Government agencies. A review of 2016 annual reports found 15 agencies (13 in 2015) did not attest to compliance with the DISP and of the agencies that attested to compliance, 34 reported issues associated with their compliance. |
The Strategy’s priorities and enablers aim to support digital innovation. Targets and measures will need to be set to assess and monitor progress against the Strategy. |
| 3.4 Property and asset utilisation | |
|
Property NSW's performance reporting could be |
Property NSW's performance reporting would be enhanced by developing and reporting on customer satisfaction, reporting against set targets and benchmarking cost of service to the private sector. |
This chapter outlines our audit observations, conclusions and recommendations specific to NSW Government agencies providing financial services.
| Observation | Conclusion or recommendation |
| 4.1 Key issues | |
|
The SAS Trustee Corporation (STC) Pooled Fund and the Parliamentary Contributory Superannuation (PCS) Fund are not required to comply with the prudential and reporting standards issued by the Australian Prudential Regulation Authority (APRA). Amendments to relevant legislation allows the Minister for Finance, Services and Property to prescribe applicable prudential standards and audit requirements. |
Structured and comprehensive prudential oversight of these funds remains important as they operate in a specialised, complex and continuously changing investment market sector, have over 106,000 members and manage investments of more than $42.4 billion. Recommendation: The Treasury should liaise with the respective Trustees to implement appropriate prudential standards and oversight arrangements for the exempt public sector superannuation funds. |
|
Currently, Green Slips in NSW are the most expensive in Australia. Average premiums for Sydney Metropolitan vehicles increased by 10.4 per cent between 1 January 2016 and 31 December 2016. |
CTP reforms are expected to reduce the cost of Green Slips. The State Insurance Regulatory Authority will need to ensure it has appropriate processes in place to track and report against the expected benefits. |
| 4.2 Financial performance and sustainability | |
| Net unfunded superannuation liabilities were $15.0 billion at 30 June 2017. Under the Fiscal Responsibility Act 2012, the NSW Government’s target is to eliminate unfunded superannuation liabilities by 2030. |
The superannuation funds’ strategic asset allocation and investment strategies are monitored and adjusted to help achieve a fully funded position by 2030. |
| The Home Warranty Scheme commenced in 2011. Over this time total premiums collected have not been sufficient to cover expected claim costs. | Funding arrangements introduced during 2016–17 allow the Home Building Compensation Fund to apply to the Crown for reimbursement of unfunded realised losses from under-pricing of premiums. Other reforms are planned to address the long term sustainability of the home building compensation scheme. |
| 4.3 Investment performance | |
| The NSW Government’s main superannuation funds have maintained the management expense ratio (MER) at consistent levels over the past two years. The Parliamentary Contributory Superannuation (PCS) Fund does not set an MER target. | MER is an industry recognised ratio to measure the performance of funds and investment managers. Recommendation: The Fund Secretary for the PCS Fund, in conjunction with the Trustee, should consider establishing an appropriate management expense ratio target to measure performance. |
