Refine search Expand filter

Audit progress

- Any -

Sector

- Any -

Year

- Any -

Report type

- Any -

Topic

- Any -

Reports

Published

Treasury 2023

Treasury
Compliance
Cyber security
Financial reporting
Information technology
Internal controls and governance
Management and administration
Procurement
Regulation
Risk
Service delivery
Shared services and collaboration

What this report is about

Result of the Treasury portfolio of agencies’ financial statement audits for the year ended 30 June 2023.

The results of the audit of the NSW Government’s consolidated Total State Sector Accounts (TSSA), which are prepared by NSW Treasury, will be reported separately in our report on ‘State Finances 2023’.

The audit found

Unqualified audit opinions were issued on all general purpose financial statement audits.

Qualified audit opinions were issued on two of the 24 other engagements prepared by portfolio agencies. These related to payments made from Special Deposit Accounts that did not comply with the relevant legislation.

The number of monetary misstatements identified in our audits increased from 29 in 2021–22 to 39 in 2022–23.

The new parental leave policy impacted agencies across all portfolios. NSW Treasury should perform annual assessments to identify changes in legislation and regulation and provide timely guidance to the sector.

Transport for NSW and Sydney Metro have capitalised over $300 million of tender bid costs paid to unsuccessful tender bidders relating to significant infrastructure projects. Whilst NSW Treasury policy provides clarity on the reimbursement of unsuccessful bidders’ costs, clearer guidance on how to account for these costs in agencies’ financial statements is required.

The key audit issues were

Five high-risk issues were reported in 2022–23. Three were new findings on contract management, accounting treatments for workers compensation renewal premium adjustments and the management and oversight of a Special Deposit Account. Two repeat issues referred to the need to improve quality review processes over financial reporting and the timely approval of administration costs.

Portfolio agencies should prioritise and action recommendations to address internal control deficiencies.

 

This report provides Parliament and other users of the Treasury portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Treasury portfolio of agencies (the portfolio) for 2023.

Section highlights

  • Unqualified audit opinions were issued on all Treasury portfolio agencies’ 2022–23 financial statements.
  • Two qualified audit opinions were issued on special purpose financial reports, relating to whether payments from the Electricity Retained Interest Corporation – Ausgrid (ERIC-A) Fund and the Electricity Retained Interest Corporation – Endeavour (ERIC-E) Fund, complied with the relevant legislation.
  • The total number of errors (both corrected and uncorrected) in the financial statements increased from 29 in 2021–22 to 39 in 2022–23.
    Reported corrected misstatements increased from 15 in 2021–22 to 25 with a gross value of $7.1 billion in 2022–23. Reported uncorrected misstatements increased from 13 in 2021–22 to 14 in 2022–23, with a gross value of $277.6 million in 2022–23.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Treasury portfolio.

Section highlights

  • Five high-risk issues were reported in 2022–23. Three were new findings on contract management, accounting treatments for workers compensation renewal premium adjustments and the management and oversight of a Special Deposit Account.
  • A further 35 moderate risk findings were reported in 2022–23, of which ten were repeat findings.
  • Some agencies have again spent monies without an authorised delegation.
  • The quality of information provided for audit purposes needs to improve.

 

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

Appendix five – Acquittals and other opinions

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Health 2023

Health
Whole of Government
Asset valuation
Compliance
Financial reporting
Information technology
Internal controls and governance
Project management
Regulation
Risk
Shared services and collaboration
Workforce and capability

What this report is about

Results of the Health portfolio of agencies' financial statement audits for the year ended 30 June 2023.

The audit found

Unmodified audit opinions were issued for all Health portfolio agencies' financial statements. 

The number of monetary misstatements increased in 2022–23, driven by key accounting issues, including the first-time recognition of paid parental leave and plant and equipment fair value adjustments. 

The key audit issues were 

NSW Health identified errors regarding the recognition and calculation of long service leave entitlements for employees with ten or more years of service that had periods of part time service in the first ten years, resulting in prior period restatements. 

Comprehensive revaluation of buildings at the Graythwaite Charitable Trust found errors in the previous year's valuation, resulting in prior period restatements. 

New parental leave legislation increased employee liabilities for portfolio agencies. The Ministry of Health corrected the consolidated financial statements to record parental leave liabilities for all agencies within the Health portfolio.   

A repeat high-risk issue relates to processing time records by administrators that have not been reviewed prior to running the pay cycle.   

Thirty per cent of reported issues were repeat issues. 

The audit recommended 

Portfolio agencies should ensure any changes to employee entitlements are assessed for their potential financial statements impact under the relevant Australian Accounting Standards. 

Portfolio agencies should address deficiencies that resulted in qualified reports on:   

  • the design and operation of shared service controls
  • prudential non-compliance at residential aged care facilities.

 

This report provides Parliament and other users of the Health portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Health portfolio of agencies (the portfolio) for 2023.

Section highlights

  • Unqualified audit opinions were issued for all portfolio agencies required to prepare general purpose financial statements.
  • The total number of errors (including corrected and uncorrected) in the financial statements increased compared to the prior year.
  • The Ministry of Health retrospectively corrected an $18.9 million adjustment in its financial statements relating to long service leave entitlements for certain employees.
  • Graythwaite Charitable Trust retrospectively corrected a $4.2 million adjustment in its financial statements related to prior period valuations. 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines observations and insights from our financial statement audits of agencies in the Health portfolio.  

 Section highlights 

  • The 2022–23 audits identified one high-risk and 57 moderate risk issues across the portfolio.
  • The high-risk matter related to the forced-finalisation of time records.
  • The total number of findings increased from 67 to 111 in 2022–23.
  • Thirty per cent of the issues were repeat issues. Most repeat issues related to internal control deficiencies or non-compliance with key legislation and/or central agency policies.
  • Forced-finalisation of time records, accounting for the new paid parental leave provision and user access review deficiencies were the most commonly reported issues.
  • Qualified Assurance Practitioner's reports were issued on:
    • the design and operation of controls as documented by HealthShare NSW
    • the Ministry's Annual Prudential Compliance Statements in relation to residential aged care facilities.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

 

Published

Customer Service 2023

Finance
Asset valuation
Compliance
Financial reporting
Information technology
Internal controls and governance
Management and administration
Regulation
Risk
Service delivery
Shared services and collaboration

What this report is about

Result of the Customer Service portfolio agencies' financial statement audits for the year ended 30 June 2023.

What we found

Unmodified audit opinions were issued for all completed 30 June 2023 financial statements audits of Customer Service portfolio agencies. Two audits are ongoing.

What the key issues were

The total number of misstatements in the financial statements and findings reported to management decreased compared to the prior year.

For the first time since its establishment in 2015, GovConnect NSW received unqualified audit opinions for business process internal controls and information technology general controls managed by service providers.

The department controls Finance Co Trust (Fin Co), a special purpose trust created as part of its project to replace flammable cladding for eligible residential apartment buildings. Fin Co did not prepare financial statements which is a breach of the Government Sector Finance Act 2018 (GSF Act).

The department's land titling database was overstated by $42.5 million due to errors in the valuation model.

The New South Wales Government Telecommunications Authority corrected a prior period error of $10.2 million overstatement of property, plant and equipment.

A high-risk finding was reported to Service NSW regarding gaps in policies, systems and processes for administering and financial reporting on grant programs.

Recommendations were made to address these deficiencies.

This report provides Parliament and other users of the Customer Service portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Customer Service portfolio of agencies (the portfolio) for 2023.

Section highlights

  • Unqualified audit opinions were issued on all completed 30 June 2023 financial statements audits of the portfolio agencies. Two audits are ongoing.
  • The total number of errors (including corrected and uncorrected) in the financial statements decreased compared to the prior year.
  • Financial statements were not prepared for Finance Co Trust (Fin Co), a special purpose trust created by the department as part of its project to replace flammable cladding for eligible residential apartment buildings. This is a breach of the Government Sector Finance Act 2018 (GSF Act).
  • The department overstated the value of its land titling database, a service concession asset by $42.5 million. This was due to errors in the valuation data and calculation errors in the valuation model.
  • Service NSW’s late resolution of the accounting assessment of grant programs funding resulted in delays to financial reporting and audit.
  • The New South Wales Government Telecommunications Authority (the authority) corrected a prior period error retrospectively to write off assets that could not be physically verified. 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Customer Service portfolio.

Section highlights

  • The 2022–23 audits identified one high risk and 26 moderate risk issues across the portfolio.
  • The high-risk matter was related to Service NSW’s revenue assessment of its grant programs.
  • The total number of findings decreased from 64 to 41, which mainly related to deficiencies in financial reporting, information technology, payroll and purchasing controls.
  • Fifty-one per cent of the issues were repeat issues. Many repeat issues related to weakness in information technology (IT) controls around access to systems and data and disaster recovery testing.
  • For the first time since its establishment in 2015, GovConnect NSW received unqualified audit opinions for business processes internal controls and information technology general controls managed by service providers. 

Appendix one – Misstatements in financial statements submitted for audit 

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Natural disasters

Community Services
Environment
Finance
Local Government
Planning
Transport
Treasury
Whole of Government
Asset valuation
Compliance
Financial reporting
Infrastructure
Regulation
Risk
Service delivery

What this report is about

This report draws together the financial impact of natural disasters on agencies integral to the response and impact of natural disasters during 2021–22.

What we found

Over the 2021–22 financial year $1.4 billion from a budget of $1.9 billion was spent by the NSW Government in response to natural disasters.

Total expenses were less than the budget due to underspend in the following areas:

  • clean-up assistance, including council grants
  • anticipated temporary accommodation support
  • payments relating to the Northern Rivers Business Support scheme for small businesses.

Natural disaster events damaged council assets such as roads, bridges, waste collection centres and other facilities used to provide essential services. Additional staff, contractors and experts were engaged to restore and repair damaged assets and minimise disruption to service delivery.

At 30 June 2022, the estimated damage to council infrastructure assets totalled $349 million.

Over the first half of the 2022–23 financial year, councils experienced further damage to infrastructure assets due to natural disasters. NSW Government spending on natural disasters continued with a further $1.1 billion spent over this period.

Thirty-six councils did not identify climate change or natural disaster as a strategic risk despite 22 of these having at least one natural disaster during 2021–22.

Section highlights

  • $1.4 billion from a budget of $1.9 billion was spent by the NSW Government in response to natural disasters during 2021–22.
  • Budget underspent for temporary housing and small business support as lower than expected need.

Section highlights

  • 83 local council areas were impacted by natural disasters during 2021–22, with 58 being impacted by more than one type of natural disaster.
  • $349 million damage to council infrastructure assets at 30 June 2022.

 

Published

Treasury 2022

Treasury
Asset valuation
Compliance
Cyber security
Financial reporting
Information technology
Internal controls and governance
Management and administration
Procurement
Regulation
Risk
Service delivery
Shared services and collaboration

What the report is about

Results of the Treasury cluster agencies' financial statement audits for the year ended 30 June 2022.

The results of the audit of the NSW Government's consolidated Total State Sector Accounts (TSSA), which is prepared by NSW Treasury, are reported separately in our report on 'State Finances 2022'.

What we found

Unmodified audit opinions were issued on all 30 June 2022 general purpose financial statement audits.

Qualified audit opinions were issued on three of the 25 other engagements prepared by cluster agencies. These related to payments made from Special Deposit Accounts (SDA) that did not comply with the relevant legislation.

What the key issues were

Commercial agreements were signed between TAHE, the operators and Transport for NSW in June 2022, which reflected an expected rate of return of 2.5% on contributed equity. However, it remains critical that the government continue to provide sufficient funding to the operators so they can pay for access and use TAHE assets. These findings are reported in our report on 'State Finances 2022'.

Eight high-risk issues were raised in 2021–22, of which five relate to NSW Treasury.

A number of previously reported audit findings and recommendations with respect to icare continue to be ongoing issues. This includes the Workers Compensation Nominal Insurer continuing to hold less assets than the estimated present value of its future payment obligations, when measured in accordance with the accounting framework.

What we recommended

Our report on 'State Finances 2022' made several recommendations to improve NSW Treasury's processes.

In this report, we recommended icare should ensure:

  • it has sufficient controls in place over claim payments, including an effective quality assurance program, to minimise claim payment errors
  • that documentation to support PIAWE calculations is appropriately maintained, and that the minimum documentation requirements are set out in a policy.

This report provides Parliament and other users of the Treasury cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Treasury cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued on the general purpose financial statements of all cluster agencies.
  • A qualified opinion was issued on the NSW Government's consolidated Total State Sector Accounts (TSSA), which are prepared by NSW Treasury. This is reported separately in our 'State Finances 2022' NSW Auditor-General's Report to Parliament.
  • Three qualified audit opinions were issued on special purpose financial reports, relating to whether payments from the funds complied with the relevant legislation.
  • Reported corrected misstatements increased from seven in 2020–21 to ten in 2021–22 with a gross value of $808.6 million. Reported uncorrected misstatements decreased from 17 in 2020–21 to 11 in 2021–22 with a gross value of $85.7 million.
  • Nine of 15 cluster agencies either did not submit or did not complete certain mandatory early close procedures on time.
  • NSW Treasury corrected a $39.7 million prior period error retrospectively in the financial statements as it overstated its accrual at 30 June 2021 relating to hotel quarantine costs.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Treasury cluster.

Section highlights

  • Eight high-risk issues were identified in 2021–22, an increase from four high-risk and one extreme risk in 2020–21. A further 31 moderate risk findings were reported in 2021–22, of which 12 were repeat findings.
  • Inconsistencies in the Government Sector Finance Act 2018 (GSF Act) and Government Sector Audit Act 1983 (GSA Act) relating to key statutory timeframes have been addressed.
  • Further to last year's reporting, some agencies have again spent moneys without an authorised delegation. 
  • There was a lack of quality review of submissions for audit by NSW Treasury.
  • The Nominal Insurer's net assets decreased from a $2.5 billion surplus at 30 June 2018, to a $1.2 billion deficiency at 30 June 2022.
  • The Nominal Insurer's return-to-work rates stabilised, but remain below the performance levels prior to the COVID-19 pandemic.
  • The Nominal Insurer paid $29.5 million in 2021–22 to remediate historical underpayment of compensation benefits to workers (Pre-Injury Average Weekly Earnings (PIAWE) payments), and a further $8.5 million was payable at 30 June 2022.
  • During its review of historical PIAWE errors, icare found that indexation may have been incorrectly applied, or failed to have been applied when determining injured worker entitlements within the Nominal Insurer between 2012 and 2019. Based on calculations provided by icare, the Audit Office reported an uncorrected judgemental misstatement of $28.5 million (understatement).

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

Appendix five – Acquittals and other opinions

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Health 2022

Health
Whole of Government
Asset valuation
Compliance
Cyber security
Financial reporting
Information technology
Infrastructure
Internal controls and governance
Management and administration
Procurement
Risk
Service delivery
Shared services and collaboration
Workforce and capability

What the report is about

Result of Health cluster (the cluster) agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for the financial statements for all Health cluster agencies.

The COVID-19 pandemic continued to increase the complexity and number of accounting matters faced by the cluster. The total gross value of corrected misstatements in 2021–22 was $353.3 million, of which $186.7 million related to an increase in the impairment provision for Rapid Antigen Tests (RATs).

A qualified audit opinion was issued on the Annual Prudential Compliance Statement related to five residential aged care facilities. There were 20 instances (19 in 2020–21) of non-compliance with the prudential responsibilities within the Aged Care Act 1997.

What the key issues were

The total number of matters we reported to management across the cluster decreased from 116 in 2020–21 to 67 in 2021–22. Of the 67 issues raised, four were high risk (three in 2020-21) and 37 were moderate risk (57 in 2020–21). Nearly half of all control deficiencies reported in 2021–22 were repeat issues.

Three unresolved high-risk issues were:

  • COVID-19 inventories impairment – we continued to identify issues relating to management’s impairment model which relies on anticipated future consumption patterns. RATs had not been assessed for impairment.

  • Asset capitalisation threshold – management has not reviewed the appropriateness of the asset capitalisation threshold since 2006.

  • Forced-finalisation of HealthRoster time records – we continued to observe unapproved rosters being finalised by system administrators so payroll can be processed on time. 2.6 million time records were processed in this way in 2021–22.

What we recommended

  • COVID-19 inventories impairment – ensure consumption patterns are supported by relevant data and plans.

  • Assets capitalisation threshold – undertake further review of the appropriateness of applying a $10,000 threshold before capitalising expenditure on property, plant and equipment.

  • Forced-finalisation of HealthRoster time records – develop a methodology to quantify the potential monetary value of unapproved rosters being finalised.

This report provides Parliament and other users of Health cluster (the cluster) agencies' financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting

  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Health cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued for all cluster agencies required to prepare general purpose financial statements.

  • The total gross value of corrected monetary misstatements for 2021–22 was $353.3 million, of which, $186.7 million related to an increase in the impairment provision for Rapid Antigen Tests.

  • A qualified audit opinion was issued on the ministry's Annual Prudential Compliance Statements.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the cluster.

Section highlights

  • The total number of internal control deficiencies has decreased from 116 in 2020–21 to 67 in 2021–22. Of the 67 issues raised in 2021–22, four were high (2020–21: 3) and 37 were moderate (2020–21: 57); with nearly half of all control deficiencies reported in 2021–22 being repeat issues.

  • The following four issues were reported in 2021–22 as high risk:

    • impairment of COVID-19 inventories

    • inadequate review over the appropriateness of asset capitalisation threshold

    • forced-finalisation of HealthRoster time records

    • COVID-19 vaccination inventories – data quality issue at 31 March 2022.

  • Management of excessive leave balances and poor quality or lack of documentation supporting key agreements continued to be the key repeat issues observed in the 2021–22 financial reporting period.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Customer Service 2022

Finance
Asset valuation
Compliance
Cyber security
Financial reporting
Information technology
Internal controls and governance
Management and administration
Procurement
Regulation
Risk
Service delivery
Shared services and collaboration

What the report is about

Result of the Customer Service cluster agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for Customer Service cluster agencies.

What the key issues were

The number and size of Service NSW's administered grant programs have increased significantly in response to emergency events. Improvements are required to address gaps in Service NSW's policies, systems and processes in administering and financial reporting of grant programs.

The Department of Customer Service (the department) reported a retrospective correction of a prior period error of $33.3 million understatement of the land titling database, which is a service concession asset managed by a private operator.

The 2021–22 audits identified five high-risk issues across the cluster:

  • the department:
    • control weaknesses in user access to GovConnect systems
    • significant control deficiencies in information technology change management controls
  • Rental Bond Board:
    • legislation amendment required to better support the accounting treatment of rental bonds
    • no delegation instrument to government officers authorising them to approve expenditures
  • Service NSW:
    • improvements required in the timeliness and quality of grant administration revenue assessment and controls over the recovery of grant administration costs.

Recommendations were made to address these deficiencies.

This report provides Parliament and other users of the Customer Service cluster's financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Customer Service cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued on the financial statements of cluster agencies.
  • Reported corrected misstatements decreased from 33 in 2020–21 to 30 with a gross value of $406 million in 2021–22 ($418.9 million in 2020–21). Reported uncorrected misstatements decreased from 13 in 2020–21 to nine with a gross value of $31.8 million in 2021–22 ($78 million).
  • Seven of nine cluster agencies did not submit or complete certain mandatory early close procedures on time.
  • Service NSW's late resolution of the accounting of $256 million revenue from administering COVID-19 and flood grant programs resulted in misstatements and delays in financial reporting and audit.
  • The Department of Customer Service corrected prior period errors retrospectively related to the valuation of a service concession asset (land titling database) which reduced the prior year comparative for service concession asset by $33.3 million in the financial statements.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Customer Service cluster.

Section highlights

  • The 2021–22 audits identified five high risks (three in 2020–21) and 36 moderate risk issues (59 in 2020–21) across the cluster. Fifty-three per cent of the issues (42% in 2020–21) were repeat issues. Many repeat issues related to information technology controls around user access management.
  • While improvement was noted in the number of control deficiencies in GovConnect ASAE 3402 controls assurance reports, internal control qualification and control deviation issues continued to occur in 2021–22. Ineffective controls at service providers increase the risk of fraud, error and security to data.
  • Cyber security governance and management requires improvement. The department is yet to fully implement Essential 8 Mitigation Strategies and the maturity level for several Essential 8 strategies is at Level Zero in the current maturity model. The department is in the process of completing the roll out of some long outstanding system patches.
  • Significant gaps were identified in Service NSW's policies, systems and processes in administering and financial reporting of grant programs.

Appendix one – Misstatements in financial statements submitted for audit 

Appendix two – Early close procedures 

Appendix three – Timeliness of financial reporting 

Appendix four – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

COVID-19: response, recovery and impact

Community Services
Education
Health
Justice
Premier and Cabinet
Transport
Treasury
Whole of Government
Cross-agency collaboration
Financial reporting
Management and administration
Service delivery
Shared services and collaboration

What the report is about

This report draws together the financial impact of COVID-19 on the agencies integral to responses across the state government sector of New South Wales.

What we found

Since the COVID-19 pandemic hit NSW in January 2020, and until 30 June 2021, $7.5 billion was spent by state government agencies for health and economic stimulus. The response was largely funded by borrowings.

The key areas of spending since the start of COVID-19 in NSW to 30 June 2021 were:

  • direct health response measures – $2.2 billion
  • personal protective equipment – $1.4 billion
  • small business grants – $795 million
  • quarantine costs – $613 million
  • increases in employee expenses and cleaning costs across most agencies
  • vaccine distribution, including vaccination hubs – $71 million.

The COVID-19 pandemic significantly impacted the financial performance and position of state government agencies.

Decreases in revenue from providing goods and services were offset by increases in appropriations, grants and contributions, for health and economic stimulus funding in response to the pandemic.

Most agencies had expense growth, due to additional operating requirements to manage and respond to the pandemic along with implementing new or expanded stimulus programs and initiatives.

Response measures for COVID-19 have meant the NSW Government is unlikely to meet targets in the Fiscal Responsibility Act 2012 being:

  • annual expense growth kept below long-term average revenue growth
  • elimination of State’s unfunded superannuation liability by 2030.

 Fast facts

  • First COVID-19 case in NSW on 25 January 2020
  • COVID-19 vaccinations commenced on 21 February 2021
  • By 31 December 2021, 25.2 million PCR tests had been performed in NSW and 13.6 million vaccines administered, with 93.6% of the 16 and over population receiving two doses
  • During 2020–21, NSW Health employed an extra 4,893 full-time staff and incurred $28 million in overtime mainly in response to COVID-19
  • During 2020–21, $1.2 billion was spent on direct health COVID-19 response measures and $532 million was spent on quarantine for incoming international travellers

Section highlights

  • Up to 30 June 2021, $7.5 billion has been spent by state government agencies for health and economic stimulus.
  • Revenue increased for most agencies as falling revenue from providing goods and services was offset by additional funding from appropriations, grants and contributions.
  • Expenses increased as most agencies incurred additional costs to manage and respond to the pandemic along with delivering stimulus and support programs.
  • Borrowings of $7.5 billion over the last two years helped to fund the response to COVID-19.

Section highlights

  • NSW Government unlikely to meet targets in Fiscal Responsibility Act 2012.

Published

Customer Service 2021

Finance
Asset valuation
Cyber security
Financial reporting
Information technology
Internal controls and governance
Shared services and collaboration

This report analyses the results of our audits of the Customer Service cluster agencies for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the ‘Report on State Finances’ focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the ‘Report on State Finances’ has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no outstanding matters relating to audits in the Customer Service cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.

What the report is about

The results of Customer Service cluster agencies' financial statement audits for the year ended 30 June 2021.

What we found

Unmodified audit opinions were issued for all Customer Service cluster agencies.

The number of monetary misstatements decreased from 48 in 2019–20 to 46 in 2020–21.

Seven out of eight agencies did not complete all mandatory early close procedures.

What the key issues were

Upon the implementation of AASB 1059 'Service Concession Arrangements: Grantors', the Department of Customer Service (the department) recognised a service concession asset, the land titling database, totalling $845 million for the first time at 1 July 2019.

The department reported several retrospective corrections of prior period errors.

The 2020–21 audits identified three high-risk and 59 moderate risk issues across the cluster. The high-risk issues were related to:

  • the Department of Customer Service – internal control qualifications and control deviations in GovConnect service providers
  • the Department of Customer Service – significant control deficiencies in information technology change management controls
  • Rental Bond Board – uncertainties in the accounting treatment of rental bonds.

The percentage of repeat issues we report to management and those charged with governance in management letters increased from 29 per cent in prior year to 42 per cent in 2020–21 while the number of items decreased from 94 to 93.

The magnitude and number of internal control exceptions in GovConnect service providers increased resulting in additional audit procedures to address the risks of fraud and errors in the financial statements.

What we recommended

The department should improve the validation process of key valuation assumptions and inputs provided by the private operator NSW Land Registry Services. It should revisit its accounting treatment of new land titling records.

The department should ensure GovConnect service providers prioritise the remediation of control deficiencies in information technology services.

The department should continue to improve controls in cyber security management.

Cyber Security NSW and NSW Government agencies need to prioritise improvements to their cyber security resilience as a matter of urgency.

The New South Wales Government Telecommunications Authority should improve its fixed assets management and financial reporting process to accommodate its growing fixed assets profile.

Fast facts

The Customer Service cluster aims to plan, prioritise, fund and drive digital transformation and customer service across every cluster in the NSW Government.

  • $3.9b total expenditure incurred in 2020–21 
  • $34.1b total administered income managed on behalf of the NSW Government in 2020–21
  • 100% unqualified audit opinions were issued on agencies' 30 June 2021 financial statements 
  • 3 high-risk management letter findings were identified
  • 46 monetary misstatements were reported in 2020–21
  • 42% of reported issues were repeat issues.

This report provides Parliament and other users of the Customer Service cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Customer Service cluster (the cluster) for 2021.

Section highlights

  • Unqualified audit opinions were issued on the financial statements of cluster agencies.
  • The number of reported misstatements has decreased from 48 in 2019–20 to 46 in 2020–21.
  • Agencies could do more work to improve the quality and timeliness of completing mandatory early close procedures.
  • The Department of Customer Service implemented the new accounting standard AASB 1059 'Service Concession Arrangements: Grantors', which resulted in recognition of a service concession asset of $845 million at 1 July 2019. The valuation of land titling database requires significant judgements and estimations.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Customer Service.

Section highlights

  • The 2020–21 audits identified three high-risk and 59 moderate risk issues across the cluster. Twenty-six moderate risk issues were repeat issues. The most common repeat issues related to information technology controls around user access management.
  • The magnitude and number of internal control qualification issues from GovConnect service providers have increased. Ineffective controls at service providers increase the risk of fraud, error and security to data. Urgent attention is required to remediate the internal control exceptions in information and technology services.
  • The NSW Public Sector's cyber security resilience needs urgent attention. Cyber Security NSW and NSW Government agencies need to prioritise improvements to their cyber security resilience as a matter of urgency.

Findings reported to management

Forty-two per cent of findings reported to management were repeat issues

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.

In 2020–21, there were 93 findings raised across the cluster (94 in 2019–20). Forty-two per cent of all issues were repeat issues (29 per cent in 2019–20).

The most common repeat issues related to weaknesses in controls over information technology user access administration.

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.

The table below describes the common issues identified across the cluster by category and risk rating. 

Risk rating Issue
Information technology
High3
1 new,
1 repeat

The financial audits identified the need for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with:

  • internal control exceptions in information and technology services provided by GovConnect service providers
  • inadequate change management controls
  • poor user access administration and no monitoring of privileged user activities
  • insufficient cybersecurity controls and processes.

High-risk issues are discussed later in the chapter.

Moderate2
5 new,
8 repeat

Low1
7 new,
5 repeat
Internal control deficiencies or improvements

Moderate2
5 new,
3 repeat

The financial audits identified internal control weaknesses across key business processes, including:

  • lack of documentation support for payroll transactions
  • untimely removal of unused transaction negotiation authority facility and old bank signatories
  • inadequate fixed asset management controls including timely capitalisation of project overhead costs.

 Low1
3 new,
2 repeat
Financial reporting

High3
1 new

The financial audits identified opportunities for agencies to strengthen financial reporting, including:

  • uncertainties in legislation to support accounting of rental bonds as funds held in trust
  • improvements required in lease accounting including the review of extension options, assessing indicators of impairment and reviewing the lease reports for completeness and accuracy 
  • the removal of fully depreciated assets in the fixed asset register was not timely
  • the quality and timeliness of completing early close procedures required improvement.

High-risk issues are discussed later in the chapter.

Moderate2
9 new,
8 repeat

Low1
7 new,
3 repeat
Governance and oversight
Moderate2
10 new,
3 repeat

The financial audits identified opportunities for agencies to improve governance and oversight processes, including:

  • renewing or finalising service arrangement agreements between agencies were required 
  • lack of formalised documentation regarding arrangements with external providers for leasing and use of assets.
Low1
3 new
Non-compliance with key legislation and/or central agency policies
Moderate2
4 new,
4 repeat

The financial audits identified the need for agencies to improve its compliance with key legislation and central agency policies, including:

  • non-compliance with contract and procurement management policy, including the use of purchasing cards
  • non-compliance with TC 21-02 'Statutory Act of Grace Payments'
  • annual leave in excess of 30 days where Circular 2020-12 requires agency heads to reduce employee recreation leave balances to 30 days or less.
Low1
1 repeat
4 Extreme risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
3 High-risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
1 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based on management letters issued to agencies.

2020–21 audits identified three high-risk findings

High-risk findings, including repeat findings, were reported at the following cluster agencies. One of the 2019–20 high-risk findings were not resolved.

Agency Description
2020–21 findings  
Department of Customer Service
Repeat finding:
Qualifications and control deviations in GovConnect NSW controls assurance reports

The GovConnect information technology general controls (ITGC) provided by the department, Infosys and Unisys were qualified in 2020–21. The key controls over user access, system changes and batch process failed in all ITGC reports. Most of these deviations were not mitigated or sufficiently mitigated to address the risk of unauthorised user access.

The control deficiencies in ITGC increase:

  • the risk of unauthorised transactions, system and configuration changes (workflow approvals, three-way match etc.) and modifications to the system reports
  • incomplete, invalid and inappropriate system access, segregation of duties controls and system reports for the customers using the SAPConnect.

The role of the department has changed significantly from a coordinating agency on behalf of GovConnect customers to a GovConnect IT service provider. It is leading a new IT operating model called ‘Service Integration and Application Management’ (SIAM) to strengthen governance and improve performance of GovConnect service providers. The Department is responsible for the remediation of control deficiencies and continuous improvement in the GovConnect environment.

This matter was assessed as high-risk, if not adequately addressed, it had the potential to result in material fraud and error in the department's financial statements and reputation damages.

This issue is further discussed later in this chapter.
2020–21 findings  
Department of Customer Service
New finding:
Change management significant control deficiencies

Revenue NSW, a division of the department has a key role in managing the State’s finances. It administers State taxes, manages fines, recovers State debt and administers grants and subsidies.

The audit team found significant control deficiencies in change management controls:

  •  appropriate system controls were not in place to restrict developers from releasing changes to the live business systems
  • 8 developers had direct access to the business application servers used for calculating and administering State taxes.

We have included this matter as a high-risk management letter finding, as the audit team could not identify mitigating controls. The system activity of these developers was also not being independently logged and monitored. This increases the risk of unauthorised system change. This can significantly affect the integrity of tax calculation, business process approvals, invalid changes to bank accounts, unauthorised refunds and write-offs. The audit team conducted a risk analysis over the relevant business processes affected by this issue and performed additional audit procedures to address the audit risk.
Rental Bond Board
Repeat finding: Accounting treatment of rental bonds held in trust

The Rental Bond Board (the Board) holds rental bonds totalling $1.7 billion at 30 June 2021. The Board treated the rental bonds off-balance sheet and disclosed the rental bonds as ‘trust funds’. This treatment is based on management’s judgement that the Board does not have control of these funds.

Previously the Board obtained advices from the Crown Solicitors who stated that in their view the rental bond funds held in the rental bond account were not moneys held in trust and the Residential Tenancies Act 2010 (the Act) should be reviewed and amended to better support its accounting treatment of rental bonds. The Board has initiated the need to amend the Act, however the implementation of the legislative amendments is still pending.

This matter was assessed as high-risk, if not adequately supported, it had the potential to result in material misstatements in the Board's financial statements.

The number of moderate risk findings increased from prior year

Fifty-nine moderate risk findings were reported in 2020–21, which was a 11.3 per cent increase from 2019–20. Of these, 26 were repeat findings, and 33 were new issues.

Moderate risk findings include:

  • weaknesses in user access management, such as untimely access removal for terminated staff, and a lack of periodic user access review
  • accounting for leases such as the review of extension options, assessing indicators of impairment and reviewing the lease reports for completeness and accuracy
  • formalising arrangements between agencies including corporate service arrangements, funding arrangements, leases, use of SAP system and computer assets
  • use of purchasing cards where our data analytics performed indicated potential gaps and controls and non-compliance with government policies.

The magnitude and number of internal control exceptions in GovConnect service providers have increased

In 2015, the NSW Government selected Unisys Australia Pty Limited’s (Unisys) as an information technology (IT) outsourced service provider and Infosys Limited (Infosys) as a business process outsourced service provider. The outsourced services arrangement was branded GovConnect NSW (GovConnect). The Department of Customer Service (the department) is the contract authority for the NSW Government. In 2019, the NSW Government transitioned a number of Unisys’ IT services progressively to the department and ceased all Unisys's IT services in May 2021. In 2020-21, Infosys, Unisys and the Department were co-providers of business processes and information technology services that constitute the GovConnect environment.

The role of the department has changed significantly from a coordinating agency on behalf of GovConnect customers to a GovConnect IT service provider. The department is responsible for the remediation of control deficiencies and continuous improvement in GovConnect internal control environment.

The department leads the project management of GovConnect services, including the arrangement to provide internal control assurance reports to customers in 2020–21. It engages an independent service auditor (service auditor) from the private sector to perform annual assurance reviews of controls at GovConnect service providers in accordance with Australian Standard on Assurance Engagements 3402 'Assurance Reports on Controls at a Service Organisation' (ASAE 3402). The service auditor reports on the internal controls at a service organisation, which are relevant to a user entity's internal control environment.

The service auditor issued eight ASAE 3402 reports covering business processes controls and information technology general controls (ITGC) provided by the service providers. Four out of eight reports were qualified, a significant increase from previous years.

The table below shows the service auditor's ASAE 3402 opinions issued in various business processes and information technology services provided by service providers for the last five years.

ASAE 3402 controls report# 2015–16^ 2016–17 2017–18 2018–19 2019–20 2020–21
Infosys Accounts receivable Qualified Unqualified Unqualified Unqualified Unqualified Qualified
Infosys Accounts payable Qualified Qualified Unqualified Unqualified Unqualified Unqualified
Infosys Fixed assets Qualified Unqualified Unqualified Unqualified Unqualified Unqualified
Infosys General ledger Qualified Qualified Unqualified Unqualified Unqualified Unqualified
Infosys Payroll Adverse Qualified Unqualified Unqualified Unqualified Unqualified
Infosys ITGC Qualified Qualified Unqualified Unqualified Unqualified Qualified
Unisys ITGC Qualified Unqualified Qualified Qualified Unqualified Qualified
The department ITGC* -- -- -- -- Qualified Qualified
ServiceFirst** Disclaimer -- -- -- -- --
# The ASAE 3402 controls reports were issued by an independent private sector service auditor appointed by the Department of Customer Service.
* Information technology services were transitioned from Unisys to the department in phases from 2019–20 to 2020–21.
** ServiceFirst was the shared service centre and its last reporting period was from 1 July 2015 to 13 December 2015.
^ GovConnect first reporting period from 14 December 2015 to 30 June 2016.

In 2020–21, the information technology services controls reports issued to the department, Infosys and Unisys were qualified. Infosys' accounts receivable business process controls report was also qualified. The audit qualifications were because:

  • the service auditor did not get access to the complete set of records processed during the financial year for several ITGC controls. The system that stored these records was hosted at Unisys. From December 2019 to 28 May 2021, the services at Unisys were progressively migrated to the department's IT environment but this system could not be migrated to the department in the required format, resulting in audit scope limitation for service auditors
  • of the deviations identified during sample testing of ITGC controls
  • the monthly follow up of outstanding receivables was not performed regularly, which was the only key control to address the timely collection of accounts receivable.

Internal control exceptions in GovConnect information and technology services require urgent remediations

The relevant controls over user access, system changes and password controls failed in all three ASAE 3402 GovConnect ITGC reports. These control failures can lead to unauthorised system access, system and configuration changes (workflow approvals, three-way match, etc.) and modifications to key reports. It increases the risk of:

  • fraud and error in the financial statements
  • ineffective segregation of duties controls
  • accuracy and completeness of system generated reports for the agencies using the SAPConnect system.

The table shows the number of ITGC control deviations compared to prior year:

Year ended 30 June 2021 2020
  Total controls tested Total number of control deviations and findings Total controls tested Total number of control deviations and findings
Infosys ITGC 41 16 35 8
Unisys ITGC 25 11 33 4
DCS ITGC 31 9 10 5

Most of these deviations were not mitigated or sufficiently mitigated to address the risk of unauthorised user access.

The service auditor identified significant areas for remediation:

  • governance arrangement of the IT services
  • user access management controls
  • SAP database controls
  • logical access
  • incident management.

In response to the internal control qualifications, the audit teams performed data analytics over payroll and accounts payable. The data analytics identified several terminated employees that were paid long after their termination dates which resulted in salary overpayments during 2020–21. While management had put processes in place to recover these overpayments, the payroll processing controls need to be improved to prevent such overpayments.

The Department of Customer Service advised that it established a ‘Control Reframe Project’ (the project) to address the internal control exceptions at GovConnect service providers. The objective of the project is to ensure the GovConnect assurance model is aligned with clear lines of responsibility and remediation actions are in place to support the delivery of services and achieve an improved outcome for future years.

Recommendation

We recommend the Department of Customer Service:

  • improve governance and internal control environment over the information technology services
  • ensure GovConnect service providers prioritise remediation actions to address internal control exceptions
  • perform a post-implementation review of the transition of the Unisys arrangement to identify lessons learnt and continuous improvement
  • develop data analytics to help analyse and identify high-risk patterns and anomalies in GovConnect key transaction systems, augmenting their existing monitoring and detective controls.

The NSW Public Sector's cyber security resilience needs urgent attention

The 2020 'Central Agencies' Report to Parliament highlighted the need for Cyber Security NSW, a business unit within the Department of Customer Service, and NSW Government agencies to prioritise improvements to their cyber security resilience as a matter of urgency. A status update of the 2020 recommendation is included in Appendix five of this report.

The Audit Office's Annual Work Program identifies cyber security as a focus area for the Audit Office in 2021–24. It outlines a three-pronged approach to auditing cyber security in this period:

  • considering how agencies are responding to the risks associated with cyber security across our financial audits across the NSW public sector
  • examining the effectiveness of cyber security planning and governance arrangements for large NSW state government agencies for our Internal Controls and Governance report
  • conducting deep-dive performance audits of the effectiveness of specific agency activities in preparing for, and responding to cyber security risks.

A performance audit 'Managing cyber risks' was tabled in Parliament in July 2021. The audit made several recommendations to audited agencies to uplift their cyber security management. It also recommended the Department of Customer Service to:

  • clarify the requirement of the NSW Cyber Security Policy (CSP) reporting to all systems
  • require agencies to report the target level of maturity for each mandatory requirement.

A compliance audit 'Compliance with the NSW Cyber Security Policy' was tabled in October 2021. The audit examined whether agencies are complying with the NSW Cyber Security Policy to ensure all NSW Government departments and public service agencies are managing cyber security risks to their information and systems.

The report found that key elements to strengthen cyber security governance, controls and culture are not sufficiently robust and not consistently applied. There has been insufficient progress to improve cyber security safeguards across NSW Government agencies. The poor levels of cyber security maturity are a significant concern. Improvement requires dedicated leadership and resourcing. To comply with some elements of the government’s policy agencies will have to invest in technical uplift and some measures may take time to implement. However, other elements of the policy do not require any investment in technology. They simply require leadership and management commitment to improve cyber literacy and culture. And they require accountability and transparency. Transparent reporting of performance is a key means to improve performance.

The report noted that the CSP was not achieving the objective of improved cyber governance, controls and culture. The compliance audit made several recommendations to Cyber Security NSW and other NSW Government agencies.

The 2021 maturity self-assessment results against the Australian Cyber Security Centre Essential 8 for the 25 largest NSW State Government agencies are reported in the 2021 'Internal Control and Governance' Report to Parliament.

Repeat recommendation

Cyber Security NSW and NSW Government agencies need to prioritise improvements to their cyber security resilience as a matter of urgency.

Management of cyber security risk

Our 2020-21 financial audit assessed whether cyber security risks represent a risk of material misstatement to the department's own financial statements. A request performance audit 'Service NSW's handling of personal information' was tabled on 18 December 2020. The audit followed two cyber security incidents that resulted in data breaches of customer information. As part of our audit procedures, we obtained an understanding of the controls the department has in place to address the risk of cyber security incidents and respond to any incidences which may have occurred during the year, including its impact on the audit.

Our assessment of the department’s own cyber risk management shows that:

  • an approved security incident response plan was not in place during the reporting period. There was a lack of testing over incident detection and monitoring process
  • a formal process over patch management that includes assessment, determining relevance and priority, timely rollout and escalation and reporting of long outstanding patches to senior management is being established.

The department provides information security services including cyber security management to cluster agencies. We found that there were insufficient communications within the Customer Service cluster over the controls and assurance over cyber security risk management. Some cluster agencies had put in place limited controls over cyber security risk management.

Recommendation

We recommend the Department of Customer Service:

  • establish an approved security incident response plan and formal process over patch management
  • improve communications with cluster agencies over the controls and assurance in cyber security management.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

Appendix five – Status of 2020 recommendations

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Health 2020

Health
Compliance
Financial reporting
Infrastructure
Internal controls and governance
Service delivery

This report analyses the results of our audits of financial statements of the Health cluster for the year ended 30 June 2020. The table below summarises our key observations.

1. Financial reporting

Financial reporting

Unqualified financial audit opinions

The financial statements of NSW Health and its 25 controlled entities received unqualified opinions.

The number of corrected and uncorrected misstatements increased from the prior year. Misstatements related predominantly to the implementation of new accounting standards, asset revaluations and accounting for new revenue streams to cover the cost of HSW Health’s response to the COVID-19 pandemic.

Qualified compliance audit opinion

We issued a qualified audit opinion for the Ministry of Health’s Annual Prudential Compliance Statement for aged care facilities operated by NSW Health. We identified 18 instances of material non-compliance with the Fees and Payments Principles 2014 (No. 2) (the Principles) in 2019–20 (30 in 2018–19).
Financial performance

NSW Health received an additional $3.3 billion in funding to cover costs associated with its response to the COVID-19 pandemic.

The impacts of the COVID-19 pandemic on the cluster were significant for health entities and included changes to operations, increased revenues, expenditure, assets and liabilities. Cancellation of elective surgery and decreased emergency department presentations meant that despite the pandemic, activity levels at many health entities decreased. Health Pathology and HealthShare were notable exceptions.

In the period to the 30 June 2020, NSW Health reported that over 900,000 COVID-19 tests were conducted. Health Pathology conducted over 500,000 of these tests. Health Pathology's surge requirements were enhanced through arrangements with 13 private sector providers. HealthShare purchased $864.2 million of personal protective equipment.

Overall, NSW Health recorded an operating surplus of $3.1 billion in 2019–20, an increase of $2.0 billion from 2018–19. As in previous years, the surplus largely resulted from additional revenue received to fund capital projects including the construction of new facilities, upgrades and redevelopments. In 2019–20 additional Commonwealth and State funding for the purchase and stockpiling of personal protective equipment also contributed to the operating surplus.
Overtime payments The Ambulance Service of NSW’s (NSW Ambulance) reduced their overtime payments to $79.7 million in 2019–20 ($83.1 million in 2018–19). Overtime payments in 2019–20 included $6.8 million related to the response to the 2019–20 bushfire season. NSW Ambulance overtime payments represent 16.8 per cent of total overtime payments in the cluster.

2. Audit observations

Internal control deficiencies

We identified more internal control deficiencies in 2019–20. The number of repeat issues from prior years also remains high.

NSW Health addressed 18 out of the 25 information system control deficiencies during the year.

Several key agreements lacked formal documentation. This included agreements between the Ministry and health entities, between health entities and agencies in other clusters and between the Ministry and health departments in other jurisdictions.
Infrastructure delivery NSW Health had 44 ongoing major capital projects at 30 June 2020 with a total revised budget of $12.3 billion. The revised total budget of $12.3 billion is $2.0 billion more than the original budget. NSW Health revises budgets when it combines project stages.

This report provides parliament and other users of the Health cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

The impacts of the COVID-19 pandemic on the cluster were significant and included changes to the operations of the health entities and increased revenue, expenditure, assets and liabilities.

As a part of this year's audits of health entities, we have considered:

  • financial implications of the COVID-19 emergency at both health entity and cluster levels
  • changes to agencies' operating models
  • agencies' access to technology and the maturity of systems and controls to prevent unauthorised and fraudulent access to data.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

The response to the COVID-19 pandemic primarily impacted the financial reporting of NSW Health through:

  • additional revenue from the State government in the form of grants and stimulus payments
  • additional revenue from the Commonwealth government under the National Partnership Agreement for COVID-19 to cover part of the cost of responding to the COVID-19 pandemic
  • increased expenses, largely due to increased payments to private health operators to maintain their viability during the COVID-19 pandemic and later to assist with public patient elective surgery waitlists and increased cleaning costs
  • increased purchases of personal protective equipment.

Chapter one outlines the impacts of NSW Health’s response to the COVID-19 pandemic. This chapter outlines our other audit observations related to the financial reporting of agencies in the Health cluster for 2020.

Section highlights

  • Unqualified audit opinions were issued for all health entities’ financial statements, although more misstatements were identified than last year.
  • NSW Health recorded an operating surplus of $3.1 billion, an increase of $2.0 billion from 2018–19. This is largely due to additional capital grants for new facilities, upgrades and redevelopments and additional Commonwealth and State funding for the purchase of personal protective equipment.
  • NSW Health’s expenses increased by 5.5 per cent in 2019–20 (7.0 per cent in 2018–19) despite the impact of the COVID-19 pandemic. The primary causes for the growth in expenses are increases in:
    • employee related expenses due to higher employee numbers, increased overtime and a 2.5 per cent award increase
    • payments to private health operators to maintain their viability during the COVID-19 pandemic and later to assist with public patient elective surgery waitlists
    • payments to private health operators due to the first full year of operation of the Northern Beaches hospital.
  • The Ambulance Service of NSW (NSW Ambulance) continued to report higher overtime payments than other health entities. However, despite the response to the 2019–20 bushfire season, their overtime payments were lower than last year. NSW Ambulance paid $79.7 million in overtime payments in 2019–20 ($83.1 million in 2018–19).
  • A qualified audit opinion was issued for the Ministry of Health’s Annual Prudential Compliance Statement for aged care facilities operated by NSW Health. There were 18 instances of material non-compliance with the Fees and Payments Principles 2014 (No. 2) (the Principles) in 2019–20 (30 in 2018–19)

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

The primary impact of the COVID-19 pandemic on the effectiveness of the internal controls of NSW Health and health entities relates to the effectiveness of controls implemented by HealthShare relating to the stocktake of personal protective equipment inventories. Inventory managed by HealthShare increased by 2,746 per cent during 2019–20. HealthShare’s inventory controls did not maintain pace with the sudden, significant increase.

The impacts of NSW Health’s response to the COVID-19 pandemic are outlined in chapter one. This chapter outlines other observations and insights from our financial statement audits of agencies in the Health cluster.

Section highlights

  • The number of internal control deficiencies has increased since 2018–19. More than a third of control deficiencies are repeat issues.
  • Control deficiencies that relate to managing employees’ leave and employee’s time recording continue to be difficult for entities to resolve, particularly during the ongoing response to the COVID-19 pandemic.
  • Several key agreements were undocumented. These included agreements between the Ministry and the health entities, between health entities, and between the Ministry and entities in other clusters and jurisdictions. These related to:
    • a loan arrangement between the Ministry and HealthShare for $319 million.
    • Northern Sydney Local Health District's use of land and buildings owned by the Graythwaite Charitable Trust
    • agreements for the treatment of New South Wales residents while they are interstate, and interstate residents receiving treatment while they are in New South Wales from Queensland, Victoria, South Australia and the ACT for both 2019–20 and 2018–19.
  • NSW Health reported that they completed nine major capital projects during 2019–20. As at 30 June 2020 there were 44 ongoing major capital health projects in NSW. The revised capital budget for these projects in total was $2.0 billion more than the original budget of $10.3 billion. NSW Health reported the budget revisions are largely the result of combining project stages.

Appendix one – List of 2020 recommendations 

Appendix two – Status of 2019 recommendations 

Appendix three – Financial data

Appendix four – Analysis of financial indicators 

Appendix five – Analysis of performance against budget

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Auditor-General’s Report to Parliament

Health 2020

11 December 2020

This corrigendum has been prepared to amend the following text within the Auditor-General’s Report to Parliament on Health 2020, dated 10 December 2020.

NSW Health emergency department treatment times

On page five the original text was as follows:

NSW Health also measures the percentage of patients whose clinical care in emergency departments is completed within four hours. The measure is used as an indicator of accessibility to public hospital services.

NSW Health aims to complete clinical care in the emergency department for 81 per cent of patients within four hours. In 2019–20 NSW Health reports it completed clinical care within four hours for 72.1 per cent of patients (a 7.3 per cent decrease from 2018–19).

At Western Sydney Local Health District, 59 per cent of patients were treated within the targeted timeframe. NSW Health attribute this to the profile of patients presenting in emergency departments and additional time taken processing COVID-19 patients to ensure staff safety.

The original text has now been changed to:

NSW Health also measures the percentage of patients with total time in the emergency department of four hours or less for each local health district. The measure is used as an indicator of accessibility to public hospital services.

Local Health Districts Target % (2019–20) Actual % (2019–20)
Central Coast 77.0 59.9
Far West 90.2 86.6
Hunter New England 81.0 72.5
Illawarra Shoalhaven 79.0 60.2
Mid North Coast 82.0 76.7
Murrumbidgee 85.3 81.9
Nepean Blue Mountains 79.0 65.5
Northern NSW 81.0 78.2
Northern Sydney 79.0 73.9
South Eastern Sydney 78.0 70.3
South Western Sydney 78.0 61.2
Southern NSW 85.0 83.0
Sydney 76.0 70.9
Sydney Children’s Hospitals Network 80.0 72.1
Western NSW 85.9 81.0
Western Sydney 78.0 59.0
St Vincent's Health Network* 75.0 65.4
* St Vincent’s Health Network Sydney (SVHNS) comprises of St Vincent’s Hospital Sydney Limited as the affiliated health organisation in respect of four recognised establishments under the Health Services Act 1997 (NSW) (Health Services Act). Under the Health Services Act, St Vincent’s Hospital Sydney Limited, is treated as a Network for the purposes of the National Health Reform Agreement in respect of the three recognised establishments: St Vincent’s Hospital, Darlinghurst; Sacred Heart Health Service, Darlinghurst; St Joseph’s Hospital, Auburn; and St Vincent's Correctional Health, Parklea.
Source: NSW Health (unaudited)

The above changes will be reflected in the version of the report published on the Audit Office website and should be considered the true and accurate version.

View our audit program
View audit program
EXPLORE
upcoming audits
Have your say
CONTRIBUTE