Refine search

Reports

26 March 2024

Published

Local Government 2023

Local Government

Asset valuation

Cyber security

Financial reporting

Fraud

Information technology

Internal controls and governance

What this report is about

Results of the local government sector financial statement audits for the year ended 30 June 2023.

Findings

Unqualified audit opinions were issued for 85 councils, eight county councils and 12 joint organisations.

Qualified audit opinions were issued for 36 councils due to non-recognition of rural firefighting equipment vested under section 119(2) of the Rural Fires Act 1997.

The audits of seven councils, one county council and one joint organisation remain in progress at the date of this report due to significant accounting issues.

Fifty councils, county councils and joint organisations missed the statutory deadline of submitting their financial statements to the Office of Local Government, within the Department of Planning, Housing and Infrastructure, by 31 October.

Audit management letters included 1,131 findings with 40% being repeat findings and 91 findings being high-risk. Governance, asset management and information technology continue to represent 65% of the key areas for improvement.

Fifty councils do not have basic governance and internal controls to manage cyber security.

Recommendations

To improve quality and timeliness of financial reporting, councils should:

adopt early financial reporting procedures, including asset valuations
ensure integrity and completeness of asset source records
perform procedures to confirm completeness, accuracy and condition of vested rural firefighting equipment.

To improve internal controls, councils should:

track progress of implementing audit recommendations, and prioritise high-risk repeat issues
continue to focus on cyber security governance and controls.

Read the PDF report

21 March 2024

Published

Regulation insights

Environment

Finance

Health

Local Government

Planning

Whole of Government

Compliance

Cyber security

Internal controls and governance

Management and administration

Procurement

Regulation

Risk

What this report is about

In this report, we present findings and recommendations relevant to regulation from selected reports between 2018 and 2024.

This analysis includes performance audits, compliance audits and the outcomes of financial audits.

Effective regulation is necessary to ensure compliance with the law as well as to promote positive social and economic outcomes and minimise risks with certain activities.

The report is a resource for public sector leaders. It provides insights into the challenges and opportunities for more effective regulation.

Audit findings

The analysis of findings and recommendations is structured around four key themes related to effective regulation:

governance and accountability
processes and procedures
data and information management
support and guidance.

The report draws from this analysis to present insights for agencies to promote effective regulation. It also includes relevant examples from recent audit reports.

In this report, we also draw out insights for agencies that provide a public sector stewardship role.

The report highlights the need for agencies to communicate a clear regulatory approach. It also emphasises the need to have a consistent regulatory approach, supported by robust information about risks and accompanied with timely and proportionate responses.

The report highlights the need to provide relevant support to regulated parties to facilitate compliance and the importance of transparency through reporting of meaningful regulatory information.

Read the PDF report

27 February 2024

Published

Effectiveness of SafeWork NSW in exercising its compliance functions

Finance

Industry

Health

Compliance

Internal controls and governance

Management and administration

Procurement

Project management

Regulation

Risk

What this report is about

This report assesses how effectively SafeWork NSW, a part of the Department of Customer Service (DCS), has performed its regulatory compliance functions for work health and safety in New South Wales.

The report includes a case study examining SafeWork NSW's management of a project to develop a realtime monitoring device for airborne silica in workplaces.

Findings

There is limited transparency about SafeWork NSW's effectiveness as a regulator. The limited performance information that is available is either subsumed within DCS reporting (or other sources) and is focused on activity, not outcomes.

As a work health and safety (WHS) regulator, SafeWork NSW lacks an effective strategic and data-driven approach to respond to emerging WHS risks.

It was slow to respond to the risk of respirable crystalline silica in manufactured stone.

SafeWork NSW is constrained by an information management system that is over 20 years old and has passed its effective useful life.

While it has invested effort into ensuring consistent regulatory decisions, SafeWork NSW needs to maintain a focus on this objective, including by ensuring that there is a comprehensive approach to quality assurance.

SafeWork NSW's engagement of a commercial partner to develop a real-time silica monitoring device did not comply with key procurement obligations.

There was ineffective governance and process to address important concerns about the accuracy of the real-time silica monitoring device.

As such, SafeWork NSW did not adequately manage potential WHS risks.

Recommendations

The report recommended that DCS should:

ensure there is an independent investigation into the procurement of the research partner for the real-time silica detector
embed a formal process to review and set its annual regulatory priorities
publish a consolidated performance report
set long-term priorities, including for workforce planning and technology uplift
improve its use of data, and start work to replace its existing complaints handling system
review its risk culture and its risk management framework
review the quality assurance measures that support consistent regulatory decisions

Read the PDF report.

Parliamentary reference - Report number #390 - released 27 February 2024

19 December 2023

Published

Health 2023

Health

Whole of Government

Asset valuation

Compliance

Financial reporting

Information technology

Internal controls and governance

Project management

Regulation

Risk

Shared services and collaboration

Workforce and capability

What this report is about

Results of the Health portfolio of agencies' financial statement audits for the year ended 30 June 2023.

The audit found

Unmodified audit opinions were issued for all Health portfolio agencies' financial statements.

The number of monetary misstatements increased in 2022–23, driven by key accounting issues, including the first-time recognition of paid parental leave and plant and equipment fair value adjustments.

The key audit issues were

NSW Health identified errors regarding the recognition and calculation of long service leave entitlements for employees with ten or more years of service that had periods of part time service in the first ten years, resulting in prior period restatements.

Comprehensive revaluation of buildings at the Graythwaite Charitable Trust found errors in the previous year's valuation, resulting in prior period restatements.

New parental leave legislation increased employee liabilities for portfolio agencies. The Ministry of Health corrected the consolidated financial statements to record parental leave liabilities for all agencies within the Health portfolio.

A repeat high-risk issue relates to processing time records by administrators that have not been reviewed prior to running the pay cycle.

Thirty per cent of reported issues were repeat issues.

The audit recommended

Portfolio agencies should ensure any changes to employee entitlements are assessed for their potential financial statements impact under the relevant Australian Accounting Standards.

Portfolio agencies should address deficiencies that resulted in qualified reports on:

the design and operation of shared service controls
prudential non-compliance at residential aged care facilities.

This report provides Parliament and other users of the Health portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Health portfolio of agencies (the portfolio) for 2023.

Section highlights

Unqualified audit opinions were issued for all portfolio agencies required to prepare general purpose financial statements.
The total number of errors (including corrected and uncorrected) in the financial statements increased compared to the prior year.
The Ministry of Health retrospectively corrected an $18.9 million adjustment in its financial statements relating to long service leave entitlements for certain employees.
Graythwaite Charitable Trust retrospectively corrected a $4.2 million adjustment in its financial statements related to prior period valuations.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines observations and insights from our financial statement audits of agencies in the Health portfolio.

Section highlights

The 2022–23 audits identified one high-risk and 57 moderate risk issues across the portfolio.
The high-risk matter related to the forced-finalisation of time records.
The total number of findings increased from 67 to 111 in 2022–23.
Thirty per cent of the issues were repeat issues. Most repeat issues related to internal control deficiencies or non-compliance with key legislation and/or central agency policies.
Forced-finalisation of time records, accounting for the new paid parental leave provision and user access review deficiencies were the most commonly reported issues.
Qualified Assurance Practitioner's reports were issued on:
- the design and operation of controls as documented by HealthShare NSW
- the Ministry's Annual Prudential Compliance Statements in relation to residential aged care facilities.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

14 December 2023

Published

Planning and Environment 2023

Planning

Environment

Industry

Asset valuation

Compliance

Financial reporting

Information technology

Infrastructure

Internal controls and governance

Management and administration

Risk

Shared services and collaboration

What this report is about

Results of the Planning and Environment portfolio financial statement audits for the year ended 30 June 2023.

The audit found

Unqualified audit opinions were issued for all completed Planning and Environment portfolio agencies. Seven audits are ongoing.

The Catholic Metropolitan Cemeteries Trust (CMCT) did not comply with its obligations under the Government Sector Finance Act 2018 (GSF Act) to prepare and submit financial statements for audit.

The Department of Planning and Environment (the department) has not yet provided their assessment of the financial reporting requirements for the 579 Category 2 Statutory Land Managers (SLMs) for 2022–23.

One-hundred-and-nineteen Commons Trusts are non-compliant with the GSF Act as they have not submitted their financial statements for audit.

We issued unqualified opinions on the Water Administration Ministerial Corporation's 2020–21, 2021–22 and 2022–23 financial statements.

The number of monetary misstatements identified in our audits decreased from 59 in 2021–22 to 51 in 2022–23, however the gross value of misstatements increased.

The key audit issues were

The former Resilience NSW and NSW Reconstruction Authority (the Authority) re-assessed the accounting implications arising from contractual agreements relating to temporary housing assets associated with the Northern Rivers Temporary Homes Program. This resulted in adjustments to recognise the associated assets and liabilities.

We continue to identify significant deficiencies in NSW Crown land information records.

The department has not been effective in addressing the differing practices for the financial reporting of rural firefighting equipment vested to councils under section 119 (2) of the Rural Fires Act 1997.

The number of findings across the portfolio reported to management increased from 132 in 2021–22 to 140 in 2022–23. Thirty per cent of issues were repeated from the prior year.

Seven high-risk issues were identified. These related to the findings outlined above, deficiencies in quality reviews of asset valuations, internal control processes and IT general controls.

The audit recommended

Recommendations were made to the department and portfolio agencies to address these deficiencies.

This report provides Parliament and other users of the Planning and Environment portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment portfolio of agencies (the portfolio) for 2023.

Section highlights

Unqualified audit opinions were issued on all completed 30 June 2023 financial statements audits of portfolio agencies. Seven audits are ongoing.
We have been unable to commence audits of the Catholic Metropolitan Cemeteries Trust (CMCT). NSW Treasury's position remains that the Catholic CMCT is a controlled entity of the State for financial reporting purposes. This means CMCT is a Government Sector Finance (GSF) agency and is obliged under Section 7.6 of the Government Sector Finance Act 2018 (GSF Act) to prepare financial statements and submit them to the Auditor-General for audit. To date, CMCT has not met its statutory obligations under the GSF Act.
The Department of Planning and Environment has not yet provided their assessment against the reporting exemption requirements in the Government Sector Finance Regulation 2018 (GSF Regulation) for the estimated 579 Category 2 Statutory Land Managers (SLMs) or 119 Commons Trusts for 2022–23 and no Category 2 SLM or Commons Trust has submitted its 2022–23

financial statements for audit. Consequently, the lack of compliance with reporting requirements by these 698 agencies presents a challenge to obtaining reliable financial data for these agencies for the purposes of consolidation to the Total State Sector Accounts.
The audits of the Water Administration Ministerial Corporation's (WAMC) financial statements for the years ended 30 June 2021 and 30 June 2022 were completed in June 2023 and unqualified audit opinions issued. The 30 June 2023 audit was completed and an unqualified audit opinion was issued on 12 October 2023.
The number of reported corrected misstatements decreased from 46 in 2021–22 to 36, however the gross value of misstatements increased from $73 million in 2021–22 to $491.8 million in 2022–23.
Portfolio agencies met the statutory deadline for submitting their 2022–23 early close financial statements and other mandatory procedures.
A change to the NSW paid parental leave scheme, effective October 2023, created a new legal obligation that needed to be recognised by impacted government agencies. Impact to the agencies' financial statements were not material.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the portfolio.

Section highlights

The number of findings across the portfolio reported to management increased from 132 in 2021–22 to 140 in 2022–23 and 30% were repeat issues (34% in 2021–22).
The 2022–23 audits identified seven high-risk and 76 moderate risk issues across the portfolio. Four of the high-risk issues were repeat issues, one was a repeat issue with the risk rating reassessed to high-risk in the current year and two were new findings in 2022–23.
The former Resilience NSW and NSW Reconstruction Authority had previously assessed that they did not control the temporary housing assets associated with the administration of the Northern Rivers Temporary Homes Program, under relevant accounting standards. A re-assessment of the agreements was made subsequent to the submission of the Authority’s 2022–23 financial statements for audit, which determined that the Authority was the appropriate NSW Government agency to recognise these assets and associated liabilities not previously recognised by the Authority or the former Resilience NSW.
There continues to be significant deficiencies in Crown land records. The department should continue to implement their data strategy and action plan to ensure the Crown land database is complete and accurate.
Since 2017, the Audit Office has recommended that the department, through OLG should address the differing practices for the financial reporting of rural firefighting equipment vested to councils under section 119 (2) of the Rural Fires Act 1997. The department has not been effective in resolving this issue. In 2023, twenty-six of 108 completed audits of councils received qualified audit opinions on their 2023 financial statements (43 of 146 completed audits in 2022). Six councils had their qualifications for not recognising vested rural firefighting equipment removed in 2022–23.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

29 November 2023

Published

Regional NSW 2023

Industry

Environment

Planning

Whole of Government

Asset valuation

Compliance

Cyber security

Financial reporting

Fraud

Information technology

Infrastructure

Procurement

Regulation

Risk

Service delivery

Shared services and collaboration

What this report is about

Results of the Regional NSW financial statements audits for the year ended 30 June 2023.

What we found

Unqualified audit opinions were issued on all completed audits in the Regional NSW portfolio agencies.

The number of monetary misstatements identified in our audits increased from 28 in 2021–22 to 30 in 2022–23.

What the key issues were

Effective 1 July 2023, staff employed in the Northern Rivers Reconstruction Corporation Division of the Department of Regional NSW transferred to the NSW Reconstruction Authority Staff Agency.

The Regional NSW portfolio agencies were migrated into a new government wide enterprise resourcing planning system.

The total number of audit management letter findings across the portfolio of agencies decreased from 36 to 23.

A high risk matter was raised for the NSW Food Authority to improve the internal controls in the information technology environment including monitoring and managing privilege user access.

What we recommended

Local Land Services should prioritise completing all mandatory early close procedures.

Portfolio agencies should:

ensure any changes to employee entitlements are assessed for their potential financial statements impact under the relevant Australian Accounting Standards
prioritise and address internal control deficiencies identified in audit management letters.

This report provides Parliament and other users of the Regional NSW portfolio of agencies financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Regional NSW portfolio of agencies (the portfolio) for 2023.

Section highlights

Unqualified audit opinions were issued on all completed 30 June 2023 financial statements audits of the portfolio agencies. Two audits are ongoing.
The total number of errors (including corrected and uncorrected) in the financial statements increased compared to the prior year.
Portfolio agencies met the statutory deadline for submitting their 2022–23 early close financial statements and other mandatory procedures.
Portfolio agencies continue to provide financial assistance to communities affected by natural disasters.
A change to the NSW paid parental leave scheme, effective October 2023, created a new legal obligation that needed to be recognised by impacted government agencies. Impact to the agencies' financial statements were not material.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Regional NSW portfolio.

Section highlights

The 2022–23 audits identified one high risk and nine moderate risk issues across the portfolio. Of these, one was a moderate risk repeat issue.
The total number of findings decreased from 36 to 23 which mainly related to deficiencies in internal controls.
The high risk matter relates to the monitoring and managing of privilege user access at NSW Food Authority.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

27 June 2023

Published

State heritage assets

Environment

Local Government

Planning

Compliance

Management and administration

Regulation

Risk

What the report is about

This audit assessed how effectively the Department of Planning and Environment (Heritage NSW) is overseeing and administering heritage assets of state significance.

Heritage that is rare, exceptional or outstanding to New South Wales may be listed on the State Heritage Register under the Heritage Act 1977. This provides assets with legal recognition and protection. Places, buildings, works, relics, objects and precincts can be listed, whether in public or private ownership.

Heritage NSW has administrative functions and regulatory powers, including under delegation from the Heritage Council of NSW, relevant to the listing, conservation and adaptive re-use of heritage assets of state significance.

In summary, the audit assessed whether Heritage NSW:

is effectively administering relevant advice and decisions
is effectively supporting and overseeing assets
has established clear strategic priorities and can demonstrate preparedness to implement these.

What we found

Heritage NSW does not have adequate oversight of state significant heritage assets, presenting risks to its ability to promote the objects of the Heritage Act.

Information gaps and weaknesses in quality assurance processes limit its capacity to effectively regulate activities affecting assets listed on the State Heritage Register.

Heritage NSW has adopted a focus on customer service and recently improved its timeliness in providing advice and making decisions about activities affecting listed assets. But Heritage NSW has not demonstrated how its customer-focused priorities will address known risks to its core regulatory responsibilities.

Listed assets owned by government entities are often of high heritage value. Heritage NSW could do more to promote effective heritage management among these entities.

What we recommended

The report made eight recommendations to Heritage NSW, focusing on:

improving quality assurance over advice and decisions
improving staff guidance and training
defining and maintaining data in the State Heritage Register
clarifying its regulatory intent and approach
sector engagement and interagency capability to support heritage outcomes.

The Heritage Act 1977 (the Heritage Act) and accompanying regulation provide the legal framework for the identification, conservation and adaptive re-use of heritage assets in New South Wales.

The Department of Planning and Environment (Heritage NSW) has responsibility for policy, legislative and program functions for state heritage matters, including supporting the Minister for Heritage to administer the Heritage Act.

Heritage assets that are rare, exceptional or outstanding beyond a local area or region may be listed on the State Heritage Register under the Heritage Act. These assets include places, buildings, works, relics, moveable objects and precincts, and assets that have significance to Aboriginal communities in New South Wales. Assets nominated for and listed on the State Heritage Register ('listed assets') may be owned privately or publicly, including by local councils and state government entities.

The Heritage Act establishes the Heritage Council of NSW (the Heritage Council) to undertake a range of functions in line with its objectives. Heritage NSW provides administrative support to the Heritage Council, for example providing advice on assets that have been nominated for listing on the State Heritage Register. Many of Heritage NSW’s core activities also relate to exercising functions and powers under delegation from the Heritage Council. These include making administrative decisions about works affecting listed assets, and exercising powers to regulate asset owners’ compliance with requirements under the Heritage Act.

Heritage NSW states that heritage:

…gives us a sense of our history and provides meaningful insights into how earlier generations lived and developed. It also enriches our lives and helps us to understand who we are.

According to Heritage NSW, an effective heritage system will facilitate the community in harnessing the cultural and economic value of heritage.

The objective of this audit was to assess how effectively the Department of Planning and Environment (Heritage NSW) is overseeing and administering heritage assets of state significance.

For this audit, ‘heritage assets of state significance’ refers to items (including a place, building, work, relic, moveable object or precinct) listed on the State Heritage Register ('listed assets'), and those which have been nominated for listing.

Conclusion

The Department of Planning and Environment (Heritage NSW) does not have adequate oversight of state significant heritage assets. Information gaps and weaknesses in certain assurance processes limit its capacity to effectively regulate activities affecting assets listed on the State Heritage Register. These factors also constrain its ability to effectively support voluntary compliance and promote the objects of the Heritage Act, which include encouraging conservation and adaptive re-use.

Heritage NSW has adopted a focus on customer service and recently improved the timeliness of its advice and decisions on activities affecting listed assets. But Heritage NSW has not demonstrated how its customer service priorities will address known risks to its regulatory responsibilities. It could also do more to enable and promote effective heritage management among state government entities that own listed assets.

The information that Heritage NSW maintains about assets listed on the State Heritage Register ('listed assets') is insufficient for its regulatory and owner engagement purposes. Data quality and completeness issues have arisen since the register was established in 1999. But Heritage NSW's progress to address important gaps in the register, and its other information systems, has been limited in recent years. These gaps limit Heritage NSW’s capacity to detect compliance breaches early and implement risk-based regulatory responses, and to strategically target its owner engagement activities to promote conservation and re-use.

Heritage NSW makes decisions on applications for works on listed assets, requiring technical skills and professional judgement. But Heritage NSW does not provide its staff with adequate guidance to ensure that consistent approaches are used, and it lacks sufficient quality assurance processes. There are similar weaknesses in Heritage NSW's oversight of decisions on applications that are delegated to other government entities.

Heritage NSW has prioritised the implementation of customer service-focused activities, policies, and programs to reduce regulatory burdens on asset owners since 2017. For example, Heritage NSW has refreshed its website, introduced new information management systems, and implemented new regulation for the self-assessment of exemptions for minor works. However, Heritage NSW has not taken steps to mitigate oversight and quality risks introduced with the reduced regulatory burdens. Heritage NSW has made some, but to date insufficient, progress on a key project to update its publications. These documents (over 150 publications) are intended to play an important role in promoting voluntary compliance and supporting heritage outcomes. Heritage NSW started a new project to update relevant publications in April 2023.

Heritage NSW has recently implemented processes to improve its efficiency, such as screening new nominations for listing on the State Heritage Register. Heritage NSW has also reported improvements in the time it takes to decide on applications for works affecting listed assets. In the third quarter of 2022–23, 87% of decisions were made within the statutory timeframes. This compares to 48% in 2021–22. Heritage NSW has similarly improved how quickly it provides heritage advice on major projects, with 90% of advice reported as delivered on time in the third quarter of 2022–23, compared to 44% in 2020–21.

Assets owned by state government entities comprise a large proportion of State Heritage Register listings. These assets are often of high heritage value or situated within large and complex precincts or portfolios. But Heritage NSW does not implement targeted capability building activities to support good practice heritage management among state government entities and to promote compliance with their obligations under the Heritage Act.

The expected interaction between Heritage NSW's strategic plans and activities, and the priorities of the Heritage Council of NSW, is unclear. Actions to clarify the relevant governance arrangements have also been slow following a review in 2020 but this work re-commenced in late 2022.

Heritage NSW has been progressing work to draft reforms to the Heritage Act. This follows recommendations made in a 2021 Upper House Inquiry into the Heritage Act. To build preparedness for future reforms, Heritage NSW will need to do more to address the risks and opportunities identified in this audit report. In particular, it will need to ensure it has sufficient information and capacity to implement a risk-based regulatory approach; clear and effective governance arrangements with the Heritage Council of NSW; and enhanced engagement with government entities to promote the conservation and adaptive re-use of listed assets in public ownership.

This chapter assesses the effectiveness of Heritage NSW's oversight of state heritage assets, including its visibility of listed assets, and its oversight of regulatory decision-making. It also assesses Heritage NSW's activities to engage with owners to meet their obligations under the Heritage Act and to support heritage outcomes.

This chapter assesses the timeliness of Heritage NSW’s provision of advice, recommendations, and decisions on heritage issues to support heritage management outcomes with respect to listed assets.

This chapter assesses whether the Department of Planning and Environment (Heritage NSW) has established clear strategic priorities to effectively oversee and administer activities related to listed assets, and its preparedness to implement reforms. It also assesses the adequacy of planning activities and governance arrangements to support the achievement of strategic directions.

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

Parliamentary reference - Report number #384 - released 27 June 2023

23 June 2023

Published

Management of the Critical Communications Enhancement Program

Finance

Health

Justice

Whole of Government

Cyber security

Information technology

Infrastructure

Internal controls and governance

Project management

Risk

Service delivery

Shared services and collaboration

What the report is about

Effective radio communications are crucial to NSW's emergency services organisations.

The Critical Communications Enhancement Program (CCEP) aims to deliver an enhanced public safety radio network to serve the five emergency services organisations (ESOs), as well as a range of other users.

This report assesses whether the NSW Telco Authority is effectively managing the CCEP.

What we found

Where it has already been delivered (about 50% of the state), the enhanced network meets most of the requirements of ESOs.

The CCEP will provide additional infrastructure for public safety radio coverage in existing buildings agreed to with ESOs. However, radio coverage inside buildings constructed after the CCEP concludes will be at risk because building and fire regulations do not address the need for in-building public safety radio coverage.

Around 98% of radios connected to the network can be authenticated to protect against cloning, though only 42% are.

The NSW Telco Authority has not settled with ESOs on how call encryption will be used across the network. This creates the risk that radio interoperability between ESOs will not be maximised.

When completed, the public safety radio network will be the only mission critical radio network for ESOs. It is unclear whether governance for the ongoing running of the network will allow ESOs to participate in future network operational decisions.

The current estimated capital cost for the NSW Telco Authority to complete the CCEP is $1.293 billion. This is up from an estimated cost of $400 million in 2016. The estimated capital cost was not publicly disclosed until $1.325 billion was shown in the 2021–22 NSW Budget Papers.

We estimate that the full cost to government, including costs to the ESOs, of implementing the enhanced network is likely to exceed $2 billion.

We made recommendations about

The governance of the enhanced Public Safety Network (PSN) to support agency relationships.
The need to finalise a Traffic Mitigation Plan for when the network is congested.
The need to provide advice to the NSW Government about the regulatory gap for ensuring adequate network reach in future buildings.
The need to clarify how encryption and interoperability will work on the enhanced network.
The need for the NSW Telco Authority to comply with its policy on Infrastructure Capacity Reservation.
Expediting measures to protect against the risk of cloning by unauthenticated radios.

Public safety radio networks are critical for operational communications among Emergency Services Organisations (ESOs), which in New South Wales include:

NSW Ambulance
Fire and Rescue NSW
NSW Police Force
NSW Rural Fire Service
NSW State Emergency Service.¹

Since 1993, these five ESOs have had access to a NSW Government owned and operated radio communications network, the Public Safety Network (PSN), to support their operational communications. Around 60 to 70 other entities also have access to this network, including other NSW government entities, Commonwealth government entities, local councils, community organisations, and utility companies.

Pursuant to the Government Telecommunications Act 2018 ('the Act'), the New South Wales Government Telecommunications Authority ('NSW Telco Authority') is responsible for the establishment, control, management, maintenance and operation of the PSN.²

Separate to the PSN, all ESOs and other government entities have historically maintained their own radio communication capabilities and networks. Accordingly, the PSN has been a supplementary source of operational radio communications for these entities.

These other radio networks maintained by ESOs and other entities are of varying size and capability, with many ageing and nearing their end-of-life. There was generally little or no interoperability between networks, infrastructure was often co-located and duplicative, and there were large gaps in geographic coverage.

In 2016, the NSW Telco Authority received dedicated NSW Government funding to commence the Critical Communications Enhancement Program (CCEP).

According to NSW Telco Authority's 2021–22 annual report, the CCEP is a transformation program for operational communications for NSW government agencies. The CCEP '…aims to deliver greater access to public safety standard radio communications for the State’s first responders and essential service agencies'. The objective of CCEP is to consolidate the large number of separate radio networks that are owned and operated by various NSW government entities and to enhance the state’s existing shared PSN. The program also aims to deliver increased PSN coverage throughout New South Wales.

The former NSW Government intended that as the enhanced PSN was progressively rolled-out across NSW, ESOs would migrate their radio communications to the enhanced network, before closing and decommissioning their own networks.

About this Audit

This audit assessed whether the CCEP is being effectively managed by the NSW Telco Authority to deliver an enhanced PSN that meets ESOs' requirements for operational communications.

We addressed the audit objective by answering the following two questions:

Have agreed ESO user requirements for the enhanced PSN been met under day-to-day and emergency operational conditions?
Has there been adequate transparency to the NSW Government and other stakeholders regarding whole-of-government costs related to the CCEP?

In answering the first question, we also considered how the agreed user requirements were determined. This included whether they were supported by evidence, whether they were sufficient to meet the intent of the CCEP (including in considering any role for new or alternative technologies), and whether they met any relevant technical standards and compliance obligations (including for cyber security resilience).

While other NSW government agencies and entities use the PSN, we focused on the experience of the five primary ESOs because these will be the largest users of the enhanced PSN.

Both the cost and time required to complete the CCEP roll-out have increased since 2016. While it was originally intended to be completed in 2020, this is now forecast to be 2027. Infrastructure NSW has previously assessed the reasons for the increases in time and cost. A summary of the findings made by Infrastructure NSW is presented in Chapter 1 of this report. Accordingly, as these matters had already been assessed, we did not re-examine them in this performance audit.

The auditee for this performance audit is the NSW Telco Authority, which is a statutory authority within the Department of Customer Service portfolio.

In addition to being responsible for the operation of the PSN, section 5 of the Act also prescribes that the NSW Telco Authority is:

to identify, develop and deliver upgrades and enhancements to the government telecommunications network to improve operational communications for government sector agencies
to develop policies, standards and guidelines for operational communications using telecommunications networks.

The NSW Telco Authority Advisory Board is established under section 10 of the Act. The role of the board is to advise the NSW Telco Authority and the minister on any matter relating to the telecommunications requirements of government sector agencies and on any other matter relating to the functions of the Authority. As of 2 June 2023, the responsible minister is the Minister for Customer Service and Digital Government.

The five identified ESOs are critical stakeholders of the CCEP and therefore they were consulted during this audit. However, the ESOs were not auditees for this performance audit.

Conclusion

In areas of New South Wales where the enhanced Public Safety Network has been implemented under the Critical Communications Enhancement Program, the NSW Telco Authority has delivered a radio network that meets most of the agreed requirements of Emergency Services Organisations for routine and emergency operations.

In April 2023, the enhanced Public Safety Network (PSN) was approximately 50% completed. In areas where it is used by Emergency Services Organisations (ESOs), the PSN generally meets agreed user requirements. This is demonstrated through extensive performance monitoring and reporting, which shows that agreed performance standards are generally achieved. Reviews by the NSW Government and the NSW Telco Authority found that the PSN performed effectively during major flood events in 2021 and 2022.

Where it is completed, PSN coverage is generally equal to or better than each ESO's individual pre-existing coverage. The NSW Telco Authority has a dedicated work program to address localised coverage gaps (or 'blackspots') in those areas where coverage has otherwise been substantively delivered. Available call capacity on the network far exceeds demand in everyday use. Any operational issues that may occur with the PSN are transparent to ESOs in real time.

The NSW Telco Authority consulted extensively with ESOs on requirements for the enhanced PSN, with relatively few ESO requirements not being included in the specifications for the enhanced PSN. Lessons from previous events, including the 2019–20 summer bushfires, have informed the design and implementation of the enhanced PSN (such as the need to ensure adequate backup power supply to inaccessible sites). The network is based on the Project 25 technical standards for mission-critical radio communications, which is widely-accepted in the public safety radio community throughout Australia and internationally.

There is no mechanism to ensure adequate radio coverage within new building infrastructure after the CCEP concludes, but the NSW Telco Authority and ESOs have agreed an approach to prioritise existing in-building sites for coverage for the duration of the CCEP.

The extent to which the PSN works within buildings and other built structures (such as railway tunnels) is of crucial importance to ESOs, especially the NSW Police Force, NSW Ambulance, and Fire and Rescue NSW. This is because a large proportion of their operational communications occurs within buildings.

There is no mechanism to ensure the adequacy of future in-building coverage for the PSN in new or refurbished buildings after the CCEP concludes. Planning, building, and fire regulations are silent on this issue. We note there are examples in the United States of how in-building coverage for public safety radio networks can be incorporated into building or fire safety codes.

In regard to existing buildings, it is not possible to know whether a building requires its own in-building PSN infrastructure until nearby outside radio sites, including towers and antennae, have been commissioned into the network. Only then can it be determined whether their radio transmissions are capable of penetrating inside nearby buildings. Accordingly, much of this work for in-building coverage cannot be done until outside radio sites are finished and operating.

In March 2023, the NSW Telco Authority and ESOs agreed on a list of 906 mandatory and 7,086

non-mandatory sites for in-building PSN coverage. Most of these sites will likely be able to receive radio coverage via external antennae and towers, however this cannot be confirmed until those nearby external PSN sites are completed. The parties also agreed on an approach to prioritising those sites where coverage is needed but not provided by antennae and towers. Available funding will likely only extend to ensuring coverage in sites deemed mandatory, which is nonetheless expected to meet the overall benchmark of achieving 'same or better' coverage than what ESOs had previously.

There is a risk that radio interoperability between ESOs will not be maximised because the NSW Telco Authority has not settled with ESOs how encryption will be used across the enhanced PSN.

End-to-end encryption of radio transmissions is a security feature that prevents radio transmissions being intercepted or listened to by people who are not meant to. The ability of the PSN to provide end-to-end encryption of operational communications is of critical importance to the two largest prospective users of the PSN: the NSW Police Force and NSW Ambulance. Given that encryption excludes other parties that do not have the requisite encryption keys, its use creates an obstacle to achieving a key intended benefit of the CCEP, that is a more interoperable PSN, where first responders are better able to communicate with other ESOs.

Further planning and collaboration between PSN participants are necessary to consider how these dual benefits can be achieved, including in what operational circumstances encrypted interoperability is necessary or appropriate.

The capital cost to the NSW Telco Authority of the CCEP, originally estimated at $400 million in 2016, was not made public until the 2021–22 NSW Budget disclosed an estimate of $1.325 billon.

The estimated capital cost to complete all stages of the CCEP increased over time. This increasing cost was progressively disclosed to the NSW Government through Cabinet processes between 2015–16 and 2021–22.

In 2016, the full capital cost to the NSW Telco Authority of completing the CCEP was estimated to be $400 million. This estimated cost was not publicly disclosed, nor were subsequent increases, until the cost of $1.325 billion was publicly disclosed in the 2021–22 NSW Budget (revised down in the 2022–23 NSW Budget to $1.293 billion).

There has been no transparency about the whole-of-government cost of implementing the enhanced PSN through the CCEP.

In addition to the capital costs incurred directly by the NSW Telco Authority for the CCEP, ESOs have incurred costs to maintain their own networks due to the delay in implementing the CCEP. The ESOs will continue to incur these costs until they are able to fully migrate to the enhanced PSN, which is expected to be in 2027. These costs have not been tracked or reported as part of transparently accounting for the whole-of-government cost of the enhanced PSN. This is despite Infrastructure NSW in 2019 recommending to the NSW Telco Authority that it conduct a stocktake of such costs so that a whole-of-government cost impact is available to the NSW Government.

¹The definition of 'emergency services organisation' is set out in the State Emergency and Rescue Management Act 1989 (NSW). In addition to the five ESOs discussed in this report, the definition also includes: Surf Life Saving New South Wales; New South Wales Volunteer Rescue Association Inc; Volunteer Marine Rescue NSW; an agency that manages or controls an accredited rescue unit; and a non-government agency that is prescribed by the regulations for the purposes of this definition.
²Section 15(1) of the Government Telecommunications Act 2018 (NSW).

The NSW Telco Authority established and tracked its own costs for the CCEP

Over the course of the program from 2016, the NSW Telco Authority prepared a series of business cases and program reviews that estimated its cost of implementing the program in full, including those shown in Exhibit 6 below.

Exhibit 6: Estimated costs to fully implement the CCEP
Source	Capital cost ($ million)	Operating cost ($ million)	Completion date
March 2016 business case	400	37.3	2020
November 2017 internal review	476.7	41.7	2022
March 2020 business case	950–1,050	--	2025
October 2020 business case	1,263.1	56.1	2026

Source: CCEP business cases as identified.

In response to the 2016 CCEP business case, the then NSW Government approved the NSW Telco Authority implementing the CCEP in full, with funding provided in stages. The NSW Telco Authority tracked its costs against approved funding, with monthly reports provided to the multi-agency Program Steering Committee

Throughout the program, the NSW Government was informed of increasing costs being incurred by the NSW Telco Authority for the CCEP

The various business cases, program updates, and program reviews prepared by the NSW Telco Authority were provided to the NSW Government through the required Cabinet process when seeking approval for the program proceeding and requests for both capital and operational funding. These provided clear indication of the changing overall cost of the CCEP to the NSW Telco Authority, as well as the delays that were being experienced.

There was no transparency to the Parliament and community about changes in the capital cost of the CCEP until the 2021–22 NSW Budget

As the business cases for the CCEP were not publicly available, the only sources of information about capital cost were NSW Budget papers and media releases. The information provided in the annual Budget papers prior to the 2021–22 NSW Budget provided no visibility of the estimated full capital cost to complete all stages of the CCEP. As shown in Exhibit 7 below, this information was fragmented and complex.

Media releases about the progress of the CCEP did not provide the estimated total cost to the NSW Telco Authority of $1.325 billion to complete all stages of the CCEP until June 2021. Prior to this date, media releases only provided funding for the initial stages of the program or for the stages subject to a funding announcement.

Even during the September 2019 and March 2020 Parliamentary Estimate Committee hearings where the costings and delays to the CCEP were raised, the estimated full cost of the CCEP was not revealed.

Exhibit 7: CCEP funding in NSW Budget papers from 2015–16 to 2022–23
Financial year	Type of major work	Description of expenditure	Forecast estimate to complete ($ million)	Estimated duration
2015–16	New work	Infrastructure Rationalisation Program: Planning and Pilot	18.3	2015–16
2016–17	Work in progress	CCEP Planning and Pilot	18.3	2015–17
2016–17	New work	CCEP	45	2016–17
2017–18	New work	CCEP	190.75	2017–21
2018–19	Work in progress	CCEP North Coast and State-wide Detailed Design	190.75	2017–21
2018–19	New work	CCEP Greater Metropolitan Area	236	2018–22
2019–20	Work in progress	CCEP	426.9	2018–22
2020–21	Work in progress	CCEP	664.8	2018–22
2021–22	Work in progress	CCEP	1,325	2018–26
2022–23	Work in progress	CCEP	1,292.8	2018–26

Source: NSW Treasury, Annual State Budget Papers.

The original business case for the CCEP included estimated ESO costs, though these costs were not tracked throughout the program

Estimates for ESO costs for operating and maintaining their own radio networks over the four years from 2016–17 were included in the original March 2016 business case. They included $75.2 million for capital expenditure and $95 million for one-off operating costs. These costs, as well as costs incurred by ESOs due to the delay in the program, were not subsequently tracked by the NSW Telco Authority.

In January 2017, Infrastructure NSW reviewed the CCEP business case of March 2016. In this review, Infrastructure NSW recommended that the NSW Telco Authority identify combined and apportioned costs and cashflow for all ESOs over the CCEP funding period reflecting all associated costs to deliver the CCEP. These to include additional incidental capital costs accruing to ESOs, transition and migration to the new network and the cost (capital and operational) of maintaining existing networks. This recommendation was implemented in the November 2017 program review, with ESO capital costs estimated as $183 million.

In 2019, Infrastructure NSW conducted a Deep Dive Review on the progress of the CCEP. In this review, Infrastructure NSW made what it described as a 'critical recommendation' that the NSW Telco Authority:

…coordinate a stocktake of the costs of operational bridging solutions implemented by PSAs [ESOs] as a result of the 18-month delay, so that a whole-of-government cost impact is available to the NSW Government.

It should be noted that the delay to CCEP completion now is seven years and that further ‘operational bridging solutions’ have been needed by the ESOs.

'Stay Safe and Keep Operational' costs incurred by ESOs will be significantly higher than originally estimated

Stay Safe and Keep Operational (SSKO) funding was established to provide funding to ESOs to maintain their legacy networks while the CCEP was refreshing and enhancing the PSN. This recognised that much of the network infrastructure relied on by ESOs had reached – or was reaching – obsolescence and would either require extensive maintenance or replacement before the PSN was available for ESOs to migrate to it. ESOs may apply to NSW Treasury for SSKO funding, with their specific proposals being reviewed (and endorsed, where appropriate) by the NSW Telco Authority. Accordingly, SSKO expenditure does not fall within the CCEP budget allocation.

As shown in the table below, extracted from the March 2016 CCEP business case, the total expected cost for SSKO purposes over the course of the CCEP was originally $40 million, assuming the enhanced PSN would be fully available by 2020.

Exhibit 8: Stay Safe and Keep Operational forecast costs, 2017 to 2020
Year	2017	2018	2019	2020	Total
SSKO forecast ($ million)	12.5	15	10	2.5	40

Source: March 2016 CCEP business case.

In October 2022, the expected completion date for the CCEP was re-baselined to August 2027. Accordingly, ESOs will be required to continue to maintain their radio networks using legacy equipment for seven years longer than the original 2020 forecast. This will likely become progressively more expensive and require additional SSKO funding. For example, NSW Telco Authority endorsed SSKO bids for 2022–23 exceeded $35 million for that year alone.

Compared to the original forecast made in the March 2016 CCEP business case of $40 million, we found ESOs had estimated SSKO spending to 2027 will be $292.5 million.

A refresh of paging network used by ESOs and the decommissioning of redundant sites were both removed from the original 2016 scope of the CCEP

Paging

A paging network is considered an important user requirement by the Fire and Rescue NSW, NSW Rural Fire Service, and NSW State Emergency Service. The 2016 CCEP business case included a paging network refresh within the program scope of works. This was reiterated in the November 2017 internal review of the program. These documents did not estimate a cost for this refresh. The March 2020 and October 2020 business cases excluded paging from the program scope. The audit is unable to identify when, why or by whom the decision was made to remove paging from the program scope, something that was also not well communicated to the affected ESOs.

In 2021, after representations from the affected ESOs, the NSW Telco Authority prepared a separate business case for a refresh of the paging network at an estimated capital cost of $60.31 million. This program was subsequently approved by the NSW Government and included in the 2022–23 NSW Budget.

In determining an estimated full whole-of-government cost of delivering the enhanced PSN, we have included the budgeted cost of the paging network refresh on the basis that:

it was expressly included in the original approved March 2016 business case
the capability is deemed essential to the needs of three ESOs.

Decommissioning costs

The 2016 CCEP business case included cost estimates for decommissioning surplus sites (whether ‘old’ GRN sites or sites belonging to ESOs’ own networks). These estimates were provided for both the NSW Telco Authority ($38 million) and for the ESOs ($55 million). However, while these estimates were described, they were not included as part of the NSW Telco Authority's estimated capital cost ($400 million) or (more relevantly) operating cost ($37.3 million) for the CCEP. This is despite decommissioning being included as one of eight planned activities for the rollout of the program.

In the October 2020 business case, an estimate of $201 million was included for decommissioning agency networks based on a model whereby:

funding would be coordinated by the NSW Telco Authority
scheduling and reporting through an inter-agency working group and
where appropriate, agencies would be appointed as the most appropriate decommissioning party.

This estimated cost is not included in the CCEP budget.

In determining an estimated full whole-of-government cost of the enhanced PSN, we have included the estimated cost of decommissioning on the basis that:

decommissioning was included in the 2016 CCEP business case as one of eight 'planned activities for the rollout of the program'
effective decommissioning of surplus sites and equipment (including as described in the business case as incorporating asset decommissioning, asset re-use, and site make-good) is an inherent part of the program management for an enhanced PSN
costs incurred in decommissioning are entirely a consequence of the CCEP program.

The estimated minimum cost of building an enhanced PSN consistent with the original proposal is over $2 billion

We have derived two estimated minimum whole-of-government costs for delivering an enhanced PSN. These are:

$2.04 billion when calculated from NSW Telco Authority data – shown as estimate A in Exhibit 9 below.
$2.26 billion when calculated from ESO supplied data – shown as estimate B in Exhibit 9.

Both totals include:

budgeted amounts for both CCEP capital expenditure ($1,292.8 million) and operating expenditure ($139 million)
the NSW Telco Authority's 2020 estimated cost for decommissioning ($201 million)
the NSW Telco Authority's approved funding for paging refresh ($60.3 million).

The two estimated totals primarily vary around the capital expenditure of ESOs (particularly SSKO funding). To determine these costs, we used ESO provided actual SSKO costs to date, as well as their estimates for maintaining their legacy radio networks through to 2027.

The equivalent cost estimates from the NSW Telco Authority were sourced from the November 2017 internal review and the October 2020 business case for CCEP. It should be noted that the amounts for both estimates are not audited, or verified, but do provide an indication of how whole-of-government costs have grown over the course of the program.

The increase in and reasons for the increase in total CCEP costs (capital and one-off operating) incurred or forecast by the NSW Telco Authority (from $437.3 million in 2016 to $1,431.8 million in 2022) have been provided to the NSW Government through various business cases and reviews prepared by the NSW Telco Authority, as well as by reviews conducted by Infrastructure NSW as part of its project assurance responsibilities.

However, the growth in ESO costs and other consequential costs, such as paging and decommissioning, from around $263 million in the 2016 CCEP business case to between $600 million and $800 million, has to a large degree remained invisible and unexplained to the NSW Government and other stakeholders

Exhibit 9: Estimated whole-of-government costs of the enhanced PSN
	Estimated whole-of-government cost, over time
Cost type	2016¹	2017²	2020³	2023–Estimate A⁴	2023–Estimate B⁵
Cost type	$ million	$ million	$ million	$ million	$ million
CCEP capital expenditure	400^a	476.7^b	1,263.1^c	1,292.8^d	1,292.8^d
CCEP operating expenditure	37.3^a	41.7^b	41.5^e	139^d	139^d
CCEP total	437.3	518.4	1,304.6	1,431.8	1,431.8
ESO capital expenditure	75.2^a,f	183^b,e	75.4^e	258.4^g	292.5
ESO one-off operating expenditure	93^a	n.a.^l	86.5^e	86.5^h	273
ESO total	168.2	183	161.9	344.9	565.5
Paging	n.a.ⁱ	n.a.ⁱ	n.a.^j	60.3^k	60.3^k
Decommissioning	93	n.a.^l	201.0	201^h	201
Paging and decommissioning total	93	n.a.	201	261.3	261.3
Whole-of-government total	698.5	701.4	1,667.5	2,038	2,258.6

Notes:

Financial year 2016 to Financial year 2020.
Financial year 2016 to Financial year 2021.
Financial year 2016 to Financial year 2025.
Financial year 2016 to Financial year 2026.
Financial year 2022 to Financial year 2025.
Stay Safe and Keep Operational (SSKO) costs plus terminals costs.
November 2017 internal review and October 2020 Business case.
October 2020 Business case.
Included in CCEP capital expenditure at that time.
By 2020, a refresh of the paging network had been removed from the CCEP scope.
A separate business case for a refresh of the paging network was approved by government in 2022.
Figure not included in the source document.

Sources:

March 2016 CCEP business case.
November 2017 Internal Review conducted by the NSW Telco Authority.
October 2020 CCEP business case.
Derived from business cases, with ESO costs drawn from NSW Telco Authority data.
Derived from business cases, with ESO costs based on data provided to the Audit Office of New South Wales by each of the five ESOs.

Appendix one – Response from agency

Appendix two – Trunked public safety radio networks

Appendix three – About the audit

Appendix four – Performance auditing

Parliamentary reference - Report number #383 - released 23 June 2023

22 June 2023

Published

Regulation of public native forestry

Environment

Industry

Compliance

Management and administration

Regulation

Risk

What this report is about

The Forestry Corporation of NSW (FCNSW) is a state-owned corporation that manages over two million hectares of public native forests and plantations supplying timber to sawmills across NSW.

The NSW Environment Protection Authority (EPA) is responsible for regulating the native forestry industry in NSW.

FCNSW must comply with Integrated Forestry Operations Approvals (IFOAs), which set out rules for how timber harvesting may occur.

Most harvesting is undertaken under the Coastal IFOA, which commenced in 2018.

This audit assessed how effectively Forestry Corporation of NSW manages its public native forestry activities to ensure compliance, and how effectively the Environment Protection Authority regulates these activities.

What we found

Forestry Corporation of NSW (FCNSW) clearly articulates its compliance obligations.

While FCNSW undertakes monitoring of its contractors, it does not do so consistently and does not target its monitoring activities on a risk basis.

FCNSW has largely fulfilled mandatory Coastal IFOA training requirements, but has not yet trained other staff who would also benefit from the training.

Contractor compliance appears to be improving, but there are gaps and inconsistencies in FCNSW's documentation of this.

FCNSW is not measuring its overall compliance to determine how it is tracking against its target.

The EPA undertakes proactive inspections of Coastal IFOA harvesting operations on a risk basis. However, it does not assess the risk at harvest sites covered by other IFOAs.

Most EPA compliance staff have received basic training, but few have received more advanced training required to effectively undertake forestry inspections.

Some EPA offices do not have the necessary equipment to undertake forestry inspections.

The EPA and FCNSW are not implementing all elements of a Memorandum of Understanding that aims to promote a cooperative relationship between the agencies.

What we recommended

The report made recommendations to FCNSW which aim to improve:

staff training
consistency of compliance reviews and data capture
targeting of compliance activities
measurement of performance.

The report made recommendations to the EPA which aim to improve:

risk-assessments
staff training
staff equipment.

The report also recommended that FCNSW and EPA should fully implement their Memorandum of Understanding.

The Forestry Corporation of NSW (FCNSW) is a state-owned corporation that supplies timber to sawmills in New South Wales, including timber harvested from public native forests. FCNSW is responsible for the management of around two million hectares of public native forests and plantations. Around half the area of native forests is permanently set aside for conservation.

Public native forestry is regulated through the Forestry Act 2012, Biodiversity Conservation Act 2016, Protection of the Environment Operations Act 1997 and associated regulations. Under the Forestry Act 2012, the objectives of FCNSW include, where its activities affect the environment, to conduct its operations in compliance with the principles of ecologically sustainable development contained in section 6(2) of the Protection of the Environment Administration Act 1991. This involves the integration of social, economic and environmental considerations in decision-making processes.

In undertaking its native forestry operations, FCNSW must comply with Integrated Forestry Operations Approvals (IFOA), issued jointly by the Minister for the Environment and the Minister for Agriculture, which set out rules to protect species and ecosystems where timber harvesting is occurring, and aim to ensure forests are managed in an ecologically sustainable way. FCNSW must also ensure that its contractors undertake forestry operations in line with IFOAs. The Coastal IFOA, developed in 2018, consolidated the four IFOAs for the Eden, Southern, Upper and Lower North East coastal regions of New South Wales into a single IFOA. The other three current IFOAs are Brigalow Nandewar, South Western Cypress and Riverina Redgum (the Western IFOAs).

The NSW Environment Protection Authority (EPA) is responsible for regulating native forestry in New South Wales. Under the Protection of the Environment Administration Act 1991, one of the objectives of the EPA is to protect, restore and enhance the quality of the environment in New South Wales, having regard to the need to maintain ecologically sustainable development. This includes monitoring FCNSW’s compliance with IFOA conditions, including by maintaining and enforcing a compliance program.

The Coastal IFOA also introduced a new structure and regulatory approach for IFOAs, establishing outcomes, conditions and protocols. The conditions set mandatory actions and controls intended to protect threatened plants, animals, habitats, soils and water. The protocols, referenced in the conditions, set out additional enforceable actions and controls intended to support the effective implementation of the conditions.

Public native forestry is the largest component of hardwood supply in New South Wales. The 2019–20 bushfires had a major impact on regional communities, and large areas of native forest. This heightened environmental risks and challenges in public native forestry. Five million hectares of New South Wales was impacted, including more than 890,000 hectares of native State Forests. This is over 40% of the coastal and tablelands native State Forests in New South Wales.

In addition to effective compliance activities, the success of the regulatory approach to public native forestry operations depends on how wood supply yields are modelled, and ensuring that harvested volumes do not exceed these yields. This is of particular importance in areas where forests have been severely damaged by fire. This audit did not consider sustainable yields. Recent reviews of this include an independent review of the FCNSW sustainable yield model and a Natural Resources Commission review in 2021.

Conclusion

Forestry Corporation of NSW (FCNSW) clearly articulates its compliance obligations at the corporate level and for each harvest site. However, there are deficiencies in FCNSW’s compliance approach. While FCNSW undertakes monitoring of its contractors in a number of ways, it does not consistently monitor compliance across its contractors and does not target its monitoring activities on a risk basis. This increases the risk that non-compliant practices will not be identified, potentially leading to environmental harm.

FCNSW has a compliance strategy and program that sets out its compliance obligations and how they will be managed. FCNSW’s Compliance Policy outlines compliance requirements, actions to ensure compliance, and responsibilities for staff, supervisors, senior management and board members. FCNSW also has a compliance monitoring system manual that outlines its monitoring program, and its risk-assessment and incident reporting procedures. These corporate documents set out FCNSW’s overall approach to managing compliance.

Harvesting in State Forests is undertaken by contractors or sub-contractors. FCNSW provides training to its staff and contractors and undertakes monitoring to identify contractor compliance with relevant requirements through a variety of means, including its quality assurance assessment (QAA) program. FCNSW also communicates compliance obligations to contractors in harvest plans.

FCNSW is not undertaking its monitoring activities on a risk basis. The frequency of contractor supervision is inconsistent and is not tied to the contractor’s past performance, meaning that monitoring resources are not necessarily being targeted at the areas of highest -risk.

FCNSW also does not target its QAAs on a risk basis. FCNSW does not have procedures for how QAAs should occur outside the North Coast region. QAAs are conducted inconsistently, with some reviews occurring in only part of the harvest site while others cover the whole harvest site. In addition, some QAAs do not meet FCNSW’s minimum standards. FCNSW’s record keeping of QAAs is also inconsistent, making it difficult to determine true levels of compliance and the cause of identified potential non-compliances.

In addition, FCNSW does not collate and analyse the results of its compliance monitoring to target its compliance audits. Undertaking these audits on a risk basis would allow FCNSW to apply its resources to the highest-risk harvest sites and contractors.

The EPA identifies native forestry as a high priority regulatory activity and undertakes proactive inspections of Coastal IFOA harvest sites on a risk basis. However, the EPA does not assess the risk at Western IFOA harvest sites, leaving a significant gap in its inspection regime. This means that the EPA may not be inspecting all high-risk harvest sites to ensure compliance with regulations across those sites. The EPA has started to train more of its staff in conducting forestry inspections, but it currently has a limited number of trained and experienced staff to undertake this work.

The EPA has developed a Regulatory and Compliance Priorities Statement 2022–23 which identifies native forestry as a key risk. This statement identifies that forestry is a priority area for its compliance activities because of the increased environmental risk and sensitivity in forests following the 2019–20 bushfires. A divisional plan for its regulatory operations contains specific actions for forestry, including ensuring that the EPA has a consistent approach to recording regulatory actions undertaken and identifying priority areas for assurance over State Forests.

As part of its compliance activities, the EPA responds to complaints received, or reports of non-compliance, across all four IFOA areas and also carries out proactive inspections in the Coastal IFOA area. To guide these inspections, the EPA determines the level of risk posed by each harvest site in the Coastal IFOA area using information it gathers from FCNSW. The EPA prioritises inspections of sites rated as high and medium-risk, but the EPA has not undertaken risk-assessments for the three Western IFOAs. By not determining the risks in these areas, the EPA does not have assurance that it is checking FCNSW compliance with regulations across all high-risk sites.

Most EPA staff have basic training in forestry matters, but few staff have the more advanced training required to effectively undertake forestry inspections. In addition, not all EPA officers have access to the technology required to undertake forestry inspections, such as internet-enabled tablets and specialised tapes for measuring tree diameter. This limits the EPA’s ability to determine the level of compliance with regulations and respond effectively to instances of environmental harm in relation to public native forestry.

The Coastal IFOA does not contain provisions which allow the EPA to unilaterally restrict forestry activities in the aftermath of a catastrophic event such as the 2019–20 bushfires. Following the bushfires, FCNSW approached the EPA and asked for additional site-specific operating conditions (SSOC) at some locations to assist it in maintaining compliance. The SSOCs were issued by the EPA and FCNSW was required to carry out forestry operations in accordance with the SSOCs at relevant harvest sites. These SSOCs were in place for 12 months. After a year, FCNSW decided not to renew this approach with the EPA, but implemented its own voluntary measures during harvesting operations. Unlike the SSOCs, the EPA was unable to undertake enforcement activities for breaches of voluntary measures.

Appendix one – Responses from agencies
Appendix two – About the audit
Appendix three – Performance auditing

Parliamentary reference - Report number #382 - released 22 June 2023

16 June 2023

Published

Financial Management and Governance in MidCoast Council

Local Government

Financial reporting

Internal controls and governance

Management and administration

Risk

Introduction

The Auditor-General's financial and performance audits of local councils aim to improve financial management, governance and public accountability across the local government sector.

Annual Local Government reports to Parliament have consistently highlighted risks and weaknesses across the sector in relation to financial management and governance. We will continue to focus on these matters as a priority area in our forward work program.

While this report focuses on MidCoast Council, the findings should be considered by all councils to better understand the challenges and opportunities when addressing financial sustainability and financial management needs.

Findings and recommendations around the effectiveness of long-term financial planning, comprehensive and timely financial reporting and financial management governance arrangements are relevant for all councils.

What this report is about

The Local Government Act 1993 requires councils to apply sound financial management principles, including sustainable expenditure, effective financial management and regard to intergenerational equity.

This audit assessed whether MidCoast Council has effective financial management arrangements that support councillors and management to fulfill their responsibilities as financial stewards.

What we found

MidCoast Council has not met all legislative and policy requirements for long-term financial planning.

From FY2019–20 to FY2020–21, the Council had financial management and governance gaps. Some gaps were addressed throughout FY2021–22.

MidCoast Council experienced significant challenges in its implementation of a consolidated financial management system following amalgamation in 2016 and the merging of MidCoast Water in 2017. This led to gaps in finance processes and data quality.

What we recommended

The report recommends that MidCoast Council should:

ensure its long-term financial plan meets legislative and policy requirements
undertake service reviews to better understand net costs to inform budget and financial planning decisions
improve the quality of asset management information to inform budget and financial planning decisions
use the financial management components of the MC1 system to its full potential
address control and process gaps identified in audits and reviews
ensure competency of those responsible for finance and budget
ensure financial sustainability initiatives account for the cost of services and asset management information.

Effective financial management is important in ensuring that councils achieve their long-term objectives, remain financially viable and deliver intended benefits to the community.

Sustainable financial management has been a priority for the local government sector since 2013 and continues to be one of the highest rated risks and priorities among councils in 2023.

According to data provided by the Department of Planning and Environment, during FY2020–21, NSW local councils:

collected $7.8 billion in rates and annual charges
received $5.8 billion in grants and contributions
incurred $4.8 billion of employee benefits and on costs
held $16.8 billion of cash and investments
managed $175.2 billion in infrastructure, property plant and equipment
entered into $3.7 billion of borrowings.

The Local Government Act 1993 (LG Act) requires local councils to apply sound financial management principles including responsible and sustainable expenditure, investment, and effective financial and asset management. Under the LG Act and the Local Government Regulation 2021 (LG Regulation) councils are required to:

establish and monitor their budget position
clearly establish approaches to raise revenue, including from rates and other sources
develop and implement integrated planning to ensure financial sustainability in line with community priorities and needs
regularly report on their financial performance through financial statements.

The objective of the audit is to assess whether MidCoast Council (the Council) has effective financial management arrangements that support councillors and management to fulfil their financial stewardship responsibilities. It considers whether:

the Council has an effective governance framework for financial management, through the existence of governance, risk management, internal controls and provision of adequate financial management training, including whether:
- governance, risk management and internal controls are in place for financial management
- adequate financial management and governance training and support has been provided to councillors, management and operational managers.
the Council has quality and comprehensive internal financial management reporting, including whether:
- councillors and management have identified and implemented essential internal financial management reporting elements
- council’s financial systems and data have integrity, and support identified financial management report production requirements
- council reports are relevant, consistent, reliable, understandable, and tailored towards the requirements of key users (appendix two provides more information about the characteristics of effective financial management reporting).
the financial management governance and reporting arrangements support councillors and management to fulfil their financial stewardship responsibilities, including whether councillors and management use internal financial management reporting to:
- support budget decisions, resource allocation and cost setting (for example fees and charges)
- monitor financial sustainability
- assess operational efficiency, financial services and investments
- make improvements where necessary.

This audit completed fieldwork during November 2022 to February 2023. The audit period of review was from 1 July 2019 to 30 June 2022.

Conclusion

MidCoast Council has not effectively carried out long-term financial planning to address its identified long-term financial sustainability challenges.

MidCoast Council has not met all legislative and policy requirements to effectively carry out long-term financial planning. It has not effectively considered and communicated how it will achieve financial sustainability goals and has not identified options to achieve such goals through its long-term financial plan.

Since 2020, and throughout 2021 and 2022, MidCoast Council has identified a need to focus on developing strategies for financial sustainability following the projected operating deficit for its general fund over the next ten years.

In September 2022, the Council took early steps to implement plans that aim to address the identified financial sustainability issues, but the Council has not yet established effective processes to analyse the true cost of services and address its unreliable asset condition data. Both are required to accurately inform its long-term resourcing strategy.

Between FY2019–20 and FY2020–21, MidCoast Council had gaps in its financial management and governance arrangements. The Council has taken some actions to address the gaps throughout FY2021–22.

Between FY2019–20 and FY2020–21, MidCoast Council did not ensure effective financial management governance and reporting arrangements. Over that time, the Council did not perform monthly reconciliation and reporting processes that would provide timely information and assurance to management and councillors over the Council's finances. It did not ensure that all financial management reporting met statutory deadlines for submission to councillors.

During this period, reviews, financial audits and internal audits identified risks to, and gaps in, finance processes, systems and controls. The consequences of these gaps were increased use of manual processes, and risks to the integrity of financial data and information used by management.

During FY2021–22, MidCoast Council implemented actions and processes that have increased transparency and led to improved financial governance. These include addressing and implementing some audit recommendations, and implementing monthly financial management reporting and month-end reconciliations.

MidCoast Council has commenced a $21 million program to improve its customer experience, asset management, ICT and back office business processes. The Council advises that this program has a five-year implementation timeframe and it expects to achieve financial benefits over the ten years following commencement.

MidCoast Council experienced significant challenges in its implementation of a consolidated financial management system following amalgamation in 2016 and the merging of MidCoast Water functions in 2017. This has led to gaps in finance processes and data quality within the system.

In 2016, following amalgamation, MidCoast Council commenced work to procure and implement an enterprise resource planning system which included a consolidated financial management system. In 2017, Council further merged with MidCoast Water and arrangements were made to implement the system (MC1) after the functions of MidCoast water were incorporated. The Council continued to use four separate financial management systems until it commenced a progressive implementation of MC1 from 2019 to 2021. Across MC1's implementation, the Council experienced significant challenges relating to change management, user functionality and configuration.

This meant that the Council did not ensure that all of its staff were using MC1 effectively and efficiently, which led to gaps in finance processes and data quality, and delays in delivering integrated and automated financial processes across the amalgamated Council.

Since implementation, MidCoast Council has used MC1 to carry out finance processes required to collect rates, prepare budgets, monitor expenditure and income and prepare financial statements.

Appendix one – Response from agency

Appendix two – Characteristics of effective financial management reporting

Appendix three – About the audit

Appendix four – Performance auditing

Parliamentary reference - Report number #381 - released 16 June 2023

Audit progress

Sector

Year

Report type

Topic

Reports

What this report is about

Findings

Recommendations

What this report is about

Audit findings

What this report is about

Findings

Recommendations

What this report is about

The audit found

The key audit issues were

The audit recommended

Section highlights

Section highlights

What this report is about

The audit found

The key audit issues were

The audit recommended

Section highlights

Section highlights

What this report is about

What we found

What the key issues were

What we recommended

Section highlights

Section highlights

What the report is about

What we found

What we recommended

Conclusion

What the report is about

What we found

We made recommendations about

About this Audit

Conclusion

There is no mechanism to ensure adequate radio coverage within new building infrastructure after the CCEP concludes, but the NSW Telco Authority and ESOs have agreed an approach to prioritise existing in-building sites for coverage for the duration of the CCEP.

There is a risk that radio interoperability between ESOs will not be maximised because the NSW Telco Authority has not settled with ESOs how encryption will be used across the enhanced PSN.

The capital cost to the NSW Telco Authority of the CCEP, originally estimated at $400 million in 2016, was not made public until the 2021–22 NSW Budget disclosed an estimate of $1.325 billon.

There has been no transparency about the whole-of-government cost of implementing the enhanced PSN through the CCEP.

The NSW Telco Authority established and tracked its own costs for the CCEP

Throughout the program, the NSW Government was informed of increasing costs being incurred by the NSW Telco Authority for the CCEP

There was no transparency to the Parliament and community about changes in the capital cost of the CCEP until the 2021–22 NSW Budget

The original business case for the CCEP included estimated ESO costs, though these costs were not tracked throughout the program

'Stay Safe and Keep Operational' costs incurred by ESOs will be significantly higher than originally estimated

A refresh of paging network used by ESOs and the decommissioning of redundant sites were both removed from the original 2016 scope of the CCEP

Paging

Decommissioning costs

The estimated minimum cost of building an enhanced PSN consistent with the original proposal is over $2 billion

What this report is about

What we found

What we recommended

Conclusion

Introduction

What this report is about

What we found

What we recommended

Conclusion

MidCoast Council has not effectively carried out long-term financial planning to address its identified long-term financial sustainability challenges.

Between FY2019–20 and FY2020–21, MidCoast Council had gaps in its financial management and governance arrangements. The Council has taken some actions to address the gaps throughout FY2021–22.

MidCoast Council experienced significant challenges in its implementation of a consolidated financial management system following amalgamation in 2016 and the merging of MidCoast Water functions in 2017. This has led to gaps in finance processes and data quality within the system.