Refine search

Reports

10 December 2020

Published

Health 2020

Health

Compliance

Financial reporting

Infrastructure

Internal controls and governance

Service delivery

This report analyses the results of our audits of financial statements of the Health cluster for the year ended 30 June 2020. The table below summarises our key observations.

1. Financial reporting

Financial reporting

Unqualified financial audit opinions

The financial statements of NSW Health and its 25 controlled entities received unqualified opinions.

The number of corrected and uncorrected misstatements increased from the prior year. Misstatements related predominantly to the implementation of new accounting standards, asset revaluations and accounting for new revenue streams to cover the cost of HSW Health’s response to the COVID-19 pandemic.

Qualified compliance audit opinion

We issued a qualified audit opinion for the Ministry of Health’s Annual Prudential Compliance Statement for aged care facilities operated by NSW Health. We identified 18 instances of material non-compliance with the Fees and Payments Principles 2014 (No. 2) (the Principles) in 2019–20 (30 in 2018–19).

Financial performance

NSW Health received an additional $3.3 billion in funding to cover costs associated with its response to the COVID-19 pandemic.

The impacts of the COVID-19 pandemic on the cluster were significant for health entities and included changes to operations, increased revenues, expenditure, assets and liabilities. Cancellation of elective surgery and decreased emergency department presentations meant that despite the pandemic, activity levels at many health entities decreased. Health Pathology and HealthShare were notable exceptions.

In the period to the 30 June 2020, NSW Health reported that over 900,000 COVID-19 tests were conducted. Health Pathology conducted over 500,000 of these tests. Health Pathology's surge requirements were enhanced through arrangements with 13 private sector providers. HealthShare purchased $864.2 million of personal protective equipment.

Overall, NSW Health recorded an operating surplus of $3.1 billion in 2019–20, an increase of $2.0 billion from 2018–19. As in previous years, the surplus largely resulted from additional revenue received to fund capital projects including the construction of new facilities, upgrades and redevelopments. In 2019–20 additional Commonwealth and State funding for the purchase and stockpiling of personal protective equipment also contributed to the operating surplus.

Overtime payments

The Ambulance Service of NSW’s (NSW Ambulance) reduced their overtime payments to $79.7 million in 2019–20 ($83.1 million in 2018–19). Overtime payments in 2019–20 included $6.8 million related to the response to the 2019–20 bushfire season. NSW Ambulance overtime payments represent 16.8 per cent of total overtime payments in the cluster.

2. Audit observations

Internal control deficiencies

We identified more internal control deficiencies in 2019–20. The number of repeat issues from prior years also remains high.

NSW Health addressed 18 out of the 25 information system control deficiencies during the year.

Several key agreements lacked formal documentation. This included agreements between the Ministry and health entities, between health entities and agencies in other clusters and between the Ministry and health departments in other jurisdictions.

Infrastructure delivery

NSW Health had 44 ongoing major capital projects at 30 June 2020 with a total revised budget of $12.3 billion. The revised total budget of $12.3 billion is $2.0 billion more than the original budget. NSW Health revises budgets when it combines project stages.

This report provides parliament and other users of the Health cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

The impacts of the COVID-19 pandemic on the cluster were significant and included changes to the operations of the health entities and increased revenue, expenditure, assets and liabilities.

As a part of this year's audits of health entities, we have considered:

financial implications of the COVID-19 emergency at both health entity and cluster levels
changes to agencies' operating models
agencies' access to technology and the maturity of systems and controls to prevent unauthorised and fraudulent access to data.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

The response to the COVID-19 pandemic primarily impacted the financial reporting of NSW Health through:

additional revenue from the State government in the form of grants and stimulus payments
additional revenue from the Commonwealth government under the National Partnership Agreement for COVID-19 to cover part of the cost of responding to the COVID-19 pandemic
increased expenses, largely due to increased payments to private health operators to maintain their viability during the COVID-19 pandemic and later to assist with public patient elective surgery waitlists and increased cleaning costs
increased purchases of personal protective equipment.

Chapter one outlines the impacts of NSW Health’s response to the COVID-19 pandemic. This chapter outlines our other audit observations related to the financial reporting of agencies in the Health cluster for 2020.

Section highlights

Unqualified audit opinions were issued for all health entities’ financial statements, although more misstatements were identified than last year.
NSW Health recorded an operating surplus of $3.1 billion, an increase of $2.0 billion from 2018–19. This is largely due to additional capital grants for new facilities, upgrades and redevelopments and additional Commonwealth and State funding for the purchase of personal protective equipment.
NSW Health’s expenses increased by 5.5 per cent in 2019–20 (7.0 per cent in 2018–19) despite the impact of the COVID-19 pandemic. The primary causes for the growth in expenses are increases in:
- employee related expenses due to higher employee numbers, increased overtime and a 2.5 per cent award increase
- payments to private health operators to maintain their viability during the COVID-19 pandemic and later to assist with public patient elective surgery waitlists
- payments to private health operators due to the first full year of operation of the Northern Beaches hospital.
The Ambulance Service of NSW (NSW Ambulance) continued to report higher overtime payments than other health entities. However, despite the response to the 2019–20 bushfire season, their overtime payments were lower than last year. NSW Ambulance paid $79.7 million in overtime payments in 2019–20 ($83.1 million in 2018–19).
A qualified audit opinion was issued for the Ministry of Health’s Annual Prudential Compliance Statement for aged care facilities operated by NSW Health. There were 18 instances of material non-compliance with the Fees and Payments Principles 2014 (No. 2) (the Principles) in 2019–20 (30 in 2018–19)

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

The primary impact of the COVID-19 pandemic on the effectiveness of the internal controls of NSW Health and health entities relates to the effectiveness of controls implemented by HealthShare relating to the stocktake of personal protective equipment inventories. Inventory managed by HealthShare increased by 2,746 per cent during 2019–20. HealthShare’s inventory controls did not maintain pace with the sudden, significant increase.

The impacts of NSW Health’s response to the COVID-19 pandemic are outlined in chapter one. This chapter outlines other observations and insights from our financial statement audits of agencies in the Health cluster.

Section highlights

The number of internal control deficiencies has increased since 2018–19. More than a third of control deficiencies are repeat issues.
Control deficiencies that relate to managing employees’ leave and employee’s time recording continue to be difficult for entities to resolve, particularly during the ongoing response to the COVID-19 pandemic.
Several key agreements were undocumented. These included agreements between the Ministry and the health entities, between health entities, and between the Ministry and entities in other clusters and jurisdictions. These related to:
- a loan arrangement between the Ministry and HealthShare for $319 million.
- Northern Sydney Local Health District's use of land and buildings owned by the Graythwaite Charitable Trust
- agreements for the treatment of New South Wales residents while they are interstate, and interstate residents receiving treatment while they are in New South Wales from Queensland, Victoria, South Australia and the ACT for both 2019–20 and 2018–19.
NSW Health reported that they completed nine major capital projects during 2019–20. As at 30 June 2020 there were 44 ongoing major capital health projects in NSW. The revised capital budget for these projects in total was $2.0 billion more than the original budget of $10.3 billion. NSW Health reported the budget revisions are largely the result of combining project stages.

Appendix one – List of 2020 recommendations

Appendix two – Status of 2019 recommendations

Appendix three – Financial data

Appendix four – Analysis of financial indicators

Appendix five – Analysis of performance against budget

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Auditor-General’s Report to Parliament

Health 2020

11 December 2020

This corrigendum has been prepared to amend the following text within the Auditor-General’s Report to Parliament on Health 2020, dated 10 December 2020.

NSW Health emergency department treatment times

On page five the original text was as follows:

NSW Health also measures the percentage of patients whose clinical care in emergency departments is completed within four hours. The measure is used as an indicator of accessibility to public hospital services.

NSW Health aims to complete clinical care in the emergency department for 81 per cent of patients within four hours. In 2019–20 NSW Health reports it completed clinical care within four hours for 72.1 per cent of patients (a 7.3 per cent decrease from 2018–19).

At Western Sydney Local Health District, 59 per cent of patients were treated within the targeted timeframe. NSW Health attribute this to the profile of patients presenting in emergency departments and additional time taken processing COVID-19 patients to ensure staff safety.

The original text has now been changed to:

NSW Health also measures the percentage of patients with total time in the emergency department of four hours or less for each local health district. The measure is used as an indicator of accessibility to public hospital services.

Local Health Districts	Target % (2019–20)	Actual % (2019–20)
Central Coast	77.0	59.9
Far West	90.2	86.6
Hunter New England	81.0	72.5
Illawarra Shoalhaven	79.0	60.2
Mid North Coast	82.0	76.7
Murrumbidgee	85.3	81.9
Nepean Blue Mountains	79.0	65.5
Northern NSW	81.0	78.2
Northern Sydney	79.0	73.9
South Eastern Sydney	78.0	70.3
South Western Sydney	78.0	61.2
Southern NSW	85.0	83.0
Sydney	76.0	70.9
Sydney Children’s Hospitals Network	80.0	72.1
Western NSW	85.9	81.0
Western Sydney	78.0	59.0
St Vincent's Health Network*	75.0	65.4

* St Vincent’s Health Network Sydney (SVHNS) comprises of St Vincent’s Hospital Sydney Limited as the affiliated health organisation in respect of four recognised establishments under the Health Services Act 1997 (NSW) (Health Services Act). Under the Health Services Act, St Vincent’s Hospital Sydney Limited, is treated as a Network for the purposes of the National Health Reform Agreement in respect of the three recognised establishments: St Vincent’s Hospital, Darlinghurst; Sacred Heart Health Service, Darlinghurst; St Joseph’s Hospital, Auburn; and St Vincent's Correctional Health, Parklea.

Source: NSW Health (unaudited)

The above changes will be reflected in the version of the report published on the Audit Office website and should be considered the true and accurate version.

10 December 2020

Published

Transport 2020

Transport

Asset valuation

Cyber security

Financial reporting

Information technology

Infrastructure

Project management

1. Financial Reporting
Audit opinion	Unmodified audit opinions issued for the financial statements of all Transport cluster entities.
Quality and timeliness of financial reporting	All cluster agencies met the statutory deadlines for completing the early close and submitting the financial statements. Transport cluster agencies continued to experience some challenges with accounting for land and infrastructure assets. The former Roads and Maritime Services and Sydney Metro recorded prior period corrections to property, plant and equipment balances.
Impact of COVID-19 on passenger revenue and patronage	Total patronage and revenue for public transport decreased by approximately 18 per cent in 2019–20 due to COVID-19. The Transport cluster received additional funding from NSW Treasury during the year to support the reduced revenue and additional costs incurred such as cleaning on all modes of public transport and additional staff to manage physical distancing.
Completion of the CBD and South East Light Rail	The CBD and South East Light Rail project was completed and commenced operations in this financial year. At 30 June 2020, the total cost of the project related to the CBD and South East Light Rail was $3.3 billion. Of this total cost, $2.6 billion was recorded as assets, whilst $700 million was expensed.
2. Audit Observations
Internal control	While internal controls issues raised in management letters in the Transport cluster have decreased compared to the prior year, control weaknesses continue to exist in access security for financial systems. We identified 56 management letter findings across the cluster and 43 per cent of all issues were repeat issues. The majority of the repeat issues relate to information technology controls around user access management. There were three high risk issues identified - two related to financial reporting of assets and one for implementation of TAHE (see below).
Agency responses to emergency events	Transport for NSW established the COVID-19 Taskforce in March 2020 to take responsibility for the overall response of planning and coordination for the Transport cluster. It also implemented the COVIDSafe Transport Plan which incorporates guidance on physical distancing, increasing services to support social distancing and cleaning.
RailCorp transition to TAHE	On 1 July 2020, RailCorp was renamed Transport Asset Holding Entity of New South Wales (TAHE) and converted to a for-profit statutory State-Owned Corporation. TAHE is a commercial for-profit Public Trading Entity with the intent to provide a commercial return to its shareholders. A plan was established by NSW Treasury to transition RailCorp to TAHE which covered the period 1 July 2015 to 1 July 2019. A large portion of the planned arrangements were not implemented by 1 July 2020. As at the time of this report, the TAHE operating model, Statement of Corporate Intent (SCI) and other key plans and commercial agreements are not finalised. The State Owned Corporations Act 1989 generally requires finalisation of an SCI three months after the commencement of each financial year. However, under the Transport Administration Act 1988, TAHE received an extension from the voting shareholders, the Treasurer and Minister for Finance and Small Business, to submit its first SCI by 31 December 2020. In accordance with the original plan, interim commercial access arrangements were supposed to be in place with RailCorp prior to commencement of TAHE. Under the transitional arrangements, TAHE is continuing to operate in accordance with the asset and safety management plans of RailCorp. The final operating model is expected to include considerations of safety, operational, financial and fiscal risks. This should include a consideration of the potential conflicting objectives of a commercial return, and maintenance and safety measures. This matter has been included as a high risk finding in our management letter due to the significance of the financial reporting impacts and business risks for TAHE. Recommendation: TAHE management should: establish an operating model in line with the original intent of a commercial return finalise commercial agreements with the public rail operators confirm forecast financial information to assess valuation of TAHE infrastructure finalise asset and safety management plans. Resolution of the above matters are critical as they may significantly impact the financial reporting arrangements for TAHE for 2020–21, in particular, accounting policies adopted as well as measurement principles of its significant infrastructure asset base.
Completeness and accuracy of contracts registers	Across the Transport cluster, contracts and agreements are maintained by the transport agencies using disparate registers. Recommendation (repeat): Transport agencies should continue to implement a process to centrally capture all contracts and agreements entered. This will ensure: agencies are fully aware of contractual and other obligations appropriate assessment of financial reporting implications ongoing assessments of accounting standards, in particular AASB 16 ‘Leases’, AASB 15 'Revenue from Contract with Customers', AASB 1058 'Income of Not-for-Profit Entities' and new accounting standard AASB 1059 'Service Concession Arrangements: Grantors' are accurate and complete.

This report provides parliament and other users of the Transport cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations
the impact of emergencies and the pandemic.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Transport cluster for 2020, including any financial implications from the recent emergency events.

Section highlights

Total patronage and revenue for public transport decreased by approximately 18 per cent in 2019–20 due to COVID-19.
Unqualified audit opinions were issued on all Transport agencies' financial statements.
Transport cluster agencies continued to experience challenges with accounting of land and infrastructure assets.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our:

observations and insights from our financial statement audits of agencies in the Transport cluster
assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies.

Section highlights

While there was a decrease in findings on internal controls across the Transport cluster, 43 per cent of all issues were repeat issues. Many repeat issues related to information technology controls around user access management.
RailCorp transitioned to TAHE on 1 July 2020. TAHE's operating model and commercial arrangements with public rail operators has not been finalised despite government original plans to be operating from 1 July 2019. TAHE management should finalise its operating model and commercial agreements with public rail operators as they may significantly impact the financial reporting arrangements for TAHE for 2020–21.
Completeness and accuracy of contracts registers remains an ongoing issue for the Transport cluster.

Appendix one – List of 2020 recommendations

Appendix two – Status of 2019, 2018 and 2017 recommendations

Appendix three – Management letter findings

Appendix four – Financial data

Copyright notice

5 March 2020

Published

Report on Local Government 2019

Local Government

Asset valuation

Cyber security

Financial reporting

Information technology

Infrastructure

Internal controls and governance

Management and administration

Procurement

Project management

Service delivery

Shared services and collaboration

Workforce and capability

I am pleased to present my third report to the Parliament on the 2019 audits of local government councils in New South Wales.

This report notes that unqualified audit opinions were issued on the 2018–19 financial statements of 134 councils and 11 joint organisations. The opinion for one council was disclaimed and three audits are yet to complete.

The report also highlights improvements I have seen in financial reporting and governance arrangements across councils. Fewer errors were identified. More councils have audit, risk and improvement committees and internal audit functions. Risk management practices, including fraud control systems, have also improved.

These are very pleasing indicators of the gradual strengthening of governance and financial oversight of the sector. I want to acknowledge the investment councils have made in working with the Audit Office to improve consistency of practice and accountability generally.

Of course there is more work to do, particularly to prepare for new accounting standards and to strengthen controls over information technology and cyber security management. Asset management practices can also be improved. This report provides some guidance to council on these matters and we will continue to partner with the Office of Local Government in the Department of Planning, Industry and Environment to support good practice.

Margaret Crawford

Auditor-General
5 March 2020

This report focuses on key observations and findings from the 2018–19 financial audits of councils and joint organisations.

Unqualified audit opinions were issued on the financial statements for 134 councils and 11 joint organisations. The audit opinion for Bayside’s 2017–18 and 2018–19 financial statements were disclaimed. Three audits are still in progress and will be included in next year’s report.

The report highlights a number of areas where there has been improvement. There was a reduction in errors identified in council financial statements and high risk issues reported in audit management letters. More councils have audit, risk and improvement committees and internal audit functions. Risk management practices and fraud control systems have also improved.

The report also found that councils could do more to be better prepared for the new accounting standards, asset management practices could be strengthened, and information technology controls and cyber security management could be improved.

The Auditor-General recommended that the Office of Local Government within the Department of Planning, Industry and Environment develop a cyber security policy by 30 June 2021 to ensure a consistent response to cyber security risks across councils.

Read the PDF Report

Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision making is enhanced when financial reporting is accurate and timely. Strong financial performance provides the platform for councils to deliver services and respond to community needs.

This chapter outlines our audit observations on the financial reporting and performance of councils and joint organisations.

Section highlights

There was a reduction in the number and dollar value of errors identified in councils' financial statements.
We continue to identify prior period errors, which are predominantly asset-related.
Unqualified audit opinions were issued for 99 per cent of completed audits for councils and joint organisations.
Three audits remain outstanding, with the outcomes to be reported in next year's Report to Parliament.
Seventy-nine per cent of councils and joint organisations lodged their financial reports by 31 October 2019.
Councils that performed some early reporting procedures achieved better outcomes in terms of the quality and timeliness of financial reporting.
Councils are at various levels of preparedness to implement the new accounting standards for the 2019–20 financial year. Some have made the necessary modifications to systems and processes, but others are still assessing impacts.
Most councils met the prescribed benchmarks for the liquidity and working capital performance measures over the past three years.
More councils reported negative operating performance compared with the prior year, meaning their operating expenditure exceeded their operating revenue.

Strong governance systems and internal controls help councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations and support ethical government.

This chapter outlines the overall trends related to governance and internal control issues across councils and joint organisations for 2018–19.

Section highlights

While the total number of issues reported in our management letters increased compared with the prior year, the total number of high risk issues have decreased. Of the high-risk issues, 41 per cent were deficiencies in information technology controls.
More councils have established audit, risk and improvement committees and internal audit functions.
Councils have improved risk management practices, with over 75 per cent of councils now having a risk management policy and register.
While most councils have policies and processes to manage gifts and benefits, we identified some instances of non-compliance with the Model Code of Conduct.
Most councils have policies and processes to manage the use of credit cards.
Councils can strengthen policies and practices for managing fraud controls and legislative compliance.
There are further opportunities for councils to improve internal controls over revenue, purchasing, payroll, cash, financial accounting and governance processes.

Councils rely on information technology (IT) to deliver services and manage information. While IT delivers considerable benefits, it also presents risks that council needs to address.

In prior years, we reported that councils need to improve IT governance and controls to manage key financial systems. This chapter outlines the progress made by councils in the management of key IT risks and controls, with an added focus on cyber security.

Section highlights

We continue to report deficiencies in information technology controls, particularly around user access management. These controls are key to ensuring IT systems are protected from inappropriate access and misuse.
Many councils do not have IT policies and procedures and others do not identify, monitor or report on IT risks.
Cyber security management requires improvement, with some basic elements of governance not yet in place for many councils.

Councils are responsible for managing a significant range of assets to deliver services on behalf of the community.

This chapter outlines our asset management observations across councils and joint organisations.

Section highlights

There was an increase in the total number of issues reported in our management letters for asset management processes.
There were less high-risk issues reported compared to the previous year.
We continue to identify discrepancies between the council's Crown land asset records and the Crown Land Information Database (CLID) managed by the former Department of Industry (DOI).
Inconsistent practices remain across the Local Government sector in accounting for landfill sites.

Appendix one – Response from the Office of Local Government within the Department of Planning, Industry and Environment

Appendix two – Status of 2018 recommendations

Appendix three – Status of audits

Copyright notice

28 November 2018

Published

Transport 2018

Transport

Asset valuation

Compliance

Financial reporting

Infrastructure

Management and administration

Procurement

Risk

Service delivery

Workforce and capability

The Auditor-General for New South Wales, Margaret Crawford released her report today on key observations and findings from the 30 June 2018 financial statement audits of agencies in the Transport cluster. Unqualified audit opinions were issued for all agencies' financial statements. However, assessing the fair value of the broad range of transport related assets creates challenges.

This report analyses the results of our audits of financial statements of the Transport cluster for the year ended 30 June 2018. The table below summarises our key observations.

This report provides Parliament and other users of the Transport cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Transport cluster for 2018.

Observation	Conclusions and recommendations
2.1 Quality of financial reporting
Unqualified audit opinions were issued for all agencies' financial statements	Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement.
2.2 Key accounting issues
Valuation of assets continues to create challenges. Although agencies complied with the requirements of the accounting standards and Treasury policies on valuations, we identified some opportunities for improvements at RMS.	RMS incorporated data from its asset condition assessments for the first time in the valuation methodology which improved the valuation outcome. Overall, we were satisfied with the valuation methodology and key assumptions, but we noted some deficiencies in the asset data in relation to asset component unit rates and old condition data for some components of assets. Also, a bypass and tunnel were incorrectly excluded from RMS records and valuation process since 2013. This resulted in an increase for these assets’ value by $133 million. The valuation inputs for Wetlands and Moorings were revised this year to better reflect the assets' characteristics resulting in a $98.0 million increase.
2.3 Timeliness of financial reporting
Residual Transport Corporation did not submit its financial statements by the statutory reporting deadline.	Residual Transport Corporation remained a dormant entity with no transactions for the year ended 30 June 2018.
With the exception of Residual Transport Corporation, all agencies completed early close procedures and submitted financial statements within statutory timeframes.	Early close procedures allow financial reporting issues and risks to be addressed early in the reporting and audit process.
2.4 Financial sustainability
NSW Trains and the Chief Investigator of the Office of Transport Safety Investigations reported negative net assets of $75.7 million and $89,000 respectively at 30 June 2018.	NSW Trains and the Chief Investigator of the Office of Transport Safety Investigations continue to require letters of financial support to confirm their ability to pay liabilities as they fall due.
2.5 Passenger revenue and patronage
Transport agencies revenue growth increased at a higher rate than patronage.	Public transport passenger revenue increased by $114 million (8.3 per cent) in 2017–18, and patronage increased by 37.1 million (5.1 per cent) across all modes of transport based on data provided by TfNSW.
Negative balance Opal Cards resulted in $3.8 million in revenue not collected in 2017–18 and $7.8 million since the introduction of Opal. A total of 1.1 million Opal cards issued since its introduction have negative balances.	Transport for NSW advised it is liaising with the ticketing vendor to implement system changes and are investigating other ways to reduce the occurrences.
2.6 Cost recovery from public transport users
Overall cost recovery from users has decreased.	Overall cost recovery from public transport users (on rail and bus services by STA) decreased from 23.2 per cent to 22.4 per cent between 2016–17 and 2017–18. The main reason for the decrease is due to expenditure increasing at a faster rate than revenue in 2017–18.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from:

our financial statement audits of agencies in the Transport cluster for 2018
the areas of focus identified in the Audit Office annual work program.

The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.

Observation	Conclusions and recommendations
3.1 Internal controls
There was an increase in findings on internal controls across the Transport cluster.	Key themes related to information technology, employee leave entitlements and asset management. Eighteen per cent of all issues were repeat issues.
3.2 Audit Office Annual work program
The Transport cluster wrote-off over $200 million of assets which were replaced by new assets or technology.	Majority of this write-off was recognised by RMS, with $199 million relating to the write-off of existing assets which have been replaced during the year.
RailCorp is expected to convert to TAHE from 1 July 2019.	Several working groups are considering different aspects of the TAHE transition including its status as a for-profit Public Trading Enterprise and which assets to transfer to TAHE. We will continue to monitor developments on TAHE for any impact to the financial statements.
RMS' estimated maintenance backlog at 30 June 2018 of $3.4 billion is lower than last year. Sydney Trains' estimated maintenance backlog at 30 June 2018 increased by 20.6 per cent to $434 million. TfNSW does not quantify its backlog maintenance.	TfNSW advised it is liaising with Infrastructure NSW to develop a consistent definition of maintenance backlog across all transport service providers.
Not all agencies monitor unplanned maintenance across the Transport cluster.	Unplanned maintenance can be more expensive than planned maintenance. TfNSW should develop a consistent approach to define, monitor and track unplanned maintenance across the cluster.

This chapter outlines certain service delivery outcomes for 2017–18. The data on activity levels and performance is provided by Cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited.

We report this information on service delivery to provide additional context to understand the operations of the Transport cluster and to collate and present service information for different modes of transport in one report.

In our recent performance audit, Progress and measurement of Premier's Priorities, we identified 12 limitations of performance measurement and performance data. We recommended that the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all agency data sources.

Appendix one - Status of 2016 and 2017 recommendations

Appendix two - Cluster agencies

Appendix three - Financial data

Appendix four - Bus contracts regions

20 April 2018

Published

Report on Local Government 2017

Local Government

Asset valuation

Information technology

Internal controls and governance

Under section 421C of the Local Government Act 1993, I am pleased to present our first report on the statutory financial audits of councils, to NSW Parliament.

My appointment as the auditor of local government in New South Wales is the most significant change to the Auditor-General's mandate in nearly three decades.

Moving to the new audit arrangements over the past 18 months has been challenging but rewarding. It has confirmed my appreciation of local government – a sector passionate about the community and focused on delivering local services.

The unique relationship each council has with its community differentiates it from other tiers of government.

Our audits
I am pleased to report that we completed 139 out of 140 financial statement audits for the 2016–17 audit cycle. The remaining council received an extension to lodge its financial statements.

We have also released a performance audit report on council reporting on service delivery. We will soon release another report on fraud controls in local councils and a report on council shared services later this year.

While the new audit mandate brings immense responsibility, my office has embraced the challenges involved and the objectives that NSW Parliament gave us:
strengthening governance and financial oversight in local government
providing greater consistency in external audit
ensuring reliable financial information is available to assess council performance
improving financial management, fiscal responsibility and public accountability in how councils use citizens’ funds.

This report
This report is rich in data extracted from the results of the 2016–17 financial audits. For the first time, it presents a consistent view of financial performance across the New South Wales local government landscape. The report also provides guidance and includes recommendations to councils and the Office of Local Government aimed at strengthening financial reporting, asset management, governance and internal controls.

The report will help NSW Parliament understand the common challenges that councils face. It provides points of comparison for councils and signposts matters that will be the focus of future audits. Importantly, this report and the data visualisation that accompanies it, provides comprehensive and accessible information to citizens regarding the management and performance of their councils.

I would like to acknowledge the cooperation of councils throughout the audit process and our partnerships with the contract audit firms that helped us to deliver the audits. Together we can learn from each other and work towards improving outcomes for the community.

1. Introduction
Local government sector	NSW has 140 councils: 128 local councils serving a geographic area and 12 county councils formed for a specific purpose. We completed audits of 139 councils' 2016–17 financial statements and eight councils' 2015–16 financial statements. Bayside Council received a lodgement extension from the Office of Local Government (OLG) and has not yet presented their 2016–17 financial statements for audit.
Service delivery	Each council provides a range of services, influenced by population density, demographics, the local economy, geographic and climatic characteristics. These differences influence the financial profile of councils.
2. Financial reporting
Quality of financial reporting	The overall quality of financial reporting needs to improve: we issued modified (qualified) audit opinions on the financial statements of three councils in 2016–17 and one council and one water authority in 2015–16 we reported 39 significant matters to 29 councils. They related to material accounting issues and significant deficiencies in internal controls twenty-two councils required material adjustments to correct errors in previous audited financial statements moderate risk issues were identified in financial statement preparation processes for 43 councils. OLG guidance for council year-end financial reporting needs to align with Australian Accounting Standards and be issued earlier.
Timeliness of financial reporting	Timeliness of financial reporting needs to improve. Forty councils required lodgement extensions past the 31 October 2017 statutory reporting deadline.
3. Financial performance and sustainability
Operating revenue	Eighteen councils operating expenses exceed current operating revenue. Fifty-nine councils do not meet OLG’s target of 60 per cent for own source operating revenue.
Liquidity and working capital	Most councils have sufficient liquidity and working capital. However, there are indicators that: three councils may not have the ability to meet short-term obligations as measured by the unrestricted current ratio two councils may not have sufficient operating cash available to service debt as measured by the debt service cover ratio eighteen councils do not meet the OLG benchmark for the collection of rates and annual charges five councils may not have sufficient cash to continue paying expenses without additional cash inflows as measured by the cash expense cover ratio.
Asset management measures	Reporting against OLG’s asset management performance measures highlights that councils need to consider whether spending on existing infrastructure assets is sufficient to ensure they continue to meet service delivery standards: seventy councils are not renewing assets in line with the rate of their depreciation eighty-four councils did not meet OLG’s benchmark for managing the infrastructure maintenance backlog seventy-one councils are not maintaining their assets in accordance with their asset management plans.
4. Asset management
High risk issues	We reported ten high risk issues relating to councils’ asset management and accounting practices.
Asset reporting	The accuracy of asset registers requires improvement and all assets need to be reported in the financial statements. At 30 June 2017, 62 councils did not record all rural fire-fighting equipment in their financial statements. A large proportion of rural fire-fighting equipment is not reported in either State government or local government financial statements.
Asset valuation	We reported seven high risk matters related to asset valuations, including two that resulted in qualified audit opinions.
Asset useful life estimates	We identified that accounting for the useful lives of similar assets varied across councils, resulting in variable depreciation expense for these assets. In addition, the useful lives of assets need to be reviewed annually. This review should be supported by current condition assessments.
Asset policy and planning	Thirteen councils do not have an asset management strategy, policy and plan, as required by the Office of Local Government’s Integrated Planning and Reporting Framework.
5. Governance and internal controls
High risk issues	We reported 17 high risk issues relating to governance, financial accounting, purchasing and payables and payroll matters.
Governance	There is currently no requirement for councils to have an audit, risk and improvement committee and internal audit function. Consequently, 53 councils do not have an audit committee and 52 councils do not have an internal audit function. The Office of Local Government has incomplete information on the number of entities established by councils. There is no financial reporting framework for the variety of entities established by councils. Councils can strengthen policies and procedures to support critical business processes, practices for risk management and compliance with key laws and regulations.
Internal controls	Councils can improve internal controls over manual journals, reconciliations, purchasing and payables and payroll.
6. Information technology
High risk issues	We reported nine high risk issues relating to information technology.
Access to IT systems	Controls over user access to IT systems need to be strengthened.
Information Technology governance	IT governance benefits from appropriate policies, standards and guidelines across all critical IT processes. We identified that: around one in four councils do not have an IT strategy or operational plan half of NSW councils have an IT security policy seventeen councils do not have a documented plan to recover from a disaster.

Accurate and timely financial statements are an important element of sound financial management. They bring accountability and transparency to the way councils use public resources. Our financial audits assessed the following aspects of councils’ financial reporting:

quality of financial reporting
timeliness of financial reporting.

Observation	Conclusion or recommendation
2.1 Quality of financial reporting
Qualified audit opinions We issued unmodified audit opinions on the: 2016–17 financial statements of 136 councils and two water authorities 2015–16³ financial statements for seven councils and two water authorities.	The councils that received unmodified audit opinions prepared financial statements that fairly present their financial position and results.
We issued modified (qualified) opinions on the: 2016–17 financial statements of three councils 2015–16 financial statement of one council and one water authority.	Councils with modified opinions should address the issues that give rise to the audit qualification.
Significant audit matters We reported 39 significant matters in 29 councils. They included material accounting issues and significant deficiencies in internal controls. Seventy-seven per cent of the matters related to assets.	Significant issues with the quality of financial reporting delayed the completion of a number of audits. Improving the reporting on assets should be a priority.
Prior period errors We found 33 material errors worth $9.1 billion in the previous audited financial statements of 22 councils. These all required prior-year audited balances to be corrected. Eighty eight per cent of these were asset related.	The high number of asset-related prior-period errors reinforces the need for councils to improve the way they value and account for assets.
Financial statements We reported 43 moderate risk findings where councils can improve the way they complete their financial statements.	Recommendation Councils can improve the quality of financial reporting by reviewing their financial statements close processes to identify areas for improvements.
Of the councils that had an audit, risk and improvement committee, 55 per cent of these did not review the financial statements before audit.	Recommendation Councils can improve the quality of financial reporting by involving an audit, risk and improvement committee in the review of financial statements.
OLG guidance To support councils in preparing 30 June 2017 financial statements, OLG issued guidance documents in June 2017 and September 2017. This limited the time councils had to prepare financial statements in the prescribed form and resolve financial reporting and audit issues.	Recommendation The Office of Local Government should release the Local Government Code of Accounting Practice and Financial Reporting and the End of Year Financial Reporting Circular earlier in the audit cycle, ideally by 30 April each year.
The Code applicable for the 2016–17 financial reporting period provided options and guidance that in some instances did not fully align with Australian Accounting Standards.	Recommendation The Local Government Code of Accounting Practice and Financial Reporting should align with Australian Accounting Standards.
2.2 Timeliness of financial reporting
Statutory deadlines One hundred councils submitted audited financial statements to OLG by the statutory deadline of 31 October 2017. Thirty-nine councils received reporting extensions up to 28 February, including 16 of the 20 newly amalgamated councils. Bayside Council received a reporting extension to 31 May 2018 and has not yet presented their financial statements for audit.	Councils need to improve their financial reporting processes in order to lodge their financial statements by the statutory reporting deadline.
Early close procedures Councils currently do not use early close procedures to resolve accounting issues before the end of the financial year.	Recommendation The Office of Local Government should introduce early close procedures with an emphasis on asset valuations.

³ The Auditor‑General was appointed statutory auditor of eight councils for the 2015–16 reporting period at the specific request of councils, due to the failure by councils to appoint an auditor, or the inability of the previous auditor to complete the audit due to external investigation or auditor retirement.

Strong and sustainable financial performance provides the platform for councils to deliver services and respond to the needs of their community. This chapter outlines our audit observations on the performance of councils against the Office of Local Government's (OLG) performance indicators, grouped in three areas:

operating revenue performance measures
liquidity and working capital performance measures
asset management performance measures.

Our analysis indicates that some councils face challenges in meeting these performance and sustainability measures.

Observations	Conclusions
3.1 Operating revenue performance measures
Operating performance Operating expenses for 18 councils exceeded their operating revenue. Another 20 councils would not have met OLG’s operating performance benchmark without the receipt of 2017–18 financial assistance grants which was recorded as revenue during 2016–17. Eleven councils have not met OLG’s operating performance benchmark for the last three years.	It is important that councils have financial management strategies that support their financial sustainability and ability to meet OLG’s operating performance benchmark over the long term.
Operating performance measures how well councils contain operating expenses within operating revenue. OLG has prescribed a benchmark of greater than zero.
Own source operating revenue Fifty-nine councils did not meet OLG’s benchmark, and 42 of those were rural councils.	Rural councils have high-value infrastructure assets that cover large areas with smaller populations and less capacity to raise revenue from alternative sources compared with metropolitan councils.
Own source operating revenue measures a council’s fiscal flexibility and the degree to which it can generate revenue from own sources compared with total revenue from all sources. OLG has prescribed a benchmark of more than 60 per cent of total revenue.
3.2 Liquidity and working capital performance measures
Unrestricted current ratio All but three councils met OLG’s benchmark.	Most councils can meet short-term obligations as they fall due.
The unrestricted current ratio represents a council’s ability to meet its short-term obligations as they fall due. OLG has prescribed a benchmark of greater than 1.5 times.
Debt service cover ratio All but two councils met OLG’s benchmark. These two councils did not meet OLG’s benchmark due to the early repayment of borrowings. Regional councils have 56 per cent of the value of all borrowings in the sector.	Most councils have sufficient operating cash available to service their borrowings. Regional councils borrow more heavily than metropolitan councils to deliver water and sewerage infrastructure. Metropolitan councils do not have the responsibility to provide water and sewerage infrastructure.
The debt service cover ratio measures the operating cash available to service debt including interest, principal and lease payments. OLG has prescribed a benchmark of greater than two times.
Rates and annual charges outstanding Eight rural, five regional, three metropolitan and two county councils did not meet OLG’s benchmark. These councils also did not meet the infrastructure backlog ratio.	Most councils are collecting rates and annual charges levied. Councils with higher levels of uncollected rates and charges can experience increased pressure on the working capital available to fund operations.
The rates and annual charges outstanding measure assesses the impact of uncollected rates and annual charges on a council’s liquidity and the adequacy of debt recovery efforts. OLG has prescribed a benchmark of less than five per cent for metropolitan and less than ten per cent for other councils.
Cash expense cover ratio Three rural and two county councils did not meet OLG’s benchmark.	Most councils have the capacity to cover more than three months of operating expenses.
The cash expense cover ratio indicates the number of months a council can continue paying its expenses without additional cash inflows. OLG has prescribed a benchmark of greater than three months.
This measure does not exclude externally and internally restricted funds. If externally restricted funds are excluded, all councils would still meet OLG’s benchmark. If both externally and internally restricted funds are excluded: an additional 32 councils would have a cash expense cover ratio of less than three months a further nine councils are left without any unrestricted funds for general operations.	Councils with a higher proportion of restricted funds may have less flexibility to pay operational expenses than the cash expense cover ratio suggests. However, councils can resolve to lift internal restriction if required.
3.3. Asset management performance measures (not audited)
Building and infrastructure renewals ratio Seventy councils reported to OLG they do not meet the benchmark for this ratio. Most councils included expenditure related to work-in-progress in calculating this ratio. OLG are of the view that work-in-progress should be excluded and as a result identified that a further 23 councils do not meet the benchmark.	These councils appear to not be renewing assets in line with the rate they are depreciating them. This raises questions as to whether council asset management plans are adequate to determine whether assets are being kept up to agreed standards. Uncertainty on the inclusion of work-in-progress assets does need to be is clarified in order to ensure consistency in determining whether councils are adequately renewing their assets.
The building and infrastructure renewals ratio represents the rate at which assets are being renewed relative to the rate at which they are depreciating. OLG has prescribed a benchmark of greater than 100 per cent.
Infrastructure backlog ratio Eighty-four councils reported to OLG that they do not meet the benchmark for this ratio.	These councils may not be maintaining their infrastructure backlog at a manageable level.
The infrastructure backlog ratio represents the proportion of infrastructure backlog relative to the total net book value of a council's infrastructure assets. OLG has prescribed a benchmark of less than two per cent.
Asset maintenance ratio Seventy-one councils reported to OLG they do not meet the benchmark for this ratio	These councils’ maintenance expenditure may be insufficient to sustain their assets in a functional state so they reach their predicted useful life.
The asset maintenance ratio represents the rate at which assets are being maintained relative to the rate at which they are required to be maintained. OLG has prescribed a benchmark of greater than 100 per cent.
Costs to bring assets to agreed service level One-hundred and two councils reported results against this indicator to OLG. The reported results ranged from 0.1 per cent to 19.8 per cent.	There is variability between councils in the amount of outstanding renewal works to be completed.
This ratio represents the estimated cost to renew or rehabilitate existing infrastructure assets that have reached the condition-based interval level adopted by a council, relative to the gross replacement cost of all infrastructure assets. OLG has not prescribed a benchmark for this performance measure.

OLG’s benchmarks for financial performance and sustainability

Each local council has unique characteristics such as its size, location and services provided to their communities. These differences affect the nature of each council's assets and liabilities, revenue and expenses, and in turn the financial performance measures against which it reports.

The Office of Local Government prescribes performance indicators for council reporting

The analysis in this chapter is based on performance measures prescribed in OLG’s Code of Accounting Practice and Financial Reporting (the Code). Councils report against these measures in their annual report, which includes the audited financial statements and other unaudited information. In the audited financial statements, councils report performance against six financial sustainability measures:

operating performance
own source operating revenue
unrestricted current ratio
debt service cover ratio
rates and annual charges outstanding percentage
cash expense cover ratio.

Councils also include the unaudited Special Schedule 7 'Report on Infrastructure Assets' in their annual reports. In this schedule, councils report to OLG on performance against four further measures:

building and infrastructure renewals ratio
infrastructure backlog ratio
asset maintenance ratio
cost to bring assets to agreed service level.

Each audited measure and three of the four unaudited measures has a prescribed benchmark. OLG’s benchmarks are the same for metropolitan, regional, rural and county councils, with the exception of the rates and annual charges outstanding percentage. Regional, rural and county councils have a different benchmark to metropolitan councils for this measure.

Three rural councils did not meet three of the audited OLG benchmarks

Most councils met OLG’s benchmarks for at least five or all of the six audited performance measures. Eight rural, four regional, four metropolitan and two county councils did not meet OLG’s benchmarks for two out of the six audited performance measures. Three rural councils did not meet OLG’s benchmarks for three out of the six audited performance measures.

The following table summarises how the councils performed across the six audited performance measures.

Number of OLG benchmarks met by councils		Number of councils
Number of OLG benchmarks met by councils	Metropolitan	Regional	Rural	County
6	12	12	29	5
5	17	21	17	5
4	4	4	8	2
3	--	--	3	--
Not available*	1	--	--	--
Total	34	37	57	12

* The financial statements for Bayside Council are not yet presented for audit.
Source: Audited Financial Statements for 2016–17.

Appendix ten lists the performance of each council against all performance measures.

NSW councils own and manage a significant range of assets, including infrastructure, property, plant and equipment with a total value of $136 billion.

Many of the issues that our local government audits identified related to asset management. This chapter discusses some of the asset accounting issues we found, focusing on five areas:

overall asset management issues
asset registers
asset valuation
recognition and asset useful life estimates
asset policy and planning.

Observations	Conclusion or recommendation
4.1 High risk issues
Significant matters reported to those charged with council governance Our 2016–17 audits identified ten high risk issues related to the accuracy of asset registers, restricted assets and asset revaluations.	High risk issues affect council’s ability to maintain their assets in the condition required to deliver essential services.
4.2 Asset reporting
Accuracy of asset registers Our audits identified instances where councils had multiple asset registers, inaccurate or incomplete registers, unreconciled registers, or uncontrolled manual spreadsheets.	Maintaining accurate asset records is important as it enables councils to manage their assets effectively and report on finances appropriately.
Unrecorded land and infrastructure assets Twenty-four councils had not recorded $145 million worth of assets, mainly land and infrastructure assets.	Assets not captured in council records is at risk of not being subject to their care and control, nor recorded in the financial statements.
Rural fire-fighting equipment At 30 June 2017, forty-six councils did report vested rural fire-fighting equipment in their financial statements. However, 62 councils did not record vested fire-fighting equipment in their financial statements. These rural fire‑fighting equipment assets are not reported in either State government or local government financial statements.	Recommendation The Office of Local Government should address the different practices across the local government sector in accounting for rural fire‑fighting equipment before 30 June 2018. In doing so, the Office of Local Government should work with NSW Treasury to ensure there is a whole‑of‑government approach.
4.3 Asset valuation
Restricted assets Our audits found that ten councils did not appropriately consider restrictions on the use of community land and land under roads when determining asset fair values in accordance with Australian Accounting Standards. Nine councils corrected the land values in their 2016–17 financial statements, reducing the reported value of community land and land under roads by $12.1 billion.	The valuation of community land and land under roads should reflect the physical and legislative restrictions on these assets as required by Australian Accounting Standards. The impact of restrictions can be significant. Councils should consider engaging experts to assist with the determination of asset fair values, as necessary.
Asset revaluations Our audits found many cases where councils did not review valuation results, comply with applicable codes, or work effectively with valuers to obtain accurate asset valuations.	Valuing large infrastructure assets is a complex process. Councils would benefit if the process is started earlier and there is a clear plan to ensure valuations are appropriately managed and documented.
4.4 Asset useful life estimates
Asset useful life estimates We found considerable variability in councils' useful lives for similar assets. In some cases, the useful lives of assets are not reviewed annually or supported by regular condition assessment.	Depreciation is a significant expense for councils and therefore impacts on reported financial results and key performance indicators. To comply with Australian Accounting Standards, councils need to reassess the useful lives of all assets annually. Regular condition assessments are essential to identify maintenance requirements and maintain service delivery.
4.5 Asset policy and planning
Asset management strategy Thirteen councils do not have an asset management policy, strategy and plan, as required by OLG's Integrated Planning and Reporting Framework. Newly amalgamated councils have until 30 June 2018 to implement this.	An effective asset management strategy, policy and plan helps councils to manage their assets appropriately over their life cycle and to make informed decisions on the allocation of resources.

Asset overview

NSW councils own and manage a significant range of assets, including infrastructure, property, plant and equipment.

At 30 June 2017, the combined carrying value of NSW council assets was as follows.

Good governance systems help councils to operate effectively and comply with relevant laws and standards. Internal controls assist councils to operate reliably and produce effective financial statements.

This chapter highlights the high risk issues we found and reports on a range of governance and control areas. Governance and control issues relating to asset management and information technology are covered in separate chapters.

Observation	Conclusion or recommendation
5.1 High risk issues
Significant matters reported to those charged with council governance
Our 2016–17 audits identified 36 high risk governance and internal control deficiencies across 17 councils.	Asset practices accounted for the highest number of high risk issues and information technology accounted for the largest overall number of control deficiencies. These matters are covered in chapters four and six respectively.
We reported: seventeen high risk issues relating to governance, purchase-to-pay, financial accounting and payroll processes ten high risk issues relating to asset practices nine high risk issues related to information technology management.	High risk issues affect council’s ability to achieve their objectives and increase the risk of fraud and error.
5.2 Governance
Audit committees
Councils are currently not required to have an audit, risk and improvement committee. Consequently, 53 councils do not have an audit committee.	Proposed legislative changes will require councils to establish an audit, risk and improvement committee by March 2021. Recommendation Councils should early adopt the proposed requirement to establish an audit, risk and improvement committee.
Internal audit Councils are currently not required to have an internal audit function. Consequently, 52 councils do not have this function.	Recommendation The Office of Local Government should introduce the requirement for councils to establish internal audit functions and update its 2010 Internal Audit Guidelines.
Council entities The Office of Local Government's register of entities approved under section 358 of the Local Government Act 1993 is incomplete.	Recommendation The Office of Local Government should maintain an accurate register of council entities approved under section 358 of the Local Government Act 1993.
The Local Government Act 1993 does not stipulate a financial reporting framework for council entities.	Recommendation The Office of Local Government should establish a financial reporting framework for council entities.
Policies and procedures We identified 50 high and moderate risk issues across 33 councils where policies and procedures over critical business processes did not exist or had not been updated.	It is important there are current policies, standards and guidelines available to staff and contractors across all critical business processes.
Legislative compliance frameworks Our audits found that 45 councils do not have sufficient processes to show they are complying with legislative requirements.	Councils can improve practices in monitoring compliance with key laws and regulations. This includes implementing a legislative compliance framework, register and policy.
Risk management We identified 15 high and moderate risk issues across 15 councils where risk management practices could be strengthened.	Council risk management practices are enhanced when there is a fit-for-purpose risk management framework, register and policy to outline how risks are identified, managed and monitored.
5.3 Internal controls
Financial accounting We identified 45 high and moderate risk control deficiencies across 41 councils concerning the use of manual journals to adjust council financial records. This can increase the risk of fraud and error. We identified 51 high and moderate risk issues across 39 councils where reconciliation processes need to improve to support the preparation of accurate financial statements	Sound financial accounting processes include controls to ensure: a person other than the preparer authorises manual journals key account reconciliations are prepared and reviewed.
Purchasing and payables We found 102 high and moderate risk deficiencies in purchasing and payable controls across 64 councils. Sound purchasing controls are important to minimise error, unauthorised purchases, fraud and waste.	As councils spend a substantial amount each year to procure goods and services, strong controls over purchasing and payment practices are critical. These include: a review of changes to vendor master file data by an appropriate independent officer an independent review and approval of purchases, including credit card transactions compliance with Tendering Guidelines for NSW Local Government.
Payroll We identified 71 high and moderate risk deficiencies in payroll controls across 48 councils. Weaknesses in payroll controls could result in incorrect payments being made to employees, due to error or fraud. Managing excess annual leave balances was a challenge for 32 councils.	Effective payroll controls are important because employee expenses represent a large portion of council expenditure. These controls include segregation of duties in the review of payroll master file data, timesheets, leave forms, payroll exception reports and termination payments. Excessive annual leave balances can have implications on employee costs, disrupts service delivery and affect work, health and safety. Excess annual leave balances should be continuously monitored and managed.

Like most public sector agencies, councils increasingly rely on information technology (IT) to deliver services and manage sensitive information. While IT delivers considerable benefits, it also presents risks that councils need to address.

Our review of council IT systems focused on understanding the processes and controls that support the integrity, availability and security of the data used to prepare financial statements. This chapter outlines issues in three broad areas:

high risk issues
access to IT systems
IT governance.

Issues	Conclusion
6.1 High risk issues
Significant matters reported to those charged with council governance
Our 2016–17 audits identified nine high risk IT control deficiencies across seven councils. The issues related to user access controls, privileged access controls and user developed applications.	High risk issues affect council’s ability to achieve their objectives and increase the risk of fraud and error.
6.2 Access to IT systems
User access controls We identified 107 issues across 56 councils where user access controls could be strengthened.	Inadequate IT policies and controls around user access, including privileged access, increases the risk of individuals having excessive or unauthorised access to critical financial systems and data.
Privileged access We identified 86 examples across 64 councils of inappropriate privileged access, inadequate review of access and insufficient retention and review of access logs.
User developed applications User developed applications (UDAs) are computing applications, tools and processes developed or managed outside IT administration. UDAs may allow users to bypass formal user access controls. Our audits found 22 councils using spreadsheets for business operations, decision making and financial reporting that were not adequately secured, with changes that were not tracked, tested or reviewed. We also identified five councils where finance staff and senior management use database query tools to directly modify financial data, circumventing system-based business process controls.	It is important councils are aware of all circumstances they are relying on UDAs to limit the risk of errors and potential misuse. This allows councils to: transition UDA functions to internal systems where possible ensure UDAs are adequately controlled where they continue to use them regularly review access rights to UDAs and back-up business-critical information.
6.3 IT Governance
Strategy, policies and procedures Around one in four councils do not have an IT strategy or operational plan. Some councils also need to develop or improve IT policies and procedures. Sixty-six councils do not have an adequate information security policy.	IT governance is enhanced where there is: a fit-for-purpose IT strategy and operational plan appropriate policies, standards and guidelines across all critical IT processes a formally defined process to support security and access to all systems.
Disaster recovery and business continuity Our audits identified that 17 councils do not have a documented plan to recover critical business functions in the event of a disaster. The ability to restore data from backups is critical to ensure business continuity in the face of a system disaster. We also found that 15 councils do not periodically test their ability to restore backups of data relevant to financial reporting.	Sound management of disaster recovery and business continuity includes: a documented plan for how critical business functions will be recovered in the event of a disaster, which is periodically reviewed and tested the ability to restore backed-up data, which is periodically tested. We expect to focus on these areas in our future audits.