Reports
Planning, Industry and Environment 2019
This report outlines the results of audits of the financial statements of agencies now grouped in the NSW Planning, Industry and Environment cluster.
Unqualified audit opinions were issued for 56 of the 66 cluster agencies’ 30 June 2019 financial statements. Ten audits remain incomplete. The cluster agencies need to improve the timeliness of financial reporting.
The Audit Office continued to identify issues regarding unprocessed Aboriginal land claims and the recognition of Crown land. ‘Auditor-General’s reports to parliament have recommended action to reduce the level of unprocessed land claims since 2007. However, the number of unprocessed claims continued to increase’, Margaret Crawford said.
One in five internal control findings were repeat issues. Key themes included information technology, asset management and improvements required to expense and payroll controls.
The report makes several recommendations including:
- Property NSW should urgently address the deficiencies in the lease data used to calculate the impact of the new leasing standard effective from 1 July 2019
- the Department of Planning, Industry and Environment should prioritise action to reduce unprocessed Aboriginal land claims
- the Department of Planning, Industry and Environment should ensure the Crown land database is complete and accurate so state agencies and local government councils are better informed about the Crown land they control.
This report analyses the results of our audits of financial statements of the Planning, Industry and Environment cluster agencies for the year ended 30 June 2019. The table below summarises our key observations.
1. Machinery of Government changes
| Creation of the Planning, Industry and Environment cluster |
The Machinery of Government (MoG) changes abolished the former Planning and Environment cluster and former Industry cluster, and created the Planning, Industry and Environment cluster on 1 July 2019. The Department of Planning and Environment (DPE), the Department of Industry (DOI), the Office of Environment and Heritage, and the Office of Local Government were abolished and the majority of their functions were transferred to the new Department of Planning, Industry and Environment (DPIE). |
| The Department of Planning, Industry and Environment is still in the process of implementing changes |
The MoG changes bring risks and challenges to the cluster. A MoG Steering Committee, with the support of various project control groups and working groups, identified and developed responses to key risks arising from the changes. However, the DPIE will take some time to fully integrate the policies, systems and processes of the abolished Departments and agencies. |
2. Financial reporting
| Audit opinions | Unqualified audit opinions were issued for 56 of the 66 cluster agencies' 30 June 2019 financial statements audits. Ten financial statements audits are still ongoing. |
| Timeliness of financial reporting |
Fifty-five of the 57 agencies subject to statutory deadlines submitted their financial statements on time. Due to issues identified during the audit, 13 financial statements audits were not completed and audit opinions issued by the statutory deadline. Agencies prepared and submitted their early close procedures in accordance with the mandatory timeframe set by NSW Treasury. However, 17 of the 49 agencies where we reviewed early close procedures were assessed as either partially addressing or not addressing one or more of the mandatory requirements. The cluster agencies could benefit from an increased focus on early close procedures. |
| Introduction of AASB 16 'Leases' |
We noted errors in the lease data used in Property NSW's AASB 16 impact calculations, which affect both Property NSW and other government agencies. These errors were significant enough to present a risk of material misstatements to the financial statements of Property NSW and other government agencies in future reporting periods. We had similar findings in our recent performance audit on 'Property Asset Utilisation', which highlighted issues with the quality of Property NSW's records. Recommendation: Property NSW should urgently address the deficiencies in the lease data used to calculate the impact of the new leasing standard effective from 1 July 2019. |
| Unprocessed Aboriginal land claims have continued to increase |
Despite an increase in the number of claims resolved, the number of unprocessed Aboriginal land claims increased by 7.2 per cent from the prior year to 35,855 at 30 June 2019. Claims can be made over Crown land assets of the DPIE or other government agencies. Until claims are resolved, there is an uncertainty over who is entitled to the land and the uses and activities that can be carried out on the land. We first recommended action to address unprocessed claims in 2007. Recommendation (repeat issue): The DPIE should prioritise action to reduce unprocessed Aboriginal land claims. |
3. Audit observations
| Internal controls |
One in five internal control issues identified and reported to management in 2018–19 were repeat issues. The lack of user access review was the most common IT general control issue in the cluster. |
| Drought relief |
The NSW Government announced an emergency drought relief package of $500 million in 2018, in addition to other financial assistance measures already in place. Limited documentation and written agreements between relevant delivery agencies resulted in a $31.0 million misstatement relating to grant revenue. |
| Recognition of Crown land |
Crown land is an important asset of the state. Management and recognition of Crown land assets is weakened when there is confusion over who is responsible for a particular Crown land parcel. Last year we recommended the DOI should ensure the database of Crown land is complete and accurate. While the DOI has commenced actions to improve the database, this continued to be an issue in 2018–19. Recommendation (repeat issue): The DPIE should ensure the Crown land database is complete and accurate so state agencies and local government councils are better informed about the Crown land they control. |
| Developer contributions | The former DPE continued to accumulate more developer contributions revenues than it spent on infrastructure projects. Total unspent funds increased to $274 million at 30 June 2019. |
This report provides parliament and other users of the Planning, Industry and Environment cluster agencies financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
This cluster was created by the Machinery of Government changes on 1 July 2019. This report is focused on agencies in the Planning, Industry and Environment cluster from 1 July 2019. However, these agencies were all in other clusters during 2018–19. Please refer to the section on Machinery of Government changes for more details.
Machinery of Government (MoG) refers to how the government organises the structures and functions of the public service. MoG changes are where the government reorganises these structures and functions that are given effect by Administrative orders.
The MoG changes, announced following the NSW State election on 23 March 2019, created the Planning, Industry and Environment (PIE) cluster. The Administrative Changes Orders issued on 2 April 2019, 1 May 2019 and 28 June 2019 gave effect to these changes. These orders became effective on 1 July 2019.
Section highlights
The 2019 MoG changes significantly impacted the former Planning and Environment, and Industry clusters and agencies.
- The PIE cluster combines most of the functions and agencies of the former Planning and Environment and Industry clusters from 1 July 2019.
- The Department of Planning, Industry and Environment is the principal agency in the PIE cluster.
- The MoG changes bring risks and challenges to the PIE cluster.
- A MoG Steering Committee was established to oversee the transitional processes.
- The full integration of the systems and processes will not be completed in the near future.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Planning, Industry and Environment (PIE) cluster for 2019. In this chapter, the Department of Planning, Industry and Environment is referred to as DPIE, the former Department of Planning and Environment as DPE, and the former Department of Industry as DOI.
Section highlights
- Unqualified audit opinions were issued for all completed 30 June 2019 financial statements audits. However, some cluster agencies can further enhance the quality of financial reporting.
- Timeliness of financial reporting remains an issue for 13 agencies.
- Deficiencies were identified in the data used to calculate the impact of AASB 16 ‘Leases’ effective from 1 July 2019. Property NSW should urgently address these deficiencies.
- Unprocessed Aboriginal land claims continue to increase. DPIE should prioritise action to reduce unprocessed Aboriginal land claims.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our audit observations and insights from our financial statement audits of agencies in the Planning, Industry and Environment (PIE) cluster for 2019. In this chapter, the Department of Planning, Industry and Environment is referred to as DPIE, the former Department of Planning and Environment as DPE, and the former Department of Industry as DOI.
Section highlights
- One in five issues identified and reported to management in 2018–19 were repeat issues.
- The lack of user access review was the most common IT general control issue in the PIE cluster.
- The PIE cluster provided significant financial assistance for drought relief.
- There continues to be significant deficiencies in Crown land records. The DPIE should ensure the Crown land database is complete and accurate.
- Unspent developer contributions funds continued to build up in 2018–19.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – Cluster agencies
Appendix four – Financial data
Appendix five – Management letter findings
Appendix six – Timeliness of financial reporting
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Health 2019
This report focuses on key observations and findings from the most recent financial audits of the Ministry of Health, local health districts, specialty health networks, health corporations and independent health agencies in New South Wales. The report also summarises self-reported performance measures across the network.
The number and value of adjustments to financial statements of entities in the Health Cluster decreased from the prior year. And unqualified audit opinions were issued for all heath entities’ financial statements.
Audit findings relating to internal controls deficiencies increased across health entities. Contributing to this increase were deficiencies in information system controls, which accounted for nearly a quarter of all control deficiencies. Repeat audit findings also accounted for more than a quarter of all control deficiencies.
The report notes health entities continued to experience challenges with managing employees’ excessive annual leave and time recording practices. The Ambulance Service of New South Wales continued to report high overtime payments to its employees.
This report analyses the results of our audits of financial statements of the agencies comprising the Health cluster for the year ended 30 June 2019. The table below summarises our key observations.
1. Machinery of Government changes
| Cluster changes | Machinery of Government (MoG) changes refer to how the government reorganises agency structures and functions and realigns ministerial responsibilities. The Health cluster was not impacted by the MoG changes. |
2. Financial reporting
| Financial reporting |
The financial statements of NSW Health and its controlled entities received unqualified audit opinions before the legislative deadline. |
| Financial performance | Overall, NSW Health recorded an operating surplus of $1.1 billion in 2018–19, an increase of $699 million from 2017–18. This was the result of additional funding received for capital expenditure on the construction of new facilities, upgrades and redevelopments. Budgeted expense for the 15 local health districts and two speciality networks increased from $18.3 billion to $19.4 billion in 2018–19. The 15 health entities recorded unfavourable variances between actual and budgeted expenses. |
| Excess annual leave |
Managing excess annual leave remains a challenge for NSW Health, 36.9 per cent of the workforce have excess annual leave balances. Recommendation: Health entities should further review their approach to managing excess annual leave in 2019–20, and:
|
| Overtime payments | NSW Health entities generally manage overtime well. The Ambulance Service of NSW’s overtime payments of $83.1 million (9.8 per cent of total salaries and wages), remain significantly higher than other health entities. Recommendation: The Ambulance Service of NSW should further review the effectiveness of its rostering practices to identify strategies to reduce overtime payments. |
3. Audit observations
| Internal control deficiencies | We identified more internal control deficiencies in 2018–19. The number of repeat issues from prior years also remains high with more than one quarter of issues having been previously reported. More than a quarter of deficiencies related to information system controls. |
| Infrastructure delivery | NSW Health defines projects with a budgeted cost greater than $50.0 million as 'major projects'. There were significant revisions to planned financial completion dates and budgeted costs of these projects. The revised total budgets for the 30 ongoing major capital projects at 30 June 2019 is $10.2 billion, $2.2 billion more than the original budget. Health Infrastructure completed three major capital projects during 2018–19. |
| Asset maintenance | The total cost of maintaining the health entities’ $19.8 billion of assets was $635 million for 2018–19. Health entities' approaches to setting maintenance budgets vary. Most entities are addressing their backlog maintenance, although many were not able to quantify the full extent of their backlog maintenance. Although health entities continue to use fully depreciated assets, the replacement cost of these assets is decreasing. |
This report provides parliament and other users of the financial statements of agencies within the Health cluster with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas for the year ended 30 June 2019:
- financial reporting
- audit observations.
The Health cluster was not impacted by the Machinery of Government changes on 1 July 2019.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the health cluster for 2019.
Section highlights
- We issued unqualified audit opinions for all health entities’ financial statements and identified fewer misstatement than last year. Health entities continue to meet statutory deadlines.
- The Ministry of Health sets significant accounting policies centrally and provides a template for the preparation of health entities’ financial statements. These processes promote consistent quality in the financial reports of health entities and reduce the number of misstatements we identify.
- NSW Health recorded an operating surplus of $1.1 billion, an increase of $699 million from 2017–18. This is because of additional capital grants for new facilities, upgrades and redevelopments. The capital replacement ratio (investment in new assets divided by depreciation) for NSW Health is 2.6.
- NSW Health’s expenses increased by 7.0 per cent in 2018–19 (5.5 per cent in 2017–18). This is one percentage point higher than the projected long-term annual expense growth rate of six per cent. The primary causes for the growth in expenses are increased:
- employee related expenses because provisions for employee benefits increased when the discount rate decreased
- operating expenses associated with the opening of Northern Beaches Hospital.
- Excess annual leave balances continue to increase for the NSW Health workforce, with excess annual leave balances impacting 37 per cent of employees (34 per cent in 2017–18).
- Health entities should further review their approach to managing excess annual leave in 2019–20 by monitoring current and projected leave balances on a regular basis, agreeing formal leave plans with employees and encouraging staff that perform key control functions to take a minimum of two consecutive weeks’ leave a year as a fraud mitigation strategy.
- The Ambulance Services continued to report overtime payments higher than other health entities. The Ambulance Service paid its employees $83.1 million in overtime payments in 2018–19 ($74.8 million in 2017–18).
- We issued a qualified audit opinion for the Ministry of Health's Annual Prudential Compliance Statement for aged care facilities operated by NSW Health. We identified 40 instances of material non-compliance with the Fees and Payments Principles 2014 (No. 2) (the Principles) in 2018–19 (17 in 2017–18).
Audit opinions
We issued unqualified audit opinions for all health entities and quality of financial reporting continues to improve
We identified fewer misstatements this year, and the errors were less significant. In 2018–19 no errors exceeded $5.0 million (eight errors recorded in 2017–18). Ten health entities conducted a full revaluation of their land, buildings and infrastructure systems in 2018–19, but more robust processes avoided the errors identified in the previous year.
| Number of misstatements | ||||||
| Year ended 30 June | 2019 | 2018 | 2017 | |||
 |
 |
|
|
|
|
|
| Less than $50,000 | -- | -- | -- | 6 | 3 | 3 |
| $50,000 to $249,999 | -- | 1 | -- | -- | 2 | 3 |
| $250,000 to $999,999 | 1 | -- | -- | -- | 1 | 3 |
| $1 million to $4,999,999 | -- | 2 | -- | 2 | 1 | 5 |
| $5 million and greater | -- | -- | 6 | 2 | 1 | 2 |
| Total number of misstatements | 1 | 3 | 6 | 10 | 8 | 16 |
Corrected mistatements. Uncorrected statements.We issued a qualified audit opinion for our compliance audit of the Ministry of Health's Annual Prudential Compliance Statement
The Ministry of Health operates eight aged care facilities in NSW and is required to comply with the Fees and Payments Principles 2014 (No. 2) (the Principles) when entering into agreements with and managing payments to and from care recipients. The Principles are set by the Commonwealth Assistant Minister for Social Services. We identified 40 instances of material non-compliance in 2018–19, including:
- not agreeing maximum accommodation amounts payable with aged care recipients before they entered the residential care services
- not entering into accommodation agreements with care recipients within the specified period
- charging incorrect fees for activities or services to one care recipient
- not refunding two bond balances within the statutory framework
- not paying the correct amount of interest for 14 care recipients’ bonds refunded during the year.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the health cluster.
Section highlights
- The number of internal control deficiencies has increased since 2017–18. More than a quarter of control deficiencies are repeat issues and almost a quarter relate to information system controls. Both employee time recording and leave management remain as repeat issues in 2018–19.
- Control deficiencies that relate to managing employees' leave, employees’ time recording or information system limitations can be difficult for entities to resolve in a timely manner.
- Agreements for the treatment of New South Wales residents while they are interstate, and interstate residents while they are in New South Wales, are unsigned for Queensland, Victoria and the Australian Capital Territory for 2016–17, 2017–18 and 2018–19.
- NSW Health recorded $113.6 million in revenue from fees charged to Medicare ineligible patients during 2018–19 but has received payment for less than half of this.
- NSW Health reported that they completed three major capital projects during 2018–19.
- As at 30 June 2019 there were 30 ongoing major capital health projects in NSW. The revised capital budget for these projects in total was $2.2 billion more than the original budget of $8.0 billion.
- Health entities spent $635 million maintaining assets with a fair value of $19.8 billion of assets. Almost all entities were working through backlog maintenance during 2018–19, although several were unable to quantify the backlog.
- While entities are now regularly reassessing the useful lives of their assets, entities are still using a high volume of assets that are fully depreciated. Due to the age and nature of these assets the impact was not material.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – Financial data
Appendix four – Analysis of financial indicators
Appendix five – Analysis of performance against budget
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Internal Controls and Governance 2019
This report covers the findings and recommendations from the 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector. The 40 agencies selected for this report constitute around 84 per cent of total expenditure for all NSW public sector agencies.
The report provides insights into the effectiveness of controls and governance processes across the NSW public sector. It evaluates how agencies identify, mitigate and manage risks related to:
- financial controls
- information technology controls
- gifts and benefits
- internal audit
- contingent labour
- sensitive data.
The Auditor-General recommended that agencies do more to prioritise and address vulnerabilities in their internal controls and governance. The Auditor-General also recommended agencies increase the transparency of their management of gifts and benefits by publishing their registers on their websites.
This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2019.
1. Internal control trends
| New, repeat and high risk findings |
There was an increase in internal control deficiencies of 12 per cent compared to last year. The increase is predominately due to a 100 per cent increase in repeat financial and IT control deficiencies. Some agencies attributed the delay in actioning repeat findings to the diversion of staff from their regular activities to implement and operationalise the recent Machinery of Government changes. As a result, actions to address audit recommendations have been deferred or re prioritised, as the changes are implemented. Agencies need to ensure they are actively managing the risks associated with having these vulnerabilities in internal control systems unaddressed for extended periods of time. |
| Common findings |
A number of findings were common to multiple agencies. These findings often related to areas that are fundamental to good internal control environments and effective organisational governance, such as:
|
2. Information technology controls
| IT general controls |
We examined information security controls over key financial systems that support the preparation of agency financial statements. We found:
We also found 20 per cent of agencies had deficient IT program change controls, mainly related to segregation of duties in approval and authorisation processes, and user acceptance testing of program changes prior to deployment into production environments. User acceptance testing helps identify potential issues with software incompatibility, operational workflows, absent controls and software issues, as well as areas where training or user support may be required. |
3. Gifts and benefits
| Gifts and benefits registers |
All agencies had a gifts and benefits policy and 90 per cent of agencies maintain a gifts and benefits register. However, 51 per cent of the gifts and benefits registers we examined contained incomplete declarations, such as missing details for the approving officer, value of the gift and/or benefit offered and reasons supporting the decision. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate, compliant with policy and were not direct or indirect inducements to the recipients to favour suppliers or service providers. Agencies should ensure their gifts and benefits register includes all key fields specified in the Public Service Commission's minimum standards for gifts and benefits. Agencies should also perform regular reviews of the register to ensure completeness and ensure any gift or benefit accepted by a staff member meets the public's expectations for ethical behaviour. |
| Managing gifts and benefits |
We found opportunities to improve gifts and benefits processes and enhance transparency. For example, only three per cent of agencies publish their gifts and benefits registers on their websites. Agencies can improve management of gifts and benefits by:
|
| Reporting and monitoring |
Only 35 per cent of agencies reported trends in the number and nature of gifts and benefits recorded in their registers to the agency's senior executive management and/or a governance committee. Agencies should regularly report to the agency executive or other governance committee on trends in the offer and acceptance of gifts and benefits. |
4. Internal audit
| Obtaining value from the internal audit function |
Agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value. For example, only 73 per cent of CAEs regularly attend meetings of the agency board or executive management committee. Internal audit functions can add greater value by involving the CAE more extensively in executive forums as an observer. Internal audit functions should also consider producing an annual report on internal audit. An annual report allows the internal audit function to report on their performance and add value by drawing to the attention of audit and risk committees and senior management strategic issues, thematic trends and emerging risks. |
| Role of the Chief Audit Executive |
Forty-five per cent of agencies assigned responsibilities to the Chief Audit Executive (CAE) that were broader than internal audit, but 17 per cent of these had not documented safeguards to protect the independence of the CAE. The reporting lines and status of the CAE at some agencies also needs review. At two agencies, the CAE reported to the CFO. Agencies should ensure:
|
| Quality assurance and improvement program |
Thirty-five per cent of agencies did not have a documented quality assurance and improvement program for its internal audit function. The policy and the International Standards for the Professional Practice of Internal Auditing require agencies to have a documented quality assurance and improvement program. The results of this program should be reported annually. Agencies should ensure there is a documented and operational Quality Assurance and Improvement Program for the internal audit function that covers both internal and external assessments. |
5. Managing contingent labour
| Obtaining value for money from contingent labour |
According to NSW Procurement data, spend on contingent labour has increased by 75 per cent over the last five years, to $1.5 billion in 2018–19. Improvements in internal processes and a renewed focus on agency monitoring and oversight of contingent labour can help ensure agencies get the best value for money from their contingent workforces. Agencies can improve their management of contingent labour by:
We also found 57 per cent of the 23 agencies we examined with contingent labour spend of more than $5 million in 2018–19 have implemented the government's vendor management system and service provider 'Contractor Central'. |
6. Managing sensitive data
| Identifying and assessing sensitive data |
Sixty-eight per cent of agencies maintain an inventory of their sensitive data and where it resides. However, these inventories are not always complete and risks may be overlooked. Agencies can improve processes to manage sensitive data by:
|
| Managing data breaches |
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents. Agencies should maintain a data breach register to effectively manage the actions undertaken to contain, evaluate and remediate each data breach. |
This report covers the findings and recommendations from our 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies (refer to Appendix three) in the NSW public sector. The 40 agencies selected for this volume constitute around 84 per cent of total expenditure for all NSW public sector agencies.
Although the report includes several agencies that have changed as a result of the Machinery of Government changes that were effective from 1 July 2019, its focus on sector wide issues and insights means that its findings remain relevant to NSW public sector agencies, including newly formed agencies that have assumed the functions of abolished agencies.
This report offers insights into internal controls and governance in the NSW public sector
This is the third report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. For example, if they do not have strong information technology controls, sensitive information may be at risk of unauthorised access and misuse.
Areas of specific focus of the report have changed since last year
Last year's report topics included transparency and performance reporting, management of purchasing cards and taxi use, and fraud and corruption control. We are reporting on new topics this year and re-visiting agency management of gifts and benefits, which we first covered in our 2017 report. Re-visiting topics from prior years provides a baseline to show the NSW public sectors’ progress implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures and report on those that present heightened risks for agencies to mitigate. This year the report focusses on:
- internal control trends
- information technology controls, including access to agency systems
- protecting sensitive information held within agencies
- managing large and diverse workforces (controls around employing and managing contingent workers)
- maintaining an ethical culture (management of gifts and benefits)
- effectiveness of internal audit function and its oversight by Audit and Risk Committees.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, internal controls and audit observations are included in the individual 2019 cluster financial audit reports, which will be tabled in parliament from November to December 2019.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.
Key conclusions and sector wide learnings
- out of date policies or an absence of policies to guide appropriate decisions
- poor record keeping and document retention
- incomplete or inaccurate centralised registers or gaps in these registers.
Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage gifts and benefits.
Key conclusions and sector wide learnings
We found most agencies have implemented the Public Service Commission's minimum standards for gifts and benefits. All agencies had a gifts and benefits policy and 90 per cent of agencies maintained a gifts and benefits register and provided some form of training to employees on the treatment of gifts and benefits.
Based on our analysis of agency registers, we found some areas where opportunities existed to make processes more effective. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate and compliant with policy. Fifty-one per cent of the gifts and benefits registers reviewed contained declarations where not all fields of information had been completed. Seventy-seven per cent of agencies that maintained a gifts and benefits register did not include all key fields suggested by the minimum standards.
Areas where agencies can improve their management of gifts and benefits include:
- ensuring agency policies comprehensively cover the elements necessary to make it effective in an operational environment, such as identifying risks specific to the agency and actions that will be taken in the event of a policy breach
- establishing and publishing a statement of business ethics on the agency's website to clearly communicate expected behaviours to clients, customers,suppliers and contractors
- updating gifts and benefits registers to include all key fields suggested by the minimum standards, as well as performing regular reviews of the register to ensure completeness
- providing on-going training, awareness activities and support to employees, not just at induction
- regularly reporting gifts and benefits to executive management and/or a governance committee such as the audit and risk committee, focussing on trends in the number and types of gifts and benefits offered to and accepted by agency staff
- publishing their gifts and benefits registers on their websites to demonstrate a commitment to a transparently ethical environment.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency internal audit functions.
Key conclusions and sector wide learnings
We found agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems as required by TPP15-03 'Internal Audit and Risk Management Policy for the NSW Public Sector'. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value, including:
- documenting and implementing safeguards to address conflicting roles performed by the Chief Audit Executive (CAE)
- ensuring the reporting lines for the CAE comply with the NSW Treasury policy, and the CAE reports neither functionally or administratively to the finance function or other significant recipients of internal audit services
- involving the CAE more extensively in executive forums as an observer
- documenting a Quality Assurance and Improvement Program for the internal audit function and performing both internal and external performance assessments to identify opportunities for continuous improvement
- reporting against key performance indicators or a balanced scorecard and producing an annual report on internal audit to bring to the attention of the audit and risk committee and senior management strategic issues, thematic trends and emerging risks that may require further attention or resources.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to on-board, manage and off-board contingent labour.
Key conclusions and sector wide learnings
Agencies have implemented controls to manage contingent labour and most agencies have some level of reporting and oversight of contingent labour at an executive level. However, the increasing trend in spend on contingent labour warrants a renewed focus on agency monitoring and oversight of their use of contingent labour. Over the last five years spend on contingent labour has increased by 75 per cent, to $1.5 billion in 2018–19.
There are also some key gaps that limit the ability of agencies to effectively manage contingent labour. Key areas where agencies can improve their management of contingent labour include:
- preparing workforce plans to inform their resourcing strategy, and confirm prior to engaging contingent labour, that this solution aligns with the strategy and best meets business needs
- involving agency human resources units in decisions about engaging contingent labour
- regularly reporting on contingent labour use to agency executive teams, particularly in terms of trends in agency spend, tenure and compliance with policies and procedures
- strengthening on-boarding and off-boarding processes, including establishing checklists to on-board and off-board contingent labour, making provisions for knowledge transfer, and assessing, documenting and capturing performance information.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of governance and processes in relation to the management of sensitive data.
Key conclusions and sector wide learnings
Information technology risks are rapidly increasing. More interfaces between agencies and greater connectivity means the amounts of data agencies generate, access, store and share continue to increase. Some of this information is sensitive information, which is protected by the Privacy Act 1988.
It is important that agencies understand what sensitive data they hold, the risks associated with the inadvertent release of this information and how they are mitigating those risks. We found that agencies need to continue to identify and record their sensitive data, as well as expand the methods they use to identify sensitive data. This includes data held in unstructured repositories, such as network shared drives and by agency service providers.
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents.
Key areas where agencies can improve their management of sensitive data include:
- identifying sensitive data, based on a comprehensive and structured process and maintaining an inventory of the data
- assessing the criticality and sensitivity of the data so that the protection of high risk data can be prioritised
- developing comprehensive data breach management policies to ensure data breaches are appropriately managed
- maintaining a data breach incident register to record key information in relation to identified data breaches incidents, including the estimated cost of the breach
- providing on-going training and awareness activities to employees in relation to sensitive data and managing data breaches.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – In-scope agencies
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Engagement of probity advisers and probity auditors
Three key agencies are not fully complying with the NSW Procurement Board’s Direction for engaging probity practitioners, according to a report released today by the Acting Auditor-General for New South Wales, Ian Goodwin. They also do not have effective processes to achieve compliance or assure that probity engagements achieved value for money.
Probity is defined as the quality of having strong moral principles, honesty and decency. Probity is important for NSW Government agencies as it helps ensure decisions are made with integrity, fairness and accountability, while attaining value for money.
Probity advisers provide guidance on issues concerning integrity, fairness and accountability that may arise throughout asset procurement and disposal processes. Probity auditors verify that agencies' processes are consistent with government laws and legislation, guidelines and best practice principles.
According to the NSW State Infrastructure Strategy 2018-2038, New South Wales has more infrastructure projects underway than any state or territory in Australia. The scale of the spend on procuring and constructing new public transport networks, roads, schools and hospitals, the complexity of these projects and public scrutiny of aspects of their delivery has increased the focus on probity in the public sector.
A Procurement Board Direction, 'PBD-2013-05 Engagement of probity advisers and probity auditors' (the Direction), sets out the requirements for NSW Government agencies' use and engagement of probity practitioners. It confirms agencies should routinely take into account probity considerations in their procurement. The Direction also specifies that NSW Government agencies can use probity advisers and probity auditors (probity practitioners) when making decisions on procuring and disposing of assets, but that agencies:
- should use external probity practitioners as the exception rather than the rule
- should not use external probity practitioners as an 'insurance policy'
- must be accountable for decisions made
- cannot substitute the use of probity practitioners for good management practices
- not engage the same probity practitioner on an ongoing basis, and ensure the relationship remains robustly independent.
The scale of probity spend may be small in the context of the NSW Government's spend on projects. However, government agencies remain responsible for probity considerations whether they engage external probity practitioners or not.
The audit assessed whether Transport for NSW, the Department of Education and the Ministry of Health:
- complied with the requirements of ‘PBD-2013-05 Engagement of Probity Advisers and Probity Auditors’
- effectively ensured they achieved value for money when they used probity practitioners.
These entities are referred to as 'participating agencies' in this report.
We also surveyed 40 NSW Government agencies with the largest total expenditures (top 40 agencies) to get a cross sector view of their use of probity practitioners. These agencies are listed in Appendix two.
Conclusion
We found instances where each of the three participating agencies had not fully complied with the requirements of the NSW Procurement Board Direction ‘PBD-2013-05 Engagement of Probity Advisers and Probity Auditors’ when they engaged probity practitioners. We also found they did not have effective processes to achieve compliance or assure the engagements achieved value for money.
In the sample of engagements we selected, we found instances where the participating agencies did not always:
- document detailed terms of reference
- ensure the practitioner was sufficiently independent
- manage probity practitioners' independence and conflict of interest issues transparently
- provide practitioners with full access to records, people and meetings
- establish independent reporting lines reporting was limited to project managers
- evaluate whether value for money was achieved.
We also found:
- agencies tend to rely on only a limited number of probity service providers, sometimes using them on a continuous basis, which may threaten the actual or perceived independence of probity practitioners
- the NSW Procurement Board does not effectively monitor agencies' compliance with the Direction's requirements. Our enquiries revealed that the Board has not asked any agency to report on its use of probity practitioners since the Direction's inception in 2013.
There are no professional standards and capability requirements for probity practitioners
NSW Government agencies use probity practitioners to independently verify that their procurement and asset disposal processes are transparent, fair and accountable in the pursuit of value for money.
Probity practitioners are not subject to regulations that require them to have professional qualifications, experience and capability. Government agencies in New South Wales have difficulty finding probity standards, regulations or best practice guides to reference, which may diminish the degree of reliance stakeholders can place on practitioners’ work.
The NSW Procurement Board provides direction for the use of probity practitioners
The NSW Procurement Board Direction 'PBD-2013-15 for engagement of probity advisers and probity auditors' outlines the requirements for agencies' use of probity practitioners in the New South Wales public sector. All NSW Government agencies, except local government, state owned corporations and universities, must comply with the Direction when engaging probity practitioners. This is illustrated in Exhibit 1 below.
Internal Controls and Governance 2017
Agencies need to do more to address risks posed by information technology (IT).
Effective internal controls and governance systems help agencies to operate efficiently and effectively and comply with relevant laws, standards and policies. We assessed how well agencies are implementing these systems, and highlighted opportunities for improvement.
1. Overall trends
|
New and repeat findings |
The number of reported financial and IT control deficiencies has fallen, but many previously reported findings remain unresolved. |
|
High risk findings |
Poor systems implementations contributed to the seven high risk internal control deficiencies that could affect agencies. |
|
Common findings |
Poor IT controls are the most commonly reported deficiency across agencies, followed by governance issues relating to cyber security, capital projects, continuous disclosure, shared services, ethics and risk management maturity. |
2. Information Technology
|
IT security |
Only two-thirds of agencies are complying with their own policies on IT security. Agencies need to tighten user access and password controls. |
|
Cyber security |
Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
|
Other IT systems |
Agencies can improve their disaster recovery plans and the change control processes they use when updating IT systems. |
3. Asset Management
|
Capital investment |
Agencies report delays delivering against the significant increase in their budgets for capital projects. |
|
Capital projects |
Agencies are underspending their capital budgets and some can improve capital project governance. |
|
Asset disposals |
Eleven per cent of agencies were required to sell their real property through Property NSW but didn’t. And eight per cent of agencies can improve their asset disposal processes. |
4. Governance
|
Governance arrangements |
Sixty-four per cent of agencies’ disclosure policies support communication of key performance information and prompt public reporting of significant issues. |
|
Shared services |
Fifty-nine per cent of agencies use shared services, yet 14 per cent do not have service level agreements in place and 20 per cent can strengthen the performance standards they set. |
5. Ethics and Conduct
|
Ethical framework |
Agencies can reinforce their ethical frameworks by updating code‑of‑conduct policies and publishing a Statement of Business Ethics. |
|
Conflicts of interest |
All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
6. Risk Management
|
Risk management maturity |
All agencies have implemented risk management frameworks, but with varying levels of maturity. |
|
Risk management elements |
Many agencies can improve risk registers and strengthen their risk culture, particularly in the way that they report risks to their lead agency. |
This report covers the findings and recommendations from our 2016–17 financial audits related to the internal controls and governance of the 39 largest agencies (refer to Appendix three) in the NSW public sector. These agencies represent about 95 per cent of total expenditure for all NSW agencies and were considered to be a large enough group to identify common issues and insights.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2017 cluster financial audit reports tabled in Parliament from October to December 2017.
This new report offers strategic insight on the public sector as a whole
In previous years, we have commented on internal control and governance issues in the volumes we published on each ‘cluster’ or agency sector, generally between October and December. To add further value, we then commented more broadly about the issues identified for the public sector as a whole at the start of the following year.
This year, we have created this report dedicated to internal controls and governance. This will help Parliament to understand broad issues affecting the public sector, and help agencies to compare their own performance against that of their peers.
Without strong control measures and governance systems, agencies face increased risks in their financial management and service delivery. If they do not, for example, properly authorise payments or manage conflicts of interest, they are at greater risk of fraud. If they do not have strong information technology (IT) systems, sensitive and trusted information may be at risk of unauthorised access and misuse.
These problems can in turn reduce the efficiency of agency operations, increase their costs and reduce the quality of the services they deliver.
Our audits do not review every control or governance measure every year. We select a range of measures, and report on those that present the most significant risks that agencies should mitigate. This report divides these into the following six areas:
- Overall trends
- Information technology
- Asset management
- Governance
- Ethics and conduct
- Risk management.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume then illustrates this year’s controls and governance findings in more detail.
|
Issues |
Recommendations |
|
1.1 New and repeat findings |
|
|
The number of internal control deficiencies reduced over the past three years, but new higher-risk information technology (IT) control deficiencies were reported in 2016–17. Deficiencies repeated from previous years still make up a sizeable proportion of all internal control deficiencies. |
Recommendation Agencies should focus on emerging IT risks, but also manage new IT risks, reduce existing IT control deficiencies, and address repeat internal control deficiencies on a more timely basis. |
|
1.2 High risk findings |
|
|
We found seven high risk internal control deficiencies, which might significantly affect agencies. |
Recommendation Agencies should rectify high risk internal control deficiencies as a priority |
|
1.3 Common findings |
|
|
The most common internal control deficiencies related to poor or absent IT controls. We found some common governance deficiencies across multiple agencies. |
Recommendation Agencies should coordinate actions and resources to help rectify common IT control and governance deficiencies. |
Information technology (IT) has become increasingly important for government agencies’ financial reporting and to deliver their services efficiently and effectively. Our audits reviewed whether agencies have effective controls in place over their IT systems. We found that IT security remains the source of many control weakness in agencies.
| Issues | Recommendations |
2.1 IT security |
|
|
User access administration While 95 per cent of agencies have policies about user access, about two-thirds were compliant with these policies. Agencies can improve how they grant, change and end user access to their systems. |
Recommendation Agencies should strengthen user access administration to prevent inappropriate access to sensitive systems. Agencies should:
|
|
Privileged access Sixty-eight per cent of agencies do not adequately manage who can access their information systems, and many do not sufficiently monitor or restrict privileged access. |
Recommendation Agencies should tighten privileged user access to protect their information systems and reduce the risks of data misuse and fraud. Agencies should ensure they:
|
|
Password controls Forty-one per cent of agencies did not meet either their own standards or minimum standards for password controls. |
Recommendation Agencies should review and enforce password controls to strengthen security over sensitive systems. As a minimum, password parameters should include:
|
2.2 Cyber Security |
|
|
Cyber security framework Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat. |
Recommendation The Department of Finance, Services and Innovation should revisit its existing framework to develop a shared cyber security terminology and strengthen the current reporting requirements for cyber incidents. |
|
Cyber security strategies While 82 per cent of agencies have dedicated resources to address cyber security, they can strengthen their strategies, expertise and staff awareness. |
Recommendations The Department of Finance, Services and Innovation should:
Agencies should ensure they adequately resource staff dedicated to cyber security. |
2.3 Other IT systems |
|
|
Change control processes Some agencies need to improve change control processes to avoid unauthorised or inaccurate system changes. |
Recommendation Agencies should consistently perform user acceptance testing before system upgrades and changes. They should also properly approve and document changes to IT systems. |
|
Disaster recovery planning Agencies can do more to adequately assess critical business systems to enforce effective disaster recovery plans. This includes reviewing and testing their plans on a timely basis. |
Recommendation Agencies should complete business impact analyses to strengthen disaster recovery plans, then regularly test and update their plans. |
Agency service delivery relies on developing and renewing infrastructure assets such as schools, hospitals, roads, or public housing. Agencies are currently investing significantly in new assets. Agencies need to manage the scale and volume of current capital projects in order to deliver new infrastructure on time, on budget and realise the intended benefits. We found agencies can improve how they:
- manage their major capital projects
- dispose of existing assets.
| Issues | Recommendations or conclusions |
3.1 Capital investment |
|
|
Capital asset investment ratios Most agencies report high capital investment ratios, but one-third of agencies’ capital investment ratios are less than one. |
Recommendation Agencies with high capital asset investment ratios should ensure their project management and delivery functions have the capacity to deliver their current and forward work programs. |
|
Volume of capital spending Most agencies have significant forward spending commitments for capital projects. However, agencies’ actual capital expenditure has been below budget for the last three years. |
Conclusion The significant increase in capital budget underspends warrant investigation, particularly where this has resulted from slower than expected delivery of projects from previous years. |
3.2 Capital projects |
|
|
Major capital projects Agencies’ major capital projects were underspent by 13 percent against their budgets. |
Conclusion The causes of agency budget underspends warrant investigation to ensure the NSW Government’s infrastructure commitment is delivered on time. |
|
Capital project governance Agencies do not consistently prepare business cases or use project steering committees to oversee major capital projects. |
Conclusion Agencies that have project management processes that include robust business cases and regular updates to their steering committees (or equivalent) are better able to provide those projects with strategic direction and oversight. |
3.3. Asset disposals |
|
|
Asset disposal procedures Agencies need to strengthen their asset disposal procedures. |
Recommendations Agencies should have formal processes for disposing of surplus properties. Agencies should use Property NSW to manage real property sales unless, as in the case for State owned corporations, they have been granted an exemption. |
Governance refers to the high-level frameworks, processes and behaviours that help an organisation to achieve its objectives, comply with legal and other requirements, and meet a high standard of probity, accountability and transparency.
This chapter sets out the governance lighthouse model the Audit Office developed to help agencies reach best practice. It then focuses on two key areas: continuous disclosure and shared services arrangements. The following two chapters look at findings related to ethics and risk management.
| Issues | Recommendations or conclusions |
4.1 Governance arrangements |
|
|
Continuous disclosure Continuous disclosure promotes improved performance and public trust and aides better decision-making. Continuous disclosure is only mandatory for NSW Government Businesses such as State owned corporations. |
Conclusion Some agencies promote transparency and accountability by publishing on their websites a continuous disclosure policy that provides for, and encourages:
|
4.2 Shared services |
|
|
Service level agreements Some agencies do not have service level agreements for their shared service arrangements. Many of the agreements that do exist do not adequately specify controls, performance or reporting requirements. This reduces the effectiveness of shared services arrangements. |
Conclusion Agencies are better able to manage the quality and timeliness of shared service arrangements where they have a service level agreement in place. Ideally, the terms of service should be agreed before services are transferred to the service provider and:
|
|
Shared service performance Some agencies do not set performance standards for their shared service providers or regularly review performance results. |
Conclusion Agencies can achieve better results from shared service arrangements when they regularly monitor the performance of shared service providers using key measures for the benefits realised, costs saved and quality of services received. Before agencies extend or renegotiate a contract, they should comprehensively assess the services received and test the market to maximise value for money. |
All government sector employees must demonstrate the highest levels of ethical conduct, in line with standards set by The Code of Ethics and Conduct for NSW government sector employees.
This chapter looks at how well agencies are managing these requirements, and where they can improve their policies and processes.
We found that agencies mostly have the appropriate codes, frameworks and policies in place. But we have highlighted opportunities to improve the way they manage those systems to reduce the risks of unethical conduct.
| Issues | Recommendations or conclusions |
5.1 Ethical framework |
|
|
Code of conduct All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour. |
Recommendation Agencies should regularly review their code-of-conduct policies and ensure they keep their codes of conduct up-to-date. |
|
Statement of business ethics Most agencies maintain an ethical framework, but some can enhance their related processes, particularly when dealing with external clients, customers, suppliers and contractors. |
Conclusion Agencies can enhance their ethical frameworks by publishing a Statement of Business Ethics, which communicates their values and culture. |
5.2 Potential conflicts of interest |
|
|
Conflicts of interest All agencies have a conflicts-of-interest policy, but most can improve how they identify, manage and avoid conflicts of interest. |
Recommendation Agencies should improve the way they manage conflicts of interest, particularly by:
|
|
Gifts and benefits While all agencies already have a formal gifts-and-benefits policy, we found gaps in the management of gifts and benefits by some that increase the risk of unethical conduct. |
Recommendation Agencies should improve the way they manage gifts and benefits by promptly updating registers and providing annual training to staff. |
Risk management is an integral part of effective corporate governance. It helps agencies to identify, assess and prioritise the risks they face and in turn minimise, monitor and control the impact of unforeseen events. It also means agencies can respond to opportunities that may emerge and improve their services and activities.
This year we looked at the overall maturity of the risk management frameworks that agencies use, along with two important risk management elements: risk culture and risk registers.
| Issues | Recommendations or conclusions |
6.1 Risk management maturity |
|
|
All agencies have implemented risk management frameworks, but with varying levels of maturity in their application. Agencies’ averaged a score of 3.1 out of five across five critical assessment criteria for risk management. While strategy and governance fared best, the areas that most need to improve are risk culture, and systems and intelligence. |
Conclusion Agencies have introduced risk management frameworks and practices as required by the Treasury’s:
However, more can be done to progress risk management maturity and embed risk management in agency culture. |
6.2 Risk management elements |
|
|
Risk culture Most agencies have started to embed risk management into the culture of their organisation. But only some have successfully done so, and most agencies can improve their risk culture.
|
Conclusion Agencies can improve their risk culture by:
|
|
Risk registers and reporting Some agencies do not report their significant risks to their lead agency, which may impair the way resources are allocated in their cluster. Some agencies do not integrate risk registers at a divisional and whole-of-enterprise level. |
Conclusion Agencies not reporting significant risks at the cluster level increases the likelihood that significant risks are not being mitigated appropriately. |
Effective risk management can improve agency decision-making, protect reputations and lead to significant efficiencies and cost savings. By embedding risk management directly into their operations, agencies can also derive extra value for their activities and services.
Health 2017
The following report highlights results of the financial audits of entities in the NSW health cluster. The report focuses on key observations and findings from the most recent audits of these entities.
The report also includes a range of findings on service delivery. Overall, NSW Health is achieving most of their targets. Some local health districts are continuing to experience increased demand for their services and are finding it more difficult to meet their targets. For example, three local health districts had not achieved some emergency department response time targets for three consecutive years.
1. Financial reporting and controls
| Financial Reporting |
All health cluster entities received unqualified audit opinions and the quality of financial reporting remains high across the cluster. Early close procedures were largely completed and all financial statements were submitted by the deadlines. |
| Financial performance |
Overall, NSW Health recorded an operating surplus of $407 million in 2016–17. Eleven local health districts/specialty networks recorded operating deficits in 2016–17, four more than 2015–16. Expenses across NSW Health increased by 4.4 per cent in 2016–17 (6.0 per cent in 2015–16), lower than the expected long term annual expense growth rate. |
| Excess annual leave | Managing excess annual leave is a continual challenge for NSW Health, with thirty–five per cent of the workforce having excess balances. |
| Overtime payments | NSW Health entities are generally managing overtime well; however NSW Ambulance’s overtime payments, $74.6 million in 2016–17, remain significantly higher than other health entities. |
| Time and leave recording practices | Unapproved employee timesheets continue to be a problem for health entities. Weak timesheet approval controls increase the risk of staff claiming and being paid for hours they have not worked. There is also an increased risk of high volumes of roster adjustments, manual pays, salary overpayments and leave not being recorded accurately. |
2. Service Delivery
| Service Agreements | Most of the service agreements between the Secretary of NSW Health and health entities were signed earlier than prior years. |
| Performance monitoring | Five NSW Health entities are not meeting the Ministry of Health’s performance expectations at 30 June 2017. |
| Emergency department performance | Data provided by the Ministry indicates NSW Health, on average, met emergency department triage response time targets across all triage categories for the fourth consecutive year. |
| Ambulance response times | Data provided by the Ministry shows NSW Ambulance response times for imminently life‑threatening incidents of 7.5 minutes in 2016–17 was within the Ministry’s target of 10.0 minutes. Data provided by the Ministry indicates NSW Ambulance response times for potentially life‑threatening incidents did not improve in 2016–17. The median response time of 11.1 minutes in 2016–17 was similar to 2015–16 (11.0 minutes). This is despite the number of Priority 1 responses reducing by 4.3 per cent. |
| Unplanned hospital re-admissions | Data provided by the Ministry shows eight local health districts achieved the Ministry of Health’s unplanned hospital re‑admissions target in 2016–17. The target is for local health districts to reduce re‑admission rates from the previous financial year. |
This report sets out the results of the 30 June 2017 financial statement audits of Health cluster entities.
The report has been structured into two chapters focusing on:
- Financial reporting and controls
- Service delivery.
This chapter outlines audit observations, conclusions and recommendations related to financial reporting and internal controls of entities for 2016-17.
| Observation | Conclusion or recommendation |
|
2.1 Quality of financial reporting |
|
| All cluster entities received unqualified audit opinions and misstatements identified in financial statements fell. | The quality of financial reporting remains high across the cluster. |
|
2.2 Timeliness of financial reporting |
|
| Early close procedures were largely completed and all financial statements were submitted by the deadlines. | Health entities controlled by the Ministry of Health continued submitting their financial statements well ahead of the statutory deadlines. |
|
2.4 Financial and sustainability analysis |
|
|
NSW Health recorded an operating surplus of $407 million in 2016–17.
|
The statewide operating surplus was $84 million higher than 2015–16. Net surpluses contribute to NSW Health’s ability to invest in new facilities, upgrades and redevelopments. The 2016–17 financial results were once again impacted by the NSW Government initiative to improve cash management across the sector. |
| 2.5 Performance against budget | |
| Ten local health districts/specialty networks’ expense budget variance was outside performance expectations agreed with the Ministry at the beginning of 2016–17. | The Ministry continues to manage performance across NSW Health to improve the accuracy of budgeting practices. |
| 2.7 Human Resources | |
|
Thirty-five per cent of NSW Health’s workforce have excess annual leave balances.
NSW Ambulance had the highest average sick leave rate in NSW Health of 85.2 hours per FTE in 2016–17 (78.7 hours in 2015–16). This was higher than the statewide average of 62.1 hours (62.0 hours in 2015–16).
Unapproved employee timesheets continue to be a problem for health entities. Weak timesheet approval controls increase the risk of staff claiming and being paid for hours they have not worked.
|
Managing excess annual leave is a continual challenge for health entities.
Recommendation: NSW Ambulance should further review the effectiveness of its rostering practices to identify strategies to reduce excessive overtime payments. Recommendation: Health entities should conduct a risk‑based review of time and leave recording practices to ensure control weaknesses are identified and fixed. |
This chapter outlines our audit observations, conclusions and recommendations relating to service delivery for 2016–17.
| Observation | Conclusion or recommendation |
| 3.1 Service agreements in NSW Health | |
|
Most of the service agreements between the Secretary of NSW Health and health entities were signed earlier than prior years. Thirteen local health districts/specialty networks signed their service agreements by the 31 July 2017 due date. This is a significant improvement with only seven local health districts/specialty networks meeting the date in 2015–16. |
Having service agreements signed as close as possible to the start of each year provides the Ministry and NSW Health entities with clarity around roles, responsibilities, performance measures, budgets, and service volumes and levels. |
| 3.2 Performance of NSW Health entities | |
| Five NSW Health entities were not meeting the Ministry’s performance expectations at 30 June 2017. | The Ministry is managing the five entities in accordance with its performance review process. |
| 3.4 Emergency department response times | |
|
Data provided by the Ministry indicates NSW Health again, on average, met emergency department triage response time targets across all triage categories for the fourth consecutive year. The Ministry manages performance across NSW Health to ensure patients presenting at emergency departments receive care in a clinically appropriate timeframe. |
Based on the Ministry’s data, local health districts/specialty networks are, on average, meeting triage targets despite increasing emergency department attendances. The data shows eleven local health districts met all triage targets in 2016–17, compared to eight in |
| 3.5 Emergency treatment performance | |
|
The Ministry manages public patient access to emergency services in public hospitals. It has an emergency treatment performance target of 81 per cent of patients leaving emergency departments within four hours. |
Data provided by the Ministry indicates NSW Health maintained its overall emergency treatment performance in 2016–17, but did not achieve its target. The State average emergency treatment performance was 74.2 per cent (74.2 per cent in 2015–16). Based on the Ministry’s data, only four local health districts achieved the target in 2016–17, five in |
| 3.6 Ambulance response times | |
| NSW Ambulance has a response time target of 10.0 minutes for imminently life‑threatening incidents in New South Wales. | Data provided by the Ministry indicates NSW Ambulance response times for imminently life-threatening incidents of 7.5 minutes in 2016–17 was within the Ministry’s target. |
| 3.7 Transfer of care | |
| The Ministry has a target of 90 per cent for the number of ambulance arrivals within a 30 minute ‘transfer of care’ timeframe. | Data provided by the Ministry indicates the rate of ambulance arrivals within a 30 minute 'transfer of care' timeframe improved from 87.6 per cent in 2015–16 to 91.7 per cent in 2016–17, exceeding the Ministry’s target. |
| 3.8 Average length of stay in hospital | |
| Based on the Ministry’s 2016–17 data, the average length of stay for acute episodes was 3.0 days. The average length of stay in New South Wales hospitals is lower than the national average of 3.2 days (in 2015–16). | The Ministry’s data shows the average length of stay by patients for acute episodes has remained stable in New South Wales hospitals for four years. |
| 3.9 Elective surgery access performance | |
| Data provided by the Ministry indicates NSW Health continues to manage waiting times for elective surgery in public hospitals. | The Ministry’s data shows NSW Health improved on‑time admission of patients for elective surgery in 2016–17 despite a 1.8 per cent increase in admissions. While the result improved, only one of the three targets for elective surgery waiting times was met in 2016–17. |
| 3.10 Unplanned hospital re-admissions | |
|
Data provided by the Ministry indicates NSW Health, on average, did not reduce the rate of unplanned hospital re‑admissions in 2016–17. The Ministry has a target of reducing unplanned hospital re‑admissions compared to the previous financial year. Low re‑admission rates may indicate good patient management practices and post-discharge care. |
The Ministry’s data shows eight local health district met the target to reduce the rate of re‑admissions compared to the previous financial year. The statewide average rate increased from 6.3 per cent to 6.4 per cent. |
| 3.11 Post discharge care for acute mental health patients | |
| NSW Health has a goal to increase community-based care to acute mental health patients after they are discharged. Continuity of care in the community can lead to reduced symptom severity, lower re‑admission rates, and improved quality of life. | The Ministry’s 2016–17 data shows the statewide average for post discharge follow-up of acute mental health patients within seven days was 70.0 per cent (66.0 per cent in 2015–16). The statewide average improved and met the NSW Health target of 70 per cent. Nine local health districts exceeded the NSW Health target. |
| 3.12 Mental health acute re-admissions | |
| NSW Health has a goal to reduce acute public sector mental health re-admissions. High re‑admission rates may indicate deficiencies in inpatient treatment and follow up care. | The Ministry’s data shows twelve local health districts did not achieve the NSW Health target of 13 per cent mental health acute re‑admissions in 2016–17. |
| 3.13 Unplanned and emergency re‑presentations | |
|
NSW Health aims to reduce the number of unplanned and emergency re‑presentations to emergency departments. The Ministry’s 2016–17 data shows the State average of emergency department re‑presentations decreased marginally from 5.0 per cent in 2015–16 to 4.9 per cent. |
Patients attending rural emergency departments are more likely to re‑present within 48 hours of being discharged than those in regional or metropolitan emergency departments. |
| 3.14 Healthcare associated infection | |
| The national target for the rate of Staphylococcus aureus (golden staph) bloodstream infection is two cases per 10,000 bed days. | Data provided by the Ministry indicates the rate of golden staph bloodstream infection in New South Wales hospitals continues to be well below the target and national benchmark at 0.72 cases per 10,000 bed days in 2016–17 (0.75 in 2015–16). |
| 3.15 Patient experience and satisfaction | |
|
The Bureau of Health Information analyses and reports on the results of patient surveys. The Bureau’s survey shows 65 per cent of adult admitted patients rated the care they received in hospital as ‘very good’ and 29 per cent rated it as ‘good’. |
NSW Health recognises that patient surveys are an important feedback mechanism on the health care system that can only come from personal experiences. |
Agency compliance with NSW Government travel policies
Overall, agencies materially complied with NSW Government travel policies.
However, the Auditor-General found some agencies:
- did not always book official travel through the approved supplier
- had weaknesses in their travel approval processes
- had travel policies that were inconsistent with the NSW Government policy
- did not adequately manage their travel records.
We asked the 15 participating agencies to complete a self assessment of the processes they have implemented to comply with the new policy. The key observations are summarised below.
Energy rebates for low income households
The Department of Planning and Environment provides more than $245 million in energy rebates to around 27 percent of NSW households. This report highlights that the department is not monitoring the rebate schemes to understand whether they are delivering the best outcomes.
Most rebates are ongoing payments applied directly to energy bills reducing the amount payable by the householder. The structure of these rebates is complex and can be inequitable. Some households are eligible for four different rebates, each with its own eligibility criteria. Also, some households in very similar circumstances receive different levels of support depending on what type of energy is used in their home or which adult in the house is the energy account holder. For example, a household using both electricity and gas receives more assistance than a household with electricity alone even if total energy bills are the same.
By September 2018, the Department of Planning and Environment should:
- Ensure effective strategies are in place to make information about rebates available to all eligible, low-income households
- Evaluate alternative models and develop advice for government to reduce complexity and improve equity of ongoing rebates
- Establish measurable objectives for schemes that provide ongoing support, and monitor and measure performance of all schemes against objectives and outcome measures
- Assess the impacts of the forecast increase in embedded networks and develop strategies to manage any increased administrative risk
- Strengthen assurance that EAPA is being provided in accordance with its objectives and guidelines by implementing accreditation and compliance programs
- Ensure those eligible for EAPA financial support are not disadvantaged by inflexible payments, inconsistent provider practices, or inability to access an EAPA provider in a timely manner. Options include:
- moving from a fixed-value voucher to a flexible payment based on need irrespective of energy type
- establishing a ‘Provider of Last Resort’ facility for households that cannot access an EAPA Provider.
Parliamentary reference - Report number #292 - released 19 September 2017
Universities 2016 Audits
No qualified opinions were issued on the universities’ financial statements and the quality and timeliness of financial reporting continued to improve. The report found that all NSW universities recorded a surplus in 2016 with combined revenue growth exceeding expense growth by 1.1 per cent. Universities have diversified revenue sources and are now less reliant on government grants. Combined overseas student income exceeded domestic student income for the first time in 2016.
This report focuses on key observations and common issues identified from our financial audits of the ten NSW universities and their controlled entities in 2016. The universities are listed in Appendix Three.
In this report, parliament and other users of universities’ financial statements are provided with an analysis of universities’ results and key observations in the following areas:
- Financial Performance and Reporting
- Financial Controls
- Governance
- Teaching and Research.
Snapshot of NSW universities
A snapshot of NSW universities for the year ended 31 December 2016 is shown below.
Financial performance and reporting are important elements of good governance. Confidence in public sector decision making and transparency is enhanced when financial reporting is accurate and timely.
This chapter outlines audit findings on financial performance and reporting of NSW universities for 2016.
Appropriate financial controls help ensure the efficient and effective use of resources and the implementation and administration of university policies. They are essential for quality and timely decision making.
In 2016, our audit teams made the following key observations on the financial controls of NSW universities.
Teaching and research are core activities of universities. The quality of teaching is a key driver for growth and attracting students. Through research, universities contribute to economic growth, lead innovation and improve their global rankings.
This chapter reports on teaching and research in NSW universities for 2016.
Medical equipment management in NSW public hospitals
In an audit of medical equipment in NSW hospitals, the NSW Auditor-General, Margaret Crawford found that the management of PET-CT scanners could be enhanced by better performance reporting and replacement planning, and that biomedical equipment needed more timely testing and maintenance.
The NSW Auditor-General examined the management of:
Conclusion
Parliamentary reference - Report number #286 - released 25 May 2017
