Refine search Expand filter

Audit progress

- Any -

Sector

- Any -

Year

- Any -

Report type

- Any -

Topic

- Any -

Reports

Published

CBD South East Sydney Light Rail: follow-up performance audit

Transport
Infrastructure
Internal controls and governance
Management and administration
Procurement
Project management
Risk
Service delivery

This is a follow-up to the Auditor-General's November 2016 report on the CBD South East Sydney Light Rail project. This follow-up report assessed whether Transport for NSW has updated and consolidated information about project costs and benefits.

The audit found that Transport for NSW has not consistently and accurately updated project costs, limiting the transparency of reporting to the public.

The Auditor-General reports that the total cost of the project will exceed $3.1 billion, which is above the revised cost of $2.9 billion published in November 2019. $153.84 million of additional costs are due to omitted costs for early enabling works, the small business assistance package and financing costs attributable to project delays.

The report makes four recommendations to Transport for NSW to publicly report on the final project cost, the updated expected project benefits, the benefits achieved in the first year of operations and the average weekly journey times.

Read full report (PDF)

The CBD and South East Light Rail is a 12 km light rail network for Sydney. It extends from Circular Quay along George Street to Central Station, through Surry Hills to Moore Park, then to Kensington and Kingsford via Anzac Parade and Randwick via Alison Road and High Street.

Transport for NSW (TfNSW) is responsible for planning, procuring and delivering the Central Business District and South East Light Rail (CSELR) project. In December 2014, TfNSW entered into a public private partnership with ALTRAC Light Rail as the operating company (OpCo) responsible for delivering, operating and maintaining the CSELR. OpCo engaged Alstom and Acciona, who together form its Design and Construct Contractor (D&C).

On 14 December 2019, passenger services started on the line between Circular Quay and Randwick. Passenger services on the line between Circular Quay and Kingsford commenced on 3 April 2020.

In November 2016, the Auditor-General published a performance audit report on the CSELR project. The audit found that TfNSW would deliver the CSELR at a higher cost with lower benefits than in the approved business case, and recommended that TfNSW update and consolidate information about project costs and benefits and ensure the information is readily accessible to the public.

In November 2018, the Public Accounts Committee (PAC) examined TfNSW's actions taken in response to our 2016 performance audit report on the CSELR project. The PAC recommended that the Auditor-General consider undertaking a follow-up audit on the CSELR project. The purpose of this follow-up performance audit is to assess whether TfNSW has effectively updated and consolidated information about project costs and benefits for the CSELR project.

Conclusion

Transport for NSW has not consistently and accurately updated CSLER project costs, limiting the transparency of reporting to the public. In line with the NSW Government Benefits Realisation Management Framework, TfNSW intends to measure benefits after the project is completed and has not updated the expected project benefits since April 2015.

Between February 2015 and December 2019, Transport for NSW (TfNSW) regularly updated capital expenditure costs for the CSELR in internal monthly financial performance and risk reports. These reports did not include all the costs incurred by TfNSW to manage and commission the CSELR project.

Omitted costs of $153.84 million for early enabling works, the small business assistance package and financing costs attributable to project delays will bring the current estimated total cost of the CSELR project to $3.147 billion.

From February 2015, TfNSW did not regularly provide the financial performance and risk reports to key CSELR project governance bodies. TfNSW publishes information on project costs and benefits on the Sydney Light Rail website. However, the information on project costs has not always been accurate or current.

TfNSW is working with OpCo partners to deliver the expected journey time benefits. A key benefit defined in the business plan was that bus services would be reduced owing to transfer of demand to the light rail - entailing a saving. However, TfNSW reports that the full expected benefit of changes to bus services will not be realised due to bus patronage increasing above forecasted levels.

Appendix one – Response from agency

Appendix two – Governance and reporting arrangements for the CSELR

Appendix three – 2018 CSELR governance changes

Appendix four – About the audit

Appendix five – Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #335 - released 11 June 2020

Published

Universities 2019 audits

Universities
Cyber security
Financial reporting
Internal controls and governance
Procurement

This report contains findings on the results of financial audits of NSW universities for the year ended 31 December 2019.

All ten NSW universities received unqualified audit opinions. The 2019 financial results for universities are reported as at 31 December and reflect results from operations before the impact of the COVID‑19 pandemic.

The combined revenues for all NSW universities increased by $381 million to $11.4 billion in 2019, driven by increases in student revenues. Revenue from overseas students continued to grow faster than that from domestic students and contributed $3.6 billion in course fees to NSW universities in 2019.

Overseas students from the top three countries of origin, being China, India and Nepal, represented 72.4 per cent of all enrolments of overseas students and 65.4 per cent of all overseas student revenues for 2019. Revenue from students from these three countries comprised 40.9 per cent of total student revenues for all NSW universities, creating a considerable concentration risk for NSW universities.

The COVID‑19 pandemic may significantly impact the financial results of NSW universities in 2020. NSW universities provided data on COVID‑19 impacted student enrolments for semester one 2020. Overall numbers of student enrolments in semester one 2020 were 5.8 per cent beneath projections. Overseas student enrolments were 13.8 per cent beneath expectations and domestic student enrolments were 2.4 per cent below expectations.

The report makes recommendations to the NSW universities, aimed at strengthening controls over information technology, cyber security, validating published performance information, procurement practices and the oversight of their overseas controlled entities' legal and policy compliance functions.

Read full report (PDF)

This report analyses the results of our audits of the financial statements of the ten NSW universities for the year ended 31 December 2019. The table below summarises our key observations.

1. Financial reporting

Financial reporting

The 2019 financial statements of all ten NSW universities received unmodified audit opinions.

One controlled entity of the Western Sydney University received a qualified audit opinion.

Five NSW universities finalised their audited financial statements this year on or before the date they did last year.

New accounting standards, which changed how universities report income and treat operating leases, became effective from 1 January 2019.
Sources of revenue from operations

Government grants as a proportion of the total income of NSW universities continued to decrease.

Fee revenue from overseas students continued to grow faster than fees from domestic students. Forty-one per cent of NSW universities' total student revenue came from overseas students from three countries.

Five NSW universities increased the proportion of revenue they receive from overseas students from a single country. Two universities sourced over 73 per cent of their total overseas student revenue from students from a single country of origin in 2019.
Other revenues Two universities attracted over 69.5 per cent of the total philanthropic revenue of $174 million received by all NSW universities in 2019.
Operating expenditures Combined total operating expenditure for NSW universities increased to $9.9 billion in 2019, a rise of 5.2 per cent from 2018.
Current ratio At 31 December 2019, five NSW universities had a current ratio of less than one, meaning those universities need to actively manage their cash to meet current obligations.
Controlled entities

All six NSW universities with overseas controlled entities have devolved responsibility for governance and legislative compliance to their overseas controlled entities.

Recommendation (repeat issue): NSW universities should strengthen their governance arrangements to oversight their overseas controlled entities' legal and policy compliance functions.
COVID-19 impacts and responses

The 2019 financial results for universities are reported as at 31 December. Consequently, the results for the 2019 year were unaffected by the impact of the COVID-19 pandemic.

NSW universities provided data on the COVID-19 impacted student enrolments for semester one 2020. Overall numbers of student enrolments were 5.8 per cent beneath projections. Overseas student enrolments were 13.8 per cent beneath expectations and domestic student enrolments were 2.4 per cent beneath expectations.

NSW universities are responding to the challenges presented by COVID-19 by moving course delivery online, expanding student support and introducing cost saving measures.

2. Internal controls and governance

Internal control findings

Our audits identified 108 internal control deficiencies in 2019 (99 in 2018).

Gaps in information technology (IT) controls comprised the majority of these deficiencies. Deficiencies included a lack of sufficient user access reviews, inadequate review and approval of change management processes, and issues with password settings.

We identified one high risk financial control deficiency at the University of New South Wales, which resulted in the University providing for a potential underpayment of casual staff salaries.

NSW universities continue to implement recommendations arising from 35 findings raised in previous years.
Performance reporting

Five NSW universities still do not have formal processes to internally review and validate performance information published in their annual reports.

Recommendation (repeat issue): NSW universities should strengthen processes to review and validate published performance information.
Cyber security

Two universities have not yet implemented a cyber risk policy and three universities have not formally trained staff in cyber awareness.

Recommendation (repeat issue): NSW universities should strengthen cyber security frameworks and controls to protect sensitive data and prevent financial and reputational losses.
Management of IT service providers NSW universities have contracts with vendors to support their computer systems. Five universities have not formally established frameworks to manage these contracts. Poor contract management can compound risks associated with IT control deficiencies.
Data breach management Universities are required to maintain the privacy of sensitive data which, if disclosed or used inappropriately, could result in harm to individuals, financial loss, or loss of intellectual property. Two NSW universities have not established formal policies to manage data breaches.
Procurement

All universities have a procurement policy. Most universities have a documented procurement manual and contact management policy.

Recommendation: NSW universities should review their procurement and contract management policies and procedures to ensure that they are relevant and effective in reducing risk and improving purchasing outcomes.

3. Teaching and research

Graduate employment outcomes Eight out of ten NSW universities exceeded the national average for full-time employment rates of their undergraduates in 2019. Six universities performed better than the national average for full-time employment outcomes of their postgraduates in 2019.
Student enrolments by field of education Enrolments at NSW universities increased the most in Management and Commerce courses in 2019.
Achieving diversity outcomes

Five universities in 2018 (five in 2017) met the target enrolment rate for students from low socio-economic status (SES) backgrounds.

Eight universities increased enrolments of students from Aboriginal and Torres Strait Islander backgrounds in 2018.

 

This report provides Parliament with the results of our financial audits of New South Wales universities and their controlled entities in 2019, including our analysis, observations and recommendations in the following areas:

  • financial reporting
  • internal controls and governance
  • teaching and research.

Financial reporting is an important element of governance. Confidence and transparency in university sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations on the financial reporting of NSW universities for 2019.

Appropriate and robust internal controls help reduce risks associated with managing finances, compliance and administration of NSW universities.

This chapter outlines the internal controls related observations and insights across NSW universities for 2019, including overall trends in findings, level of risk and implications.

Our audits do not review all aspects of internal controls and governance every year. The more significant issues and risks are included in this chapter. These along with the less significant ones are reported to universities for them to address.

Universities' primary objectives are teaching and research. They invest most of their resources to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and international and Australian rankings.

This chapter outlines teaching and research outcomes for NSW universities for 2019.

Appendix one – List of 2019 recommendations

Appendix two – Status of 2018 recommendations

Appendix three – NSW universities’ controlled entities and associated entities

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Train station crowding

Transport
Management and administration
Risk
Service delivery
Workforce and capability

This report focuses on how Transport for NSW and Sydney Trains manage crowding at selected metropolitan train stations.

The audit found that while Sydney Trains has identified platform crowding as a key strategic risk, it does not have an overarching strategy to manage crowding in the short to medium term. Sydney Trains 'do not have sufficient oversight to know if crowding is being effectively managed’, the Auditor-General said.

Sydney Trains' operational response to crowding involves restricting customer access to platforms or station entries before crowding reaches unsafe levels or when it impacts on-time running. Assuming rail patronage increases, it is likely that Sydney Trains will restrict more customers from accessing platforms or station entries, causing customer delay. ‘Restricting customer access to platforms or station entries is not a sustainable approach to manage station crowding’, said the Auditor-General.

The Auditor-General made seven recommendations to improve Transport for NSW and Sydney Trains' management of station crowding. Transport for NSW have accepted these recommendations on behalf of the Transport cluster.

Public transport patronage has been impacted by COVID-19. This audit was conducted before these impacts occurred.

Read full report (PDF)

Sydney Trains patronage has increased by close to 34 per cent over the last five years, and Transport for NSW (TfNSW) expects the growth in patronage to continue over the next 30 years. As patronage increases there are more passengers entering and exiting stations, moving within stations to change services, and waiting on platforms. As a result, some Sydney metropolitan train stations are becoming increasingly crowded.

There are three main causes of station crowding:

  • patronage growth exceeding the current capacity limits of the rail network
  • service disruptions
  • special events.

Crowds can inhibit movement, cause discomfort and can lead to increased health and safety risks to customers. In the context of a train service, unmanaged crowds can affect service operation as trains spend longer at platforms waiting for customers to alight and board services which can cause service delays. Crowding can also prevent customers from accessing services.

Our 2017 performance audit, ‘Passenger Rail Punctuality’, found that rail agencies would find it hard to maintain train punctuality after 2019 unless they significantly increased the capacity of the network to carry trains and people. TfNSW and Sydney Trains have plans to improve the network to move more passengers. These plans are set out in strategies such as More Trains, More Services and in the continued implementation of new infrastructure such as the Sydney Metro. Since 2017, TfNSW and Sydney Trains have introduced 1,500 more weekly services to increase capacity. Additional network capacity improvements are in progress for delivery from 2022 onwards.

In the meantime, TfNSW and Sydney Trains need to use other ways of managing crowding at train stations until increased capacity comes on line.

This audit examined how effectively TfNSW and Sydney Trains are managing crowding at selected metropolitan train stations in the short and medium term. In doing so, the audit examined how TfNSW and Sydney Trains know whether there is a crowding problem at stations and how they manage that crowding.

TfNSW is the lead agency for transport in NSW. TfNSW is responsible for setting the standard working timetable that Sydney Trains must implement. Sydney Trains is responsible for operating and maintaining the Sydney metropolitan heavy rail passenger service. This includes operating, staffing and maintaining most metropolitan stations. Sydney Trains’ overall responsibility is to run a safe rail network to timetable.

Conclusion

Sydney Trains has identified platform crowding as a key strategic risk, but does not have an overarching strategy to manage crowding in the short to medium term. TfNSW and Sydney Trains devolve responsibility for managing crowding at stations to Customer Area Managers, but do not have sufficient oversight to know if crowding is being effectively managed. TfNSW is delivering a program to influence demand for transport in key precincts but the effectiveness of this program and its impact on station crowding is unclear as Transport for NSW has not evaluated the outcomes of the program.

TfNSW and Sydney Trains do not directly measure or collect data on station crowding. Data and observation on dwell time, which is the time a train waits at a platform for customers to get on and off trains, inform the development of operational approaches to manage crowding at stations. Sydney Trains has KPIs on reliability, punctuality and customer experience and use these to indirectly assess the impact of station crowding. TfNSW and Sydney Trains only formally assess station crowding as part of planning for major projects, developments or events.

Sydney Trains devolve responsibility for crowd management to Customer Area Managers, who rely on frontline Sydney Trains staff to understand how crowding affects individual stations. Station staff at identified key metropolitan train stations have developed customer management plans (also known as crowd management plans). However, Sydney Trains does not have policies to support the creation, monitoring and evaluation of these plans and does not systematically collect data on when station staff activate crowding interventions under these plans.

Sydney Trains stated focus is on providing a safe and reliable rail service. As such, management of station crowding is a by-product of its strategies to manage customer safety and ensure on-time running of services. Sydney Trains' operational response to crowding involves restricting customer access to platforms or stations before crowding reaches unsafe levels, or when it impacts on-time running. As rail patronage increases, it is likely that Sydney Trains will need to increase its use of interventions to manage crowding. As Sydney Trains restrict more customers from accessing platforms or station entries, it is likely these customers will experience delays caused by these interventions.

Since 2015, TfNSW has been delivering the 'Travel Choices' program which aims to influence customer behaviour and to manage the demand for public transport services in key precincts. TfNSW is unable to provide data demonstrating the overall effectiveness of this program and the impact the program has on distributing public transport usage out of peak AM and PM times. TfNSW and Sydney Trains continue to explore initiatives to specifically address crowd management.

Conclusion

TfNSW and Sydney Trains do not directly measure or collect data on station crowding. There are no key performance indicators directly related to station crowding. Sydney Trains uses performance indicators on reliability, punctuality and customer experience to indirectly assess the impact of station crowding. Sydney Trains does not have a routine process for identifying whether crowding contributed to minor safety incidents. TfNSW and Sydney Trains formally assess station crowding as part of planning for major projects, developments or events.

 

Conclusion

Sydney Trains has identified platform crowding as a strategic risk but does not have an overarching strategy to manage station crowding. Sydney Trains' stated focus is on providing a safe and reliable rail service. As such, management of station crowding is a by-product of its strategies to manage customer safety and ensure on-time running of services.

Sydney Trains devolve responsibility for managing crowding at stations to Customer Area Managers but does not have sufficient oversight to know that station crowding is effectively managed. Sydney Trains does not have policies to support the creation, monitoring or evaluation of crowd management plans at key metropolitan train stations. The use of crowding interventions is likely to increase due to increasing patronage, causing more customers to experience delays directly caused by these activities.

TfNSW and Sydney Trains have developed interventions to influence customer behaviour and to manage the demand for public transport services but are yet to evaluate these interventions. As such, their impact on managing station crowding is unclear.

Appendix one – Response from agency

Appendix two – Sydney rail network

Appendix three – Rail services contract

Appendix four – Crowding pedestrian modelling

Appendix five – Airport Link stations case study

Appendix six – About the audit

Appendix seven – Performance auditing

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #333 - released 30 April 2020

 

Published

Planning, Industry and Environment 2019

Planning
Industry
Environment
Asset valuation
Cyber security
Financial reporting
Information technology
Infrastructure
Internal controls and governance
Management and administration
Service delivery
Workforce and capability

This report outlines the results of audits of the financial statements of agencies now grouped in the NSW Planning, Industry and Environment cluster.

Unqualified audit opinions were issued for 56 of the 66 cluster agencies’ 30 June 2019 financial statements. Ten audits remain incomplete. The cluster agencies need to improve the timeliness of financial reporting. 

The Audit Office continued to identify issues regarding unprocessed Aboriginal land claims and the recognition of Crown land. ‘Auditor-General’s reports to parliament have recommended action to reduce the level of unprocessed land claims since 2007. However, the number of unprocessed claims continued to increase’, Margaret Crawford said.

One in five internal control findings were repeat issues. Key themes included information technology, asset management and improvements required to expense and payroll controls.

The report makes several recommendations including:

  • Property NSW should urgently address the deficiencies in the lease data used to calculate the impact of the new leasing standard effective from 1 July 2019
  • the Department of Planning, Industry and Environment should prioritise action to reduce unprocessed Aboriginal land claims
  • the Department of Planning, Industry and Environment should ensure the Crown land database is complete and accurate so state agencies and local government councils are better informed about the Crown land they control.

This report analyses the results of our audits of financial statements of the Planning, Industry and Environment cluster agencies for the year ended 30 June 2019. The table below summarises our key observations.

1. Machinery of Government changes

Creation of the Planning, Industry and Environment cluster

The Machinery of Government (MoG) changes abolished the former Planning and Environment cluster and former Industry cluster, and created the Planning, Industry and Environment cluster on 1 July 2019.

The Department of Planning and Environment (DPE), the Department of Industry (DOI), the Office of Environment and Heritage, and the Office of Local Government were abolished and the majority of their functions were transferred to the new Department of Planning, Industry and Environment (DPIE).
The Department of Planning, Industry and Environment is still in the process of implementing changes

The MoG changes bring risks and challenges to the cluster. A MoG Steering Committee, with the support of various project control groups and working groups, identified and developed responses to key risks arising from the changes.

However, the DPIE will take some time to fully integrate the policies, systems and processes of the abolished Departments and agencies.

2. Financial reporting

Audit opinions Unqualified audit opinions were issued for 56 of the 66 cluster agencies' 30 June 2019 financial statements audits. Ten financial statements audits are still ongoing.
Timeliness of financial reporting

Fifty-five of the 57 agencies subject to statutory deadlines submitted their financial statements on time.

Due to issues identified during the audit, 13 financial statements audits were not completed and audit opinions issued by the statutory deadline.

Agencies prepared and submitted their early close procedures in accordance with the mandatory timeframe set by NSW Treasury. However, 17 of the 49 agencies where we reviewed early close procedures were assessed as either partially addressing or not addressing one or more of the mandatory requirements. The cluster agencies could benefit from an increased focus on early close procedures.
Introduction of AASB 16 'Leases'

We noted errors in the lease data used in Property NSW's AASB 16 impact calculations, which affect both Property NSW and other government agencies. These errors were significant enough to present a risk of material misstatements to the financial statements of Property NSW and other government agencies in future reporting periods.

We had similar findings in our recent performance audit on 'Property Asset Utilisation', which highlighted issues with the quality of Property NSW's records.

Recommendation: Property NSW should urgently address the deficiencies in the lease data used to calculate the impact of the new leasing standard effective from 1 July 2019.
Unprocessed Aboriginal land claims have continued to increase

Despite an increase in the number of claims resolved, the number of unprocessed Aboriginal land claims increased by 7.2 per cent from the prior year to 35,855 at 30 June 2019. Claims can be made over Crown land assets of the DPIE or other government agencies. Until claims are resolved, there is an uncertainty over who is entitled to the land and the uses and activities that can be carried out on the land. We first recommended action to address unprocessed claims in 2007.

Recommendation (repeat issue): The DPIE should prioritise action to reduce unprocessed Aboriginal land claims.

3. Audit observations

Internal controls

One in five internal control issues identified and reported to management in 2018–19 were repeat issues.

The lack of user access review was the most common IT general control issue in the cluster.
Drought relief

The NSW Government announced an emergency drought relief package of $500 million in 2018, in addition to other financial assistance measures already in place.

Limited documentation and written agreements between relevant delivery agencies resulted in a $31.0 million misstatement relating to grant revenue.
Recognition of Crown land

Crown land is an important asset of the state. Management and recognition of Crown land assets is weakened when there is confusion over who is responsible for a particular Crown land parcel. Last year we recommended the DOI should ensure the database of Crown land is complete and accurate. While the DOI has commenced actions to improve the database, this continued to be an issue in 2018–19.

Recommendation (repeat issue): The DPIE should ensure the Crown land database is complete and accurate so state agencies and local government councils are better informed about the Crown land they control.
Developer contributions The former DPE continued to accumulate more developer contributions revenues than it spent on infrastructure projects. Total unspent funds increased to $274 million at 30 June 2019.

 

This report provides parliament and other users of the Planning, Industry and Environment cluster agencies financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

This cluster was created by the Machinery of Government changes on 1 July 2019. This report is focused on agencies in the Planning, Industry and Environment cluster from 1 July 2019. However, these agencies were all in other clusters during 2018–19. Please refer to the section on Machinery of Government changes for more details.

Machinery of Government (MoG) refers to how the government organises the structures and functions of the public service. MoG changes are where the government reorganises these structures and functions that are given effect by Administrative orders.

The MoG changes, announced following the NSW State election on 23 March 2019, created the Planning, Industry and Environment (PIE) cluster. The Administrative Changes Orders issued on 2 April 2019, 1 May 2019 and 28 June 2019 gave effect to these changes. These orders became effective on 1 July 2019.

Section highlights

The 2019 MoG changes significantly impacted the former Planning and Environment, and Industry clusters and agencies.

  • The PIE cluster combines most of the functions and agencies of the former Planning and Environment and Industry clusters from 1 July 2019.
  • The Department of Planning, Industry and Environment is the principal agency in the PIE cluster.
  • The MoG changes bring risks and challenges to the PIE cluster.
  • A MoG Steering Committee was established to oversee the transitional processes.
  • The full integration of the systems and processes will not be completed in the near future.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning, Industry and Environment (PIE) cluster for 2019. In this chapter, the Department of Planning, Industry and Environment is referred to as DPIE, the former Department of Planning and Environment as DPE, and the former Department of Industry as DOI.

Section highlights

  • Unqualified audit opinions were issued for all completed 30 June 2019 financial statements audits. However, some cluster agencies can further enhance the quality of financial reporting.
  • Timeliness of financial reporting remains an issue for 13 agencies.
  • Deficiencies were identified in the data used to calculate the impact of AASB 16 ‘Leases’ effective from 1 July 2019. Property NSW should urgently address these deficiencies.
  • Unprocessed Aboriginal land claims continue to increase. DPIE should prioritise action to reduce unprocessed Aboriginal land claims.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our audit observations and insights from our financial statement audits of agencies in the Planning, Industry and Environment (PIE) cluster for 2019. In this chapter, the Department of Planning, Industry and Environment is referred to as DPIE, the former Department of Planning and Environment as DPE, and the former Department of Industry as DOI.

Section highlights

  • One in five issues identified and reported to management in 2018–19 were repeat issues.
  • The lack of user access review was the most common IT general control issue in the PIE cluster.
  • The PIE cluster provided significant financial assistance for drought relief.
  • There continues to be significant deficiencies in Crown land records. The DPIE should ensure the Crown land database is complete and accurate.
  • Unspent developer contributions funds continued to build up in 2018–19. 

Appendix one – List of 2019 recommendations

Appendix two – Status of 2018 recommendations

Appendix three – Cluster agencies

Appendix four – Financial data

Appendix five – Management letter findings

Appendix six – Timeliness of financial reporting

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Transport 2019

Transport
Asset valuation
Financial reporting
Infrastructure
Internal controls and governance
Management and administration
Service delivery
Workforce and capability

This report details the results of the financial audits of NSW Government's Transport cluster for the financial year ended 30 June 2019. The report focuses on key observations and findings from the most recent financial statement audits of agencies in the Transport cluster.

Unqualified audit opinions were issued for all agencies' financial statements. However, valuations of assets continue to create challenges across the cluster. The Audit Office identified some deficiencies in relation to asset valuations at Transport for NSW, Roads and Maritime Services, Rail Corporation New South Wales and Sydney Metro.

The Audit Office noted an increase in findings on internal controls across the Transport cluster. Key themes related to information technology, asset management and employee leave entitlements. The report also highlights the status of significant infrastructure projects across the Transport cluster.

The report makes several recommendations including:

  • agency finance teams need to be consulted on major business decisions and commercial transactions at the time of their execution to assess the financial reporting impacts
  • the Department of Transport should ensure consistent accounting policies are applied across its controlled entities.

Download the Transport 2019 report (PDF)

This report analyses the results of our audits of financial statements of the Transport cluster for the year ended 30 June 2019. The table below summarises our key observations.

1. Machinery of Government changes
Transport for NSW, as the
lead agency, will absorb the
functions of Roads and
Maritime Services

The NSW Government announced its intention to integrate Roads and Maritime Services (RMS) into Transport for NSW (TfNSW) as part of the Machinery of Government changes.

This change was not included in the Administrative Orders as the Transport Administration Act 1988 No. 109 governs the composition of the Transport cluster. The Transport Administration Amendment (RMS Dissolution) Act 2019 (the Act) received assent on 22 November 2019. The Act dissolves RMS and transfers the assets, rights and liabilities of RMS to TfNSW. As at the date of this Report, the Act is not yet in force.

Transport is considering the impact of the changes on its operating model and financial reporting.
2. Financial reporting
Audit opinions

Unqualified audit opinions were issued on the 2018–19 financial statements of all agencies in the Transport cluster.

TfNSW and Sydney Metro obtained a three-week extension from NSW Treasury to submit their financial statements for audit to resolve accounting issues surrounding the valuation of property, plant and equipment.

The Department of Transport reported total consolidated property, plant and equipment of $158 billion at 30 June 2019. In 2018–19, there were issues with asset valuations at TfNSW, RMS, Sydney Metro and Rail Corporation New South Wales (RailCorp), resulting in adjustments after the submission of financial statements for audit and the correction of a prior period error.

There was also a prior period error resulting from an agreement between TfNSW and the former UrbanGrowth Development Corporation due to a lack of assessment of the financial reporting implications at the time of signing the agreement.

Recommendation: Agency finance teams need to be consulted on major business decisions and commercial transactions to assess their accounting impacts at the time of their execution, rather than at the end of a financial year. Agencies also need to resolve all key accounting issues such as valuations as part of the early close procedures.

This would improve the quality of financial reporting and avoid the need for extensions for agencies to submit their financial statements for audit.
Preparedness for new
accounting standards		 Agencies across the cluster are progressing in their implementation of the new accounting standards.

Transport cluster agencies need to improve their contracts registers to ensure they have a complete list of contracts and agreements to assess the impact of the new accounting standards.
Valuation of assets remains
a challenge in the
Transport cluster

Whilst agencies complied with the requirements of the accounting standards and NSW Treasury policies on valuations, the Audit Office identified some deficiencies in relation to asset valuations across the cluster.

TfNSW reported a retrospective correction of a prior period error at 1 July 2017 which resulted in a reduction in the valuation of its Country Rail Network earthworks by $2.1 billion. This was due to survey results which identified the earthworks were flatter and lower than estimated in the valuation at 30 June 2017.

RMS made several adjustments during the year to correct asset values due to changes to valuation assumptions or data improvements. This included:

  • reduction of $318 million in the value of land under roads
  • decrease of $84.9 million to the value of land and buildings
  • changes to the value of traffic control and traffic signal network assets, due to data improvements.

Sydney Metro North West officially opened in May 2019 and reported total assets of $9.1 billion. Sydney Metro derecognised $322 million in assets constructed to facilitate its operation but transferred to councils and utilities.
Inconsistent accounting
policies across the
Transport cluster

There was an inconsistency identified in the cluster relating to the valuation of substratum land. In 2018–19, RailCorp derecognised $109 million of substratum land to ensure consistency in its approach with other Transport agencies.

As the parent entity, the Department of Transport needs to ensure accounting policies are consistently applied across all controlled entities for consolidation purposes. Inconsistencies in the application of accounting standards across agencies will impact comparability of financial reporting and decision making across the Transport cluster.

Recommendation: The Department of Transport should ensure consistent accounting policies are applied across its controlled entities.
Revenue growth

Public transport passenger revenue increased by $89.0 million (5.9 per cent) in 2018–19, and patronage increased by 37.8 million (4.9 per cent) across all modes of transport based on data provided by TfNSW.

The increase in revenue is mainly due to an increase in patronage as well as the annual increase in fares.
Negative Opal cards

Negative balance Opal cards resulted in $2.9 million in revenue not collected in 2018–19 ($10.4 million since the introduction of Opal).

In January 2019, Transport made a change to the Sydney Airport stations to prevent customers with high negative balances exiting the station. In addition, in late 2018, Transport increased the minimum top up values for new cards at the airport stations.

Recommendation (repeat): TfNSW should implement further measures to prevent the loss of revenue from passengers tapping off with negative balance Opal cards.
3. Audit observations
Internal controls There was an increase in findings on internal controls across the Transport cluster. Key themes relate to information technology, employee leave entitlements and asset management.

Twenty-nine per cent of all issues were repeat issues. The majority of the repeat issues related to information technology controls.
Write-off of assets In addition to a $322 million derecognition of assets transferred to councils and utilities by Sydney Metro and a $109 million derecognition of substratum land at RailCorp, the Transport cluster wrote-off $278 million of assets related to roads, bridges, maritime assets, traffic signals and controls network.

These mainly related to roads, bridges, maritime assets, traffic signals and the control network where new infrastructure assets substantially replaced an existing asset as part of construction activities.
Transport Asset Holding
Entity (TAHE)		 TAHE was established to be a dedicated asset manager for the delivery of public transport asset management. The Transport Administration Amendment (Transport Entities) Act 2017 will transition RailCorp into TAHE. RailCorp is now expected to transition to TAHE from 1 July 2020 (previously 1 July 2019). Several working groups have been considering various aspects of the TAHE transition including its status as a for profit Public Trading Enterprise, the operating model and the impact of the new accounting standards AASB 16 'Leases' and AASB 1059 'Service Concession Arrangements: Grantors'. The considerations of these aspects identified several challenges in the implementation of TAHE which has led to the revised transition date. Given the delays in implementation, it is important to clarify the intent of the TAHE model.
Excess annual leave

Twenty-six per cent of Transport employees have annual leave balances exceeding 30 days. Of the employees with excess leave balances, 732 (10.3 per cent) did not take any annual leave in 2018–19.

Recommendation (repeat): Transport entities should further review the approach to managing excess annual leave in 2019–20. They should:

  • monitor current and projected leave balances to the end of the financial year each month
  • agree formal leave plans with employees to reduce leave balances over an acceptable timeframe
  • ensure leave plans are actioned appropriately
  • encourage all staff with excess leave balances take a minimum two-week period of leave per year.
Completeness and
accuracy of contracts
registers

There are no centralised processes to record all significant contracts and agreements in a register across the Transport cluster.

Across the Transport cluster, contracts and agreements are maintained by the individual agencies using disparate registers. Agencies must perform detailed assessments of their existing contracts and agreements to quantify the impact of the new accounting standards (AASB 16 ‘Leases’, AASB 15 ‘Revenue from Contracts with Customers’, AASB 1058 ‘Income of Not-for-Profit Entities’ and AASB 1059 'Service Concession Arrangements: Grantors').

In 2018–19, there was also a prior period error resulting from an agreement between TfNSW and another government agency due to a lack of assessment of the financial reporting implications at the time of signing the agreement.

A lack of a complete register of all contracts and agreements increases the risk that agencies may not be able to assess the full impact of the new accounting standards, as well as perform a complete assessment of the financial reporting implications of contracts and agreements.

Recommendation: Transport agencies should implement a process to centrally capture all significant contracts and agreements entered. This will ensure:

  • agencies are fully aware of contractual and other obligations
  • appropriate assessment of financial reporting implications
  • assessment of new accounting standards, in particular AASB 16 ‘Leases’, AASB 15 'Revenue from Contract with Customers', AASB 1058 'Income of Not-for-Profit Entities ' and AASB 1059 'Service Concession Arrangements: Grantors' are accurate and complete.

 

This report provides parliament and other users of the Transport cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

This cluster was impacted by the Machinery of Government changes on 1 July 2019. The NSW Government announced its intention to integrate Roads and Maritime Services (RMS) into Transport for NSW (TfNSW). This report is focused on the Transport cluster prior to these changes. Please refer to the section on Machinery of Government changes for more details.

Machinery of Government refers to how the government organises the structures and functions of the public service. Machinery of Government changes are where the government reorganises these structures and functions, and are given effect by Administrative orders.

The Transport cluster was impacted by recent Machinery of Government changes. These changes were announced by the Department of Premier and Cabinet but were not included in the Administrative Orders as the Transport Administration Act 1988 No. 109 governs the composition of the Transport cluster. It was the intention of government to transfer the functions of the RMS into TfNSW. This requires legislative changes to the Transport Administration Act 1988 No. 109.

Section highlights

Under the Machinery of Government changes, the NSW Government will transfer the functions of RMS into TfNSW.

  • The Transport Administration Amendment (RMS Dissolution) Act 2019 (the Act) received assent on 22 November 2019.
  • The Act will dissolve RMS and transfer its functions, assets, rights and liabilities to TfNSW.
  • As at the date of this report, the Act is not yet in force.
  • There are risks and challenges for asset and liability transfers, governance and retention of knowledge.
  • As of 1 July 2019, administrative arrangements (delegations and reporting line changes) were put in place to enable TfNSW and RMS to operate within a single management structure, while still remaining as separate legal entities.
  • Transport is working on a number of options as to how to implement the changes. 

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Transport cluster for 2019.

Section highlights

  • Unqualified audit opinions were issued on all agencies' financial statements.
  • RMS required an extension from NSW Treasury for their early close procedures.
  • TfNSW and Sydney Metro required extensions to submit their year-end financial statements.
  • Valuation of assets remains a challenge across the cluster.
  • There remains Opal cards with negative balances.
  • Sydney Metro derecognised assets of $322 million in relation to assets constructed for third parties.
  • Inconsistencies in the application of accounting policies across cluster agencies impact comparability of financial reporting across the Transport cluster.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Transport cluster.

Section highlights

  • There was an increase in findings on internal controls across the Transport cluster. Twenty-nine per cent of all issues were repeat issues.
  • Transport entities wrote-off over $278 million of assets which were replaced by new assets or technology.
  • Twenty-six per cent of Transport employees have excess annual leave.
  • There are no processes to ensure all significant contracts and agreements are captured by agencies in a centralised register.

Appendix one – Timeliness of financial reporting by agency 

Appendix two – Management letter findings by agency 

Appendix three – List of 2019 recommendations 

Appendix four – Status of 2017 and 2018 recommendations 

Appendix five – Cluster agencies 

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Internal Controls and Governance 2019

Education
Community Services
Finance
Health
Industry
Justice
Planning
Premier and Cabinet
Transport
Treasury
Whole of Government
Compliance
Cyber security
Fraud
Information technology
Internal controls and governance
Management and administration
Procurement
Project management

This report covers the findings and recommendations from the 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector. The 40 agencies selected for this report constitute around 84 per cent of total expenditure for all NSW public sector agencies.

The report provides insights into the effectiveness of controls and governance processes across the NSW public sector. It evaluates how agencies identify, mitigate and manage risks related to:

  • financial controls
  • information technology controls
  • gifts and benefits
  • internal audit
  • contingent labour
  • sensitive data.

The Auditor-General recommended that agencies do more to prioritise and address vulnerabilities in their internal controls and governance. The Auditor-General also recommended agencies increase the transparency of their management of gifts and benefits by publishing their registers on their websites.

This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2019.

1. Internal control trends

New, repeat and high risk findings

There was an increase in internal control deficiencies of 12 per cent compared to last year. The increase is predominately due to a 100 per cent increase in repeat financial and IT control deficiencies.

Some agencies attributed the delay in actioning repeat findings to the diversion of staff from their regular activities to implement and operationalise the recent Machinery of Government changes. As a result, actions to address audit recommendations have been deferred or re prioritised, as the changes are implemented.

Agencies need to ensure they are actively managing the risks associated with having these vulnerabilities in internal control systems unaddressed for extended periods of time.
Common findings

A number of findings were common to multiple agencies. These findings often related to areas that are fundamental to good internal control environments and effective organisational governance, such as:

  • out of date policies or an absence of policies to guide appropriate decisions
  • poor record keeping and document retention
  • incomplete or inaccurate centralised registers or gaps in these registers
  • policies, procedures or controls no longer suited to the current organisational structure or business activities.

2. Information technology controls

IT general controls

We examined information security controls over key financial systems that support the preparation of agency financial statements. We found:

  • user access administration deficiencies at 58 per cent of agencies related to granting, review and removal of user access
  • an absence of privileged user activity reviews at 35 per cent of agencies
  • password controls that did not align to password policies at 20 per cent of agencies.

We also found 20 per cent of agencies had deficient IT program change controls, mainly related to segregation of duties in approval and authorisation processes, and user acceptance testing of program changes prior to deployment into production environments. User acceptance testing helps identify potential issues with software incompatibility, operational workflows, absent controls and software issues, as well as areas where training or user support may be required.

3. Gifts and benefits

Gifts and benefits registers

All agencies had a gifts and benefits policy and 90 per cent of agencies maintain a gifts and benefits register. However, 51 per cent of the gifts and benefits registers we examined contained incomplete declarations, such as missing details for the approving officer, value of the gift and/or benefit offered and reasons supporting the decision.

In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate, compliant with policy and were not direct or indirect inducements to the recipients to favour suppliers or service providers.

Agencies should ensure their gifts and benefits register includes all key fields specified in the Public Service Commission's minimum standards for gifts and benefits. Agencies should also perform regular reviews of the register to ensure completeness and ensure any gift or benefit accepted by a staff member meets the public's expectations for ethical behaviour.
Managing gifts and benefits

We found opportunities to improve gifts and benefits processes and enhance transparency. For example, only three per cent of agencies publish their gifts and benefits registers on their websites.

Agencies can improve management of gifts and benefits by:

  • ensuring agency policies comprehensively cover the elements necessary to make it effective in an operational environment, such as identifying risks specific to the agency and actions that will be taken in the event of a policy breach
  • establishing and publishing a statement of business ethics on the agency's website to clearly communicate expected behaviours to clients, customers, suppliers and contractors
  • providing on-going training, awareness activities and support to employees, not just at induction
  • publishing their gifts and benefits registers on their websites to demonstrate a commitment to a transparently ethical environment.
Reporting and monitoring

Only 35 per cent of agencies reported trends in the number and nature of gifts and benefits recorded in their registers to the agency's senior executive management and/or a governance committee.

Agencies should regularly report to the agency executive or other governance committee on trends in the offer and acceptance of gifts and benefits.

4. Internal audit

Obtaining value from the internal audit function

Agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value. For example, only 73 per cent of CAEs regularly attend meetings of the agency board or executive management committee.

Internal audit functions can add greater value by involving the CAE more extensively in executive forums as an observer.

Internal audit functions should also consider producing an annual report on internal audit. An annual report allows the internal audit function to report on their performance and add value by drawing to the attention of audit and risk committees and senior management strategic issues, thematic trends and emerging risks.
Role of the Chief Audit Executive

Forty-five per cent of agencies assigned responsibilities to the Chief Audit Executive (CAE) that were broader than internal audit, but 17 per cent of these had not documented safeguards to protect the independence of the CAE.

The reporting lines and status of the CAE at some agencies also needs review. At two agencies, the CAE reported to the CFO.

Agencies should ensure:

  • the reporting lines for the CAE comply with the NSW Treasury policy, and the CAE does not report functionally or administratively to the finance function or other significant recipients of internal audit services
  • the CAE's duties are compatible with preserving their independence and where threats to independence exist, safeguards are documented and approved.
Quality assurance and improvement program

Thirty-five per cent of agencies did not have a documented quality assurance and improvement program for its internal audit function.

The policy and the International Standards for the Professional Practice of Internal Auditing require agencies to have a documented quality assurance and improvement program. The results of this program should be reported annually.

Agencies should ensure there is a documented and operational Quality Assurance and Improvement Program for the internal audit function that covers both internal and external assessments.

5. Managing contingent labour

Obtaining value for money from contingent labour

According to NSW Procurement data, spend on contingent labour has increased by 75 per cent over the last five years, to $1.5 billion in 2018–19. Improvements in internal processes and a renewed focus on agency monitoring and oversight of contingent labour can help ensure agencies get the best value for money from their contingent workforces.

Agencies can improve their management of contingent labour by:

  • preparing workforce plans to inform their resourcing strategy and ensure that engaging contingent labour aligns with the strategy and best meets business needs
  • involving agency human resources units in decisions about engaging contingent labour
  • regularly reporting on contingent labour use and tenure to agency executive teams
  • strengthening on-boarding and off-boarding processes.

We also found 57 per cent of the 23 agencies we examined with contingent labour spend of more than $5 million in 2018–19 have implemented the government's vendor management system and service provider 'Contractor Central'.

6. Managing sensitive data

Identifying and assessing sensitive data

Sixty-eight per cent of agencies maintain an inventory of their sensitive data and where it resides. However, these inventories are not always complete and risks may be overlooked.

Agencies can improve processes to manage sensitive data by:

  • identifying and maintaining an inventory of sensitive data through a comprehensive and structured process
  • assessing the criticality and sensitivity of the data so that protection of high risk data can be prioritised.
Managing data breaches

Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents.

Agencies should maintain a data breach register to effectively manage the actions undertaken to contain, evaluate and remediate each data breach.

 

This report covers the findings and recommendations from our 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies (refer to Appendix three) in the NSW public sector. The 40 agencies selected for this volume constitute around 84 per cent of total expenditure for all NSW public sector agencies.

Although the report includes several agencies that have changed as a result of the Machinery of Government changes that were effective from 1 July 2019, its focus on sector wide issues and insights means that its findings remain relevant to NSW public sector agencies, including newly formed agencies that have assumed the functions of abolished agencies.

This report offers insights into internal controls and governance in the NSW public sector

This is the third report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:

  • highlighting the potential risks posed by weaknesses in controls and governance processes
  • helping agencies benchmark the adequacy of their processes against their peers
  • focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.

Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. For example, if they do not have strong information technology controls, sensitive information may be at risk of unauthorised access and misuse.

Areas of specific focus of the report have changed since last year

Last year's report topics included transparency and performance reporting, management of purchasing cards and taxi use, and fraud and corruption control. We are reporting on new topics this year and re-visiting agency management of gifts and benefits, which we first covered in our 2017 report. Re-visiting topics from prior years provides a baseline to show the NSW public sectors’ progress implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.

Our audits do not review all aspects of internal controls and governance every year. We select a range of measures and report on those that present heightened risks for agencies to mitigate. This year the report focusses on:

  • internal control trends
  • information technology controls, including access to agency systems
  • protecting sensitive information held within agencies
  • managing large and diverse workforces (controls around employing and managing contingent workers)
  • maintaining an ethical culture (management of gifts and benefits)
  • effectiveness of internal audit function and its oversight by Audit and Risk Committees.

The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, internal controls and audit observations are included in the individual 2019 cluster financial audit reports, which will be tabled in parliament from November to December 2019.

Internal controls are processes, policies and procedures that help agencies to:

  • operate effectively and efficiently
  • produce reliable financial reports
  • comply with laws and regulations
  • support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.

Key conclusions and sector wide learnings

We identified four high risk findings, compared to six last year. None of the findings are common with those in the previous year. There was an overall increase of 12 per cent in the number of internal control deficiencies compared to last year. The increase is predominately due to a 100 per cent increase in the number of repeat financial and IT control deficiencies.
 
Some agencies attributed the delay in actioning repeat findings to the diversion of staff from their regular activities to implement and operationalise the recent Machinery of Government changes. As a result, actions to address audit recommendations have been deferred or re-prioritised, as the changes are implemented. Agencies need to ensure they are actively managing the risks associated with having these vulnerabilities in internal control systems unaddressed for extended periods of time.
 
We also identified a number of findings that were common to multiple agencies. These common findings often related to areas that are fundamental to good internal control environments and effective organisational governance. Examples include:
  • out of date policies or an absence of policies to guide appropriate decisions
  • poor record keeping and document retention
  • incomplete or inaccurate centralised registers or gaps in these registers.

Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.

Key conclusions and sector wide learnings
Government agencies’ financial reporting is heavily reliant on information technology (IT). We continue to see a high number of deficiencies related to IT general controls, particularly those related to user access administration. These controls are key in adequately protecting IT systems from inappropriate access and misuse.
IT is also important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our financial audits do not review all agency IT systems. For example, IT systems used to support agency service delivery are generally outside the scope of our financial audit. However, agencies should also consider the relevance of our findings to these systems.
Agencies need to continue to focus on assessing the risks of inappropriate access and misuse and the implementation of controls to adequately protect their systems, focussing on the processes in place to grant, remove and monitor user access, particularly privileged user access.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage gifts and benefits. 

Key conclusions and sector wide learnings

We found most agencies have implemented the Public Service Commission's minimum standards for gifts and benefits. All agencies had a gifts and benefits policy and 90 per cent of agencies maintained a gifts and benefits register and provided some form of training to employees on the treatment of gifts and benefits.

Based on our analysis of agency registers, we found some areas where opportunities existed to make processes more effective. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate and compliant with policy. Fifty-one per cent of the gifts and benefits registers reviewed contained declarations where not all fields of information had been completed. Seventy-seven per cent of agencies that maintained a gifts and benefits register did not include all key fields suggested by the minimum standards.

Areas where agencies can improve their management of gifts and benefits include:

  • ensuring agency policies comprehensively cover the elements necessary to make it effective in an operational environment, such as identifying risks specific to the agency and actions that will be taken in the event of a policy breach
  • establishing and publishing a statement of business ethics on the agency's website to clearly communicate expected behaviours to clients, customers,suppliers and contractors
  • updating gifts and benefits registers to include all key fields suggested by the minimum standards, as well as performing regular reviews of the register to ensure completeness
  • providing on-going training, awareness activities and support to employees, not just at induction
  • regularly reporting gifts and benefits to executive management and/or a governance committee such as the audit and risk committee, focussing on trends in the number and types of gifts and benefits offered to and accepted by agency staff
  • publishing their gifts and benefits registers on their websites to demonstrate a commitment to a transparently ethical environment.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency internal audit functions.

Key conclusions and sector wide learnings 

We found agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems as required by TPP15-03 'Internal Audit and Risk Management Policy for the NSW Public Sector'. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value, including: 

  • documenting and implementing safeguards to address conflicting roles performed by the Chief Audit Executive (CAE)
  • ensuring the reporting lines for the CAE comply with the NSW Treasury policy, and the CAE reports neither functionally or administratively to the finance function or other significant recipients of internal audit services
  • involving the CAE more extensively in executive forums as an observer
  • documenting a Quality Assurance and Improvement Program for the internal audit function and performing both internal and external performance assessments to identify opportunities for continuous improvement
  • reporting against key performance indicators or a balanced scorecard and producing an annual report on internal audit to bring to the attention of the audit and risk committee and senior management strategic issues, thematic trends and emerging risks that may require further attention or resources.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to on-board, manage and off-board contingent labour.

Key conclusions and sector wide learnings

Agencies have implemented controls to manage contingent labour and most agencies have some level of reporting and oversight of contingent labour at an executive level. However, the increasing trend in spend on contingent labour warrants a renewed focus on agency monitoring and oversight of their use of contingent labour. Over the last five years spend on contingent labour has increased by 75 per cent, to $1.5 billion in 2018–19.

There are also some key gaps that limit the ability of agencies to effectively manage contingent labour. Key areas where agencies can improve their management of contingent labour include: 

  • preparing workforce plans to inform their resourcing strategy, and confirm prior to engaging contingent labour, that this solution aligns with the strategy and best meets business needs
  • involving agency human resources units in decisions about engaging contingent labour
  • regularly reporting on contingent labour use to agency executive teams, particularly in terms of trends in agency spend, tenure and compliance with policies and procedures
  • strengthening on-boarding and off-boarding processes, including establishing checklists to on-board and off-board contingent labour, making provisions for knowledge transfer, and assessing, documenting and capturing performance information.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of governance and processes in relation to the management of sensitive data.

Key conclusions and sector wide learnings

Information technology risks are rapidly increasing. More interfaces between agencies and greater connectivity means the amounts of data agencies generate, access, store and share continue to increase. Some of this information is sensitive information, which is protected by the Privacy Act 1988.

It is important that agencies understand what sensitive data they hold, the risks associated with the inadvertent release of this information and how they are mitigating those risks. We found that agencies need to continue to identify and record their sensitive data, as well as expand the methods they use to identify sensitive data. This includes data held in unstructured repositories, such as network shared drives and by agency service providers.

Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents.

Key areas where agencies can improve their management of sensitive data include:

  • identifying sensitive data, based on a comprehensive and structured process and maintaining an inventory of the data
  • assessing the criticality and sensitivity of the data so that the protection of high risk data can be prioritised
  • developing comprehensive data breach management policies to ensure data breaches are appropriately managed
  • maintaining a data breach incident register to record key information in relation to identified data breaches incidents, including the estimated cost of the breach
  • providing on-going training and awareness activities to employees in relation to sensitive data and managing data breaches.

Appendix one – List of 2019 recommendations 

Appendix two – Status of 2018 recommendations

Appendix three – In-scope agencies

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Biosecurity risk management

Industry
Risk

The report focuses on the Department of Primary Industries’ (DPI) as the lead agency for biosecurity in New South Wales. It examines how well the department responds to biosecurity emergencies and manages compliance activities. DPI’s state partners include NSW Health, the NSW Environment Protection Authority, Local Land Services, and Local Control Authorities to manage biosecurity risks in New South Wales.

Biosecurity is the protection of the economy, environment, and community from the negative impacts of pests, diseases, weeds, and contaminants.

National and State governments have defined roles and responsibilities for biosecurity in Australia, reflecting the allocation of powers in the Australian Constitution. The Australian Government has direct responsibility for biosecurity (quarantine) at the international border, and works jointly with the states and territories to set the legislative framework and policy direction for managing biosecurity nationally. It also works with state and territory governments to ensure there is a national approach to biosecurity. State governments manage their biosecurity activities within the national framework.

The Department of Primary Industries (DPI), within the Department of Industry, is the lead agency for biosecurity in NSW. This audit was conducted with the Department of Industry as the auditee. On 2 April 2019 the NSW Government announced it will abolish the Department of Industry. From 1 July 2019 the Department of Planning, Industry and Environment, will have responsibility for biosecurity activities described in this report.

The NSW Biosecurity Strategy 2013–2021 (the Strategy) articulates the NSW Government’s responsibilities for biosecurity within the national legislative framework. Achieving the outcomes of the strategy relies on DPI fulfilling two key responsibilities. Firstly, undertaking direct actions, such as implementing strong regulatory compliance and licensing activities, and managing biosecurity emergency responses. Secondly, leading the response to biosecurity risks by fostering effective collaboration with stakeholders across government, industry, and the wider community.

In NSW, 11 regional Local Land Services (LLS) are the key partners for DPI in meeting its biosecurity responsibilities. Each LLS develops and implements strategies to manage invasive pests and diseases within their regions. They also investigate new reports of pests or diseases in their regions and staff local emergency control centres when an emergency response is triggered.

Local Control Authorities (LCAs) also have a role in biosecurity management. LCAs include local councils and a small number of specialist regional agencies. Their role focuses on strategies to manage weeds within their local areas.

This audit assessed the effectiveness and economy of DPI’s biosecurity emergency response and prevention activities. It looks at DPI’s emergency response practice and its compliance program as a key prevention activity for which DPI has primary responsibility. DPI sets policy and procedural compliance standards for management of biosecurity risks in NSW and also conducts an annual program of property inspections and investigations that ensure that its compliance policies and procedures are being applied effectively.

Appendix one - Response from agency

Appendix two - Location of selected biosecurity emergency responses

Appendix three - About the audit

Appendix four - Performance auditing

 

Parliamentary Reference: Report number #321 - released 18 June 2019

Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Banner image: ‘Yellow crazy ant’, supplied and permitted for use by NSW Department of Primary Industries under Creative Commons Attribution-ShareAlike 3.0 Unported Licence. Full terms.

Published

Universities 2018 audits

Universities
Cyber security
Financial reporting
Information technology
Internal controls and governance

The Acting Auditor General of New South Wales, Ian Goodwin, released a report today on the results of financial audits of NSW universities for the year ended 31 December 2018.

All ten NSW universities received unqualified audit opinions.

This report analyses the results of our audits of financial statements of the ten NSW universities for the year ended 31 December 2018. The table below summarises our key observations.

This report provides Parliament with the results of our financial audits of New South Wales universities and their controlled entities in 2018, including our analysis, observations and recommendations in the following areas:

  • financial reporting
  • internal controls and governance
  • teaching and research.

Financial reporting is an important element of governance. Confidence and transparency in university sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations on the financial reporting of NSW universities for 2018.

Appropriate and robust internal controls help reduce risks associated with managing finances, compliance and administration of NSW universities.

This chapter outlines the internal controls related observations and insights across NSW universities for 2018, including overall trends in findings, level of risk and implications.

Our audits do not review all aspects of internal controls and governance every year. The more significant issues and risks are included in this chapter. These along with the less significant ones are reported to universities for them to address.

Universities' primary objectives are teaching and research. They invest most of their resources to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and international and Australian rankings.

This chapter outlines teaching and research outcomes for NSW universities for 2018.

Appendix one – List of 2018 recommendations

Appendix two – Status of 2017 recommendations

Appendix three – NSW universities, controlled entities and associated entities

Published

Engagement of probity advisers and probity auditors

Transport
Education
Health
Compliance
Internal controls and governance
Procurement
Project management
Workforce and capability

Three key agencies are not fully complying with the NSW Procurement Board’s Direction for engaging probity practitioners, according to a report released today by the Acting Auditor-General for New South Wales, Ian Goodwin. They also do not have effective processes to achieve compliance or assure that probity engagements achieved value for money.

Probity is defined as the quality of having strong moral principles, honesty and decency. Probity is important for NSW Government agencies as it helps ensure decisions are made with integrity, fairness and accountability, while attaining value for money.

Probity advisers provide guidance on issues concerning integrity, fairness and accountability that may arise throughout asset procurement and disposal processes. Probity auditors verify that agencies' processes are consistent with government laws and legislation, guidelines and best practice principles. 

According to the NSW State Infrastructure Strategy 2018-2038, New South Wales has more infrastructure projects underway than any state or territory in Australia. The scale of the spend on procuring and constructing new public transport networks, roads, schools and hospitals, the complexity of these projects and public scrutiny of aspects of their delivery has increased the focus on probity in the public sector. 

A Procurement Board Direction, 'PBD-2013-05 Engagement of probity advisers and probity auditors' (the Direction), sets out the requirements for NSW Government agencies' use and engagement of probity practitioners. It confirms agencies should routinely take into account probity considerations in their procurement. The Direction also specifies that NSW Government agencies can use probity advisers and probity auditors (probity practitioners) when making decisions on procuring and disposing of assets, but that agencies:

  • should use external probity practitioners as the exception rather than the rule
  • should not use external probity practitioners as an 'insurance policy'
  • must be accountable for decisions made
  • cannot substitute the use of probity practitioners for good management practices
  • not engage the same probity practitioner on an ongoing basis, and ensure the relationship remains robustly independent. 

The scale of probity spend may be small in the context of the NSW Government's spend on projects. However, government agencies remain responsible for probity considerations whether they engage external probity practitioners or not.

The audit assessed whether Transport for NSW, the Department of Education and the Ministry of Health:

  • complied with the requirements of ‘PBD-2013-05 Engagement of Probity Advisers and Probity Auditors’
  • effectively ensured they achieved value for money when they used probity practitioners.

These entities are referred to as 'participating agencies' in this report.

We also surveyed 40 NSW Government agencies with the largest total expenditures (top 40 agencies) to get a cross sector view of their use of probity practitioners. These agencies are listed in Appendix two.

Conclusion

We found instances where each of the three participating agencies had not fully complied with the requirements of the NSW Procurement Board Direction ‘PBD-2013-05 Engagement of Probity Advisers and Probity Auditors’ when they engaged probity practitioners. We also found they did not have effective processes to achieve compliance or assure the engagements achieved value for money.

In the sample of engagements we selected, we found instances where the participating agencies did not always:

  • document detailed terms of reference
  • ensure the practitioner was sufficiently independent
  • manage probity practitioners' independence and conflict of interest issues transparently
  • provide practitioners with full access to records, people and meetings
  • establish independent reporting lines   reporting was limited to project managers
  • evaluate whether value for money was achieved.

We also found:

  • agencies tend to rely on only a limited number of probity service providers, sometimes using them on a continuous basis, which may threaten the actual or perceived independence of probity practitioners
  • the NSW Procurement Board does not effectively monitor agencies' compliance with the Direction's requirements. Our enquiries revealed that the Board has not asked any agency to report on its use of probity practitioners since the Direction's inception in 2013. 

There are no professional standards and capability requirements for probity practitioners

NSW Government agencies use probity practitioners to independently verify that their procurement and asset disposal processes are transparent, fair and accountable in the pursuit of value for money. 

Probity practitioners are not subject to regulations that require them to have professional qualifications, experience and capability. Government agencies in New South Wales have difficulty finding probity standards, regulations or best practice guides to reference, which may diminish the degree of reliance stakeholders can place on practitioners’ work.

The NSW Procurement Board provides direction for the use of probity practitioners

The NSW Procurement Board Direction 'PBD-2013-15 for engagement of probity advisers and probity auditors' outlines the requirements for agencies' use of probity practitioners in the New South Wales public sector. All NSW Government agencies, except local government, state owned corporations and universities, must comply with the Direction when engaging probity practitioners. This is illustrated in Exhibit 1 below.

Appendix one – Response from agencies

Appendix two – List of selected agencies

Appendix three – About the audit

Published

Planning and Environment 2018

Planning
Environment
Asset valuation
Financial reporting
Information technology
Infrastructure
Internal controls and governance
Service delivery

The Auditor-General for New South Wales, Margaret Crawford, released her report today on the NSW Planning and Environment cluster. The report focuses on key observations and findings from the most recent financial audits of these agencies. Unqualified audit opinions were issued for all agencies' financial statements. However, some cultural institutions had challenges valuing collection assets in 2017–18. These issues were resolved before the financial statements were finalised.

This report analyses the results of our audits of financial statements of the Planning and Environment cluster for the year ended 30 June 2018. The table below summarises our key observations.

This report provides parliament and other users of the Planning and Environment cluster agencies' financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations
  • service delivery.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making is enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment cluster for 2018.

Observation Conclusions and recommendations
2.1 Quality of financial reporting
Unqualified audit opinions were issued for all agencies' financial statements. The quality of financial reporting remains high across the cluster.
2.2 Key accounting issues
There were errors in some cultural institutions' collection asset valuations. Recommendation: Collection asset valuations could be improved by:
  • early engagement with key stakeholders regarding the valuation method and approach
  • completing revaluations, including quality review processes earlier 
  • improving the quality of asset data by registering all items in an electronic database. 
2.3 Timeliness of financial reporting
Except for two agencies, the audits of cluster agencies’ financial statements were completed within the statutory timeframe.  Issues with asset revaluations delayed the finalisation of two environment and heritage agencies' financial statement audits. 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from:

  • our financial statement audits of agencies in the Planning and Environment cluster for 2018
  • the areas of focus identified in the Audit Office work program.

The Audit Office annual work program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.

Observation Conclusions and recommendations
3.1 Internal controls
One in five internal control weaknesses reported in 2017–18 were repeat issues. Delays in implementing audit recommendations can prolong the risk of fraud and error.
Recommendation (repeat issue): Management letter recommendations to address internal control weaknesses should be actioned promptly, with a focus on addressing repeat issues.
One extreme risk was identified relating to the National Art School. The School does not have an occupancy agreement for the Darlinghurst campus. Lack of formal agreement creates uncertainty over the School's continued occupancy of the Darlinghurst site.

The School should continue to liaise with stakeholders to formalise the occupancy arrangement. 
 
3.2 Information technology controls
The controls and governance arrangements when migrating payroll data from the Aurion system to SAP HR system were effective. Data migration from the Aurion system to SAP HR system had no significant issues.
The Department can improve controls over user access to SAP system. The Department needs to ensure the SAP user access controls are appropriate, including investigation of excess access rights and resolving segregation of duties issues. 
3.3 Annual work program
Agencies used different benchmarks to monitor their maintenance expenditure. The cluster agencies under review operate in different industries. As a result, they do not use the same benchmarks to assess the adequacy of their maintenance spend. 

This chapter outlines certain service delivery outcomes for 2017–18. The data on activity levels and performance is provided by cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited. 

We report this information on service delivery to provide additional context to understand the operations of the Planning and Environment cluster, and to collate and present service information for different segments of the cluster in one report. 

In our recent performance audit, ‘Progress and measurement of Premier's Priorities’, we identified 12 limitations of performance measurement and performance data. We recommended the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all relevant agency data sources.

Appendix one - List of 2018 recommendations

Appendix two - Status of 2017 recommendations

Appendix three- Cluster agencies

Appendix four - Financial data

Appendix five - Timeliness of financial reporting

Appendix six - Management letter findings by risk rating

View our audit program
View audit program
EXPLORE
upcoming audits
Have your say
CONTRIBUTE