Refine search

Reports

18 December 2019

Published

Supporting the District Criminal Court

Justice

Community Services

Information technology

Internal controls and governance

Project management

The Auditor-General for New South Wales, Margaret Crawford, released a report today on whether the Department of Communities and Justice (the department) effectively supports the efficient operation of the District Criminal Court system.

The audit found that in the provision of data and technology services, the department is not effectively supporting the efficient operation of the District Criminal Court system. The department has insufficient controls in place to ensure that data in the system is always accurate.

The department is also using outdated technology and could improve its delivery of technical support to courts.

The audit also assessed the implementation of the Early Appropriate Guilty Pleas reform. This reform aims to improve court efficiency by having more cases resolved earlier with a guilty plea in the Local Court. The audit found that the department effectively governed the implementation of the reform but is not measuring achievement of expected benefits, placing the objectives of the reform at risk.

The Auditor-General made seven recommendations to the department, aimed at improving the controls around courts data, reporting on key performance indicators, improving regional technical support and measuring the success of the Early Appropriate Guilty Pleas reform.

The District Court is the intermediate court in the New South Wales court system. It hears most serious criminal matters, except murder, treason and piracy. The Department of Communities and Justice (the Department) provides support to the District Court in a variety of ways. For example, it provides security services, library services and front-desk services. This audit examined three forms of support that the Department provides to the District Court:

data collection, reporting and analysis - the Department collects data from cases in its case management system, JusticeLink, based on the orders Judges make in court and court papers
technology - the Department provides technology to courts across New South Wales, as well as technical support for this technology
policy - the Department is responsible for proposing and implementing policy reforms.

Recent years have seen a worsening of District Court efficiency, as measured in the Productivity Commission's Report on Government Services (RoGS). Efficiency in the court system is typically measured through timeliness of case completion. There is evidence that timeliness has worsened. For example, the median time from arrest to finalisation of a case in the District Court increased from 420 days in 2012–13 to 541 days in 2017–18.

As a result, the government has announced a range of measures to improve court performance, particularly in the District Court. These measures included the Early Appropriate Guilty Pleas (EAGP) reform. One of the objectives of EAGP is to improve court efficiency, which would be achieved by having more cases resolve with a guilty plea in the Local Court.

This audit assessed whether the Department of Communities and Justice effectively supports the efficient operation of the District Criminal Court system. We assessed this with the following lines of inquiry:

Does the Department effectively collect, analyse and report performance information relevant to court efficiency?
Does the Department effectively provide technology to support the efficient working of the courts?
Does the Department have effective plans, governance and monitoring for the Early Appropriate Guilty Pleas reform?

The audit did not consider other support functions provided by the Department. Further information on the audit, including detailed audit criteria, may be found in Appendix two.

Conclusion

In the provision of data and technology services, the Department is not effectively supporting the efficient operation of the District Criminal Court system. The Department has insufficient controls in place to ensure accurate data in the District Criminal Court system. The Department is also using outdated technology in significant numbers and could improve its delivery of technical support to meet agreed targets.

The Department effectively governed the implementation of the Early Appropriate Guilty Pleas reform. However, it is not ensuring that the benefits stated in the business case are being achieved, placing its objectives at risk.

The impact of inaccurate court data can be severe, and the Department does not have sufficient controls in place to ensure that its court data is accurate. Recent Bureau of Crime Statistics and Research reviews have identified data inaccuracies, and this demonstrates the Department needs strong controls in place to ensure that its court data is accurate.

The Department does not have a policy for data quality and has not formally assigned responsibility for data quality to any individual or branch. The Department also does not have a data dictionary outlining all the fields in its case management system. While the Department validates the highest risk items, such as warrants, to ensure that they are accurate, most data is not validated. The Department has recently commenced setting up a data unit for the Courts, Tribunals and Service Delivery branch. It is proposed that this unit will address most of the identified shortcomings.

The Department did not provide timely technical support to the court system in 2017 and is using outdated technology in significant numbers. The Digital and Technology Services branch of the Department had agreed a Service Level Agreement with the rest of the Department, outlining the expected speed of technical support responses. The branch did not meet response times in 2017. Performance improved in 2018, though DTS fell short of its targets for critical and moderate priority incidents. Critical incidents are particularly important to deal with in a timely manner as they include incidents which may delay a court sitting.

Requests for technical support rose significantly in 2018 compared to 2017, which may be related to the number of outdated pieces of technology. As at April 2019, the whole court system had 2,389 laptops or desktop computers outside their warranty period. The Department was also using other outdated technology. Outdated technology is more prone to failure and continuing to use it poses a risk of court delays.

The Department is not measuring all the expected benefits from the Early Appropriate Guilty Pleas reform, placing the objectives of the program at risk. The Early Appropriate Guilty Pleas business case outlined nine expected benefits from the reform. The Department is not measuring one of these benefits and is not measuring the economic benefits of a further five business case benefits. Not measuring the impact of the reform means that the Department does not know if it is achieving its objectives and if the reform had the desired impact.

The Department is responsible for providing technology to the courts, which can improve the efficiency of court operations by making them faster and cheaper. The Department is also responsible for providing technical support to courtrooms and registries. It is important that technical support is provided in a timely manner because some technical incidents can delay court sittings and thus impact on court efficiency. A 2013 Organisation for Economic Co‑operation and Development report emphasised the importance of technology and digitisation for reducing trial length.

While the Department may provide technology to the courts, they are not responsible for deciding when, how or if the technology is used in the courtroom.

The Department is using a significant amount of outdated technology, risking court delays

As of April 2019, the whole court system had 2,389 laptops or desktop computers out of warranty, 56.0 per cent of the court system's fleet. The court system also had 786 printing devices out of their normal warranty period, 75.1 per cent of all printers in use. The Department also advised that many of its court audio transcription machines are out of date. These machines must be running for the court to sit and thus it is critical that they are maintained to a high degree. The then Department of Justice estimated the cost of aligning its hardware across the whole Department with desired levels at $14.0 million per year for three years. Figures for the court system were not calculated but they are likely to be a significant portion of this figure.

Using outdated technology poses a risk to the court system as older equipment may be more likely to break down, potentially delaying courts or slowing down court services. In the court system throughout 2018, hardware made up 30.8 per cent of all critical incidents reported to technical support and 41.9 per cent of all high priority incidents. In addition, 16.2 per cent of all reported issues related to printing devices or printing.

From 2017 to 2018, technical support incidents from courts or court services increased. There were 4,379 technical support incidents in 2017, which increased significantly to 9,186 in 2018. The Department advised that some outside factors may have contributed to this increase. The Department was rolling out its new incident recording system throughout 2017, meaning that there would be an under‑reporting of incidents in that year. The Department also advised that throughout 2018 there was a greater focus on ensuring that every issue was logged, which had not previously been the case. Despite these factors, the use of outdated technology has likely increased the risk of technology breakages and may have contributed to the increase in requests for technical support.

Refreshing technology on a regular basis would reduce the risk of hardware failures and ensure that equipment is covered by warranty.

The Department did not meet all court technical support targets in 2017 and 2018

The Digital and Technology Services branch (DTS) was responsible for providing technical support to the courts and the Courts and Tribunal Services branch prior to July 2019. DTS provided technical support in line with a Service Level Agreement (SLA) with the Department. In 2017, DTS did not provide this support in a timely manner. Performance improved in 2018, though DTS fell short of its targets for critical and moderate priority incidents. Exhibit 7 outlines DTS' targets under the SLA.

Exhibit 7: Digital and Technology Services' Service Level Agreement
Priority	Target resolution time	Target percentage in time (%)
1. Critical	4 hours	80
2. High	1 day	80
3. Moderate	3 days	85
4. Low	5 days	85
Source: Department of Communities and Justice, 2019.

Critical incidents are particularly important for the Department to deal with in a timely manner because these include incidents which may delay a court sitting until resolved or incidents which impact on large numbers of staff. Some of the critical incidents raised with DTS specifically stated that they were delaying a court sitting, often due to transcription machines not working. High priority incidents include those where there is some impact on the functions of the business, which may in turn affect the efficiency of the court system. High priority incidents also include those directly impacting on members of the Judiciary.

This audit examined DTS' performance against its SLA in the 2017 and 2018 calendar years across the whole court system, not just the District Court. The total number of incidents, as well as critical and high priority incidents, can be seen in Exhibit 8.

Exhibit 8: Number of incidents in 2017 and 2018
Priority	2017	2018
All	4,379	9,186
1. Critical	48	91
2. High	128	315
Source: Audit Office of NSW analysis of Department of Communities and Justice data, 2019.

The Department's results against its SLA in 2017 and 2018 are shown in Exhibit 9.

The Early Appropriate Guilty Pleas (EAGP) reform consists of five main elements:

early disclosure of evidence from NSW Police Force to the prosecution and defence
early certification of what the accused is going to be charged with to minimise changes
mandatory criminal case conferencing between the prosecutor and accused's representation
changes to Local Court case management
more structured sentence discounts.

More detailed descriptions of each of these changes can be found in the Introduction. These reform elements are anticipated to have three key effects:

accelerate the timing of guilty pleas
increase the overall proportion of guilty pleas
decrease the average length of contested trials.

Improving District Court efficiency is one of the stated aims of EAGP, which would be achieved by having more cases resolve in the Local Court and having fewer defendants plead guilty on the day of their trial in the District Court. The reform commenced in April 2018 and it is too early to state the impact of this reform on District Court efficiency.

The Department is responsible for delivering EAGP in conjunction with other justice sector agencies. They participated in the Steering Committee and the Working Groups, as well as providing the Project Management Office (PMO).

The Department is not measuring the economic benefits stated in the EAGP business case

The business case for EAGP listed nine quantifiable benefits which were expected to be derived from the achievement of the three key effects listed above. The Department is not measuring one of these benefits and is not measuring the economic benefits for five more, as shown in Exhibit 12.

Benefit	Economic benefit (over ten years)	Being measured?
Accelerated timing of guilty pleas	$54.6m
Increased guilty plea rate	$90.7m
Decreased average trial length	$27.5m
A reduction in the delay of indictable matters proceeding to trial	N/A
Increase the number of finalised matters per annum	N/A
Reduction of the current backlog of criminal trials in the District Court	N/A
Reduction in bed pressure on the correction system due to reduced average time in custody	$13.7m
Productivity improvements due to reduction in wasted effort	$53.3m
Bankable cost savings due to jury empanelment avoided	$2.5m

Exhibit 12: The Department's measurement of quantifiable benefits
Key		Measuring		Not measuring economic benefit		Not measuring

Source: Audit Office of NSW analysis.

While it is too early to comment on the overall impact of EAGP, better practice in benefits realisation involves an ongoing effort to monitor benefits to ensure that the reform is on target and determine whether any corrective action is needed.

The Department is measuring the number of finalised matters per annum and while the Department is not measuring the reduction in the backlog as part of this program, this measure is reported as part of the Department's internal reporting framework. The Department is not monitoring the reduction in delay of indictable matters proceeding to trial directly as part of this reform, but this does form part of the monthly Operational Performance Report which the Department sends to the EAGP Steering Committee.

The Department is not monitoring any of the economic benefits stated in the business case. These economic benefits are a mixture of bankable savings and productivity improvements. This amounts to a total of $242.3 million over ten years which was listed in the business case as potential economic benefits from the implementation of this reform against the total cost of $206.9 million over ten years. The Department is collecting proxy indicators which would assist in these calculations for several indicators, but it is not actively monitoring these savings. For example, the Department is monitoring average trial length, but is not using this information to calculate economic benefits derived from changes in trial length.

The Department is also not collecting information related to the average length of custody as part of this program. This means that it is unable to determine if EAGP is putting less pressure on the correctives system and it is not possible for the Department to calculate the savings from this particular benefit.

While stakeholders are optimistic about the impact of EAGP, not measuring the expected benefits stated in the business case means that the Department does not know if the reform is achieving what it was designed to achieve. Further, the Department does not know if it must take corrective action to ensure that the program achieves the stated benefits. These two things put the overall program benefits at risk.

The Department has not assigned responsibility for the realisation of each benefit, potentially risking the success of the program

The Department has not assigned responsibility for the realisation of each benefit stated in the business case. The Department holds the Steering Committee responsible for the realisation of all benefits. Benefits realisation is the process which ensures that the agency reaches benefits as stated in the business case. Assigning responsibility for benefits realisation to the Steering Committee rather than individuals is not in line with good practice.

Good practice benefits realisation involves assigning responsibility for the realisation of each benefit to an individual at the business unit level. This ensures there is a single point of accountability for each part of the program with knowledge of the benefit and the ability to take corrective action if it looks like that benefit will not be realised. This responsibility should sit at the operational level where detailed action can most easily be undertaken. The role of a Steering Committee in benefits realisation is to ensure that responsible parties are monitoring their benefits and taking appropriate corrective action.

The Department advised that it believes the Steering Committee should have responsibility for the realisation of benefits due to the difficulty of attributing the achievement of each benefit to one part of the reform alone. Given the Steering Committee meets only quarterly, it is not well placed to take action in response to variances in performance.

A BOCSAR evaluation is planned, however data errors make some of the information unreliable

BOCSAR are planning to undertake an overall evaluation of EAGP which is planned for release in 2021. Undertaking this evaluation will require high quality data to gain an understanding of the drivers of the reform. However, data captured throughout the first year of EAGP has proven unreliable, which may reduce the usefulness of BOCSAR's evaluation. These data issues were discussed in Exhibit 5 in Chapter 2, above. Access to accurate data is vital for conducting any program evaluation and inaccurate data raises the risk that the BOCSAR evaluation will not be able to provide an accurate evaluation of the impact of EAGP.

In addition to the BOCSAR evaluation, the Department had plans for a series of 'snapshot' evaluations for some of the key elements of the reform to ensure that they were operating effectively. These were initially delayed due to an efficiency dividend which affected EAGP. In August 2019, the Department commissioned a review of the implementation of several key success factors for EAGP.

There was clear governance throughout the implementation of EAGP

The implementation stage of EAGP had clear governance, lines of authority and communication. The Steering Committee, each Working Group and each agency had clear roles and responsibilities, and these were organised through a Project Management Office (PMO) provided by the former Department of Justice. The governance structure throughout the implementation phase can be seen at Exhibit 13.

The Steering Committee was established in December 2016 and met regularly from March 2017. It comprised senior members of key government agencies, as well as the Chief Judge and the Chief Magistrate for most of the duration of the implementation period. The Steering Committee met at least monthly throughout the life of the program. The Steering Committee was responsible for overseeing the delivery of EAGP and making key decisions relating to implementation, including spending decisions. The Chief Judge and the Chief Magistrate abstained from financial decisions. The Steering Committee updated the governance and membership of the Steering Committee as appropriate throughout the life of the reform.

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

Copyright Notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary Reference: Report number #329 - released 18 December 2019

5 December 2019

Published

Stronger Communities 2019

Justice

Community Services

Compliance

Financial reporting

Internal controls and governance

Management and administration

Project management

Service delivery

Shared services and collaboration

Workforce and capability

A report has been released on the NSW Stronger Communities cluster.

From 1 July 2019, the functions of the former Department of Justice, the former Department of Family and Community Services and many of the cluster agencies moved to the new Stronger Communities cluster. The Department of Communities and Justice is the principal agency in the new Stronger Communities cluster.

The report focuses on key observations and findings from the most recent financial audits of agencies in the Stronger Communities cluster.

Unqualified audit opinions were issued on the financial statements for all agencies in the cluster.

There were 157 audit findings on internal controls. Two of these were high risk and 59 were repeat findings from previous financial audits. ‘Cluster agencies should prioritise actions to address internal control weaknesses promptly with particular focus given to issues that are assessed as high risk’, the Auditor-General said.

The report notes that the NSW Government’s new workers' compensation legislation, which gave eligible firefighters presumptive rights to workers' compensation, cost emergency services agencies $180 million in 2018–19, mostly in increased premiums.

Download the PDF version of report

This report analyses the results of our audits of financial statements of the agencies comprising the Stronger Communities cluster for the year ended 30 June 2019. The table below summarises our key observations.

This report provides parliament and other users of the financial statements of agencies in the Stronger Communities cluster with the results of our audits, our observations, analyses, conclusions and recommendations in the following areas:

financial reporting
audit observations.

This cluster was significantly impacted by the Machinery of Government (MoG) changes on 1 July 2019. This report focuses on the agencies that from 1 July 2019, comprised the Stronger Communities cluster. The MoG changes moved some agencies from the clusters to which they belonged in 2018–19 to the Stronger Communities cluster. Conversely, the MoG also moved some agencies formerly in the Family and Community Services cluster and Justice cluster elsewhere. Please refer to the section on Machinery of Government changes for more details.

The Department of Communities and Justice is the principal agency of the cluster. The newly created department combines functions of the former Department of Justice and the Department of Family and Community Services.

Machinery of Government (MoG) refers to how the government organises the structures and functions of the public service. MoG changes occur when the government reorganises these structures and functions and those changes are given effect by Administrative Orders.

The MoG changes announced following the NSW State election on 23 March 2019 significantly impacted the Stronger Communities cluster through Administrative Changes Orders issued on 2 April 2019 and 1 May 2019. These orders took effect on 1 July 2019.

Section highlights

The 2019 MoG changes significantly impacted the former Justice and Family and Community Services (FACS) departments and clusters.

The Stronger Communities cluster combines most of the functions and agencies of the former Justice and FACS clusters from 1 July 2019.
The Department of Communities and Justice is now the principal agency in the new cluster.
The MoG changes bring new responsibilities, risks and challenges to the cluster.
A temporary office has been established by the Department of Communities and Justice to support the cluster in the planning, delivery and reporting associated with implementing the changes.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations relating to the financial reporting of agencies in the Stronger Communities cluster for 2019.

Section highlights

Unqualified audit opinions were issued for all agencies' 30 June 2019 financial statements. However, further actions can be taken by some cluster agencies to enhance the quality of their financial reporting.
In November 2018, the Department of Justice implemented a new Victims Support Services system called VS Connect. Significant data quality issues arising from the VS Connect system implementation impacted the Department's ability to reliably estimate its Victims Support Scheme claims liabilities at 30 June 2019.
We recommend the Department of Communities and Justice resolves the data quality issues in the new VS Connect System before 30 June 2020 and capture and apply lessons learned from recent project implementations, including LifeLink, Justice SAP and VS Connect, in any relevant future implementations.
Our audits found some cluster agencies needed to do more work on their impact assessments and preparedness to implement the new accounting standards, to minimise the risk of errors in their 2019–20 financial statements.
Cluster agencies with annual leave balances exceeding the State's target should further review their approach to managing leave balances.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.

Section highlights

Cluster agencies should action recommendations to address internal control weaknesses promptly. Particular focus should be given to prioritising high risk issues. The 2018–19 financial audits of cluster agencies identified 157 internal control issues. Of these, two were high risk and 37.6 per cent were repeat findings from previous audits.
Data from the Department of Justice shows the inmate population reached a maximum of 13,798, compared to an operational capacity of 14,626 beds on 31 August 2019. This equates to an operational vacancy rate of 5.7 per cent, which is more than the recommended 5.0 per cent buffer. This is the first time the vacancy rate has exceeded the target over the last five years. Growth in the NSW prison population is being managed through the NSW Government's $3.8 billion Prison Bed Capacity Program.
In September 2018, the NSW Government introduced new workers' compensation legislation, which gives eligible firefighters presumptive rights to workers' compensation when diagnosed with one of 12 prescribed cancers. The new legislation cost emergency services agencies $180 million in 2018–19, mainly through additional workers' compensation premiums.

Appendix one – Timeliness of financial reporting by agency

Appendix two – Management letter findings by agency

Appendix three – List of 2019 recommendations

Appendix four – Status of 2018 recommendations

Appendix five – Cluster agencies

Appendix six – Financial data

Copyright notice

28 November 2019

Published

Transport 2019

Transport

Asset valuation

Financial reporting

Infrastructure

Internal controls and governance

Management and administration

Service delivery

Workforce and capability

This report details the results of the financial audits of NSW Government's Transport cluster for the financial year ended 30 June 2019. The report focuses on key observations and findings from the most recent financial statement audits of agencies in the Transport cluster.

Unqualified audit opinions were issued for all agencies' financial statements. However, valuations of assets continue to create challenges across the cluster. The Audit Office identified some deficiencies in relation to asset valuations at Transport for NSW, Roads and Maritime Services, Rail Corporation New South Wales and Sydney Metro.

The Audit Office noted an increase in findings on internal controls across the Transport cluster. Key themes related to information technology, asset management and employee leave entitlements. The report also highlights the status of significant infrastructure projects across the Transport cluster.

The report makes several recommendations including:

agency finance teams need to be consulted on major business decisions and commercial transactions at the time of their execution to assess the financial reporting impacts
the Department of Transport should ensure consistent accounting policies are applied across its controlled entities.

Download the Transport 2019 report (PDF)

This report analyses the results of our audits of financial statements of the Transport cluster for the year ended 30 June 2019. The table below summarises our key observations.

1. Machinery of Government changes

Transport for NSW, as the
lead agency, will absorb the
functions of Roads and
Maritime Services

The NSW Government announced its intention to integrate Roads and Maritime Services (RMS) into Transport for NSW (TfNSW) as part of the Machinery of Government changes.

This change was not included in the Administrative Orders as the Transport Administration Act 1988 No. 109 governs the composition of the Transport cluster. The Transport Administration Amendment (RMS Dissolution) Act 2019 (the Act) received assent on 22 November 2019. The Act dissolves RMS and transfers the assets, rights and liabilities of RMS to TfNSW. As at the date of this Report, the Act is not yet in force.

Transport is considering the impact of the changes on its operating model and financial reporting.

2. Financial reporting

Audit opinions	Unqualified audit opinions were issued on the 2018–19 financial statements of all agencies in the Transport cluster. TfNSW and Sydney Metro obtained a three-week extension from NSW Treasury to submit their financial statements for audit to resolve accounting issues surrounding the valuation of property, plant and equipment. The Department of Transport reported total consolidated property, plant and equipment of $158 billion at 30 June 2019. In 2018–19, there were issues with asset valuations at TfNSW, RMS, Sydney Metro and Rail Corporation New South Wales (RailCorp), resulting in adjustments after the submission of financial statements for audit and the correction of a prior period error. There was also a prior period error resulting from an agreement between TfNSW and the former UrbanGrowth Development Corporation due to a lack of assessment of the financial reporting implications at the time of signing the agreement. Recommendation: Agency finance teams need to be consulted on major business decisions and commercial transactions to assess their accounting impacts at the time of their execution, rather than at the end of a financial year. Agencies also need to resolve all key accounting issues such as valuations as part of the early close procedures. This would improve the quality of financial reporting and avoid the need for extensions for agencies to submit their financial statements for audit.
Preparedness for new accounting standards	Agencies across the cluster are progressing in their implementation of the new accounting standards. Transport cluster agencies need to improve their contracts registers to ensure they have a complete list of contracts and agreements to assess the impact of the new accounting standards.
Valuation of assets remains a challenge in the Transport cluster	Whilst agencies complied with the requirements of the accounting standards and NSW Treasury policies on valuations, the Audit Office identified some deficiencies in relation to asset valuations across the cluster. TfNSW reported a retrospective correction of a prior period error at 1 July 2017 which resulted in a reduction in the valuation of its Country Rail Network earthworks by $2.1 billion. This was due to survey results which identified the earthworks were flatter and lower than estimated in the valuation at 30 June 2017. RMS made several adjustments during the year to correct asset values due to changes to valuation assumptions or data improvements. This included: reduction of $318 million in the value of land under roads decrease of $84.9 million to the value of land and buildings changes to the value of traffic control and traffic signal network assets, due to data improvements. Sydney Metro North West officially opened in May 2019 and reported total assets of $9.1 billion. Sydney Metro derecognised $322 million in assets constructed to facilitate its operation but transferred to councils and utilities.
Inconsistent accounting policies across the Transport cluster	There was an inconsistency identified in the cluster relating to the valuation of substratum land. In 2018–19, RailCorp derecognised $109 million of substratum land to ensure consistency in its approach with other Transport agencies. As the parent entity, the Department of Transport needs to ensure accounting policies are consistently applied across all controlled entities for consolidation purposes. Inconsistencies in the application of accounting standards across agencies will impact comparability of financial reporting and decision making across the Transport cluster. Recommendation: The Department of Transport should ensure consistent accounting policies are applied across its controlled entities.
Revenue growth	Public transport passenger revenue increased by $89.0 million (5.9 per cent) in 2018–19, and patronage increased by 37.8 million (4.9 per cent) across all modes of transport based on data provided by TfNSW. The increase in revenue is mainly due to an increase in patronage as well as the annual increase in fares.
Negative Opal cards	Negative balance Opal cards resulted in $2.9 million in revenue not collected in 2018–19 ($10.4 million since the introduction of Opal). In January 2019, Transport made a change to the Sydney Airport stations to prevent customers with high negative balances exiting the station. In addition, in late 2018, Transport increased the minimum top up values for new cards at the airport stations. Recommendation (repeat): TfNSW should implement further measures to prevent the loss of revenue from passengers tapping off with negative balance Opal cards.

3. Audit observations

Internal controls	There was an increase in findings on internal controls across the Transport cluster. Key themes relate to information technology, employee leave entitlements and asset management. Twenty-nine per cent of all issues were repeat issues. The majority of the repeat issues related to information technology controls.
Write-off of assets	In addition to a $322 million derecognition of assets transferred to councils and utilities by Sydney Metro and a $109 million derecognition of substratum land at RailCorp, the Transport cluster wrote-off $278 million of assets related to roads, bridges, maritime assets, traffic signals and controls network. These mainly related to roads, bridges, maritime assets, traffic signals and the control network where new infrastructure assets substantially replaced an existing asset as part of construction activities.
Transport Asset Holding Entity (TAHE)	TAHE was established to be a dedicated asset manager for the delivery of public transport asset management. The Transport Administration Amendment (Transport Entities) Act 2017 will transition RailCorp into TAHE. RailCorp is now expected to transition to TAHE from 1 July 2020 (previously 1 July 2019). Several working groups have been considering various aspects of the TAHE transition including its status as a for profit Public Trading Enterprise, the operating model and the impact of the new accounting standards AASB 16 'Leases' and AASB 1059 'Service Concession Arrangements: Grantors'. The considerations of these aspects identified several challenges in the implementation of TAHE which has led to the revised transition date. Given the delays in implementation, it is important to clarify the intent of the TAHE model.
Excess annual leave	Twenty-six per cent of Transport employees have annual leave balances exceeding 30 days. Of the employees with excess leave balances, 732 (10.3 per cent) did not take any annual leave in 2018–19. Recommendation (repeat): Transport entities should further review the approach to managing excess annual leave in 2019–20. They should: monitor current and projected leave balances to the end of the financial year each month agree formal leave plans with employees to reduce leave balances over an acceptable timeframe ensure leave plans are actioned appropriately encourage all staff with excess leave balances take a minimum two-week period of leave per year.
Completeness and accuracy of contracts registers	There are no centralised processes to record all significant contracts and agreements in a register across the Transport cluster. Across the Transport cluster, contracts and agreements are maintained by the individual agencies using disparate registers. Agencies must perform detailed assessments of their existing contracts and agreements to quantify the impact of the new accounting standards (AASB 16 ‘Leases’, AASB 15 ‘Revenue from Contracts with Customers’, AASB 1058 ‘Income of Not-for-Profit Entities’ and AASB 1059 'Service Concession Arrangements: Grantors'). In 2018–19, there was also a prior period error resulting from an agreement between TfNSW and another government agency due to a lack of assessment of the financial reporting implications at the time of signing the agreement. A lack of a complete register of all contracts and agreements increases the risk that agencies may not be able to assess the full impact of the new accounting standards, as well as perform a complete assessment of the financial reporting implications of contracts and agreements. Recommendation: Transport agencies should implement a process to centrally capture all significant contracts and agreements entered. This will ensure: agencies are fully aware of contractual and other obligations appropriate assessment of financial reporting implications assessment of new accounting standards, in particular AASB 16 ‘Leases’, AASB 15 'Revenue from Contract with Customers', AASB 1058 'Income of Not-for-Profit Entities ' and AASB 1059 'Service Concession Arrangements: Grantors' are accurate and complete.

This report provides parliament and other users of the Transport cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

financial reporting
audit observations.

This cluster was impacted by the Machinery of Government changes on 1 July 2019. The NSW Government announced its intention to integrate Roads and Maritime Services (RMS) into Transport for NSW (TfNSW). This report is focused on the Transport cluster prior to these changes. Please refer to the section on Machinery of Government changes for more details.

Machinery of Government refers to how the government organises the structures and functions of the public service. Machinery of Government changes are where the government reorganises these structures and functions, and are given effect by Administrative orders.

The Transport cluster was impacted by recent Machinery of Government changes. These changes were announced by the Department of Premier and Cabinet but were not included in the Administrative Orders as the Transport Administration Act 1988 No. 109 governs the composition of the Transport cluster. It was the intention of government to transfer the functions of the RMS into TfNSW. This requires legislative changes to the Transport Administration Act 1988 No. 109.

Section highlights

Under the Machinery of Government changes, the NSW Government will transfer the functions of RMS into TfNSW.

The Transport Administration Amendment (RMS Dissolution) Act 2019 (the Act) received assent on 22 November 2019.
The Act will dissolve RMS and transfer its functions, assets, rights and liabilities to TfNSW.
As at the date of this report, the Act is not yet in force.
There are risks and challenges for asset and liability transfers, governance and retention of knowledge.
As of 1 July 2019, administrative arrangements (delegations and reporting line changes) were put in place to enable TfNSW and RMS to operate within a single management structure, while still remaining as separate legal entities.
Transport is working on a number of options as to how to implement the changes.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Transport cluster for 2019.

Section highlights

Unqualified audit opinions were issued on all agencies' financial statements.
RMS required an extension from NSW Treasury for their early close procedures.
TfNSW and Sydney Metro required extensions to submit their year-end financial statements.
Valuation of assets remains a challenge across the cluster.
There remains Opal cards with negative balances.
Sydney Metro derecognised assets of $322 million in relation to assets constructed for third parties.
Inconsistencies in the application of accounting policies across cluster agencies impact comparability of financial reporting across the Transport cluster.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Transport cluster.

Section highlights

There was an increase in findings on internal controls across the Transport cluster. Twenty-nine per cent of all issues were repeat issues.
Transport entities wrote-off over $278 million of assets which were replaced by new assets or technology.
Twenty-six per cent of Transport employees have excess annual leave.
There are no processes to ensure all significant contracts and agreements are captured by agencies in a centralised register.

Appendix one – Timeliness of financial reporting by agency

Appendix two – Management letter findings by agency

Appendix three – List of 2019 recommendations

Appendix four – Status of 2017 and 2018 recommendations

Appendix five – Cluster agencies

5 November 2019

Published

Internal Controls and Governance 2019

Education

Community Services

Finance

Health

Industry

Justice

Planning

Premier and Cabinet

Transport

Treasury

Whole of Government

Compliance

Cyber security

Fraud

Information technology

Internal controls and governance

Management and administration

Procurement

Project management

This report covers the findings and recommendations from the 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector. The 40 agencies selected for this report constitute around 84 per cent of total expenditure for all NSW public sector agencies.

The report provides insights into the effectiveness of controls and governance processes across the NSW public sector. It evaluates how agencies identify, mitigate and manage risks related to:

financial controls
information technology controls
gifts and benefits
internal audit
contingent labour
sensitive data.

The Auditor-General recommended that agencies do more to prioritise and address vulnerabilities in their internal controls and governance. The Auditor-General also recommended agencies increase the transparency of their management of gifts and benefits by publishing their registers on their websites.

This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2019.

1. Internal control trends

New, repeat and high risk findings

There was an increase in internal control deficiencies of 12 per cent compared to last year. The increase is predominately due to a 100 per cent increase in repeat financial and IT control deficiencies.

Agencies need to ensure they are actively managing the risks associated with having these vulnerabilities in internal control systems unaddressed for extended periods of time.

Common findings

A number of findings were common to multiple agencies. These findings often related to areas that are fundamental to good internal control environments and effective organisational governance, such as:

out of date policies or an absence of policies to guide appropriate decisions
poor record keeping and document retention
incomplete or inaccurate centralised registers or gaps in these registers
policies, procedures or controls no longer suited to the current organisational structure or business activities.

2. Information technology controls

IT general controls

We examined information security controls over key financial systems that support the preparation of agency financial statements. We found:

user access administration deficiencies at 58 per cent of agencies related to granting, review and removal of user access
an absence of privileged user activity reviews at 35 per cent of agencies
password controls that did not align to password policies at 20 per cent of agencies.

We also found 20 per cent of agencies had deficient IT program change controls, mainly related to segregation of duties in approval and authorisation processes, and user acceptance testing of program changes prior to deployment into production environments. User acceptance testing helps identify potential issues with software incompatibility, operational workflows, absent controls and software issues, as well as areas where training or user support may be required.

3. Gifts and benefits

Gifts and benefits registers

All agencies had a gifts and benefits policy and 90 per cent of agencies maintain a gifts and benefits register. However, 51 per cent of the gifts and benefits registers we examined contained incomplete declarations, such as missing details for the approving officer, value of the gift and/or benefit offered and reasons supporting the decision.

In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate, compliant with policy and were not direct or indirect inducements to the recipients to favour suppliers or service providers.

Agencies should ensure their gifts and benefits register includes all key fields specified in the Public Service Commission's minimum standards for gifts and benefits. Agencies should also perform regular reviews of the register to ensure completeness and ensure any gift or benefit accepted by a staff member meets the public's expectations for ethical behaviour.

Managing gifts and benefits

We found opportunities to improve gifts and benefits processes and enhance transparency. For example, only three per cent of agencies publish their gifts and benefits registers on their websites.

Agencies can improve management of gifts and benefits by:

ensuring agency policies comprehensively cover the elements necessary to make it effective in an operational environment, such as identifying risks specific to the agency and actions that will be taken in the event of a policy breach
establishing and publishing a statement of business ethics on the agency's website to clearly communicate expected behaviours to clients, customers, suppliers and contractors
providing on-going training, awareness activities and support to employees, not just at induction
publishing their gifts and benefits registers on their websites to demonstrate a commitment to a transparently ethical environment.

Reporting and monitoring

Only 35 per cent of agencies reported trends in the number and nature of gifts and benefits recorded in their registers to the agency's senior executive management and/or a governance committee.

Agencies should regularly report to the agency executive or other governance committee on trends in the offer and acceptance of gifts and benefits.

4. Internal audit

Obtaining value from the internal audit function

Agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value. For example, only 73 per cent of CAEs regularly attend meetings of the agency board or executive management committee.

Internal audit functions can add greater value by involving the CAE more extensively in executive forums as an observer.

Internal audit functions should also consider producing an annual report on internal audit. An annual report allows the internal audit function to report on their performance and add value by drawing to the attention of audit and risk committees and senior management strategic issues, thematic trends and emerging risks.

Role of the Chief Audit Executive

Forty-five per cent of agencies assigned responsibilities to the Chief Audit Executive (CAE) that were broader than internal audit, but 17 per cent of these had not documented safeguards to protect the independence of the CAE.

The reporting lines and status of the CAE at some agencies also needs review. At two agencies, the CAE reported to the CFO.

Agencies should ensure:

the reporting lines for the CAE comply with the NSW Treasury policy, and the CAE does not report functionally or administratively to the finance function or other significant recipients of internal audit services
the CAE's duties are compatible with preserving their independence and where threats to independence exist, safeguards are documented and approved.

Quality assurance and improvement program

Thirty-five per cent of agencies did not have a documented quality assurance and improvement program for its internal audit function.

The policy and the International Standards for the Professional Practice of Internal Auditing require agencies to have a documented quality assurance and improvement program. The results of this program should be reported annually.

Agencies should ensure there is a documented and operational Quality Assurance and Improvement Program for the internal audit function that covers both internal and external assessments.

5. Managing contingent labour

Obtaining value for money from contingent labour

According to NSW Procurement data, spend on contingent labour has increased by 75 per cent over the last five years, to $1.5 billion in 2018–19. Improvements in internal processes and a renewed focus on agency monitoring and oversight of contingent labour can help ensure agencies get the best value for money from their contingent workforces.

Agencies can improve their management of contingent labour by:

preparing workforce plans to inform their resourcing strategy and ensure that engaging contingent labour aligns with the strategy and best meets business needs
involving agency human resources units in decisions about engaging contingent labour
regularly reporting on contingent labour use and tenure to agency executive teams
strengthening on-boarding and off-boarding processes.

We also found 57 per cent of the 23 agencies we examined with contingent labour spend of more than $5 million in 2018–19 have implemented the government's vendor management system and service provider 'Contractor Central'.

6. Managing sensitive data

Identifying and assessing sensitive data

Sixty-eight per cent of agencies maintain an inventory of their sensitive data and where it resides. However, these inventories are not always complete and risks may be overlooked.

Agencies can improve processes to manage sensitive data by:

identifying and maintaining an inventory of sensitive data through a comprehensive and structured process
assessing the criticality and sensitivity of the data so that protection of high risk data can be prioritised.

Managing data breaches

Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents.

Agencies should maintain a data breach register to effectively manage the actions undertaken to contain, evaluate and remediate each data breach.

This report covers the findings and recommendations from our 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies (refer to Appendix three) in the NSW public sector. The 40 agencies selected for this volume constitute around 84 per cent of total expenditure for all NSW public sector agencies.

Although the report includes several agencies that have changed as a result of the Machinery of Government changes that were effective from 1 July 2019, its focus on sector wide issues and insights means that its findings remain relevant to NSW public sector agencies, including newly formed agencies that have assumed the functions of abolished agencies.

This report offers insights into internal controls and governance in the NSW public sector

This is the third report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:

highlighting the potential risks posed by weaknesses in controls and governance processes
helping agencies benchmark the adequacy of their processes against their peers
focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.

Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. For example, if they do not have strong information technology controls, sensitive information may be at risk of unauthorised access and misuse.

Areas of specific focus of the report have changed since last year

Last year's report topics included transparency and performance reporting, management of purchasing cards and taxi use, and fraud and corruption control. We are reporting on new topics this year and re-visiting agency management of gifts and benefits, which we first covered in our 2017 report. Re-visiting topics from prior years provides a baseline to show the NSW public sectors’ progress implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.

Our audits do not review all aspects of internal controls and governance every year. We select a range of measures and report on those that present heightened risks for agencies to mitigate. This year the report focusses on:

internal control trends
information technology controls, including access to agency systems
protecting sensitive information held within agencies
managing large and diverse workforces (controls around employing and managing contingent workers)
maintaining an ethical culture (management of gifts and benefits)
effectiveness of internal audit function and its oversight by Audit and Risk Committees.

The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, internal controls and audit observations are included in the individual 2019 cluster financial audit reports, which will be tabled in parliament from November to December 2019.

Internal controls are processes, policies and procedures that help agencies to:

operate effectively and efficiently
produce reliable financial reports
comply with laws and regulations
support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.

Key conclusions and sector wide learnings

We identified four high risk findings, compared to six last year. None of the findings are common with those in the previous year. There was an overall increase of 12 per cent in the number of internal control deficiencies compared to last year. The increase is predominately due to a 100 per cent increase in the number of repeat financial and IT control deficiencies.

Some agencies attributed the delay in actioning repeat findings to the diversion of staff from their regular activities to implement and operationalise the recent Machinery of Government changes. As a result, actions to address audit recommendations have been deferred or re-prioritised, as the changes are implemented. Agencies need to ensure they are actively managing the risks associated with having these vulnerabilities in internal control systems unaddressed for extended periods of time.

We also identified a number of findings that were common to multiple agencies. These common findings often related to areas that are fundamental to good internal control environments and effective organisational governance. Examples include:

out of date policies or an absence of policies to guide appropriate decisions
poor record keeping and document retention
incomplete or inaccurate centralised registers or gaps in these registers.

Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.

Key conclusions and sector wide learnings

Government agencies’ financial reporting is heavily reliant on information technology (IT). We continue to see a high number of deficiencies related to IT general controls, particularly those related to user access administration. These controls are key in adequately protecting IT systems from inappropriate access and misuse.

IT is also important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our financial audits do not review all agency IT systems. For example, IT systems used to support agency service delivery are generally outside the scope of our financial audit. However, agencies should also consider the relevance of our findings to these systems.

Agencies need to continue to focus on assessing the risks of inappropriate access and misuse and the implementation of controls to adequately protect their systems, focussing on the processes in place to grant, remove and monitor user access, particularly privileged user access.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage gifts and benefits.

Key conclusions and sector wide learnings

We found most agencies have implemented the Public Service Commission's minimum standards for gifts and benefits. All agencies had a gifts and benefits policy and 90 per cent of agencies maintained a gifts and benefits register and provided some form of training to employees on the treatment of gifts and benefits.

Based on our analysis of agency registers, we found some areas where opportunities existed to make processes more effective. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate and compliant with policy. Fifty-one per cent of the gifts and benefits registers reviewed contained declarations where not all fields of information had been completed. Seventy-seven per cent of agencies that maintained a gifts and benefits register did not include all key fields suggested by the minimum standards.

Areas where agencies can improve their management of gifts and benefits include:

ensuring agency policies comprehensively cover the elements necessary to make it effective in an operational environment, such as identifying risks specific to the agency and actions that will be taken in the event of a policy breach
establishing and publishing a statement of business ethics on the agency's website to clearly communicate expected behaviours to clients, customers,suppliers and contractors
updating gifts and benefits registers to include all key fields suggested by the minimum standards, as well as performing regular reviews of the register to ensure completeness
providing on-going training, awareness activities and support to employees, not just at induction
regularly reporting gifts and benefits to executive management and/or a governance committee such as the audit and risk committee, focussing on trends in the number and types of gifts and benefits offered to and accepted by agency staff
publishing their gifts and benefits registers on their websites to demonstrate a commitment to a transparently ethical environment.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency internal audit functions.

Key conclusions and sector wide learnings

We found agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems as required by TPP15-03 'Internal Audit and Risk Management Policy for the NSW Public Sector'. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value, including:

documenting and implementing safeguards to address conflicting roles performed by the Chief Audit Executive (CAE)
ensuring the reporting lines for the CAE comply with the NSW Treasury policy, and the CAE reports neither functionally or administratively to the finance function or other significant recipients of internal audit services
involving the CAE more extensively in executive forums as an observer
documenting a Quality Assurance and Improvement Program for the internal audit function and performing both internal and external performance assessments to identify opportunities for continuous improvement
reporting against key performance indicators or a balanced scorecard and producing an annual report on internal audit to bring to the attention of the audit and risk committee and senior management strategic issues, thematic trends and emerging risks that may require further attention or resources.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to on-board, manage and off-board contingent labour.

Key conclusions and sector wide learnings

Agencies have implemented controls to manage contingent labour and most agencies have some level of reporting and oversight of contingent labour at an executive level. However, the increasing trend in spend on contingent labour warrants a renewed focus on agency monitoring and oversight of their use of contingent labour. Over the last five years spend on contingent labour has increased by 75 per cent, to $1.5 billion in 2018–19.

There are also some key gaps that limit the ability of agencies to effectively manage contingent labour. Key areas where agencies can improve their management of contingent labour include:

preparing workforce plans to inform their resourcing strategy, and confirm prior to engaging contingent labour, that this solution aligns with the strategy and best meets business needs
involving agency human resources units in decisions about engaging contingent labour
regularly reporting on contingent labour use to agency executive teams, particularly in terms of trends in agency spend, tenure and compliance with policies and procedures
strengthening on-boarding and off-boarding processes, including establishing checklists to on-board and off-board contingent labour, making provisions for knowledge transfer, and assessing, documenting and capturing performance information.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of governance and processes in relation to the management of sensitive data.

Key conclusions and sector wide learnings

Information technology risks are rapidly increasing. More interfaces between agencies and greater connectivity means the amounts of data agencies generate, access, store and share continue to increase. Some of this information is sensitive information, which is protected by the Privacy Act 1988.

It is important that agencies understand what sensitive data they hold, the risks associated with the inadvertent release of this information and how they are mitigating those risks. We found that agencies need to continue to identify and record their sensitive data, as well as expand the methods they use to identify sensitive data. This includes data held in unstructured repositories, such as network shared drives and by agency service providers.

Key areas where agencies can improve their management of sensitive data include:

identifying sensitive data, based on a comprehensive and structured process and maintaining an inventory of the data
assessing the criticality and sensitivity of the data so that the protection of high risk data can be prioritised
developing comprehensive data breach management policies to ensure data breaches are appropriately managed
maintaining a data breach incident register to record key information in relation to identified data breaches incidents, including the estimated cost of the breach
providing on-going training and awareness activities to employees in relation to sensitive data and managing data breaches.

Appendix one – List of 2019 recommendations

Appendix two – Status of 2018 recommendations

Appendix three – In-scope agencies

31 May 2019

Published

Universities 2018 audits

Universities

Cyber security

Financial reporting

Information technology

Internal controls and governance

The Acting Auditor General of New South Wales, Ian Goodwin, released a report today on the results of financial audits of NSW universities for the year ended 31 December 2018.

All ten NSW universities received unqualified audit opinions.

This report analyses the results of our audits of financial statements of the ten NSW universities for the year ended 31 December 2018. The table below summarises our key observations.

This report provides Parliament with the results of our financial audits of New South Wales universities and their controlled entities in 2018, including our analysis, observations and recommendations in the following areas:

financial reporting
internal controls and governance
teaching and research.

Financial reporting is an important element of governance. Confidence and transparency in university sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations on the financial reporting of NSW universities for 2018.

Appropriate and robust internal controls help reduce risks associated with managing finances, compliance and administration of NSW universities.

This chapter outlines the internal controls related observations and insights across NSW universities for 2018, including overall trends in findings, level of risk and implications.

Our audits do not review all aspects of internal controls and governance every year. The more significant issues and risks are included in this chapter. These along with the less significant ones are reported to universities for them to address.

Universities' primary objectives are teaching and research. They invest most of their resources to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and international and Australian rankings.

This chapter outlines teaching and research outcomes for NSW universities for 2018.

Appendix one – List of 2018 recommendations

Appendix two – Status of 2017 recommendations

Appendix three – NSW universities, controlled entities and associated entities

27 May 2019

Published

Engagement of probity advisers and probity auditors

Transport

Education

Health

Compliance

Internal controls and governance

Procurement

Project management

Workforce and capability

Three key agencies are not fully complying with the NSW Procurement Board’s Direction for engaging probity practitioners, according to a report released today by the Acting Auditor-General for New South Wales, Ian Goodwin. They also do not have effective processes to achieve compliance or assure that probity engagements achieved value for money.

Probity is defined as the quality of having strong moral principles, honesty and decency. Probity is important for NSW Government agencies as it helps ensure decisions are made with integrity, fairness and accountability, while attaining value for money.

Probity advisers provide guidance on issues concerning integrity, fairness and accountability that may arise throughout asset procurement and disposal processes. Probity auditors verify that agencies' processes are consistent with government laws and legislation, guidelines and best practice principles.

According to the NSW State Infrastructure Strategy 2018-2038, New South Wales has more infrastructure projects underway than any state or territory in Australia. The scale of the spend on procuring and constructing new public transport networks, roads, schools and hospitals, the complexity of these projects and public scrutiny of aspects of their delivery has increased the focus on probity in the public sector.

A Procurement Board Direction, 'PBD-2013-05 Engagement of probity advisers and probity auditors' (the Direction), sets out the requirements for NSW Government agencies' use and engagement of probity practitioners. It confirms agencies should routinely take into account probity considerations in their procurement. The Direction also specifies that NSW Government agencies can use probity advisers and probity auditors (probity practitioners) when making decisions on procuring and disposing of assets, but that agencies:

should use external probity practitioners as the exception rather than the rule
should not use external probity practitioners as an 'insurance policy'
must be accountable for decisions made
cannot substitute the use of probity practitioners for good management practices
not engage the same probity practitioner on an ongoing basis, and ensure the relationship remains robustly independent.

The scale of probity spend may be small in the context of the NSW Government's spend on projects. However, government agencies remain responsible for probity considerations whether they engage external probity practitioners or not.

The audit assessed whether Transport for NSW, the Department of Education and the Ministry of Health:

complied with the requirements of ‘PBD-2013-05 Engagement of Probity Advisers and Probity Auditors’
effectively ensured they achieved value for money when they used probity practitioners.

These entities are referred to as 'participating agencies' in this report.

We also surveyed 40 NSW Government agencies with the largest total expenditures (top 40 agencies) to get a cross sector view of their use of probity practitioners. These agencies are listed in Appendix two.

Conclusion

We found instances where each of the three participating agencies had not fully complied with the requirements of the NSW Procurement Board Direction ‘PBD-2013-05 Engagement of Probity Advisers and Probity Auditors’ when they engaged probity practitioners. We also found they did not have effective processes to achieve compliance or assure the engagements achieved value for money.

In the sample of engagements we selected, we found instances where the participating agencies did not always:

document detailed terms of reference
ensure the practitioner was sufficiently independent
manage probity practitioners' independence and conflict of interest issues transparently
provide practitioners with full access to records, people and meetings
establish independent reporting lines reporting was limited to project managers
evaluate whether value for money was achieved.

We also found:

agencies tend to rely on only a limited number of probity service providers, sometimes using them on a continuous basis, which may threaten the actual or perceived independence of probity practitioners
the NSW Procurement Board does not effectively monitor agencies' compliance with the Direction's requirements. Our enquiries revealed that the Board has not asked any agency to report on its use of probity practitioners since the Direction's inception in 2013.

There are no professional standards and capability requirements for probity practitioners

NSW Government agencies use probity practitioners to independently verify that their procurement and asset disposal processes are transparent, fair and accountable in the pursuit of value for money.

Probity practitioners are not subject to regulations that require them to have professional qualifications, experience and capability. Government agencies in New South Wales have difficulty finding probity standards, regulations or best practice guides to reference, which may diminish the degree of reliance stakeholders can place on practitioners’ work.

The NSW Procurement Board provides direction for the use of probity practitioners

The NSW Procurement Board Direction 'PBD-2013-15 for engagement of probity advisers and probity auditors' outlines the requirements for agencies' use of probity practitioners in the New South Wales public sector. All NSW Government agencies, except local government, state owned corporations and universities, must comply with the Direction when engaging probity practitioners. This is illustrated in Exhibit 1 below.

Appendix one – Response from agencies

Appendix two – List of selected agencies

Appendix three – About the audit

20 December 2017

Published

Internal Controls and Governance 2017

Finance

Education

Community Services

Health

Justice

Whole of Government

Asset valuation

Compliance

Cyber security

Information technology

Internal controls and governance

Project management

Risk

Agencies need to do more to address risks posed by information technology (IT).

Effective internal controls and governance systems help agencies to operate efficiently and effectively and comply with relevant laws, standards and policies. We assessed how well agencies are implementing these systems, and highlighted opportunities for improvement.

1. Overall trends

New and repeat findings	The number of reported financial and IT control deficiencies has fallen, but many previously reported findings remain unresolved.
High risk findings	Poor systems implementations contributed to the seven high risk internal control deficiencies that could affect agencies.
Common findings	Poor IT controls are the most commonly reported deficiency across agencies, followed by governance issues relating to cyber security, capital projects, continuous disclosure, shared services, ethics and risk management maturity.

2. Information Technology

IT security	Only two-thirds of agencies are complying with their own policies on IT security. Agencies need to tighten user access and password controls.
Cyber security	Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat.
Other IT systems	Agencies can improve their disaster recovery plans and the change control processes they use when updating IT systems.

3. Asset Management

Capital investment	Agencies report delays delivering against the significant increase in their budgets for capital projects.
Capital projects	Agencies are underspending their capital budgets and some can improve capital project governance.
Asset disposals	Eleven per cent of agencies were required to sell their real property through Property NSW but didn’t. And eight per cent of agencies can improve their asset disposal processes.

4. Governance

Governance arrangements	Sixty-four per cent of agencies’ disclosure policies support communication of key performance information and prompt public reporting of significant issues.
Shared services	Fifty-nine per cent of agencies use shared services, yet 14 per cent do not have service level agreements in place and 20 per cent can strengthen the performance standards they set.

5. Ethics and Conduct

Ethical framework	Agencies can reinforce their ethical frameworks by updating code‑of‑conduct policies and publishing a Statement of Business Ethics.
Conflicts of interest	All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour.

6. Risk Management

Risk management maturity	All agencies have implemented risk management frameworks, but with varying levels of maturity.
Risk management elements	Many agencies can improve risk registers and strengthen their risk culture, particularly in the way that they report risks to their lead agency.

This report covers the findings and recommendations from our 2016–17 financial audits related to the internal controls and governance of the 39 largest agencies (refer to Appendix three) in the NSW public sector. These agencies represent about 95 per cent of total expenditure for all NSW agencies and were considered to be a large enough group to identify common issues and insights.

The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2017 cluster financial audit reports tabled in Parliament from October to December 2017.

This new report offers strategic insight on the public sector as a whole

In previous years, we have commented on internal control and governance issues in the volumes we published on each ‘cluster’ or agency sector, generally between October and December. To add further value, we then commented more broadly about the issues identified for the public sector as a whole at the start of the following year.

This year, we have created this report dedicated to internal controls and governance. This will help Parliament to understand broad issues affecting the public sector, and help agencies to compare their own performance against that of their peers.

Without strong control measures and governance systems, agencies face increased risks in their financial management and service delivery. If they do not, for example, properly authorise payments or manage conflicts of interest, they are at greater risk of fraud. If they do not have strong information technology (IT) systems, sensitive and trusted information may be at risk of unauthorised access and misuse.

These problems can in turn reduce the efficiency of agency operations, increase their costs and reduce the quality of the services they deliver.

Our audits do not review every control or governance measure every year. We select a range of measures, and report on those that present the most significant risks that agencies should mitigate. This report divides these into the following six areas:

Overall trends
Information technology
Asset management
Governance
Ethics and conduct
Risk management.

Internal controls are processes, policies and procedures that help agencies to:

operate effectively and efficiently
produce reliable financial reports
comply with laws and regulations.

This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume then illustrates this year’s controls and governance findings in more detail.

Issues	Recommendations
1.1 New and repeat findings
The number of internal control deficiencies reduced over the past three years, but new higher-risk information technology (IT) control deficiencies were reported in 2016–17. Deficiencies repeated from previous years still make up a sizeable proportion of all internal control deficiencies.	Recommendation Agencies should focus on emerging IT risks, but also manage new IT risks, reduce existing IT control deficiencies, and address repeat internal control deficiencies on a more timely basis.
1.2 High risk findings
We found seven high risk internal control deficiencies, which might significantly affect agencies.	Recommendation Agencies should rectify high risk internal control deficiencies as a priority
1.3 Common findings
The most common internal control deficiencies related to poor or absent IT controls. We found some common governance deficiencies across multiple agencies.	Recommendation Agencies should coordinate actions and resources to help rectify common IT control and governance deficiencies.

Information technology (IT) has become increasingly important for government agencies’ financial reporting and to deliver their services efficiently and effectively. Our audits reviewed whether agencies have effective controls in place over their IT systems. We found that IT security remains the source of many control weakness in agencies.

Issues

Recommendations

2.1 IT security

User access administration

While 95 per cent of agencies have policies about user access, about two-thirds were compliant with these policies. Agencies can improve how they grant, change and end user access to their systems.

Recommendation

Agencies should strengthen user access administration to prevent inappropriate access to sensitive systems. Agencies should:

establish and enforce clear policies and procedures
review user access regularly
remove user access for terminated staff promptly
change user access for transferred staff promptly.

Privileged access

Sixty-eight per cent of agencies do not adequately manage who can access their information systems, and many do not sufficiently monitor or restrict privileged access.

Recommendation

Agencies should tighten privileged user access to protect their information systems and reduce the risks of data misuse and fraud. Agencies should ensure they:

only grant privileged access in line with the responsibilities of a position
review the level of access regularly
limit privileged access to necessary functions and data
monitor privileged user account activity on a regular basis.

Password controls

Forty-one per cent of agencies did not meet either their own standards or minimum standards for password controls.

Recommendation

Agencies should review and enforce password controls to strengthen security over sensitive systems. As a minimum, password parameters should include:

minimum password lengths and complexity requirements
limits on the number of failed log-in attempts
password history (such as the number of passwords remembered)
maximum and minimum password ages.

2.2 Cyber Security

Cyber security framework

Agencies do not have a common view on what constitutes a cyber attack, which limits understanding the extent of the cyber security threat.

Recommendation

The Department of Finance, Services and Innovation should revisit its existing framework to develop a shared cyber security terminology and strengthen the current reporting requirements for cyber incidents.

Cyber security strategies

While 82 per cent of agencies have dedicated resources to address cyber security, they can strengthen their strategies, expertise and staff awareness.

Recommendations

The Department of Finance, Services and Innovation should:

mandate minimum standards and require agencies to regularly assess and report on how well they mitigate cyber security risks against these standards
develop a framework that provides for cyber security training.

Agencies should ensure they adequately resource staff dedicated to cyber security.

2.3 Other IT systems

Change control processes

Some agencies need to improve change control processes to avoid unauthorised or inaccurate system changes.

Recommendation

Agencies should consistently perform user acceptance testing before system upgrades and changes. They should also properly approve and document changes to IT systems.

Disaster recovery planning

Agencies can do more to adequately assess critical business systems to enforce effective disaster recovery plans. This includes reviewing and testing their plans on a timely basis.

Recommendation

Agencies should complete business impact analyses to strengthen disaster recovery plans, then regularly test and update their plans.

Agency service delivery relies on developing and renewing infrastructure assets such as schools, hospitals, roads, or public housing. Agencies are currently investing significantly in new assets. Agencies need to manage the scale and volume of current capital projects in order to deliver new infrastructure on time, on budget and realise the intended benefits. We found agencies can improve how they:

manage their major capital projects
dispose of existing assets.

Issues

Recommendations or conclusions

3.1 Capital investment

Capital asset investment ratios

Most agencies report high capital investment ratios, but one-third of agencies’ capital investment ratios are less than one.

Recommendation

Agencies with high capital asset investment ratios should ensure their project management and delivery functions have the capacity to deliver their current and forward work programs.

Volume of capital spending

Most agencies have significant forward spending commitments for capital projects. However, agencies’ actual capital expenditure has been below budget for the last three years.

Conclusion

The significant increase in capital budget underspends warrant investigation, particularly where this has resulted from slower than expected delivery of projects from previous years.

3.2 Capital projects

Major capital projects

Agencies’ major capital projects were underspent by 13 percent against their budgets.

Conclusion

The causes of agency budget underspends warrant investigation to ensure the NSW Government’s infrastructure commitment is delivered on time.

Capital project governance

Agencies do not consistently prepare business cases or use project steering committees to oversee major capital projects.

Conclusion

Agencies that have project management processes that include robust business cases and regular updates to their steering committees (or equivalent) are better able to provide those projects with strategic direction and oversight.

3.3. Asset disposals

Asset disposal procedures

Agencies need to strengthen their asset disposal procedures.

Recommendations

Agencies should have formal processes for disposing of surplus properties.

Agencies should use Property NSW to manage real property sales unless, as in the case for State owned corporations, they have been granted an exemption.

Governance refers to the high-level frameworks, processes and behaviours that help an organisation to achieve its objectives, comply with legal and other requirements, and meet a high standard of probity, accountability and transparency.

This chapter sets out the governance lighthouse model the Audit Office developed to help agencies reach best practice. It then focuses on two key areas: continuous disclosure and shared services arrangements. The following two chapters look at findings related to ethics and risk management.

Issues

Recommendations or conclusions

4.1 Governance arrangements

Continuous disclosure

Continuous disclosure promotes improved performance and public trust and aides better decision-making. Continuous disclosure is only mandatory for NSW Government Businesses such as State owned corporations.

Conclusion

Some agencies promote transparency and accountability by publishing on their websites a continuous disclosure policy that provides for, and encourages:

regular public disclosure of key performance information
disclosure of both positive and negative information
prompt reporting of significant issues.

4.2 Shared services

Service level agreements

Some agencies do not have service level agreements for their shared service arrangements.

Many of the agreements that do exist do not adequately specify controls, performance or reporting requirements. This reduces the effectiveness of shared services arrangements.

Conclusion

Agencies are better able to manage the quality and timeliness of shared service arrangements where they have a service level agreement in place. Ideally, the terms of service should be agreed before services are transferred to the service provider and:

specify the controls a provider must maintain
specify key performance targets
include penalties for non-compliance.

Shared service performance

Some agencies do not set performance standards for their shared service providers or regularly review performance results.

Conclusion

Agencies can achieve better results from shared service arrangements when they regularly monitor the performance of shared service providers using key measures for the benefits realised, costs saved and quality of services received.

Before agencies extend or renegotiate a contract, they should comprehensively assess the services received and test the market to maximise value for money.

All government sector employees must demonstrate the highest levels of ethical conduct, in line with standards set by The Code of Ethics and Conduct for NSW government sector employees.

This chapter looks at how well agencies are managing these requirements, and where they can improve their policies and processes.

We found that agencies mostly have the appropriate codes, frameworks and policies in place. But we have highlighted opportunities to improve the way they manage those systems to reduce the risks of unethical conduct.

Issues

Recommendations or conclusions

5.1 Ethical framework

Code of conduct

All agencies we reviewed have a code of conduct, but they can still improve the way they update and manage their codes to reduce the risk of fraud and unethical behaviour.

Recommendation

Agencies should regularly review their code-of-conduct policies and ensure they keep their codes of conduct up-to-date.

Statement of business ethics

Most agencies maintain an ethical framework, but some can enhance their related processes, particularly when dealing with external clients, customers, suppliers and contractors.

Conclusion

Agencies can enhance their ethical frameworks by publishing a Statement of Business Ethics, which communicates their values and culture.

5.2 Potential conflicts of interest

Conflicts of interest

All agencies have a conflicts-of-interest policy, but most can improve how they identify, manage and avoid conflicts of interest.

Recommendation

Agencies should improve the way they manage conflicts of interest, particularly by:

requiring senior executives to make a conflict-of-interest declaration at least annually
implementing processes to identify and address outstanding declarations
providing annual training to staff
maintaining current registers of conflicts of interest.

Gifts and benefits

While all agencies already have a formal gifts-and-benefits policy, we found gaps in the management of gifts and benefits by some that increase the risk of unethical conduct.

Recommendation

Agencies should improve the way they manage gifts and benefits by promptly updating registers and providing annual training to staff.

Risk management is an integral part of effective corporate governance. It helps agencies to identify, assess and prioritise the risks they face and in turn minimise, monitor and control the impact of unforeseen events. It also means agencies can respond to opportunities that may emerge and improve their services and activities.

This year we looked at the overall maturity of the risk management frameworks that agencies use, along with two important risk management elements: risk culture and risk registers.

Issues

Recommendations or conclusions

6.1 Risk management maturity

All agencies have implemented risk management frameworks, but with varying levels of maturity in their application.

Agencies’ averaged a score of 3.1 out of five across five critical assessment criteria for risk management. While strategy and governance fared best, the areas that most need to improve are risk culture, and systems and intelligence.

Conclusion

Agencies have introduced risk management frameworks and practices as required by the Treasury’s:

'Risk Management Toolkit for the NSW Public Sector'
'Internal Audit and Risk Management Policy for the NSW Public Sector'.

However, more can be done to progress risk management maturity and embed risk management in agency culture.

6.2 Risk management elements

Risk culture

Most agencies have started to embed risk management into the culture of their organisation. But only some have successfully done so, and most agencies can improve their risk culture.

Conclusion

Agencies can improve their risk culture by:

setting an appropriate tone from the top
training all staff in effective risk management
ensuring desired risk behaviours and culture are supported, monitored, and reinforced through business plans, or the equivalent and employees' performance assessments.

Risk registers and reporting

Some agencies do not report their significant risks to their lead agency, which may impair the way resources are allocated in their cluster. Some agencies do not integrate risk registers at a divisional and whole-of-enterprise level.

Conclusion

Agencies not reporting significant risks at the cluster level increases the likelihood that significant risks are not being mitigated appropriately.

Effective risk management can improve agency decision-making, protect reputations and lead to significant efficiencies and cost savings. By embedding risk management directly into their operations, agencies can also derive extra value for their activities and services.

15 December 2017

Published

Transport 2017

Transport

Asset valuation

Information technology

Internal controls and governance

Project management

The following report focuses on key observations and findings from the most recent financial statement audits of agencies in the Transport cluster.

Unqualified audit opinions were issued for all agencies' financial statements. However, the report notes the agencies can improve their asset revaluation processes.

1. Financial reporting and controls

Audit opinions	Unqualified audit opinions were issued for all agencies' financial statements.
Early close	Early close procedures continue to facilitate timely preparation of financial statements and completion of audits, but agencies can improve their asset revaluation processes. The revaluations were not completed by the early close deadline.
Key audit matters	The cluster corrected the value of rail tunnels and earthworks by recording an additional $8.5 billion in infrastructure assets.
Passenger revenue and patronage	Revenue increased by seven per cent at a similar rate to patronage. Opal fare structure changes came into effect on 5 September 2016. Continued rises in patronage can increase pressure on public transport punctuality.
Negative balances on Opal Cards	There was $2.6 million in revenue not collected during 2016–17 financial year through negative balance Opal Cards. This represents 0.2 per cent of total annual passenger revenue. Transport advise the cumulative balance of negative balance Opal Cards is $4.2 million as at 30 June 2017. Recommendation: Transport for NSW (TfNSW) should implement measures to prevent loss of revenue from passengers tapping off with negative balance Opal Cards.
Investment in infrastructure	Agencies spent $8.5 billion on assets in 2016–17 and have contractual capital commitments of $11.3 billion over the next five years.
Internal controls	IT systems user access administration remains an area of weakness.

2. Service Delivery

Punctuality	According to Transport data, average punctuality is above target for Sydney Trains, Ferries and Light Rail, but below target for NSW Trains services. State Transit Authority of NSW (STA) is not meeting punctuality targets. STA continued working with TfNSW on delivering improved punctuality.
Public transport capacity	Passenger crowding is above benchmark for many morning peak suburban rail services, as indicated by Transport data. Eleven of the 14 bus contract regions had full buses.
Bus crowding	There are no target measures on crowding for bus operators in any contract region. Recommendation: TfNSW should develop target measures on crowding for bus operators in all contract regions and publish the results.
Customer satisfaction	Surveys conducted by Transport indicate customer satisfaction exceeded target for all modes of public transport.

Confidence in public sector decision-making and transparency is enhanced when financial reporting is accurate and timely. Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies.

This chapter outlines our audit observations, conclusions or recommendations related to financial reporting and controls of Transport cluster agencies for 2016–17.

Observation	Conclusion or recommendation
Quality of financial reporting
Unqualified opinions were issued for all agencies’ financial statements.	Unqualified audit opinions were issued on the 2016–17 financial statements of all agencies in the Transport cluster. Agencies complied with the new disclosure requirements required under accounting standard AASB 124 'Related Party Disclosures'.
Old tunnels and earthworks valued.	The cluster corrected the value of rail tunnels and earthworks by recording an additional $8.5 billion in infrastructure assets.
Timeliness of financial reporting
Most agencies complied with the statutory timeframes for completion of early close procedures and preparation and audit of financial statements.	Early close procedures continue to facilitate timely preparation of financial statements and completion of audits, but agencies can make further improvement in the revaluation process.
TfNSW and RailCorp completed asset revaluations after the early close deadline.	While all revaluation matters were resolved and corrected, completing the revaluation process earlier would enable more timely review, identification and resolution of matters.
Passenger revenue, patronage and cost recovery
Revenue increased by 7 per cent at a similar rate to patronage.	Public transport passenger revenue increased by $93 million (seven per cent) in 2016–17, and patronage increased by 49 million (seven per cent) across all modes of transport. There were some changes in the method of calculating reported patronage between 2015–16 and 2016–17. If the methods had been consistent, the patronage increase would be 6.5 per cent. Opal fare structure changes came into effect on 5 September 2016.
Value of negative balance Opal Cards doubled since last year.	There was $2.6 million in revenue not collected during 2016–17 financial year through negative balance Opal Cards. This represents 0.2 per cent of total annual passenger revenue. Transport advise the cumulative balance of negative balance Opal Cards is $4.2 million as at 30 June 2017. Recommendation: TfNSW should implement measures to prevent the loss of revenue from passengers tapping off with negative balance Opal cards.
The overall cost recovery from users of public transport increased slightly to 21.3 per cent.	Cost of service per passenger journey for buses and ferries decreased. Revenue per passenger journey for all modes remained fairly stable.
Investment in infrastructure
There was a significant investment in transport assets in 2016–17.	Agencies spent $8.5 billion on assets in 2016–17, including $3.8 billion on rail systems and $3.8 billion on road and maritime infrastructure systems.
Transport cluster have capital commitment of $11.3 billion over the next five years.	The transport cluster has significant contractual commitments over the next five years on rail and road infrastructure projects.
Internal controls
User access administration over systems remains an area of weakness.	We identified six moderate and eight low risk issues related to user systems access administration across four agencies. This included review of highly privileged/super user account transactions not performed effectively and user access reviews not performed. These weaknesses increase the risk of users having excessive or unauthorised access to critical financial systems and information.

Achievement of government outcomes can be improved through effective delivery of the right mix of services, whether from the public, private or not‑for‑profit sectors. Service delivery reform will be most successful if there is clear accountability for service delivery outcomes, decisions are aligned to strategic direction and performance is monitored and evaluated.

This chapter outlines our audit observations, conclusions or recommendations related to service delivery in the Transport cluster agencies for 2016–17.

Observations	Conclusion or recommendation
Punctuality
Average punctuality is above target for Sydney Trains, but below target for NSW Trains services. Punctuality targets are not met by all bus operators.	Meeting punctuality targets is a continuing challenge for NSW Trains’ and STA bus services.
The 2017 performance audit 'Passenger Rail Punctuality' reported that based on forecast patronage increases, rail agencies will find it hard to maintain punctuality after 2019 unless the capacity of the network to carry trains and people is increased significantly.	The 2017 performance audit found that given the likely lead times involved with major infrastructure projects, there remains a significant risk of poor punctuality after 2019. Transport advised it is currently either delivering or planning rail network upgrades to address current growth and longer-term future demand. This includes investments such as procurement of suburban and intercity trains, Sydney Metro services and further timetable planning into the 2020s.
After reaching its punctuality target in 2015–16 for the first time in 13 years, NSW Trains regional services was below the target in 2016–17.	NSW Trains regional services achieved an average of 75 per cent punctuality in 2016–17, four per cent less than 2015–16.
The bus contracts do not have an option to impose financial penalties on STA for poor punctuality performance.	In 2015–16, we recommended TfNSW should consider including financial penalties for not meeting each punctuality KPI in future contracts with bus operators. An opportunity to implement the recommendation requires a contract renewal process to be finalised with STA, which did not occur during 2016–17.
Public transport capacity
There are no target measures on crowding for bus operators in any contract region.	Recommendation: TfNSW should develop target measures on crowding for bus operators in all contract regions and publish the results.
Customer Satisfaction
Customers on ferries continued to be most satisfied, followed by those on light rail. Sydney Trains and NSW Trains had fewer complaints in 2016–17.	Customer satisfaction exceeded target for all modes of transport.
Project management
Transport cluster manages many of the State high profile/high risk projects.	Major Transport projects include WestConnex, Sydney Metro Northwest, Sydney Metro City and Southwest, Woolgoolga to Ballina - Pacific Highway upgrade, NorthConnex, CBD and South East Light Rail and Newcastle Light Rail.
Safety performance
Road fatalities decreased by eight per cent between July 2016 and June 2017, from 390 to 359 deaths.	Road fatalities mainly involved speed, fatigue and vehicle occupants not wearing available restraints.
Maintenance
RMS’ maintenance backlog of $3.7 billion is higher than the $3.4 billion reported in 2016.	Transport cluster agencies manage $134 billion in property, plant and equipment. The total backlog maintenance of $4.1 billion at 30 June 2017 represents 3.1 per cent of those assets.

23 November 2017

Published

Agency compliance with NSW Government travel policies

Education

Community Services

Finance

Health

Industry

Justice

Local Government

Planning

Premier and Cabinet

Transport

Treasury

Universities

Whole of Government

Compliance

Internal controls and governance

Procurement

Overall, agencies materially complied with NSW Government travel policies.

However, the Auditor-General found some agencies:

did not always book official travel through the approved supplier
had weaknesses in their travel approval processes
had travel policies that were inconsistent with the NSW Government policy
did not adequately manage their travel records.

Last year the NSW Government spent almost $250 million on travel. The government’s travel policies aim to help agencies make better travel decisions and reduce costs. The Department of Finance, Services and Innovation (DFSI) is responsible for the government’s travel policy and manages the government contract with an approved private sector provider to procure travel services.

This audit assessed how effective agency processes were to ensure compliance with:

the ‘Policy on Official Travel within Australia and Overseas’ issued by the Department of Premier and Cabinet in Circular OFS-2014–07 ‘Official Travel in Australia and Overseas’ (the former policy)
the ‘NSW Government Travel and Transport Policy’ issued by DFSI (the new policy), effective from 28 September 2016.

We examined 15 agencies from different NSW Government clusters with significant travel expenditure. For a list of participating agencies, refer to the Appendix two.

Conclusion

We found that overall, agencies materially complied with NSW Government travel policies. However, some agencies:

did not always book official travel through the approved supplier
had weaknesses in their travel approval processes
had travel policies that were inconsistent with the government policy
did not adequately manage their travel records.

Self-assessments indicate agencies comply with most aspects of the new policy. Agencies also believe more guidance from DFSI about certain aspects of the policy would increase compliance.

We asked the 15 participating agencies to complete a self assessment of the processes they have implemented to comply with the new policy. The key observations are summarised below.

Appendix one - Responses from agencies

Appendix two - List of selected agencies

2 November 2017

Published

Government Advertising: Campaigns for 2015–16 and 2016–17

Premier and Cabinet

Justice

Local Government

Compliance

Internal controls and governance

Management and administration

Procurement

The 'Stronger Councils, Stronger Communities' and the 'Dogs deserve better' government advertising campaigns complied with the Government Advertising Act and most elements of the Government Advertising Guidelines.

However, some advertisements were designed to build support for government policy and used subjective or emotive messages. This is inconsistent with the requirement in the Government Advertising Guidelines for 'objective presentation in a fair and accessible manner'.

Advertisements in the 'Stronger Councils, Stronger Communities' campaign used subjective statements such as 'the system is broken' and 'brighter future'. While advertisements in the 'Dogs deserve better' campaign used confronting imagery such as gun targets, blood smears and gravestones.

The Government Advertising Act 2011 (the Act) requires the Auditor-General to conduct a performance audit in relation to at least one government advertising campaign in each financial year. The performance audit assesses whether advertising campaigns were carried out effectively, economically and efficiently and in compliance with the Act, the regulations, other laws and the Government Advertising Guidelines (the Guidelines). In this audit, we examined two campaigns:

the ‘Stronger Councils, Stronger Communities’ campaign run by the Office of Local Government and the Department of Premier and Cabinet
the ‘Dogs deserve better’ campaign run by the Department of Justice.

Section 6 of the Act details the specific prohibitions on political advertising. Under this section, material that is part of a government advertising campaign must not contain the name, voice or image of a minister, member of parliament or a candidate nominated for election to parliament or the name, logo or any slogan of a political party. Further, a campaign must not be designed so as to influence (directly or indirectly) support for a political party.

The ‘Stronger Councils, Stronger Communities’ government advertising campaign was run by the Office of Local Government and the Department of Premier and Cabinet in four phases from August 2015 to May 2016. The total cost of the campaign was over $4.5 million. See Appendix 2 for more details on this campaign.

The ‘Stronger Councils, Stronger Communities’ advertising campaign has not breached the specific provisions of Section 6 of the Act which prohibits political advertising.

Two factors potentially compromised value for money for the campaign. The request for quotes for the design of the Phase 1 advertisement did not reflect the full scale of work to be undertaken, which was substantially greater than initially quoted. Further, the department did not meet all recommended timeframes to minimise media booking costs for all phases of the campaign.

The campaign did not comply with all administrative requirements in all phases. Advertising for Phase 1 commenced before the compliance certificate was signed. There was no evidence that a compliance certificate was signed for Phase 2 extension. The cost benefit analyses for Phase 2 and Phase 2 extension did not sufficiently consider alternatives to advertising, as is required by the Government Advertising Guidelines.

Advertisements adopted subjective messages designed to build public support for council mergers and directed audiences to websites for more detailed information. Campaign research identified statements that were most likely to reduce resistance to mergers. Some advertising content used subjective language, which we consider inconsistent with the requirement for ‘objective presentation’. Evaluations of advertising effectiveness also measured the success of the advertisements in increasing public support for council mergers.

No breach of specific prohibitions in the Act

Section 6 of the Act prohibits the use of government advertising for political advertising. A government advertising campaign must not:

be designed to influence (directly or indirectly) support for a political party
contain the name, voice or image of a minister, any other member of parliament or a candidate nominated for election to parliament
contain the name, logo or any slogan of, or any other reference relating to, a political party.

We did not identify any breach of the specific prohibitions listed above in the advertising content of this campaign.

Request for quotes to design advertisement did not reflect the full scope required

The request for quotes for the design of the Phase 1 advertisement did not reflect the full scale of work that was to be undertaken, and this created a risk to achieving value for money. The Office of Local Government sought quotes for design of a television advertisement only. It did not request an estimate for radio, online advertisements, or translation for linguistically diverse audiences, which were ultimately required for the campaign.

A full and fair assessment of which supplier could provide the best value for money could not be made given that the quotes obtained did not reflect the full scope of work. The final amount paid for the design of Phase 1 was 2.7 times the original quote. It is possible that another supplier that provided a quote could have provided overall better value for money.

The Office of Local Government continued to use the Phase 1 supplier for Phase 2 and Phase 2 extension (Exhibit 4). Where there are other suppliers that could feasibly compete for a contract, direct negotiation increases the risk the agency has not obtained the best value for money. The department advised that it continued with the same agency to avoid costs involved in briefing a new agency on the campaign.

The ‘Dogs deserve better’ government advertising campaign was run by the Department of Justice from August 2016, after the government announced its decision to prohibit greyhound racing, and was terminated in October 2016 after a change of government policy. The campaign had a budget of $1.6 million, with an actual spend of $1.3 million. See Appendix 2 for more details on this campaign.

The ‘Dogs deserve better’ advertising campaign has not breached the specific provisions of Section 6 of the Act which prohibits political advertising.

The Secretary of the department determined that urgent circumstances existed that required advertising to commence prior to completing a cost benefit analysis and peer review. There was a concern that industry participants may make impulse decisions to destroy greyhounds without further information on support services; there was also an identified need to promote public greyhound adoptions.

Phase 1 advertisements focused on explaining the reasons for the prohibition on greyhound racing with a reference to a website for further information. While industry participants were identified as the primary audience, media expenditure was not specifically targeted to this group. Phase 2 advertisements more effectively addressed the originally identified ‘urgent needs’ of providing information on support services for greyhound owners and information on how the public could adopt a greyhound.

The urgency to advertise potentially compromised value for money. The department did not use price competition when selecting a creative supplier due to a concern this would add to timeframes. Further, the department did not meet recommended timeframes to minimise media booking costs.

We identified three other areas in Phase 1 advertisements that were inconsistent with government advertising requirements. Advertisements used provocative language and confronting imagery, which we consider to be inconsistent with the requirement for ‘objective presentation’. Two statements presented as fact based on the Special Commission’s Inquiry report were inaccurate; one of these was due to a calculation error. Radio advertisements did not clearly identify that they were authorised by the New South Wales Government for the first few days of the campaign.

No breach of specific prohibitions in the Act

Section 6 of the Act prohibits the use of government advertising for political advertising. A government advertising campaign must not:

be designed to influence (directly or indirectly) support for a political party
contain the name, voice or image of a minister, any other member of parliament or a candidate nominated for election to parliament
contain the name, logo or any slogan of, or any other reference relating to, a political party.

We did not identify any breach of the specific prohibitions listed above in the advertising content of this campaign.

Animal welfare concerns were identified as the reason for urgent advertising

A brief prepared by the department in July 2016 raised concerns about the welfare of greyhounds following the NSW Premier’s announcement that the government would prohibit greyhound racing. The brief raised the risk that industry members may make impulse decisions to destroy their greyhounds without information on support that was being offered.

The department used the provisions in Sections 7(4) and 8(3) of the Act to expedite the release of advertising due to ‘other urgent circumstances’. This provision allows advertising to commence prior to completing the peer review process and cost benefit analysis.

In introducing the Government Advertising Bill to parliament in 2011, the then Premier noted that exceptional circumstances would cover situations ‘such as a civil emergency or sudden health epidemic’. There is no other guidance on when it is appropriate to use this section. It is at the discretion of a government agency head to determine whether a campaign is urgent.

Phase 1 advertisements did not focus on the urgent needs

This advertising campaign had three overarching objectives:

to increase public awareness of the animal welfare reasons for the closure of the greyhound racing industry
to change the behaviour of dog owners from potentially harming their greyhounds to treating them humanely, by accessing the support options and packages available
to promote greyhound adoptions by the public.

Alongside advertising, the department took other steps to engage with the greyhound racing industry. This included direct mail, face to face meetings around the State, setting up a call centre and community consultation through an online survey. Other government agencies and animal welfare agencies were also engaged to reach out to affected stakeholders.

Phase 1 advertising content focused on providing information about the reasons for the closure of the industry. The department’s radio and television advertisements did not refer to support packages or encourage the public to adopt a greyhound. While print advertisements did mention these things, this was only presented in fine print. In all advertisements, audiences were referred to a website for further information.

The focus of advertisements on the reasons for industry closure was not consistent with the identified needs to urgently commence advertising to influence the behaviour of dog owners and encourage the public to adopt a greyhound.

The content in Phase 2 advertisements, which began around four weeks after the first phase, was more explicit in highlighting the services and support for industry members such as offering business and retraining advice. These advertisements also referred audiences to a call centre number as well as the website.

Peer review process limited to influencing second phase of advertisements

In urgent circumstances, the Act allows for peer review to be completed after advertising has commenced. For this campaign, the peer review process was completed on 19 August 2016, two weeks after advertising had commenced. Where advertising commences before the peer review process is completed, the usefulness of peer reviewers’ recommendations is limited to informing subsequent phases of advertising and the post-campaign evaluation.

The peer review report found the messages in Phase 1 advertisements were not clearly defined, and the role of advertising was not clearly defined amongst other campaign activities. These recommendations informed the second phase of advertising, which ran from 27 August 2016 until the campaign was terminated in October 2016.

The department could not demonstrate value for money was achieved for creative work

The department provided a fixed budget for creative work when requesting quotes from creative agencies to develop advertising material. This is not consistent with the quotation requirements in the government’s Guidelines for Advertising and Digital Communication Services. This approach creates risks to achieving value for money as creative agencies are not required to compete on price for their services. The department advised that it had pre-set the creative costs based on a comparative government campaign of a similar size. This was done due to a concern that requiring agencies to compete on price would affect the short timeframe given to develop creative material.

Three creative agencies accepted the opportunity to present design ideas for the campaign. The department was unable to provide evidence of how it chose the preferred supplier out of these three agencies. Records are important for accountability and allow a procurement decision to be audited after an urgent decision.

Short notice did not allow for cost-efficient media booking for all phases

Placement of advertisements in various media channels was done through the State’s Media Agency Services contract. This contract achieves savings as the government can use its aggregated media spend to gain discounts from the media supplier.

The Department of Premier and Cabinet provides guidance to ensure cost efficient media booking. For example, media time for a television advertisement should be booked at least 6 to 12 weeks in advance. Radio advertisements should be booked at least 2 to 8 weeks in advance.

The peer review report noted that the department did not have adequate time to look for the most cost-efficient way to advertise. In its response to the peer reviewers, the department acknowledged this to be due to the urgency to start advertising. The media booking authority was signed by the department one day before the campaign commenced.

The department used a wide public campaign for a narrow target audience

The campaign identified greyhound industry participants as the primary target audience. In 201516 there were 1,342 greyhound trainers, 1,695 owner/trainers, 983 attendants and 1,247 breeders in New South Wales. The department’s advertising submission identified ‘concerns that industry members could make impulsive decisions, potentially jeopardising the welfare of a large number of dogs, prior to the shutdown of the industry’.

The submission’s evidence of advertising effectiveness focused on increasing the level of wider community support for the ban rather than stopping industry members from making impulse decisions. It used an early opinion poll to show that total support for the ban on greyhound racing rises by 17 points and opposition drops by four points following explanation of the findings of the Special Commission of Inquiry report.

The peer review report noted that the role of advertising was not clearly defined amongst the department’s range of other direct and targeted communications and consultations held with industry members.

No demonstrated basis for use of confronting imagery and provocative language

The Guidelines require ‘objective presentation in a fair and accessible manner’. Neither the Guidelines or Handbook further explain what objective presentation means. We have used an ordinary definition of this term as ‘not influenced by personal feelings or opinions in considering and representing facts’. This is synonymous with terms like ‘impartial’, ‘neutral’, and ‘dispassionate’ and opposite to ‘subjective’. We consider that to meet the current requirements in the Guidelines for objectivity, advertising content should contain accurate statements or facts, and avoid subjective language.

Phase 1 focussed on the ongoing consequences if no action was taken to close the industry. The advertisements used provocative language, for example ‘Up to 70 per cent of dogs are deemed wastage by their own industry. Wastage! Slaughtered just for being slow’. Advertisements used confronting imagery like gravestones, blood smears and gun targets.

Our literature review into this area highlighted mixed findings on the effectiveness of confrontational advertising materials. In some cases, shock campaigns may cause an audience to reject or ignore the message, and may even encourage people to do the opposite of the intended behaviour. In other cases, such as in road safety campaigns, this style of advertising can be successful. This shows the importance of conducting pre-campaign research before adopting a confrontational or emotive approach in advertising.

The Government Advertising Handbook recommends that an agency explain the rationale and the evidence for their chosen advertising approach. There was no evidence that the department researched the effectiveness of its advertising approach with its target audience. The department had planned to undertake creative concept testing as part of a strategy to ensure the creative material was understood by its audience. The department advised that due to the urgency of the campaign, it did not have time to conduct this testing.

Not all Phase 1 radio advertisements clearly identified that they were authorised by the New South Wales Government

For the first few days on air, Phase 1 radio advertisements ended by referring the audience to a government website, instead of clearly identifying that it had been authorised by the New South Wales Government. Government authorisations and logos ensure the work and the programs of the NSW Government are easily identifiable by the community.

The department’s cost benefit analysis did not consider alternatives to advertising

For government advertising campaigns that cost over $1.0 million, the Act requires the advertising agency to carry out a cost benefit analysis and obtain approval from the Cabinet Standing Committee on Communications, prior to commencing the campaign.

The department engaged with audiences through direct mail, face to face forums, and a telephone helpline in addition to advertising. However, the department’s cost benefit analysis did not meet the requirements in the Guidelines to specify the extent to which expected benefits could be achieved without advertising, and to compare costs of options other than advertising that could be used to successfully implement the program (see Exhibit 6).

The cost benefit analysis made optimistic assumptions about the impact of the campaign on greyhound adoptions. It estimated that 2,360 greyhounds would be adopted if the campaign was run. This is significantly higher than the ‘most optimistic outcome’ of re-homing in the Special Commission Inquiry report (we calculated this to be 1,467 greyhounds). There was insufficient evidence to support the higher number of adoptions in the cost benefit analysis.

The sensitivity analysis shows that using the Special Commission’s ‘most optimistic outcome’ figure of re-homing would reduce the net present value of advertising to be negative. Further, the cost benefit analysis also assumed that increased government funding would be made available to animal welfare and rehoming organisations to support more adoptions, but did not estimate or include this cost when calculating the net present value of advertising.

There were two factual inaccuracies in key messages used for Phase 1 advertisements

Section 8(2) of the Act requires the head of a government agency to certify that the proposed campaign ‘contains accurate information’. The Secretary of the Department of Justice signed the compliance certificate on 29 July 2016, before advertisements commenced.

We examined the accuracy of factual claims in this advertising campaign, by comparing the key statements to the report of Special Commission of Inquiry into the Greyhound Racing Industry (the Commissioner report). The Commissioner report was quoted by the NSW Government as the basis for its policy to transition the greyhound racing industry to closure.

We identified that two of the key statements used in Phase 1 advertisements to support the animal welfare reasons for industry closure were inaccurate (Exhibit 7).

Appendix one - Responses from agencies

Appendix two - About the campaigns

Appendix three - About the Audit

Appendix four - Performance Auditing

Parliamentary reference - Report number #294 - released 2 November 2017

Audit progress

Sector

Year

Report type

Topic

Reports

The Department did not meet all court technical support targets in 2017 and 2018

Section highlights

Section highlights

1. Machinery of Government changes

2. Financial reporting

3. Audit observations

This report offers insights into internal controls and governance in the NSW public sector

Areas of specific focus of the report have changed since last year

Key conclusions and sector wide learnings

Key conclusions and sector wide learnings

Key conclusions and sector wide learnings

Key conclusions and sector wide learnings

Key conclusions and sector wide learnings

There are no professional standards and capability requirements for probity practitioners

The NSW Procurement Board provides direction for the use of probity practitioners

1. Overall trends

2. Information Technology

3. Asset Management

4. Governance

5. Ethics and Conduct

6. Risk Management

This new report offers strategic insight on the public sector as a whole

2.1 IT security

2.2 Cyber Security

2.3 Other IT systems

3.1 Capital investment

3.2 Capital projects

3.3. Asset disposals

4.1 Governance arrangements

4.2 Shared services

5.1 Ethical framework

5.2 Potential conflicts of interest

6.1 Risk management maturity

6.2 Risk management elements

1. Financial reporting and controls

2. Service Delivery

No breach of specific prohibitions in the Act

Request for quotes to design advertisement did not reflect the full scope required

No breach of specific prohibitions in the Act

Animal welfare concerns were identified as the reason for urgent advertising

Phase 1 advertisements did not focus on the urgent needs

Peer review process limited to influencing second phase of advertisements

The department could not demonstrate value for money was achieved for creative work

Short notice did not allow for cost-efficient media booking for all phases

The department used a wide public campaign for a narrow target audience

No demonstrated basis for use of confronting imagery and provocative language

Not all Phase 1 radio advertisements clearly identified that they were authorised by the New South Wales Government

The department’s cost benefit analysis did not consider alternatives to advertising

There were two factual inaccuracies in key messages used for Phase 1 advertisements