Reports
Local Government 2023
What this report is about
Results of the local government sector financial statement audits for the year ended 30 June 2023.
Findings
Unqualified audit opinions were issued for 85 councils, eight county councils and 12 joint organisations.
Qualified audit opinions were issued for 36 councils due to non-recognition of rural firefighting equipment vested under section 119(2) of the Rural Fires Act 1997.
The audits of seven councils, one county council and one joint organisation remain in progress at the date of this report due to significant accounting issues.
Fifty councils, county councils and joint organisations missed the statutory deadline of submitting their financial statements to the Office of Local Government, within the Department of Planning, Housing and Infrastructure, by 31 October.
Audit management letters included 1,131 findings with 40% being repeat findings and 91 findings being high-risk. Governance, asset management and information technology continue to represent 65% of the key areas for improvement.
Fifty councils do not have basic governance and internal controls to manage cyber security.
Recommendations
To improve quality and timeliness of financial reporting, councils should:
- adopt early financial reporting procedures, including asset valuations
- ensure integrity and completeness of asset source records
- perform procedures to confirm completeness, accuracy and condition of vested rural firefighting equipment.
To improve internal controls, councils should:
- track progress of implementing audit recommendations, and prioritise high-risk repeat issues
- continue to focus on cyber security governance and controls.
Read the PDF report
Local Government 2022
This report is about
Results of the local government sector financial statement audits for the year ended 30 June 2022.
What we found
Unqualified audit opinions were issued for 83 councils, 11 joint organisations and nine county councils' financial statements.
The financial audits for two councils and two joint organisations are in progress due to accounting issues.
Fifty-seven councils and joint organisations (2021: 41) required extensions to submit their financial statements to the Office of Local Government (OLG), within the Department of Planning and Environment (the department).
The audit opinion on Kiama Municipal Council's 30 June 2021 financial statements was disclaimed due to deficient books and records.
Qualified audit opinions were issued on 43 councils' financial statements due to non-recognition of rural firefighting equipment vested under section 119 (2) of the Rural Fires Act 1997. Forty-seven councils appropriately recognised this equipment.
What we recommended
Consistent with the NSW Government's accounting position and the department's role of assessing councils' compliance with legislative responsibilities, standards or guidelines, the department should intervene where councils do not recognise vested rural firefighting equipment.
The key issues
There were 1,045 audit findings reported to councils in audit management letters, with 52% being unresolved from prior years.
What we recommended
Councils need to track progress of implementing audit recommendations, giving priority to high-risk and repeat issues.
Ninety-three high-risk matters were identified across the sector mainly relating to asset management, information technology, financial accounting and council governance procedures.
Asset valuations
Audit management letters reported 267 findings relating to asset management. Fifty-three councils had deficiencies in processes that ensure assets are fairly stated.
What we recommended
Councils need to complete timely asset valuations (repeat recommendation).
Integrity and completeness of asset source records
Fifty-two councils had weak processes over the integrity of fixed asset registers.
What we recommended
Councils need to improve controls that ensure integrity of asset records (repeat recommendation).
Cybersecurity
Our audits found that 47% of councils did not have a cyber security plan.
What we recommended
All councils need to prioritise creation of a cyber security plan to ensure data and assets are safeguarded.
Pursuant to the Local Government Act 1993 I am pleased to present my Auditor-General's report on Local Government 2022. My report provides the results of the 2021–22 financial audits of 126 councils, 11 joint organisations and nine county councils. The audits for two councils and two joint organisations are in progress due to significant accounting issues.
Unqualified audit opinions were issued for 83 councils, 11 joint organisations and nine county councils' 2021–22 financial statements. The statements for 43 councils were qualified due to non-recognition of rural firefighting equipment vested under section 119 (2) of the Rural Fires Act 1997. And the audit opinion on Kiama Municipal Council's 30 June 2021 financial statements was disclaimed due to deficiencies in books and records.
This year has again been challenging for many New South Wales local councils still recovering from the impact of emergency events and facing cost and resourcing pressures. We appreciate the efforts of council staff and management in meeting their financial reporting obligations. We share a mutual interest in raising the standard of financial management in this sector, and the importance of accurate and transparent reporting.
Disappointingly, accounting for the value of rural firefighting equipment vested in councils continued to be an unnecessary distraction and resulted in 43 councils having their financial statements qualified. We continue to recommend that the Office of Local Government should intervene where councils fail to comply with Australian Accounting Standards by not recognising assets vested to them under section 119(2) of the Rural Fires Act 1997.
Sound financial management is critical to councils' ability to instil trust and properly serve their communities. The recommendations in this report are intended to further improve their financial management and reporting capability, and encourage sound governance arrangements and cyber resilience. I am committed to continuing this work with councils in the 2022–23 year and beyond.
Margaret Crawford PSM
Auditor-General for New South Wales
Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines audit observations related to the financial reporting audit results of councils and joint organisations.
Section highlights
|
A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations, and support ethical government.
This chapter outlines the overall trends in governance and internal controls across councils and joint organisations in 2021–22.
Financial audits focus on key governance matters and internal controls supporting the preparation of councils’ financial statements. Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues are reported to management and those charged with governance through audit management letters. These letters include our observations, related implications, recommendations and risk ratings.
Section highlights
|
Total number of findings reported in audit management letters decreased
The following shows the overall findings of the 2021–22 audits reported in management letters compared with the previous year.
Appendix two – Status of audits
Appendix three – Councils received qualified audit opinions
Appendix four – Common reasons for council extensions
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Natural disasters
What this report is about
This report draws together the financial impact of natural disasters on agencies integral to the response and impact of natural disasters during 2021–22.
What we found
Over the 2021–22 financial year $1.4 billion from a budget of $1.9 billion was spent by the NSW Government in response to natural disasters.
Total expenses were less than the budget due to underspend in the following areas:
- clean-up assistance, including council grants
- anticipated temporary accommodation support
- payments relating to the Northern Rivers Business Support scheme for small businesses.
Natural disaster events damaged council assets such as roads, bridges, waste collection centres and other facilities used to provide essential services. Additional staff, contractors and experts were engaged to restore and repair damaged assets and minimise disruption to service delivery.
At 30 June 2022, the estimated damage to council infrastructure assets totalled $349 million.
Over the first half of the 2022–23 financial year, councils experienced further damage to infrastructure assets due to natural disasters. NSW Government spending on natural disasters continued with a further $1.1 billion spent over this period.
Thirty-six councils did not identify climate change or natural disaster as a strategic risk despite 22 of these having at least one natural disaster during 2021–22.
Section highlights
|
Section highlights
|
Planning and Environment 2022
What the report is about
Result of the Planning and Environment cluster agencies' financial statements audits for the year ended 30 June 2022.
What we found
Unmodified audit opinions were issued for all completed 30 June 2022 financial statements audits of cluster agencies. Seven audits are ongoing.
Disclaimed audit opinions were issued for the 2010–11 to 2015–16 financial statements of the Water Administration Ministerial Corporation (WAMC), as management was unable to certify that the financial statements exhibit a true and fair view of WAMC's financial position and financial performance.
Qualified audit opinions were issued for WAMC's 2016–17 and 2017–18 financial statements due to insufficient evidence to support the completeness and valuation of water meters infrastructure assets, the impairment of water meters, and the completeness of buildings at Nimmie Caira.
Unqualified audit opinions were issued for WAMC's 2018–19 and 2019–20 financial statements.
The Department of Planning and Environment (the department) assessed 45 Category 2 Statutory Land Managers (SLM) did not meet the reporting exemption criteria and therefore were required to prepare 2021–22 financial statements. None of these 45 Category 2 SLMs prepared and submitted their 30 June 2022 financial statements by the statutory reporting deadline.
All 119 Commons Trusts have never submitted their financial statements for audit as required by the Government Sector Finance Act 2018 (GSF Act).
NSW Treasury has confirmed that the Catholic Metropolitan Cemeteries Trust (CMCT) is a controlled entity of the State. To date, CMCT has not met its obligations to prepare financial statements under the GSF Act and it has not submitted financial statements to the Auditor-General for audit.
What the key issues were
Since 2017, the Audit Office has recommended the department address the different practices across the local government sector in accounting for rural firefighting equipment. Despite repeated recommendations, the department did little to resolve this issue. At the time of writing, 32 of 118 completed council audits received qualified audit opinions on their 30 June 2022 financial statements.
There continues to be significant deficiencies in Crown land records. The department uses the Crown Land Information Database (CLID) to record key information relating to Crown land in New South Wales that is managed and controlled by the department and land managers. The CLID system was not designed to facilitate financial reporting, and the department is required to conduct extensive adjustments and reconciliations to produce accurate information for the financial statements.
The department implemented the CrownTracker system as a replacement for CLID. The project was finalised in June 2022, but it has not achieved the intended outcomes.
Nine high-risk issues were identified across the cluster related to the findings outlined above and weaknesses in IT general controls, financial reporting, governance processes and internal controls.
Recommendations were made to address these deficiencies.
This report provides Parliament and other users of the Planning and Environment cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment cluster (the cluster) for 2022.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Planning and Environment cluster.
Section highlights
|
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Appendix five – Councils received qualified audit opinions
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Stronger Communities 2022
What the report is about
Results of the Stronger Communities cluster agencies' financial statement audits for the year ended 30 June 2022.
What we found
Unqualified audit opinions were issued on all completed 30 June 2022 financial statement audits. One audit is ongoing.
All 13 cluster agencies that have accommodation arrangements with Property NSW derecognised right-of-use assets and lease liabilities of $917 million and $1 billion respectively. The agencies also collectively recorded a gain on derecognition of $136 million.
The Department of Communities and Justice (the department) assumed the responsibility for delivery of the Process and Technology Harmonisation program from the Department of Customer Service. In 2021–22, the department incurred costs of $42.8 million in relation to the project, which remains ongoing.
The number of monetary misstatements identified during the audits decreased from 50 in 2020–21 to 48 in 2021–22.
What the key issues were
Six of the 15 cluster agencies required to submit 2021–22 mandatory early close procedures did not meet the statutory deadlines. One agency did not complete all mandatory procedures.
Five high-risk findings were identified in 2021–22. They related to deficiencies in:
- user access administration at the department, NSW Rural Fire Service and New South Wales Aboriginal Land Council (NSWALC)
- segregation of duties at the NSW Trustee and Guardian and NSWALC.
Recommendations were made to those agencies to address these control deficiencies.
This report provides Parliament and other users of the Stronger Communities cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster (the cluster) for 2022.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Stronger Communities cluster.
Section highlights
|
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Local Government 2021
What the report is about
Results of the local government sector council financial statement audits for the year ended 30 June 2021.
What we found
Unqualified audit opinions were issued for 126 councils, 13 joint organisation audits and nine county councils in 2020–21.
A qualified audit opinion was issued for Central Coast Council who was unable to provide evidence to support the carrying value of $5.5 billion of roads, bridges, footpaths, bulk earthworks, stormwater drainage, water supply and sewerage network assets.
The audit of Kiama Municipal Council is still in progress as at the date of this report due to significant accounting issues not resolved resulting in corrections to the financial statements and prior period errors.
Forty-one councils and joint organisations (2020: 16) received extensions to submit audited financial statements to the Office of Local Government (OLG).
Councils were impacted by recent emergency events, including bushfires, floods and the COVID-19 pandemic. The financial implications from these events varied across councils. Councils adapted systems, processes and controls to enable staff to work flexibly.
What the key issues were
There were 1,277 audit findings reported to councils in audit management letters.
Ninety-two high-risk matters were identified across the sector:
- 69 high-risk matters relating to asset management (see page 30)
- six high-risk matters relating to information technology (see page 39)
- six high-risk matters relating to financial reporting (see page 26)
- six high-risk matters to council governance procedures (see page 22)
- five high-risk matters relating to financial accounting (see page 28).
More needs to be done to reduce the number of errors identified in financial reports. Twenty-nine councils required material adjustments to correct errors in previous audited financial statements.
Rural firefighting equipment
Sixty-eight councils did not record rural firefighting equipment estimated to be $145 million in their financial statements.
The financial statements of the NSW Total State Sector and the NSW Rural Fire Service do not include these assets, as the State is of the view that rural firefighting equipment that has been vested to councils under the Rural Fires Act 1997 is not controlled by the State. In reaching this conclusion, the State argued that on balance it would appear the councils control rural firefighting equipment that has been vested to them.
The continued non-recording of rural firefighting equipment in financial management systems of some councils increases the risk that these assets are not properly maintained and managed.
What we recommended
Councils should perform a full asset stocktake of rural firefighting equipment, including a condition assessment for 30 June 2022 financial reporting purposes and recognise this equipment as assets in their financial statements.
Consistent with OLG’s role to assess council’s compliance with legislative responsibilities, standards or guidelines, OLG should intervene where councils do not recognise rural firefighting equipment.
Fast facts
- 150 councils and joint organisations in the sector
- 99% unqualified audit opinions issued for the 30 June 2021 financial statements
- 489 monetary misstatements reported in 2020–21
- 54 prior period errors reported
- 92 high-risk management letter findings identified
- 53% of reported issues were repeat issues.
Early financial reporting procedures
Fifty-nine per cent of councils performed some early financial reporting procedures, less than the prior year.
What we recommended
OLG should require early financial reporting procedures across the local government sector by April 2023. Policy requirements should be discussed with key stakeholders to ensure benefits of the procedures are realised.
Asset valuations
Audit management letters reported 288 findings relating to asset management. Fifty-eight councils had deficiencies in their processes to revalue infrastructure assets.
Thirty-five councils corrected errors relating to revaluations amounting to $1 billion and 13 councils had prior period errors relating to asset revaluations that amounted to $253 million.
What we recommended
Councils should have all asset revaluations completed by April of the financial year subject to audit.
Integrity/completeness of asset records
Sixty-seven councils had weak processes over maintenance, completeness and security of fixed asset registers.
Thirty-five councils corrected errors to the financial statements relating to poor record keeping of asset data that amounted to $102.1 million. Nineteen councils had 27 prior period financial statement errors that amounted to $417.1 million relating to the quality of asset records such as found and duplicate assets.
What we recommended
Councils need to improve controls and processes to ensure integrity and completeness of asset source records.
Cybersecurity
Our audits found that cybersecurity frameworks and related controls were not in place at 65 councils.
These councils have yet to implement basic governance and internal controls to manage cybersecurity such as having a cybersecurity framework, policy and procedure, register of cyber incidents, system penetrations testing and training.
What we recommended
OLG needs to develop a cybersecurity policy to be applied by councils as a matter of high priority in order to ensure cybersecurity risks over key data and IT assets are appropriately managed across councils and key data is safeguarded.
Councils should monitor the implementation of recommendations
Fifty-three per cent of total findings reported in 2020–21 audit management letters were repeat or partial repeat findings from prior years.
What we recommended
Councils and those charged with governance should track the progress of implementing recommendations from financial audits, performance audits and public inquiries.
Key financial information
In 2020–21, councils:
- collected $7.6b in rates and annual charges
- received $5.1b in grants and contributions
- incurred $4.8b of employee benefits and on costs
- held $15.3b of cash and investments
- managed $161.7b of infrastructure, property, plant and equipment
- entered into $3.4b of borrowings.
Pursuant to the Local Government Act 1993 I present my report Local Government 2021. My report provides the results of the 2020–21 financial audits of 127 councils, 13 joint organisations and nine county councils.
Unqualified audit opinions were issued for 126 councils, 13 joint organisation and nine county councils in 2020–21. My independent auditor’s opinion was qualified for Central Coast Council who was unable to provide evidence to support the carrying value of $5.5 billion of roads, bridges, footpaths, bulk earthworks, stormwater drainage, water supply and sewerage network assets.
The 2020–21 year was challenging from many perspectives, not least being the continuing impact of and response to the recent emergency events, including bushfires, floods and the COVID-19 pandemic. We appreciate the efforts of council staff and management right across local government and they must be congratulated for their responsiveness and resilience in meeting their financial reporting obligations in such challenging circumstances.
This report makes a number of recommendations to councils and to the regulator, the Office of Local Government within the Department of Planning and Environment. These are intended to support councils to further improve the timeliness, accuracy and strength of financial reporting and their governance arrangements. Arguably, when faced with challenges, it is even more important to prioritise and invest in systems and processes to protect the integrity of councils' operations and promote accurate and transparent reporting.
I look forward to continuing engagement and constructive dialogue with councils in 2022–23 and beyond.
Margaret Crawford
Auditor-General for New South Wales
Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines audit observations related to the financial reporting of councils and joint organisations.
Highlights
|
A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations, and support ethical government.
This chapter outlines the overall trends in governance and internal control findings across councils, county councils and joint organisations in 2020–21.
Financial audits focus on key governance matters and internal controls supporting the preparation of councils' financial statements. Audit findings are reported to management and those charged with governance through audit management letters.
Highlights
|
Total number of findings reported in audit management letters decreased
In 2020–21, 1,277 audit findings were reported in audit management letters (2019–20: 1,435 findings). No extreme audit risk findings were identified this year. The extreme risk relating to Central Coast Council's use of externally restricted funds in 2019–20 was partially addressed by management and has been rated as a high-risk for 2020–21. The total number of high-risk findings increased to 92 (2019–20: 53 high-risk findings).
Findings are classified as new, repeat or ongoing, based on:
- new findings were first reported in 2020–21 audits
- repeat findings were first reported in prior year audits, but remain unresolved in 2020–21
- ongoing findings were first reported in prior year audits, but the action due dates to address the findings are after 2020–21.
Findings are categorised as governance, financial reporting, financial accounting, asset management, purchases and payables, payroll, cash and banking, revenue and receivables, or information technology. The high-risk and common audit findings across these areas are explored further in this chapter.
Audit Office’s annual work program for 2021–22 onwards
Focus on integrity of systems, good governance and good advice
We have a fundamental role in helping the Parliament hold government accountable for the use of public resources. In doing so, we examine whether councils' systems and processes are effective in supporting integrity, accountability and transparency. Key aspects of integrity that we expect to through conduct of our financial and performance audits over the next three years include the integrity of systems, good governance and good advice. These focus areas have arisen from the collation of key findings and recommendations from our past reports.
Focus on local councils' continued response to recent emergencies
The COVID-19 pandemic continues to have a significant impact on the people and the public sector of New South Wales. Local councils are continuing to assist communities in their recovery from the 2019–20 bushfires and subsequent and recent flooding. The full extent of some of these events remain unclear and will likely continue to have an impact into the future.
The Office of Local Government within the Department of Planning and Environment continues to work with other state agencies to assist local councils and their communities to recover from these unprecedented events.
The increasing and changing risk environment presented by these events has meant that we have recalibrated and focused our efforts on providing assurance on how effectively aspects of responses to these emergencies have been delivered.
This includes financial and governance risks arising from the scale and complexity of government responses to these events.
We will take a phased approach to ensure our financial and performance audits address the following elements of the emergencies and the Local Government's responses:
- local councils' planning and preparedness for emergencies
- local councils' initial responses to support people and communities impacted by COVID-19 and the 2019–20 bushfires and recent floods
- governance and oversight risks that arise from the need for quick decision-making and responsiveness to emergencies
- effectiveness and robustness of processes to direct resources toward recovery efforts and ensure good governance and transparency in doing so
- the mid to long-term impact of government responses to the natural disasters and COVID-19
- whether government investment has achieved desired outcomes.
Focus on the effectiveness of cybersecurity in local government
The increasing global interconnectivity between computer networks has dramatically increased the risk of cybersecurity incidents. Such incidents can harm local government service delivery and may include theft of information, denial of access to critical technology, or even hijacking of systems for profit or malicious intent.
Outdated IT systems and capability present risks to government cybersecurity. Local councils need to be alert to the need to update and replace legacy systems, and regularly train and upskill staff in their use. To add to this, cybersecurity risks have been exacerbated by recent emergencies, which have resulted in greater and more diverse use of digital technology.
Our approach to auditing cybersecurity across in the sector involves:
- considering how local councils are responding to the risks associated with cybersecurity across our financial audits
- examining the effectiveness of cybersecurity planning and governance arrangements within local councils
- conducting deep-dive performance audits of the effectiveness of cybersecurity measures in selected councils.
Local government elections
Local government elections took place in 2021–22
The local government elections were deferred for one year due to the COVID-19 pandemic and were held on 4 December 2021.
As part of our audits, we will consider the impact of any significant change on key decisions and activities for councils, county councils and joint organisations following the local government elections.
New rate peg methodology to support growing councils
The Independent Pricing and Regulatory Tribunal (IPART) has completed its review of the local government rate peg methodology to include population growth.
On 10 September 2021, IPART provided the final report on this review to the Minister for Local Government.
The minister has endorsed the new rate peg methodology and has asked IPART to give effect to it in setting the rate peg from the 2022–23 financial year.
As part of our audits, we will consider the impact of these changes on the financial statements and on key decisions and activities for councils, county councils and joint organisations.
Appendix two – Status of previous recommendations
Appendix three – Status of audits
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
COVID-19: response, recovery and impact
What the report is about
This report draws together the financial impact of COVID-19 on the agencies integral to responses across the state government sector of New South Wales.
What we found
Since the COVID-19 pandemic hit NSW in January 2020, and until 30 June 2021, $7.5 billion was spent by state government agencies for health and economic stimulus. The response was largely funded by borrowings.
The key areas of spending since the start of COVID-19 in NSW to 30 June 2021 were:
- direct health response measures – $2.2 billion
- personal protective equipment – $1.4 billion
- small business grants – $795 million
- quarantine costs – $613 million
- increases in employee expenses and cleaning costs across most agencies
- vaccine distribution, including vaccination hubs – $71 million.
The COVID-19 pandemic significantly impacted the financial performance and position of state government agencies.
Decreases in revenue from providing goods and services were offset by increases in appropriations, grants and contributions, for health and economic stimulus funding in response to the pandemic.
Most agencies had expense growth, due to additional operating requirements to manage and respond to the pandemic along with implementing new or expanded stimulus programs and initiatives.
Response measures for COVID-19 have meant the NSW Government is unlikely to meet targets in the Fiscal Responsibility Act 2012 being:
- annual expense growth kept below long-term average revenue growth
- elimination of State’s unfunded superannuation liability by 2030.
Fast facts
- First COVID-19 case in NSW on 25 January 2020
- COVID-19 vaccinations commenced on 21 February 2021
- By 31 December 2021, 25.2 million PCR tests had been performed in NSW and 13.6 million vaccines administered, with 93.6% of the 16 and over population receiving two doses
- During 2020–21, NSW Health employed an extra 4,893 full-time staff and incurred $28 million in overtime mainly in response to COVID-19
- During 2020–21, $1.2 billion was spent on direct health COVID-19 response measures and $532 million was spent on quarantine for incoming international travellers
Section highlights
|
Section highlights
|
Report on Local Government 2020
What the report is about
Results of the local government sector council financial statement audits for the year ended 30 June 2020.
What we found
Unqualified audit opinions were issued for 127 councils, 9 county councils and 13 joint organisation audits in 2019–20. A qualified audit opinion was issued for Central Coast Council.
Councils were impacted by recent emergency events, including bushfires and the COVID-19 pandemic. The financial implications from these events varied across councils. Councils adapted systems, processes and controls to enable staff to work flexibly.
What the key issues were
There were 1,435 findings reported to councils in audit management letters.
One extreme risk finding was identified related to Central Coast Council’s use of restricted funds for general purposes.
Fifty-three high risk matters were identified across the sector:
- 21 high risk matters relating to asset management
- 14 high risk matters relating to information technology
- 7 high risk matters relating to financial reporting
- 4 high risk matters to council governance procedures
- 3 high risk matters relating to financial accounting
- 3 high risk matters relating to purchasing and payables
- 1 high risk matter relating to cash and banking.
More can be done to reduce the number of errors identified in financial reports. 61 councils required material adjustments to correct errors in previous audited financial statements.
Fast facts
|
Rural fire fighting equipment
Sixty-eight councils did not record rural fire fighting equipment worth $119 million in their financial statements.
The NSW Government has confirmed these assets are not controlled by the NSW Rural Fire Service and are not recognised in the financial records of the NSW Government.
What we recommended
The Office of Local Government should communicate the State's view that rural firefighting equipment is controlled by councils in the local government sector, and therefore this equipment should be properly recorded in their financial statements.
Central Coast Council
A qualified opinion was issued for Central Coast Council (the Council) relating to two matters.
Council did not conduct the required revaluation to support the valuation of roads.
Council also disclosed a prior period error relating to restrictions of monies collected for their water, sewer, and drainage operations, which, based on the NSW Crown Solicitor’s advice, should be considered a change in accounting policy.
What we recommended
The Office of Local Government should clarify the legal framework relating to restrictions of water, sewerage and drainage funds (restricted reserves) by either seeking an amendment to the relevant legislation or by issuing a policy instrument to remove ambiguity from the current framework.
Key financial informationIn 2019-20, councils:
|
Further information
Please contact Ian Goodwin, Deputy Auditor-General on 9275 7347 or by email.
Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines audit observations related to the financial reporting of councils and joint organisations.
Highlights
|
Recent emergency events, including drought, bushfires, floods and the COVID-19 pandemic have impacted councils.
This chapter will provide insights into how these events have impacted councils, including:
- financial implications of the emergency events
- changes to councils' operating models, processes and controls
- accessibility to technology and the maturity of councils' systems and controls to prevent unauthorised and fraudulent access to data
- receipt and delivery of stimulus packages or programs at short notice.
Highlights
|
Recent emergency events significantly impacted councils
Recent emergencies, including drought, bushfires, floods and the COVID-19 pandemic have brought particular challenges for councils and their communities.
A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations and support ethical government.
This chapter outlines the overall trends in governance and internal control findings across councils, county councils and joint organisations in 2019–20. It also includes the findings reported in the 2018–19 audits of Hilltops, MidCoast and Murrumbidgee councils as these audits were finalised after the Report on Local Government 2019 was published.
Financial audits focus on key governance matters and internal controls supporting the preparation of councils' financial statements. Audit findings are reported to management and those charged with governance through audit management letters.
Highlights
|
Total number of findings reported in audit management letters decreased
In 2019–20, 1,435 findings were reported in audit management letters (2018–19: 1,985 findings). An extreme risk finding was also identified this year related to Central Coast Council's use of restricted funds. The total number of high-risk findings decreased to 53 (2018–19: 82 high-risk findings).
Findings are classified as new, repeat or ongoing findings, based on:
- new findings were first reported in 2019–20 audits
- repeat findings were first reported in prior year audits, but remain unresolved in 2019–20
- ongoing findings were first reported in prior year audits, but the action due dates to address the findings are after 2019–20.
Findings are categorised as governance, financial reporting, financial accounting, asset management, purchases and payables, payroll, cash and banking, revenue and receivables, or information technology. The high-risk and common findings across these areas are explored further in this chapter.
Audit Office’s work plan for 2020–21 onwards
Focus on local council's response and recovery from recent emergencies
Local councils and their communities will continue to experience the effects of recent emergency events, including the bushfires, floods and the COVID 19 pandemic for some time. The full extent of some of these events remain unclear and will continue to have an impact into the future. The recovery is likely to take many years.
The Office of Local Government (OLG) within the Department of Planning, Industry and Environment is working with other state agencies to assist local councils and their communities to recover from these unprecedented events.
These events have created additional risks and challenges, and changed the way that councils deliver their services.
We will take a phased approach to ensure our financial and performance audits address the following elements of the emergencies and the Local Government's responses:
- local councils' preparedness for emergencies
- its initial responses to support people and communities impacted by the 2019–20 bushfires and floods, and COVID-19
- the governance and oversight risks that arise from the need for quick decision making and responsiveness to emergencies
- the effectiveness and robustness of processes to direct resources toward recovery efforts and ensure good governance and transparency in doing so
- the mid to long-term impact of government responses to the natural disasters and COVID-19
- whether government investment has achieved desired outcomes.
Planned financial audit focus areas in Local Government
During 2020–21, the financial audits will focus on the following key areas:
- cybersecurity, including:
- cybersecurity framework, policies and procedures
- assessing the controls management has to address the risk of cybersecurity incidents
- whether cybersecurity risks represent a risk of material misstatement to council's financial statements
- budget management
- financial sustainability
- quality and timeliness of financial reporting
- infrastructure, property, plant and equipment
- information technology general controls.
Audit, risk and improvement committees
All councils are required to have an audit, risk and improvement committee by March 2022
The requirement for all councils to establish an audit, risk and improvement committee was deferred by 12 months to March 2022 due to the COVID 19 pandemic.
Audit, risk and improvement committees are an important contributor to good governance. They help councils to understand strategic risks and how they can mitigate them. An effective committee helps councils to build community confidence, meet legislative and other requirements and meet standards of probity, accountability and transparency.
Local Government elections
Local Government elections were postponed for one year due to the COVID 19 pandemic
The Local Government elections were deferred for one year due to the COVID 19 pandemic and will now be held on 4 September 2021. As the statutory deadline for the 2020–21 financial statements is 30 October 2021, some of the newly elected councillors will be required to endorse them.
Implementation of AASB 1059
Accounting standards implementation continue next year
AASB 1059 is effective for councils for the 2020–21 financial year.
A service concession arrangement typically involves a private sector operator that is involved with designing, constructing or upgrading assets used to provide public services. They then operate and maintain those assets for a specified period of time and is compensated by the public sector entity in return. Examples of potential service concession arrangements impacting councils include roads, community housing, childcare services and nursing homes.
AASB 1059 may result in councils recognising more service concession assets and liabilities in their financial statements.
Appendix one – Response from the Department of Planning, Industry and Environment
Appendix two – NSW Crown Solicitor’s advice
Appendix three – Status of 2019 recommendations
Appendix four – Status of audits
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Stronger Communities 2020
This report analyses the results of our audits of financial statements of the agencies comprising the Stronger Communities cluster for the year ended 30 June 2020. The table below summarises our key observations.
1. Financial reporting |
|
| Quality of financial reporting | Unqualified audit opinions were issued for all agencies' 30 June 2020 financial statements. |
| Compliance with financial reporting requirements |
The Treasury extended the statutory deadline for the submission of the 2019–20 financial statements. For agencies subject to Treasurer's Directions, Treasury required agencies to submit their 30 June 2020 financial statements by 5 August 2020. For other agencies, the deadline was extended to 31 October 2020. All agencies in the cluster met the revised statutory deadlines. Cluster agencies substantially completed the mandatory early close procedures set by NSW Treasury. However, nine agencies including the Department of Communities and Justice (the department) did not complete one or more mandatory requirements, such as assessing the impact of new and updated accounting standards. |
| Financial implications of recent emergencies |
Emergency events significantly impacted cluster agencies in 2019–20. Our review of seven cluster agencies most affected highlighted some had incurred additional expenditure because of the bushfires and floods. Others lost revenue due to the COVID-19 pandemic. During the year these agencies collectively received additional funding of $1.1 billion from the State to respond to:
The Sydney Cricket Ground Trust, Venues NSW and Office of Sport lodged insurance claims of $51.3 million with the Treasury Managed Fund with respect to lost revenues from the pandemic. The losses were mainly due to event cancellations and covered various periods ranging from mid-March to 31 December 2020. The change in economic conditions caused by the COVID-19 pandemic resulted in the NSW Government cancelling the refurbishment of Stadium Australia it had previously approved in August 2019. Venues NSW wrote off $16.8 million of redevelopment costs during 2019–20. |
| Restatement of the Sydney Cricket Ground valuation | The valuation of the Sydney Cricket Ground (the Stadium) included costs of $28.6 million which were not eligible for capitalisation. The financial statements were restated to reflect the reduction in the value of the Stadium and the asset revaluation reserve. |
| Unresolved data quality issues in the VS Connect system |
The department continues to address significant data quality issues resulting from its implementation of the VS Connect system (the System) in 2019. The issues relate to the completeness and accuracy of the data transferred from the legacy system. The System is used by the department to manage its Victims Support Services (VSS) and for financial reporting purposes. An independent actuary helps the department estimate its liability for VSS claims. The actuary's valuation at 30 June 2020 was again impacted by the data quality issues. Consequently, the actuary adopted a revised valuation methodology compared to previous years. Recommendation (repeat issue): The department should resolve the data quality issues in the VS Connect System before 31 March 2021. |
| AASB 16 'Leases' resulted in significant changes to agencies' financial position |
Cluster agencies implemented three new accounting standards for the first time in 2019–20. Adoption of AASB 16 'Leases' resulted in cluster agencies collectively recognising right-of-use assets and lease liabilities of $1.7 billion and $1.1 billion respectively on 1 July 2019. Significant misstatements in how lease related balances had been calculated were found in 17 of the 29 cluster agencies. The cluster outsources the management of most of its owned and leased property portfolio to Property NSW, but cluster agencies remain responsible for any deliverables under that arrangement. The misstatements were mainly caused by late revisions of key assumptions and issues with the accuracy and completeness of Property NSW's lease information. |
2. Audit observations |
|
| Internal control deficiencies |
Our 2019–20 financial audits identified 191 internal control issues. Of these, two were high risk and almost one-third were repeat findings from previous audits. While repeat findings reduced by 5.7 percentage points in 2019–20, the number remains high. Recommendation (repeat issue): Cluster agencies should action recommendations to address internal control weaknesses promptly. Focus should be given to addressing high risk and repeat issues. |
| Agencies response to recent emergencies |
The severity of the recent bushfires and floods meant natural disaster expenses incurred by emergency services agencies rose from $67.4 million in 2018–19 to $497 million in 2019–20. The COVID-19 pandemic presented unprecedented challenges for the cluster. Social distancing and other infection control measures disrupted the traditional means of delivering services. Agencies established committees or response teams to respond to these challenges. The department introduced measures to minimise the risk of the spread of COVID-19 amongst inmates in custodial settings. |
| Managing excess annual leave |
Managing excess annual leave was a challenge for cluster agencies directly involved in the government's response to the emergency events. Employees in frontline cluster agencies deferred leave plans and many have taken little or no annual leave during the reporting period. Annual leave liabilities rose at the department, NSW Police Force, Fire and Rescue NSW, Office of the NSW Rural Fire Service, the Legal Aid Commission of New South Wales and the Office of the Director of Public Prosecutions. The combined liabilities increased from $620 million to $692 million or 11.6 per cent between 30 June 2019 and 30 June 2020. |
| Implementation of Machinery of Government (MoG) changes |
Administrative Arrangement Orders effective from 1 July 2019, created the department of Communities and Justice and transferred functions and staff, together with associated assets and liabilities into the department from the former departments of Justice and Family and Community Services. The department continues to establish its governance arrangements following the MoG changes. Recommendation: The department should finalise appropriate governance arrangements for its new organisational structure as soon as possible. This includes:
|
| Delivery of the Prison Bed Capacity Program |
The department continued to expand prison system capacity through the NSW Government's $3.8 billion Prison Bed Capacity Program. The department reported it spent $480 million on the Program in 2019–20. Six prison expansion projects were completed during the year, which added 1,660 new and 395 refurbished beds to the NSW prison system. Data from the department shows the number of adult inmates in the NSW prison system reached a maximum of 14,165 during the year. Operational capacity was 16,096 beds on 19 August 2020. |
This report provides parliament and other users of the financial statements of agencies in the Stronger Communities cluster with the results of our audits, our observations, analysis, conclusions and recommendations.
Agencies in the Stronger Communities cluster were significantly impacted by the bushfires, floods and the COVID-19 pandemic in 2019–20. Our 2019–20 financial audits of the seven cluster agencies most significantly impacted by the recent emergency events considered:
- the financial implications of the emergency events
- changes to agencies' operating models and control environments
- delivery of new or expanded projects, programs or services at short notice.
Our findings on these seven agencies' responses to the recent emergencies are included throughout this report. These agencies are:
- Department of Communities and Justice
- Fire and Rescue NSW
- NSW Police Force
- Office of the NSW Rural Fire Service
- Office of the NSW State Emergency Service
- Sydney Cricket and Sports Ground Trust
- Venues NSW.
The Department of Communities and Justice is the principal agency of the cluster. The names of all agencies in the Stronger Communities cluster are included in Appendix one.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Stronger Communities cluster for 2020, including any financial implications from the recent emergency events.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our:
- observations and insights from our financial statement audits of agencies in the Stronger Communities cluster
- assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies
- review of how the cluster agencies managed the increased risks associated with new programs aimed at stemming the spread of COVID-19 and stimulating the economy.
Section highlights
|
Appendix one – Timeliness of financial reporting by agency
Appendix two – Management letter findings by agency
Appendix three – List of 2020 recommendations
Appendix four – Status of 2019 recommendations
Appendix five – Selected agencies for review of response to emergency events
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Internal controls and governance 2020
The Auditor-General for New South Wales, Margaret Crawford today released her report on the findings and recommendations from the 2019–20 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector.
The bushfire and flood emergencies and the COVID‑19 pandemic continue to have a significant impact on the people and public sector of New South Wales. The scale of the government response to these events has been significant. The report focuses on the effectiveness of internal controls and governance processes, including relevant agencies’ response to the emergencies. In particular, the report focuses on:
- financial and information technology controls
- business continuity and disaster recovery planning arrangements
- procurement, including emergency procurement
- delegations that support timely and effective decision-making.
Due to the ongoing impact of COVID‑19 agencies have not yet returned to a business‑as‑usual environment. ‘Agencies will need to assess their response to the recent emergencies and update their business continuity, disaster recovery and other business resilience frameworks to reflect the lessons learnt from these events’ the Auditor-General said.
The report noted that special procurement provisions were put in place to allow agencies to better respond to the COVID-19 pandemic. The Auditor-General recommended agencies update their procurement policies to reflect the current requirements of the NSW Procurement Framework and the emergency procurement requirements.
This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2020. These 40 agencies constitute an estimated 85 per cent of total expenditure for all NSW public sector agencies.
1. Internal control trends
| New, repeat and high risk findings |
Internal control deficiencies increased by 13 per cent compared to last year. This is predominately due to a seven per cent increase in new internal control deficiencies and 24 per cent increase in repeat internal control deficiencies. There were ten high risk findings compared to four last year. The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies. Agencies should:
|
| Common findings |
A number of findings remain common across multiple agencies over the last four years, including:
|
2. Information technology controls
| IT general controls |
We found deficiencies in information security controls over key financial systems including:
The deficiencies above increase the risk of non-compliance with the NSW Cyber Security Policy, which requires agencies to have processes in place to manage user access, including privileged user access to sensitive information or systems and remove that access once it is not required or employment is terminated. |
3. Business continuity and disaster recovery planning
| Assessing risks to business continuity and Scenario testing |
The response to the recent emergencies and the COVID-19 pandemic has encompassed a wide range of activities, including policy setting, on-going service delivery, safety and availability of staff, availability of IT and other systems and financial management. Agencies were required to activate their business continuity plans in response, and with the continued impact of COVID-19 have not yet returned to a business-as-usual environment. Our audits focused on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic. We identified deficiencies in agency business continuity and disaster recovery planning arrangements. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities. Agencies can also improve the content of their BIA. For example, ten per cent of agencies' BIAs did not include recovery time objectives and six per cent of agencies did not identify key IT systems that support critical business functions. Scenario testing improves the effectiveness with which a live crisis is handled, but 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. There were also opportunities to improve the effectiveness of scenario testing exercises by:
Agencies have responded to the recent emergencies but addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required. During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'. |
| Responding to disruptions |
We found agencies' governance functions could have been better informed about responses to disruptive incidents that had activated a business continuity or disaster recovery response between 1 January 2019 to 31 December 2019. For instance: in 89 per cent of instances where a business continuity response was activated, a post-incident review had been performed. In 82 per cent of these instances, the outcomes were reported to a relevant governance or executive management committee in 95 per cent of instances where a disaster recovery response was activated, a post incident review had been performed. In 86 per cent of these instances, the outcomes were reported to a relevant governance committee or executive management committee. Examples of recorded incidents included extensive air quality issues and power outages due to bushfires, system and network outages, and infected and hijacked servers. Agencies should assess their response to the recent emergencies and the COVID-19 pandemic and update business continuity, disaster recovery and other business resilience frameworks to incorporate lessons learned. Agencies should report to those charged with governance on the results and planned actions. |
| Management review and oversight | Eighty-two per cent and 86 per cent of agencies report to their audit and risk committees (ARC) on their business continuity and disaster recovery planning arrangements, respectively. Only 18 per cent and five per cent of ARCs are briefed on the results of respective scenario testing. Briefing ARCs on the results of scenario testing exercises helps inform their decisions about whether sound and effective business continuity and disaster recovery arrangements have been established. |
4. Procurement, including emergency procurement
| Policy framework |
Agency procurement policies did not capture the requirements of several key NSW Procurement Board Directions (the Directions), increasing the risk of non-compliance with the Directions. We noted:
Recommendation: Agencies should review their procurement policies and guidelines to ensure they capture the key requirements of the NSW Government Procurement Policy Framework, including NSW Procurement Board Directions. |
| Managing contracts |
Eighty-eight per cent of agencies maintain a central contract register to record all details of contracts above $150,000, which is a requirement of GIPA legislation. Of the agencies that maintained registers, 13 per cent did not capture all contracts and eight per cent did not include all relevant contract details. Sixteen per cent of agencies did not periodically review their contract register. Timely review increases compliance with GIPA legislation, and enhances the effectiveness with which procurement business units monitor contract end dates, contract extensions and commence new procurement. |
| Training and support |
Ninety-three per cent of agencies provide training to staff involved in procurement processes, and a further 77 per cent of agencies provide this training on an on-going basis. Of the seven per cent of agencies that had not provided training to staff, we noted gaps in aspects of their procurement activity, including:
Training on procurement activities ensures there is effective management of procurement processes to support operational requirements, and compliance with procurement directions. |
| Procurement activities | While agencies had implemented controls for tender activities above $650,000, 43 per cent of unaccredited agencies did not comply with the NSW Procurement Policy Framework because they had not had their procurement endorsed by an accredited agency within the cluster or by NSW Procurement. This endorsement aims to ensure the procurement is properly planned to deliver a value for money outcome before it commences. |
| Emergency procurement |
As at 30 June 2020, agencies within the scope of this report reported conducting 32,239 emergency procurements with a total contract value of $316,908,485. Emergency procurement activities included the purchase of COVID-19 cleaning and hygiene supplies. The government, through NSW Procurement released the 'COVID-19 Emergency procurement procedure', which relaxed procurement requirements to allow agencies to make COVID-19 emergency procurements. Our review against the emergency procurement measures found most agencies complied with requirements. For example:
Complying with the procedure helps to ensure government resources are being efficiently, effectively, economically and in accordance with the law. Recommendation: Agency procurement frameworks should be reviewed and updated so they can respond effectively to emergency situations that may arise in the future. This includes:
|
5. Delegations
| Instruments of delegation |
We found that agencies have established financial and human resources delegations, but some had not revisited their delegation manuals following the legislative and machinery of government changes. For those agencies impacted by machinery of government changes we noted:
Delegations manuals are not always complete; 16 per cent of agencies had no delegation for writing off bad debts and 26 per cent of agencies had no delegation for writing off capital assets. Recommendation: Agencies should ensure their financial and human resources delegation manuals contain regular set review dates and are updated to reflect the Government Sector Finance Act 2018, machinery of government changes and their current organisational structure and roles and responsibilities. |
| Compliance with delegations |
Agencies did not understand or correctly apply the requirements of the Government Sector Finance Act 2018 (GSF Act), resulting in non-compliance with the Act. We found that 18 per cent of agencies spent deemed appropriations without obtaining an authorised delegation from the relevant Minister(s), as required by sections 4.6(1) and 5.5(3) of the GSF Act. Further detail on this issue will be included in our Auditor-General's Reports to Parliament on Central Agencies, Education, Health and Stronger Communities, which will be tabled throughout December 2020. Recommendation: Agencies should review financial and human resources delegations to ensure they capture all key functions of laws and regulations, and clearly specify the relevant power or function being conferred on the officer. |
6. Status of 2019 recommendations
| Progress implementing last year's recommendations |
Recommendations were made last year to improve transparency over reporting on gifts and benefits and improve the visibility management and those charged with governance had over actions taken to address conflicts of interest that may arise. This year, we continue to note:
While we acknowledge the significance of the recent emergencies, which have consumed agency time and resources, we note limited progress has been made implementing these recommendations. Further detail on the status of implementing all recommendations is in Appendix 2. Recommendation: Agencies should re-visit the recommendations made in last year's report on internal controls and governance and action these recommendations. |
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.
|
Section highlights We identified ten high risk findings, compared to four last year with two findings repeated from the previous year. There was an overall increase of 13 per cent in the number of internal control deficiencies compared to last year due to a seven per cent increase in new internal control deficiencies, and a 24 per cent increase in repeat internal control deficiencies. The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies. We identified a number of findings that remain common across multiple agencies over the last four years. Some of these findings related to areas that are fundamental to good internal control environments and effective organisational governance. Examples include:
Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.
|
Section highlights Government agencies’ financial reporting is heavily reliant on information technology (IT). We continue to see a high number of deficiencies related to IT general controls, particularly those related to user access administration. These controls are key in adequately protecting IT systems from inappropriate access and misuse. IT is also important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our financial audits do not review all agency IT systems. For example, IT systems used to support agency service delivery are generally outside the scope of our financial audit. However, agencies should also consider the relevance of our findings to these systems. Agencies need to continue to focus on assessing the risks of inappropriate access and misuse and the implementation of controls to adequately protect their systems, focussing on the processes in place to grant, remove and monitor user access, particularly privileged user access. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency business continuity and disaster recovery planning arrangements.
|
Section highlights We identified deficiencies in agency business continuity and disaster recovery planning arrangements and opportunities for agencies to enhance their business continuity management and disaster recovery planning arrangements. This will better prepare them to respond to a disruption to their critical functions, resulting from an emergency or other serious event. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities and 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. Scenario testing improves the effectiveness with which a live crisis is handled. This section focusses on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic. While agencies have responded to the recent emergencies, proactively addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required. During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of procurement agency procurement policies and procurement activity.
|
Section highlights We found agencies have procurement policies in place to manage procurement activity, but the content of these policies was not sufficiently detailed to ensure compliance with NSW Procurement Board Directions (the Directions). The Directions aim to ensure procurement activity achieves value for money and meets the principles of probity and fairness. Agencies have generally implemented controls over their procurement process. In relation to emergency procurement activity, agencies reported conducting 32,239 emergency procurements with a total contract value of $316,908,485 up to 30 June 2020. Our review of emergency procurement activity conducted during 2019–20 identified areas where some agencies did not fully comply with the 'COVID-19 Emergency procurement procedure'. We also found not all agencies are maintaining complete and accurate contract registers. This not only increases the risk of non-compliance with GIPA legislation, but also limits the effectiveness of procurement business units to monitor contract end dates, contract extensions and commence new procurement in a timely manner. We noted instances where agencies renewed or extended contracts without going through a competitive tender process during the year. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency compliance with financial and human resources delegations.
Appendix one – List of 2020 recommendations
Appendix two – Status of 2019 recommendations
Appendix three – Cluster agencies
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
