Refine search Expand filter

Reports

Published

Actions for Planning and Environment 2018

Planning and Environment 2018

Planning
Environment
Asset valuation
Financial reporting
Information technology
Infrastructure
Internal controls and governance
Service delivery

The Auditor-General for New South Wales, Margaret Crawford, released her report today on the NSW Planning and Environment cluster. The report focuses on key observations and findings from the most recent financial audits of these agencies. Unqualified audit opinions were issued for all agencies' financial statements. However, some cultural institutions had challenges valuing collection assets in 2017–18. These issues were resolved before the financial statements were finalised.

This report analyses the results of our audits of financial statements of the Planning and Environment cluster for the year ended 30 June 2018. The table below summarises our key observations.

This report provides parliament and other users of the Planning and Environment cluster agencies' financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations
  • service delivery.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making is enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment cluster for 2018.

Observation Conclusions and recommendations
2.1 Quality of financial reporting
Unqualified audit opinions were issued for all agencies' financial statements. The quality of financial reporting remains high across the cluster.
2.2 Key accounting issues
There were errors in some cultural institutions' collection asset valuations. Recommendation: Collection asset valuations could be improved by:
  • early engagement with key stakeholders regarding the valuation method and approach
  • completing revaluations, including quality review processes earlier 
  • improving the quality of asset data by registering all items in an electronic database. 
2.3 Timeliness of financial reporting
Except for two agencies, the audits of cluster agencies’ financial statements were completed within the statutory timeframe.  Issues with asset revaluations delayed the finalisation of two environment and heritage agencies' financial statement audits. 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from:

  • our financial statement audits of agencies in the Planning and Environment cluster for 2018
  • the areas of focus identified in the Audit Office work program.

The Audit Office annual work program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters.

Observation Conclusions and recommendations
3.1 Internal controls
One in five internal control weaknesses reported in 2017–18 were repeat issues. Delays in implementing audit recommendations can prolong the risk of fraud and error.
Recommendation (repeat issue): Management letter recommendations to address internal control weaknesses should be actioned promptly, with a focus on addressing repeat issues.
One extreme risk was identified relating to the National Art School. The School does not have an occupancy agreement for the Darlinghurst campus. Lack of formal agreement creates uncertainty over the School's continued occupancy of the Darlinghurst site.

The School should continue to liaise with stakeholders to formalise the occupancy arrangement. 
 
3.2 Information technology controls
The controls and governance arrangements when migrating payroll data from the Aurion system to SAP HR system were effective. Data migration from the Aurion system to SAP HR system had no significant issues.
The Department can improve controls over user access to SAP system. The Department needs to ensure the SAP user access controls are appropriate, including investigation of excess access rights and resolving segregation of duties issues. 
3.3 Annual work program
Agencies used different benchmarks to monitor their maintenance expenditure. The cluster agencies under review operate in different industries. As a result, they do not use the same benchmarks to assess the adequacy of their maintenance spend. 

This chapter outlines certain service delivery outcomes for 2017–18. The data on activity levels and performance is provided by cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited. 

We report this information on service delivery to provide additional context to understand the operations of the Planning and Environment cluster, and to collate and present service information for different segments of the cluster in one report. 

In our recent performance audit, ‘Progress and measurement of Premier's Priorities’, we identified 12 limitations of performance measurement and performance data. We recommended the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all relevant agency data sources.

Published

Actions for Newcastle Urban Transformation and Transport Program

Newcastle Urban Transformation and Transport Program

Transport
Planning
Compliance
Infrastructure
Management and administration
Procurement
Project management

The urban renewal projects on former railway land in the Newcastle city centre are well targeted to support the objectives of the Newcastle Urban Transformation and Transport Program (the Program), according to a report released today by the Auditor-General for New South Wales, Margaret Crawford. The planned uses of the former railway land achieve a balance between the economic and social objectives of the Program at a reasonable cost to the government. However, the evidence that the cost of the light rail will be justified by its contribution to the Program is not convincing.

The Newcastle Urban Transformation and Transport Program (the Program) is an urban renewal and transport program in the Newcastle city centre. The Hunter and Central Coast Development Corporation (HCCDC) has led the Program since 2017. UrbanGrowth NSW led the Program from 2014 until 2017. Transport for NSW has been responsible for delivering the transport parts of the Program since the Program commenced. All references to HCCDC in this report relate to both HCCDC and its predecessor, the Hunter Development Corporation. All references to UrbanGrowth NSW in this report relate only to its Newcastle office from 2014 to 2017.

This audit had two objectives:

  1. To assess the economy of the approach chosen to achieve the objectives of the Program.
  2. To assess the effectiveness of the consultation and oversight of the Program.

We addressed the audit objectives by answering the following questions:

a) Was the decision to build light rail an economical option for achieving Program objectives?
b) Has the best value been obtained for the use of the former railway land?
c) Was good practice used in consultation on key Program decisions?
d) Did governance arrangements support delivery of the program?

Conclusion
1. The urban renewal projects on the former railway land are well targeted to support the objectives of the Program. However, there is insufficient evidence that the cost of the light rail will be justified by its contribution to Program objectives.

The planned uses of the former railway land achieve a balance between the economic and social objectives of the Program at a reasonable cost to the Government. HCCDC, and previously UrbanGrowth NSW, identified and considered options for land use that would best meet Program objectives. Required probity processes were followed for developments that involved financial transactions. Our audit did not assess the achievement of these objectives because none of the projects have been completed yet.

Analysis presented in the Program business case and other planning documents showed that the light rail would have small transport benefits and was expected to make a modest contribution to broader Program objectives. Analysis in the Program business case argued that despite this, the light rail was justified because it would attract investment and promote economic development around the route. The Program business case referred to several international examples to support this argument, but did not make a convincing case that these examples were comparable to the proposed light rail in Newcastle.

The audited agencies argue that the contribution of light rail cannot be assessed separately because it is a part of a broader Program. The cost of the light rail makes up around 53 per cent of the total Program funding. Given the cost of the light rail, agencies need to be able to demonstrate that this investment provides value for money by making a measurable contribution to the Program objectives.

2. Consultation and oversight were mostly effective during the implementation stages of the Program. There were weaknesses in both areas in the planning stages.

Consultations about the urban renewal activities from around 2015 onward followed good practice standards. These consultations were based on an internationally accepted framework and met their stated objectives. Community consultations on the decision to close the train line were held in 2006 and 2009. However, the final decision in 2012 was made without a specific community consultation. There was no community consultation on the decision to build a light rail.

The governance arrangements that were in place during the planning stages of the Program did not provide effective oversight. This meant there was not a single agreed set of Program objectives until 2016 and roles and responsibilities for the Program were not clear. Leadership and oversight improved during the implementation phase of the Program. Roles and responsibilities were clarified and a multi-agency steering committee was established to resolve issues that needed multi-agency coordination.
The light rail is not justified by conventional cost-benefit analysis and there is insufficient evidence that the indirect contribution of light rail to achieving the economic development objectives of the Program will justify the cost.
Analysis presented in Program business cases and other planning documents showed that the light rail would have small transport benefits and was expected to make a modest contribution to broader Program objectives. Analysis in the Program business case argued that despite this, the light rail was justified because it would attract investment and promote economic development around the route. The Program business case referred to several international examples to support this argument, but did not make a convincing case that these examples were comparable to the proposed light rail in Newcastle.
The business case analysis of the benefits and costs of light rail was prepared after the decision to build light rail had been made and announced. Our previous reports, and recent reports by others, have emphasised the importance of completing thorough analysis before announcing infrastructure projects. Some advice provided after the initial light rail decision was announced was overly optimistic. It included benefits that cannot reasonably be attributed to light rail and underestimated the scope and cost of the project.
The audited agencies argue that the contribution of light rail cannot be assessed separately because it is part of a broader Program. The cost of the light rail makes up around 53 per cent of the total Program funding. Given the high cost of the light rail, we believe agencies need to be able to demonstrate that this investment provides value for money by making a measurable contribution to the Program objectives.

Recommendations
For future infrastructure programs, NSW Government agencies should support economical decision-making on infrastructure projects by:
  • providing balanced advice to decision makers on the benefits and risks of large infrastructure investments at all stages of the decision-making process
  • providing scope and cost estimates that are as accurate and complete as possible when initial funding decisions are being made
  • making business cases available to the public.​​​​​​
The planned uses of the former railway land achieve a balance between the economic and social objectives of the Program at a reasonable cost to the government.

The planned uses of the former railway land align with the objectives of encouraging people to visit and live in the city centre, creating attractive public spaces, and supporting growth in employment in the city. The transport benefits of the activities are less clear, because the light rail is the major transport project and this will not make significant improvements to transport in Newcastle.

The processes used for selling and leasing parts of the former railway land followed industry standards. Options for the former railway land were identified and assessed systematically. Competitive processes were used for most transactions and the required assessment and approval processes were followed. The sale of land to the University of Newcastle did not use a competitive process, but required processes for direct negotiations were followed.

Recommendation
By March 2019, the Hunter and Central Coast Development Corporation should:
  • work with relevant stakeholders to explore options for increasing the focus on the heritage objective of the Program in projects on the former railway land. This could include projects that recognise the cultural and industrial heritage of Newcastle.
Consultations about the urban renewal activities followed good practice standards, but consultation on transport decisions for the Program did not.

Consultations focusing on urban renewal options for the Program included a range of stakeholders and provided opportunities for input into decisions about the use of the former railway land. These consultations received mostly positive feedback from participants. Changes and additions were made to the objectives of the Program and specific projects in response to feedback received. 

There had been several decades of debate about the potential closure of the train line, including community consultations in 2006 and 2009. However, the final decision to close the train line was made and announced in 2012 without a specific community consultation. HCCDC states that consultation with industry and business representatives constitutes community consultation because industry representatives are also members of the community. This does not meet good practice standards because it is not a representative sample of the community.

There was no community consultation on the decision to build a light rail. There were subsequent opportunities for members of the community to comment on the implementation options, but the decision to build it had already been made. A community and industry consultation was held on which route the light rail should use, but the results of this were not made public. 

Recommendation
For future infrastructure programs, NSW Government agencies should consult with a wide range of stakeholders before major decisions are made and announced, and report publicly on the results and outcomes of consultations. 

The governance arrangements that were in place during the planning stages of the Program did not provide effective oversight. Project leadership and oversight improved during the implementation phase of the Program.

Multi-agency coordination and oversight were ineffective during the planning stages of the Program. Examples include: multiple versions of Program objectives being in circulation; unclear reporting lines for project management groups; and poor role definition for the initial advisory board. Program ownership was clarified in mid-2016 with the appointment of a new Program Director with clear accountability for the delivery of the Program. This was supported by the creation of a multi-agency steering committee that was more effective than previous oversight bodies.

The limitations that existed in multi-agency coordination and oversight had some negative consequences in important aspects of project management for the Program. This included whole-of-government benefits management and the coordination of work to mitigate impacts of the Program on small businesses.

Recommendations
For future infrastructure programs, NSW Government agencies should: 

  • develop and implement a benefits management approach from the beginning of a program to ensure responsibility for defining benefits and measuring their achievement is clear
  • establish whole-of-government oversight early in the program to guide major decisions. This should include:
    • agreeing on objectives and ensuring all agencies understand these
    • clearly defining roles and responsibilities for all agencies
    • establishing whole-of-government coordination for the assessment and mitigation of the impact of major construction projects on businesses and the community.

By March 2019, the Hunter and Central Coast Development Corporation should update and implement the Program Benefits Realisation Plan. This should include:

  • setting measurable targets for the desired benefits
  • clearly allocating ownership for achieving the desired benefits
  • monitoring progress toward achieving the desired benefits and reporting publicly on the results.

Appendix one - Response from agencies    

Appendix two - About the audit

Appendix three - Performance auditing

 

Parliamentary reference - Report number #310 - released 12 December 2018

Published

Actions for Transport 2018

Transport 2018

Transport
Asset valuation
Compliance
Financial reporting
Infrastructure
Management and administration
Procurement
Risk
Service delivery
Workforce and capability

The Auditor-General for New South Wales, Margaret Crawford released her report today on key observations and findings from the 30 June 2018 financial statement audits of agencies in the Transport cluster. Unqualified audit opinions were issued for all agencies' financial statements. However, assessing the fair value of the broad range of transport related assets creates challenges.

This report analyses the results of our audits of financial statements of the Transport cluster for the year ended 30 June 2018. The table below summarises our key observations.

This report provides Parliament and other users of the Transport cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Transport cluster for 2018.

Observation Conclusions and recommendations
2.1 Quality of financial reporting
Unqualified audit opinions were issued for all agencies' financial statements Sufficient audit evidence was obtained to conclude the financial statements were free of material misstatement.
2.2 Key accounting issues
Valuation of assets continues to create challenges. Although agencies complied with the requirements of the accounting standards and Treasury policies on valuations, we identified some opportunities for improvements at RMS.

RMS incorporated data from its asset condition assessments for the first time in the valuation methodology which improved the valuation outcome. Overall, we were satisfied with the valuation methodology and key assumptions, but we noted some deficiencies in the asset data in relation to asset component unit rates and old condition data for some components of assets. 

Also, a bypass and tunnel were incorrectly excluded from RMS records and valuation process since 2013. This resulted in an increase for these assets’ value by $133 million.

The valuation inputs for Wetlands and Moorings were revised this year to better reflect the assets' characteristics resulting in a $98.0 million increase.

2.3 Timeliness of financial reporting
Residual Transport Corporation did not submit its financial statements by the statutory reporting deadline. Residual Transport Corporation remained a dormant entity with no transactions for the year ended 30 June 2018.
With the exception of Residual Transport Corporation, all agencies completed early close procedures and submitted financial statements within statutory timeframes. Early close procedures allow financial reporting issues and risks to be addressed early in the reporting and audit process.
2.4 Financial sustainability
NSW Trains and the Chief Investigator of the Office of Transport Safety Investigations reported negative net assets of $75.7 million and $89,000 respectively at 30 June 2018.  NSW Trains and the Chief Investigator of the Office of Transport Safety Investigations continue to require letters of financial support to confirm their ability to pay liabilities as they fall due. 
2.5 Passenger revenue and patronage
Transport agencies revenue growth increased at a higher rate than patronage. Public transport passenger revenue increased by $114 million (8.3 per cent) in 2017–18, and patronage increased by 37.1 million (5.1 per cent) across all modes of transport based on data provided by TfNSW. 
Negative balance Opal Cards resulted in $3.8 million in revenue not collected in 2017–18 and $7.8 million since the introduction of Opal. A total of 1.1 million Opal cards issued since its introduction have negative balances. Transport for NSW advised it is liaising with the ticketing vendor to implement system changes and are investigating other ways to reduce the occurrences.
2.6 Cost recovery from public transport users
Overall cost recovery from users has decreased. Overall cost recovery from public transport users (on rail and bus services by STA) decreased from 23.2 per cent to 22.4 per cent between 2016–17 and 2017–18. The main reason for the decrease is due to expenditure increasing at a faster rate than revenue in 2017–18.


 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from:

  • our financial statement audits of agencies in the Transport cluster for 2018
  • the areas of focus identified in the Audit Office annual work program.

The Audit Office Annual Work Program provides a summary of all audits to be conducted within the proposed time period as well as detailed information on the areas of focus for each of the NSW Government clusters. 

Observation Conclusions and recommendations
3.1 Internal controls 
There was an increase in findings on internal controls across the Transport cluster. Key themes related to information technology, employee leave entitlements and asset management. Eighteen per cent of all issues were repeat issues.
3.2 Audit Office Annual work program
The Transport cluster wrote-off over $200 million of assets which were replaced by new assets or technology.

Majority of this write-off was recognised by RMS, with $199 million relating to the write-off of existing assets which have been replaced during the year. 

RailCorp is expected to convert to TAHE from 1 July 2019. Several working groups are considering different aspects of the TAHE transition including its status as a for-profit Public Trading Enterprise and which assets to transfer to TAHE. We will continue to monitor developments on TAHE for any impact to the financial statements.
RMS' estimated maintenance backlog at 30 June 2018 of $3.4 billion is lower than last year. Sydney Trains' estimated maintenance backlog at 30 June 2018 increased by 20.6 per cent to $434 million. TfNSW does not quantify its backlog maintenance. TfNSW advised it is liaising with Infrastructure NSW to develop a consistent definition of maintenance backlog across all transport service providers. 
Not all agencies monitor unplanned maintenance across the Transport cluster. Unplanned maintenance can be more expensive than planned maintenance. TfNSW should develop a consistent approach to define, monitor and track unplanned maintenance across the cluster.

This chapter outlines certain service delivery outcomes for 2017–18. The data on activity levels and performance is provided by Cluster agencies. The Audit Office does not have a specific mandate to audit performance information. Accordingly, the information in this chapter is unaudited. 

We report this information on service delivery to provide additional context to understand the operations of the Transport cluster and to collate and present service information for different modes of transport in one report. 

In our recent performance audit, Progress and measurement of Premier's Priorities, we identified 12 limitations of performance measurement and performance data. We recommended that the Department of Premier and Cabinet ensure that processes to check and verify data are in place for all agency data sources.

Published

Actions for Internal Controls and Governance 2018

Internal Controls and Governance 2018

Education
Community Services
Finance
Health
Industry
Justice
Planning
Premier and Cabinet
Transport
Treasury
Whole of Government
Environment
Compliance
Cyber security
Financial reporting
Fraud
Information technology
Internal controls and governance
Management and administration
Procurement
Project management

The Auditor-General for New South Wales Margaret Crawford found that as NSW state government agencies’ digital footprint increases they need to do more to address new and emerging information technology (IT) risks. This is one of the key findings to emerge from the second stand-alone report on internal controls and governance of the 40 largest NSW state government agencies.

This report analyses the internal controls and governance of the 40 largest agencies in the NSW public sector for the year ended 30 June 2018.

This report covers the findings and recommendations from our 2017–18 financial audits that relate to internal controls and governance at the 40 largest agencies (refer to Appendix three) in the NSW public sector.

This report offers insights into internal controls and governance in the NSW public sector

This is our second report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:

  • highlighting the potential risks posed by weaknesses in controls and governance processes
  • helping agencies benchmark the adequacy of their processes against their peers
  • focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.

Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. The way agencies deliver services increasingly relies on contracts and partnerships with the private sector. Many of these arrangements deliver front line services, but others provide less visible back office support. For example, an agency may rely on an IT service provider to manage a key system used to provide services to the community. The contract and service level agreements are only truly effective where they are actively managed to reduce risks to continuous quality service delivery, such as interruptions caused by system outages, cyber security attacks and data security breaches.

Our audits do not review all aspects of internal controls and governance every year. We select a range of measures, and report on those that present heightened risks for agencies to mitigate. This report divides these into the following five areas:

  1. Internal control trends
  2. Information technology (IT), including IT vendor management
  3. Transparency and performance reporting
  4. Management of purchasing cards and taxis
  5. Fraud and corruption control.

The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2018 cluster financial audit reports, which will be tabled in Parliament from November to December 2018.

The focus of the report has changed since last year

Last year's report topics included asset management, ethics and conduct, and risk management. We are reporting on new topics this year. We plan to introduce new topics and re-visit our previous topics in subsequent reports on a cyclical basis. This will provide a baseline against which to measure the NSW public sectors’ progress in implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.

Agencies selected for the volume account for 95 per cent of the state's expenditure

While we have covered only 40 agencies in this report, those selected are a large enough group to identify common issues and insights. They represent about 95 per cent of total expenditure for all NSW public sector agencies.

Internal controls are processes, policies and procedures that help agencies to:

  • operate effectively and efficiently
  • produce reliable financial reports
  • comply with laws and regulations
  • support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume presents this year’s controls and governance findings in more detail.

Observation Conclusions and recommendations
2.1 High risk findings
We found six high risk findings (seven in 2016–17), one of which was repeated from both last year and 2015–16. Recommendation: Agencies should reduce risk by addressing high risk internal control deficiencies as a priority.
2.2 Common findings
We found several internal controls and governance findings common to multiple agencies. Conclusion: Central agencies or the lead agency in a cluster can play a lead role in helping ensure agency responses to common findings are consistent, timely, efficient and effective.
2.3 New and repeat findings
Although internal control deficiencies decreased over the last four years, this year has seen a 42 per cent increase in internal control deficiencies. The increase in new IT control deficiencies and repeat IT control deficiencies signifies an emerging risk for agencies.
IT control deficiencies feature in this increase, having risen by 63 per cent since last year. The number of repeat IT control deficiencies has doubled and is driven by the increasing digital footprint left by agencies as government prioritises on-line interfaces with citizens, and the number of transactions conducted through digital channels increases

Recommendation: Agencies should reduce IT risks by:

  • assigning ownership of recommendations to address IT control deficiencies, with timeframes and actions plans for implementation
  • ensuring audit and risk committees and agency management regularly monitor the implementation status of recommendations.

 

Government agencies’ financial reporting is now heavily reliant on information technology (IT). IT is also increasingly important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our audits reviewed whether agencies have effective controls in place to manage both key financial systems and IT service contracts.

Observation Conclusions and recommendations
3.1 Management of IT vendors
Contract management framework 
Although 87 per cent of agencies have a contract management policy to manage IT vendors, one fifth require review.
 

Conclusion: Agencies can more effectively manage IT vendor contracts by developing policies and procedures to ensure vendor management frameworks are kept up to date, plans are in place to manage vendor performance and risk, and compliance with the framework is monitored by:

  • internal audit focusing on key contracting activities
  • experienced officers who are independent of contract administration performing spot checks or peer reviews
  • targeted analysis of data in contract registers.
Contract risk management
Forty-one per cent of agencies are not using contract management plans and do not assess contract risks. Half of the agencies that did assess contract risks, had not updated the risk assessments since the commencement of the contract.
 
Conclusion: Instead of applying a 'set and forget' approach in relation to management of contract risks, agencies should assess risk regularly and develop a plan to actively manage identified risks throughout the contract lifecycle - from negotiation and commencement, to termination.

Performance management
Eighty-six per cent of agencies meet with vendors to discuss performance. 

Only 24 per cent of agencies sought assurance about the accuracy of vendor reporting against KPIs, yet sixty-seven per cent of the IT contracts allow agencies to determine performance based payments and/or penalise underperformance.

Conclusion: Agencies are monitoring IT vendor performance, but could improve outcomes and more effectively manage under-performance by:

  • a more active, rigorous approach to both risk and performance management
  • checking the accuracy of vendor reporting against those KPIs and where appropriate seeking assurance over their accuracy
  • invoking performance based payments clauses in contracts when performance falls below agreed standards.

Transitioning services
Forty-three per cent of the IT vendor contracts did not contain transitioning-out provisions.

Where IT vendor contracts do make provision for transitioning-out, only 28 per cent of agencies have developed a transitioning-out plan with their IT vendor.

Conclusion: Contract transition/phase out clauses and plans can mitigate risks to service disruption, ensure internal controls remain in place, avoid unnecessary costs and reduce the risk of 'vendor lock-in'.
Contract Registers
Eleven out of forty agencies did not have a contract register, or have registers that are not accurate and/or complete.

Conclusion: A contract register helps to manage an agency’s compliance obligations under the Government Information (Public Access) Act 2009 (the GIPA Act). However, it also helps agencies more effectively manage IT vendors by:

  • monitoring contract end dates and contract extensions, and commence new procurements through their central procurement teams in a timely manner
  • managing their contractual commitments, budgeting and cash flow requirements.

Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations.

3.2 IT general controls
Governance
Ninety-five per cent of agencies have established policies to manage key IT processes and functions within the agency, with ten per cent of those due for review.
 
Conclusion: Regular review of IT policies ensures risks are considered and appropriate strategies and procedures are implemented to manage these risks on a consistent basis. An absence of policies can lead to ad-hoc responses to risks, and failure to consider emerging IT risks and changes to agency IT environments. 

User access administration
Seventy-two deficiencies were identified related to user access administration, including:

  • thirty issues related to granting user access across 43 per cent of agencies
  • sixteen issues related to removing user access across 30 per cent of agencies
  • twenty-six issues related to periodic reviews of user access across 50 per cent of agencies.
Recommendation: Agencies should strengthen the administration of user access to prevent inappropriate access to key systems.
Privileged access
Forty per cent of agencies do not periodically review logs of the activities of privileged users to identify suspicious or unauthorised activities.

Recommendation: Agencies should:

  • review the number of, and access granted to privileged users, and assess and document the risks associated with their activities
  • monitor user access to address risks from unauthorised activity.
Password controls
Twenty-three per cent of agencies did not comply with their own policy on password parameters.
Recommendation: Agencies should ensure IT password settings comply with their password policies.
Program changes
Fifteen per cent of agencies had deficient IT program change controls mainly related to segregation of duties and authorisation and testing of IT program changes prior to deployment.
Recommendation: Agencies should maintain appropriate segregation of duties in their IT functions and test system changes before they are deployed.

 

This chapter outlines our audit observations, conclusions and recommendations from our review of how agencies reported their performance in their 2016–17 annual reports. The Annual Reports (Statutory Bodies) Regulation 2015 and Annual Reports (Departments) Regulation 2015 (annual reports regulation) currently prescribes the minimum requirements for agency annual reports.

Observation Conclusion or recommendation
4.1 Reporting on performance

Only 57 per cent of agencies linked reporting on performance to their strategic objectives.

The use of targets and reporting performance over time was limited and applied inconsistently.

Conclusion: There is significant disparity in the quality and consistency of how agencies report on their performance in their annual reports. This limits the reliability and transparency of reported performance information.

Agencies could improve performance reporting by clearly linking strategic objectives to reported outcomes, and reporting on performance against targets over time. NSW Treasury may need to provide more guidance to agencies to support consistent and high-quality performance reporting in annual reports.

There is no independent assurance that the performance metrics agencies report in their annual reports are accurate.

Prior performance audits have noted issues related to the collection of performance information. For example, our 2016 Report on Red Tape Reduction highlighted inaccuracies in how the dollar-value of red tape reduction had been reported.

Conclusion: The ability of Parliament and the public to rely on reported information as a relevant and accurate reflection of an agency's performance is limited.

The relevance and accuracy of performance information is enhanced when:

  • policies and guidance support the consistent and accurate collection of data
  • internal review processes and management oversight are effective
  • independent review processes are established to provide effective challenge to the assumptions, judgements and methodology used to collect the reported performance information.
4.2 Reporting on reports

Agency reporting on major projects does not meet the requirements of the annual reports regulation.

Forty-seven per cent of agencies did not report on costs to date and estimated completion dates for major works in progress. Of the 47 per cent of agencies that reported on major works, only one agency reported detail about significant cost overruns, delays, amendments, deferments or cancellations.

NSW Treasury produce an annual report checklist to help agencies comply with their annual report obligations.

Recommendation: Agencies should comply with the annual reports regulation and report on all mandatory fields, including significant cost overruns and delays, for their major works in progress.

The information the annual reports regulation requires agencies to report deals only with major works in progress. There is no requirement to report on completed works.

Sixteen of 30 agencies reported some information on completed major works.

Conclusion: Agencies could improve their transparency if they reported, or were required to report:

  • on both works in progress and projects completed during the year
  • actual costs and completion dates, and forecast completion dates for major works, against original and revised budgets and original expected completion dates
  • explanations for significant cost overruns, delays and key project performance metrics.

 

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency preventative and detective controls over purchasing card and taxi use for 2017–18.

Observation Conclusion or recommendation
5.1 Management of purchasing cards
Volume of credit card spend
Purchasing card expenditure has increased by 76 per cent over the last four years in response to a government review into the cost savings possible from using purchasing cards for low value, high volume procurement.
 
Conclusion: The increasing use of purchasing cards highlights the importance of an effective framework for the use and management of purchasing cards.
Policy framework
We found all agencies that held purchasing cards had a policy in place, but 26 per cent of agencies have not reviewed their purchasing card policy by the scheduled date, or do not have a scheduled revision date stated within their policy.
Recommendation: Agencies should mitigate the risks associated with increased purchasing card use by ensuring policies and purchasing card frameworks remain current and compliant with the core requirements of TPP 17–09 'Use and Management of NSW Government Purchasing Cards'.
Preventative controls
We found that:
  • all agencies maintained purchasing card registers
  • seventy-six per cent provided training to cardholders prior to being issued with a card
  • eighty-nine per cent appointed a program administrator, but only half of these had clearly defined roles and responsibilities
  • thirty-two per cent of agencies place merchant blocks on purchasing cards
  • forty-seven per cent of agencies place geographic restrictions on purchasing cards.

Agencies have designed and implemented preventative controls aimed at deterring the potential misuse of purchasing cards.

Conclusion: Further opportunities exist for agencies to better control the use of purchasing cards, such as:

  • updating purchasing card registers to contain all mandatory fields required by TPP17–09
  • appointing a program administrator for the agency's purchasing card framework and defining their role and responsibility for the function
  • strengthening preventive controls to prevent misuse.

Detective controls
Ninety-two per cent of agencies have designed and implemented at least one control to monitor purchasing card activity.

Major reviews, such as data analytics (29 per cent of agencies) and independent spot checks (49 per cent of agencies) are not widely used.

Agencies have designed and implemented detective controls aimed at identifying potential misuse of purchasing cards.

Conclusion: More effective monitoring using purchasing card data can provide better visibility over spending activity and can be used to:

  • detect misuse and investigate exceptions
  • analyse trends to highlight cost saving opportunities.
5.2 Management of taxis
Policy framework
Thirteen per cent of agencies have not developed and implemented a policy to manage taxi use. In addition:
  • a further 41 per cent of agencies have not reviewed their policies by the scheduled revision date, or do not have a scheduled revision date
  • more than half of all agencies’ policies do not offer alternative travel options. For example, only 36 per cent of policies promoted the use of general Opal cards.
Conclusion: Agencies can promote savings and provide more options to staff where their taxi use policies:
  • limit the circumstances where taxi use is appropriate
  • offer alternate, lower cost options to using taxis, such as general Opal cards and rideshare.
Detective controls
All agencies approve taxi expenditure by expense reimbursement, purchasing card and Cabcharge, and have implemented controls around this approval process. However, beyond this there is minimal monitoring and review activity, such as data monitoring, independent spot checks or internal audit reviews.
Conclusion: Taxi spend at agencies is not significant in terms of its dollar value, but it is significant from a probity perspective. Agencies can better address the probity risk by incorporating taxi use into a broader purchasing card or fraud monitoring program.

 

Fraud and corruption control is one of the 17 key elements of our governance lighthouse. Recent reports from ICAC into state agencies and local government councils highlight the need for effective fraud control and ethical frameworks. Effective frameworks can help protect an agency from events that risk serious reputational damage and financial loss.

Our 2016 Fraud Survey found the NSW Government agencies we surveyed reported 1,077 frauds over the three year period to 30 June 2015. For those frauds where an estimate of losses was made, the reported value exceeded $10.0 million. The report also highlighted that the full extent of fraud in the NSW public sector could be higher than reported because:

  • unreported frauds in organisations can be almost three times the number of reported frauds
  • our 2015 survey did not include all NSW public sector agencies, nor did it include any NSW universities or local councils
  • fraud committed by citizens such as fare evasion and fraudulent state tax self-assessments was not within the scope of our 2015 survey
  • agencies did not estimate a value for 599 of the 1,077 (56 per cent) reported frauds.

Commissioning and outsourcing of services to the private sector and the advancement of digital technology are changing the fraud and corruption risks agencies face. Fraud risk assessments should be updated regularly and in particular where there are changes in agency business models. NSW Treasury Circular TC18-02 NSW Fraud and Corruption Control Policy now requires agencies develop, implement and maintain a fraud and corruption control framework, effective from 1 July 2018. 

Our Fraud Control Improvement Kit provides guidance and practical advice to help organisations implement an effective fraud control framework. The kit is divided into ten attributes. Three key attributes have been assessed below; prevention, detection and notification systems.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency fraud and corruption controls for 2017–18.

Observation Conclusion or recommendation
6.1 Prevention systems

Prevention systems
Ninety-two per cent of agencies have a fraud control plan in place, 81 per cent maintain a fraud database and 79 per cent report fraud and corruption matters as a standing item on audit and risk committee agendas.

Only 54 per cent of agencies have an employment screening policy and all agencies have IT security policies, but gaps in IT security controls could undermine their policies.

Conclusion: Most agencies have implemented fraud prevention systems to reduce the risk of fraud. However poor IT security along with other gaps in agency prevention systems, such as employment screening practices heightens the risk of fraud and inappropriate use of data.

Agencies can improve their fraud prevention systems by:

  • completing regular fraud risk assessments, embedding fraud risk assessment into their enterprise risk management process and reporting the results of the assessment to the audit and risk committee
  • maintaining a fraud database and reviewing it regularly for systemic issues and reporting a redacted version of the database on the agency's website to inform corruption prevention networks
  • developing policies and procedures for employee screening and benchmarking their current processes against ICAC's publication ‘Strengthening Employment Screening Practices in the NSW Public Sector’
  • developing and maintaining up to date IT security policies and monitoring compliance with the policy.
Twenty-three per cent of agencies were not performing fraud risk assessments and some agency fraud risk assessments may not be as robust as they could be.  Conclusion: Agencies' systems of internal controls may be less effective where new and emerging fraud risks have been overlooked, or known weaknesses have not been rectified.
6.2 Detection systems
Detection systems
Several agencies reported they were developing a data monitoring program, but only 38 per cent of agencies had already implemented a program.
 

Studies have shown data monitoring, whereby entire populations of transactional data are analysed for indicators of fraudulent activity, is one of the most effective methods of early detection. Early detection decreases the duration a fraud remains undetected thereby limiting the extent of losses.

Conclusion: Data monitoring is an effective tool for early detection of fraud and is more effective when informed by a comprehensive fraud risk assessment.

6.3 Notification systems
Notification system
All agencies have notification systems for reporting actual or suspected fraud and corruption. Most agencies provide multiple reporting lines, provide training and publicise options for staff to report actual or suspected fraud and corruption.
Conclusion: Training staff about their obligations and the use of fraud notification systems promotes a fraud-aware culture

 

Published

Actions for Mobile speed cameras

Mobile speed cameras

Transport
Compliance
Financial reporting
Information technology
Internal controls and governance
Management and administration
Regulation
Service delivery

Key aspects of the state’s mobile speed camera program need to be improved to maximise road safety benefits, according to a report released today by the Auditor-General for New South Wales, Margaret Crawford. Mobile speed cameras are deployed in a limited number of locations with a small number of these being used frequently. This, along with decisions to limit the hours that mobile speed cameras operate, and to use multiple warning signs, have reduced the broad deterrence of speeding across the general network - the main policy objective of the mobile speed camera program.

The primary goal of speed cameras is to reduce speeding and make the roads safer. Our 2011 performance audit on speed cameras found that, in general, speed cameras change driver behaviour and have a positive impact on road safety.

Transport for NSW published the NSW Speed Camera Strategy in June 2012 in response to our audit. According to the Strategy, the main purpose of mobile speed cameras is to reduce speeding across the road network by providing a general deterrence through anywhere, anytime enforcement and by creating a perceived risk of detection across the road network. Fixed and red-light speed cameras aim to reduce speeding at specific locations.

Roads and Maritime Services and Transport for NSW deploy mobile speed cameras (MSCs) in consultation with NSW Police. The cameras are operated by contractors authorised by Roads and Maritime Services. MSC locations are stretches of road that can be more than 20 kilometres long. MSC sites are specific places within these locations that meet the requirements for a MSC vehicle to be able to operate there.

This audit assessed whether the mobile speed camera program is effectively managed to maximise road safety benefits across the NSW road network.

Conclusion

The mobile speed camera program requires improvements to key aspects of its management to maximise road safety benefits. While camera locations have been selected based on crash history, the limited number of locations restricts network coverage. It also makes enforcement more predictable, reducing the ability to provide a general deterrence. Implementation of the program has been consistent with government decisions to limit its hours of operation and use multiple warning signs. These factors limit the ability of the mobile speed camera program to effectively deliver a broad general network deterrence from speeding.

Many locations are needed to enable network-wide coverage and ensure MSC sessions are randomised and not predictable. However, there are insufficient locations available to operate MSCs that meet strict criteria for crash history, operator safety, signage and technical requirements. MSC performance would be improved if there were more locations.

A scheduling system is meant to randomise MSC location visits to ensure they are not predictable. However, a relatively small number of locations have been visited many times making their deployment more predictable in these places. The allocation of MSCs across the time of day, day of week and across regions is prioritised based on crash history but the frequency of location visits does not correspond with the crash risk for each location.

There is evidence of a reduction in fatal and serious crashes at the 30 best-performing MSC locations. However, there is limited evidence that the current MSC program in NSW has led to a behavioural change in drivers by creating a general network deterrence. While the overall reduction in serious injuries on roads has continued, fatalities have started to climb again. Compliance with speed limits has improved at the sites and locations that MSCs operate, but the results of overall network speed surveys vary, with recent improvements in some speed zones but not others.
There is no supporting justification for the number of hours of operation for the program. The rate of MSC enforcement (hours per capita) in NSW is less than Queensland and Victoria. The government decision to use multiple warning signs has made it harder to identify and maintain suitable MSC locations, and impeded their use for enforcement in both traffic directions and in school zones. 

Appendix one - Response from agency

Appendix two - About the audit

Appendix three - Performance auditing

 

Parliamentary reference - Report number #308 - released 18 October 2018

Published

Actions for Procurement and reporting of consultancy services

Procurement and reporting of consultancy services

Finance
Education
Community Services
Industry
Justice
Planning
Premier and Cabinet
Health
Treasury
Transport
Environment
Information technology

Agencies need to improve their compliance with requirements governing the procurement of consultancy services. These requirements help agencies access procurement savings. Also, some agencies have under-reported consultancy fees in their annual reports for the 2016-17 financial year, according to a report released today by the Auditor-General for New South Wales, Margaret Crawford. The report examined twelve agencies' compliance with procurement and reporting obligations for consultancy services. It notes that it is difficult to quantify total government expenditure on consultants as agencies define ‘consultants’ differently.

NSW Government agencies engage consultants to provide professional advice to inform their decision‑making. The spend on consultants is measured and reported in different ways for different purposes and the absence of a consistently applied definition makes quantification difficult.

The NSW Government’s procurement principles aim to help agencies obtain value for money and be fair, ethical and transparent in their procurement activities. All NSW Government agencies, with the exception of State Owned Corporations, must comply with the NSW Procurement Board’s Direction when engaging suppliers of business advisory services. Business advisory services include consultancy services. NSW Government agencies must disclose certain information about their use of consultants in their annual reports. The table below illustrates the detailed procurement and reporting requirements.

  Relevant guidance Requirements
Procurement of consultancy services PBD 2015 04 Engagement of major suppliers of consultancy and other services (the Direction) including the Standard Commercial Framework
(revised on 31 January 2018, shortly before it was superseded by 'PBD 2018 01')
 
Required agencies to seek the Agency Head or Chief Financial Officer's approval for engagements over $50,000 and report the engagements in the Major Suppliers' Portal (the Portal). 
  PBD 2018 01 Engagement of professional services suppliers
(replaced 'PBD 2015 04' in May 2018)
Requires agencies to seek the Agency Head or Chief Financial Officer's approval for engagements that depart from the Standard Commercial Framework and report the engagements in the Portal. Exhibit 3 in the report includes the key requirements of these three Directions.
 
Reporting of consultancy expenditure Annual Reports (Departments) Regulation 2015 and Annual Reports (Statutory Bodies) Regulation 2015 Requires agencies to disclose, in their annual reports, details of consultants engaged in a reporting year.
  Premier's Memorandum 
'M2002 07 Engagement and Use of Consultants'
 
Outlines additional reporting requirements for agencies to describe the nature and purpose of consultancies in their annual reports.

We examined how 12 agencies complied with their procurement and reporting obligations for consultancy services between 1 July 2016 and 31 March 2018. Participating agencies are listed in Appendix two. We also examined how NSW Procurement supports the functions of the NSW Procurement Board within the Department of Finance, Services and Innovation.

This audit assessed:

  • agency compliance with relevant procurement requirements for their use of consultants
  • agency compliance with disclosure requirements about consultancy expenditure in their annual reports 
  • the effectiveness of the NSW Procurement Board (the Board) in fulfilling its functions to oversee and support agency procurement of consultancy services. 
Conclusion
No participating agency materially complied with procurement requirements when engaging consultancy services. Eight participating agencies under reported consultant fees in their annual reports. The NSW Procurement Board is not fully effective in overseeing and supporting agencies' procurement of consultancy services.
All 12 agencies that we examined did not materially comply with the NSW Procurement Board Direction for the use of consultants between 1 July 2016 and 31 March 2018. 
Eight agencies did not comply with annual reporting requirements in the 2016–17 financial reporting year. Three agencies did not report expenditure on consultants that had been capitalised as part of asset costs, and one agency did not disclose consultancy fees incurred by its subsidiaries. Agencies also defined ‘consultants’ inconsistently.
The NSW Procurement Board's Direction was revised in January 2018, and mandates the use of the Standard Commercial Framework. The Direction aims to drive value for money, reduce administrative costs and simplify the procurement process. In practice, agencies found the Framework challenging to use. To better achieve the Direction’s intent, the Board needs to simplify procurement and compliance processes. 
The Board is yet to publish any statistics or analysis of agencies’ procurement of business advisory services due to issues with the quality of data and systems limitations. Also, the Board’s oversight of agency and supplier compliance with the Framework is limited as it relies on self reporting, and the information provided is insufficient to properly monitor compliance. NSW Procurement is yet to develop an effective procurement and business intelligence system for use by government agencies. Better procurement support, benefit realisation monitoring and reporting by NSW Procurement will help promote value for money in the engagement of consultants.

Published

Actions for Universities 2017

Universities 2017

Universities
Asset valuation
Compliance
Cyber security
Financial reporting
Information technology
Internal controls and governance

The Auditor-General, Margaret Crawford released her report today on the results of financial audits of NSW universities for the year ended 31 December 2017. No qualified audit opinions were issued for any university and the quality and timeliness of financial reporting continues to improve.

This report analyses the results of our audits of financial statements of the ten NSW universities and their controlled entities for the year ended 31 December 2017. The table below summarises our key observations.

This report focuses on our observations on the common issues identified in our audits of the financial statements of the ten NSW universities and their controlled entities in 2017. The universities and controlled entities are listed in Appendix three and four respectively.

The report provides our analysis of universities’ results and findings in the following areas:

  • Financial reporting and performance
  • Teaching and research
  • Financial controls and governance.

Accurate and timely financial reporting is important for universities to make efficient and effective economic decisions. Sound financial performance provides the platform for universities to deliver high quality teaching and research outcomes. 

This chapter outlines our audit observations on the financial reporting and performance of NSW universities for 2017.

Observation Conclusion or recommendation
3.1 Financial reporting
Audit results
The financial statements of all ten NSW universities and 66 out of 69 of their controlled entities received unmodified audit opinions. Two controlled entities did not fully comply with the financial reporting and audit requirements of the Public Finance and Audit Act 1983 as they did not submit their financial statements to the Auditor-General. One of these entities was audited under the requirements applicable in its foreign jurisdiction. A third controlled entity submitted financial statements, but only after the statutory due date.
Quality and timeliness of financial reporting
The number of uncorrected misstatements continues to decrease. The quality of financial statements of the universities improved in 2017.
Two universities simplified disclosures in their financial statements. The financial statements of the University of Sydney and Macquarie University are more concise, readable and understandable than those of other universities. 
Six universities finalised their financial statements earlier than in previous years. Universities that performed aspects of early close procedures improved the timeliness of their financial reporting and helped us conclude our audits earlier. 
Eight universities are yet to quantify the impact of new accounting standards applicable in future years.  The two universities that have assessed the impact of the new accounting standards believe the impact will be material.
An accounting issue was identified relating to the recognition and measurement of payroll tax liabilities on employees' defined benefit superannuation contributions payable to the superannuation funds. Recommendation: NSW universities should clarify the recognition and measurement of their liability for payroll tax on their defined benefit superannuation obligations before 31 December 2018. 
3.2 Financial performance
Sources of revenue from operations
Government grants as a proportion of total revenue decreased over the past five years by 6.4 per cent.

The Australian Government announced funding freezes to Australian Government grants revenue for the next two years.

Universities are expanding other revenue streams to decrease their reliance on grant funding. The revenue stream that has increased the most significantly over the past five years is overseas student revenue.

Revenue from overseas student course fees increased by 23 per cent in the last year and contributed $2.8 billion to the NSW university sector in 2017. Overseas student revenue exceeded domestic student revenue by 37 per cent, and comprised over a quarter of NSW universities' total revenues in 2017. The growth in overseas student revenue has not been shared equally in the sector. Some universities are more dependent on overseas student revenue than others.
Revenue from overseas students from four countries comprised 37 per cent of total student revenues for all NSW universities.  Recommendation: NSW universities should assess their student market concentration risk where they rely heavily on students from a single country of origin. This increases their sensitivity to economic or political changes in that country.
Universities' data shows as much as 71 per cent of their overseas student revenue comes from a single country of origin. 
Research income of NSW universities was $1.1 billion in 2016 and has grown by 9.8 per cent between 2012 and 2016. Two universities attracted 65.2 per cent of the total research income received by all NSW universities.
Other revenues
Total philanthropic revenue increased by 1.0 per cent to $151 million in 2017.

Philanthropic revenue has been increasing for the past five years.

Two universities attracted 76.8 per cent of the total philanthropic dollars received by all NSW universities.

Average investment returns fell from 7.0 per cent in 2013 to 5.8 per cent in 2017, while total investments grew to $5.4 billion in 2017 from $3.5 billion in 2013.

Universities have structured their investment portfolios between fixed and non-fixed income assets, seeking to optimise their returns in a low interest rate environment within the limits of their risk management strategies.

Investment income is a significant source of revenue for some, but not all universities. Two universities' investment funds represented 52.3 per cent of the total investment funds of all NSW universities combined.

Low interest rates have made investment in fixed income assets less attractive for universities. Over the last five years universities have increased their investment in non-fixed income (or market based) assets by 67.1 per cent.  
Most NSW universities have established investment governance frameworks.  
Financial sustainability indicators
Operating expenditure per equivalent full-time student load (EFTSL) increased by 3.0 per cent in 2017. The universities that have been able to attract international students to grow their operational revenues have been able to leverage economies of scale to maximise their average margin per EFTSL. Other universities have had to rely on containing costs to achieve higher EFTSL margins.
For six universities, the growth in operating expenditure has exceeded the growth in operating revenue, reducing operating margins. The risk associated with narrowing margins is compounded where universities have a high reliance on student revenues from a single source. Sudden changes in demand can challenge the ability of those universities to adjust their cost structures.

As the margin between operating revenue and operating expenditure decreases, operational results are more at risk from unexpected fluctuations, such as Australian Government higher education reforms and reduced overseas student enrolments.

Smaller operating margins reduce the funds available to invest in upgrading infrastructure and implement corporate strategies to meet future challenges.

Eight universities have current ratios greater than one in 2017.    
Controlled entities
Sixteen of the universities' 58 controlled entities that operate business activities reported losses in 2017 (15 in 2016). Overall, the financial performance of controlled entities operating business activities was positive, but results in 2017 were lower than in 2016. 
The total profit of controlled entities operating business activities decreased 5.5 per cent to $77.5 million in 2017 ($82.6 million in 2016). Universities may be able to improve their overall performance by reassessing the viability of business ventures that continue to make losses and/or rely on them for financial support. 
Eighteen controlled entities relied on guarantees of financial support from their parent entity in 2017 (19 in 2016).  

Teaching and research are key objectives of universities and they invest most of their resources in achieving high quality academic and research outcomes to maintain or advance their reputations and rankings in Australia and abroad. Universities have also committed to achieving certain government objectives.

This chapter outlines teaching and research outcomes for NSW universities for 2017.

Observation Conclusion or recommendation
4.1 Teaching outcomes
Achieving Australian Government target
NSW universities met the Australian Government target of having 40 per cent of 25 to 34 year-olds with bachelor degrees ten years earlier than the original target date of 2025.

The proportion of 25 to 34 year-olds in NSW holding a bachelor degree increased to 43.4 per cent in 2017.

In 2009, when the target was originally set, only 35.5 per cent of 25 to 34 year-olds held a bachelor degree.

Graduate employment rates

Seven universities exceeded the national average of 71.8 per cent for the proportion of their undergraduates who obtain full-time employment.

Four universities achieved better than the national average of 86.1 per cent for the proportion of their postgraduates who obtain full-time employment.

Most NSW universities' employment outcomes are better than the national average.
Student enrolments by field of education
NSW universities have increased enrolments in fields of study that align with known skills shortages in NSW identified by the Australian Government for 2016 and 2017. Alignment of student intake with identified shortages helps ensure graduates secure timely employment on completion of their studies. 
Achieving diversity outcomes

NSW universities agreed to targets set by the Australian Government for enrolments of students from low socio economic status (SES) and Aboriginal or Torres Strait Islander backgrounds.

NSW universities can improve outcomes for these students by implementing policies to increase enrolments and support students to graduation.

Three universities exceeded the target of 20 per cent of low SES student enrolments in 2017.

Six universities met their Indigenous student enrolment target in 2017. The target is having a growth rate in the enrolment of Indigenous students that is more than 50 per cent higher than the growth rate of non-Indigenous student enrolments.

At the current rate, it is unlikely most universities will reach the agreed low SES target by 2020.

Appropriate financial controls help ensure efficient and effective use of resources, and the implementation and monitoring of university policies. Governance consists of frameworks, processes and behaviours that enable the universities to operate effectively and comply with relevant laws and policies.

This chapter outlines our audit observations on the financial control and governance of NSW universities for 2017.

Observation Conclusion or recommendation
5.1 Internal controls
Internal control findings

Eighty-three internal control deficiencies were identified during our audits, of which 40 related to Information Technology (IT).
High risk
We identified a high risk finding in relation to storage of unencrypted username and password information on a database without appropriate access restrictions. We performed additional audit procedures to conclude that the control deficiency did not present a risk of material misstatement in the university's financial statements.
Moderate risk
Forty-three moderate risk control deficiencies were identified, of which 22 related to IT and 21 related to governance and financial reporting.

Recommendation: NSW universities should ensure controls, including information technology controls, are properly designed and operate effectively to protect intellectual property, staff and student data, and assets. Universities should rectify identified deficiencies in a timely manner.
Repeat findings
Twenty-four findings were repeat internal control deficiencies, of which 18 related to IT. 
IT issues can take some time to rectify because specialist skill and/or partnering with software suppliers is often required to implement new controls. However, until rectified, the vulnerabilities those control deficiencies present can be significant.
Cyber security
Our audits identified opportunities to improve cyber security controls and processes to reduce risks, including risks relating to financial loss, reputational damage and breaches of privacy laws.

Recommendation: NSW universities should strengthen their cyber security frameworks to manage cyber security risks. This includes developing:

  • procedures, protocols and supporting systems to effectively identify, report and respond to cyber security threats and incidents
     
  • staff awareness training and programs, including programs tailored for a range of audiences.

Use of credit card and work-related travel
All NSW universities had appropriate published policies on the use of credit cards, and have internal controls and processes to implement those policies.

The risks of unauthorised use can be mitigated by regular monitoring, and reporting breaches for investigation and disciplinary action.

Appropriately designed and implemented preventive and detective controls are most effective when enforcement and disciplinary activities are oversighted by university audit and risk committees. 

Published

Actions for Report on Local Government 2017

Report on Local Government 2017

Local Government
Asset valuation
Information technology
Internal controls and governance

Under section 421C of the Local Government Act 1993, I am pleased to present our first report on the statutory financial audits of councils, to NSW Parliament.

My appointment as the auditor of local government in New South Wales is the most significant change to the Auditor-General's mandate in nearly three decades.

Moving to the new audit arrangements over the past 18 months has been challenging but rewarding. It has confirmed my appreciation of local government – a sector passionate about the community and focused on delivering local services. 

The unique relationship each council has with its community differentiates it from other tiers of government.

Our audits
I am pleased to report that we completed 139 out of 140 financial statement audits for the 2016–17 audit cycle. The remaining council received an extension to lodge its financial statements.

We have also released a performance audit report on council reporting on service delivery. We will soon release another report on fraud controls in local councils and a report on council shared services later this year. 

  • While the new audit mandate brings immense responsibility, my office has embraced the challenges involved and the objectives that NSW Parliament gave us: 
  • strengthening governance and financial oversight in local government
  • providing greater consistency in external audit
  • ensuring reliable financial information is available to assess council performance
  • improving financial management, fiscal responsibility and public accountability in how councils use citizens’ funds.

This report
This report is rich in data extracted from the results of the 2016–17 financial audits. For the first time, it presents a consistent view of financial performance across the New South Wales local government landscape. The report also provides guidance and includes recommendations to councils and the Office of Local Government aimed at strengthening financial reporting, asset management, governance and internal controls.

The report will help NSW Parliament understand the common challenges that councils face. It provides points of comparison for councils and signposts matters that will be the focus of future audits. Importantly, this report and the data visualisation that accompanies it, provides comprehensive and accessible information to citizens regarding the management and performance of their councils.

I would like to acknowledge the cooperation of councils throughout the audit process and our partnerships with the contract audit firms that helped us to deliver the audits. Together we can learn from each other and work towards improving outcomes for the community.  

1.    Introduction
Local government sector NSW has 140 councils: 128 local councils serving a geographic area and 12 county councils formed for a specific purpose. 
We completed audits of 139 councils' 2016–17 financial statements and eight councils' 2015–16 financial statements. Bayside Council received a lodgement extension from the Office of Local Government (OLG) and has not yet presented their 2016–17 financial statements for audit.
Service delivery Each council provides a range of services, influenced by population density, demographics, the local economy, geographic and climatic characteristics. These differences influence the financial profile of councils.
2.    Financial reporting
Quality of financial reporting

The overall quality of financial reporting needs to improve:

  • we issued modified (qualified) audit opinions on the financial statements of three councils in 2016–17 and one council and one water authority in 2015–16
  • we reported 39 significant matters to 29 councils. They related to material accounting issues and significant deficiencies in internal controls
  • twenty-two councils required material adjustments to correct errors in previous audited financial statements
  • moderate risk issues were identified in financial statement preparation processes for 43 councils.

    OLG guidance for council year-end financial reporting needs to align with Australian Accounting Standards and be issued earlier.

Timeliness of financial reporting Timeliness of financial reporting needs to improve. Forty councils required lodgement extensions past the 31 October 2017 statutory reporting deadline.
3.    Financial performance and sustainability
Operating revenue Eighteen councils operating expenses exceed current operating revenue.
Fifty-nine councils do not meet OLG’s target of 60 per cent for own source operating revenue.
Liquidity and working capital Most councils have sufficient liquidity and working capital. However, there are indicators that:
  • three councils may not have the ability to meet short-term obligations as measured by the unrestricted current ratio
  • two councils may not have sufficient operating cash available to service debt as measured by the debt service cover ratio
  • eighteen councils do not meet the OLG benchmark for the collection of rates and annual charges 
  • five councils may not have sufficient cash to continue paying expenses without additional cash inflows as measured by the cash expense cover ratio.
Asset management measures Reporting against OLG’s asset management performance measures highlights that councils need to consider whether spending on existing infrastructure assets is sufficient to ensure they continue to meet service delivery standards:
  • seventy councils are not renewing assets in line with the rate of their depreciation
  • eighty-four councils did not meet OLG’s benchmark for managing the infrastructure maintenance backlog
  • seventy-one councils are not maintaining their assets in accordance with their asset management plans. 
4.    Asset management
High risk issues We reported ten high risk issues relating to councils’ asset management and accounting practices.
Asset reporting The accuracy of asset registers requires improvement and all assets need to be reported in the financial statements.
At 30 June 2017, 62 councils did not record all rural fire-fighting equipment in their financial statements. A large proportion of rural fire-fighting equipment is not reported in either State government or local government financial statements.
Asset valuation We reported seven high risk matters related to asset valuations, including two that resulted in qualified audit opinions.
Asset useful life estimates We identified that accounting for the useful lives of similar assets varied across councils, resulting in variable depreciation expense for these assets.
In addition, the useful lives of assets need to be reviewed annually. This review should be supported by current condition assessments.
Asset policy and planning Thirteen councils do not have an asset management strategy, policy and plan, as required by the Office of Local Government’s Integrated Planning and Reporting Framework.
5.    Governance and internal controls
High risk issues We reported 17 high risk issues relating to governance, financial accounting, purchasing and payables and payroll matters.
Governance There is currently no requirement for councils to have an audit, risk and improvement committee and internal audit function. Consequently, 53 councils do not have an audit committee and 52 councils do not have an internal audit function.
The Office of Local Government has incomplete information on the number of entities established by councils. There is no financial reporting framework for the variety of entities established by councils.
Councils can strengthen policies and procedures to support critical business processes, practices for risk management and compliance with key laws and regulations.
Internal controls Councils can improve internal controls over manual journals, reconciliations, purchasing and payables and payroll.
6.    Information technology
High risk issues We reported nine high risk issues relating to information technology.
Access to IT systems Controls over user access to IT systems need to be strengthened.
Information Technology governance IT governance benefits from appropriate policies, standards and guidelines across all critical IT processes. We identified that:
  • around one in four councils do not have an IT strategy or operational plan 
  • half of NSW councils have an IT security policy
  • seventeen councils do not have a documented plan to recover from a disaster.

 

Accurate and timely financial statements are an important element of sound financial management. They bring accountability and transparency to the way councils use public resources. Our financial audits assessed the following aspects of councils’ financial reporting:

  • quality of financial reporting
  • timeliness of financial reporting.
Observation Conclusion or recommendation
2.1 Quality of financial reporting

Qualified audit opinions
We issued unmodified audit opinions on the: 

  • 2016–17 financial statements of 136 councils and two water authorities 
  • 2015–163 financial statements for seven councils and two water authorities.
The councils that received unmodified audit opinions prepared financial statements that fairly present their financial position and results. 

We issued modified (qualified) opinions on the:

  • 2016–17 financial statements of three councils 
  • 2015–16 financial statement of one council and one water authority.

Councils with modified opinions should address the issues that give rise to the audit qualification.

Significant audit matters
We reported 39 significant matters in 29 councils. They included material accounting issues and significant deficiencies in internal controls. Seventy-seven per cent of the matters related to assets.
 
Significant issues with the quality of financial reporting delayed the completion of a number of audits. 
Improving the reporting on assets should be a priority. 
 
Prior period errors
We found 33 material errors worth $9.1 billion in the previous audited financial statements of 
22 councils. These all required prior-year audited balances to be corrected. Eighty eight per cent of these were asset related.
 
The high number of asset-related prior-period errors reinforces the need for councils to improve the way they value and account for assets.
Financial statements
We reported 43 moderate risk findings where councils can improve the way they complete their financial statements.
Recommendation
Councils can improve the quality of financial reporting by reviewing their financial statements close processes to identify areas for improvements.
 
Of the councils that had an audit, risk and improvement committee, 55 per cent of these did not review the financial statements before audit. Recommendation
Councils can improve the quality of financial reporting by involving an audit, risk and improvement committee in the review of financial statements.
 
OLG guidance
To support councils in preparing 30 June 2017 financial statements, OLG issued guidance documents in June 2017 and September 2017. This limited the time councils had to prepare financial statements in the prescribed form and resolve financial reporting and audit issues. 
Recommendation
The Office of Local Government should release the Local Government Code of Accounting Practice and Financial Reporting and the End of Year Financial Reporting Circular earlier in the audit cycle, ideally by 30 April each year.
 
The Code applicable for the 2016–17 financial reporting period provided options and guidance that in some instances did not fully align with Australian Accounting Standards. Recommendation
The Local Government Code of Accounting Practice and Financial Reporting should align with Australian Accounting Standards.
2.2 Timeliness of financial reporting
Statutory deadlines
One hundred councils submitted audited financial statements to OLG by the statutory deadline of 31 October 2017.
Thirty-nine councils received reporting extensions up to 28 February, including 16 of the 20 newly amalgamated councils.
Bayside Council received a reporting extension to 31 May 2018 and has not yet presented their financial statements for audit.
 
Councils need to improve their financial reporting processes in order to lodge their financial statements by the statutory reporting deadline.
Early close procedures
Councils currently do not use early close procedures to resolve accounting issues before the end of the financial year.
Recommendation
The Office of Local Government should introduce early close procedures with an emphasis on asset valuations.

3 The Auditor‑General was appointed statutory auditor of eight councils for the 2015–16 reporting period at the specific request of councils, due to the failure by councils to appoint an auditor, or the inability of the previous auditor to complete the audit due to external investigation or auditor retirement.

Strong and sustainable financial performance provides the platform for councils to deliver services and respond to the needs of their community. This chapter outlines our audit observations on the performance of councils against the Office of Local Government's (OLG) performance indicators, grouped in three areas:

  • operating revenue performance measures
  • liquidity and working capital performance measures
  • asset management performance measures.

Our analysis indicates that some councils face challenges in meeting these performance and sustainability measures.

Observations Conclusions
3.1 Operating revenue performance measures

Operating performance
Operating expenses for 18 councils exceeded their operating revenue.

Another 20 councils would not have met OLG’s operating performance benchmark without the receipt of 2017–18 financial assistance grants which was recorded as revenue during 2016–17.

Eleven councils have not met OLG’s operating performance benchmark for the last three years.

It is important that councils have financial management strategies that support their financial sustainability and ability to meet OLG’s operating performance benchmark over the long term.
Operating performance measures how well councils contain operating expenses within operating revenue. OLG has prescribed a benchmark of greater than zero.  

Own source operating revenue
Fifty-nine councils did not meet OLG’s benchmark, and 42 of those were rural councils.

Rural councils have high-value infrastructure assets that cover large areas with smaller populations and less capacity to raise revenue from alternative sources compared with metropolitan councils.
Own source operating revenue measures a council’s fiscal flexibility and the degree to which it can generate revenue from own sources compared with total revenue from all sources. OLG has prescribed a benchmark of more than 60 per cent of total revenue.  
3.2 Liquidity and working capital performance measures

Unrestricted current ratio
All but three councils met OLG’s benchmark.

Most councils can meet short-term obligations as they fall due.
The unrestricted current ratio represents a council’s ability to meet its short-term obligations as they fall due. OLG has prescribed a benchmark of greater than 1.5 times.  

Debt service cover ratio
All but two councils met OLG’s benchmark. These two councils did not meet OLG’s benchmark due to the early repayment of borrowings.

Regional councils have 56 per cent of the value of all borrowings in the sector.

Most councils have sufficient operating cash available to service their borrowings.

Regional councils borrow more heavily than metropolitan councils to deliver water and sewerage infrastructure. Metropolitan councils do not have the responsibility to provide water and sewerage infrastructure.

The debt service cover ratio measures the operating cash available to service debt including interest, principal and lease payments. OLG has prescribed a benchmark of greater than two times.  

Rates and annual charges outstanding
Eight rural, five regional, three metropolitan and two county councils did not meet OLG’s benchmark.

These councils also did not meet the infrastructure backlog ratio.

Most councils are collecting rates and annual charges levied. Councils with higher levels of uncollected rates and charges can experience increased pressure on the working capital available to fund operations.
The rates and annual charges outstanding measure assesses the impact of uncollected rates and annual charges on a council’s liquidity and the adequacy of debt recovery efforts. OLG has prescribed a benchmark of less than five per cent for metropolitan and less than ten per cent for other councils.  

Cash expense cover ratio
Three rural and two county councils did not meet OLG’s benchmark.

Most councils have the capacity to cover more than three months of operating expenses.
The cash expense cover ratio indicates the number of months a council can continue paying its expenses without additional cash inflows. OLG has prescribed a benchmark of greater than three months.  

This measure does not exclude externally and internally restricted funds. If externally restricted funds are excluded, all councils would still meet OLG’s benchmark. If both externally and internally restricted funds are excluded:

  • an additional 32 councils would have a cash expense cover ratio of less than three months
  • a further nine councils are left without any unrestricted funds for general operations.
Councils with a higher proportion of restricted funds may have less flexibility to pay operational expenses than the cash expense cover ratio suggests. However, councils can resolve to lift internal restriction if required.

3.3. Asset management performance measures (not audited)

Building and infrastructure renewals ratio
Seventy councils reported to OLG they do not meet the benchmark for this ratio.

Most councils included expenditure related to work-in-progress in calculating this ratio. OLG are of the view that work-in-progress should be excluded and as a result identified that a further 23 councils do not meet the benchmark.

These councils appear to not be renewing assets in line with the rate they are depreciating them. This raises questions as to whether council asset management plans are adequate to determine whether assets are being kept up to agreed standards.

Uncertainty on the inclusion of work-in-progress assets does need to be is clarified in order to ensure consistency in determining whether councils are adequately renewing their assets.

The building and infrastructure renewals ratio represents the rate at which assets are being renewed relative to the rate at which they are depreciating. OLG has prescribed a benchmark of greater than 100 per cent.  

Infrastructure backlog ratio
Eighty-four councils reported to OLG that they do not meet the benchmark for this ratio.

These councils may not be maintaining their infrastructure backlog at a manageable level.
The infrastructure backlog ratio represents the proportion of infrastructure backlog relative to the total net book value of a council's infrastructure assets. OLG has prescribed a benchmark of less than two per cent.  

Asset maintenance ratio
Seventy-one councils reported to OLG they do not meet the benchmark for this ratio

These councils’ maintenance expenditure may be insufficient to sustain their assets in a functional state so they reach their predicted useful life.
The asset maintenance ratio represents the rate at which assets are being maintained relative to the rate at which they are required to be maintained. OLG has prescribed a benchmark of greater than 100 per cent.  

Costs to bring assets to agreed service level
One-hundred and two councils reported results against this indicator to OLG. The reported results ranged from 0.1 per cent to 19.8 per cent.

There is variability between councils in the amount of outstanding renewal works to be completed.
This ratio represents the estimated cost to renew or rehabilitate existing infrastructure assets that have reached the condition-based interval level adopted by a council, relative to the gross replacement cost of all infrastructure assets. OLG has not prescribed a benchmark for this performance measure.  

OLG’s benchmarks for financial performance and sustainability

Each local council has unique characteristics such as its size, location and services provided to their communities. These differences affect the nature of each council's assets and liabilities, revenue and expenses, and in turn the financial performance measures against which it reports.

The Office of Local Government prescribes performance indicators for council reporting

The analysis in this chapter is based on performance measures prescribed in OLG’s Code of Accounting Practice and Financial Reporting (the Code). Councils report against these measures in their annual report, which includes the audited financial statements and other unaudited information. In the audited financial statements, councils report performance against six financial sustainability measures:

  • operating performance
  • own source operating revenue
  • unrestricted current ratio
  • debt service cover ratio
  • rates and annual charges outstanding percentage
  • cash expense cover ratio.

Councils also include the unaudited Special Schedule 7 'Report on Infrastructure Assets' in their annual reports. In this schedule, councils report to OLG on performance against four further measures:

  • building and infrastructure renewals ratio
  • infrastructure backlog ratio
  • asset maintenance ratio
  • cost to bring assets to agreed service level.

Each audited measure and three of the four unaudited measures has a prescribed benchmark. OLG’s benchmarks are the same for metropolitan, regional, rural and county councils, with the exception of the rates and annual charges outstanding percentage. Regional, rural and county councils have a different benchmark to metropolitan councils for this measure.

Three rural councils did not meet three of the audited OLG benchmarks

Most councils met OLG’s benchmarks for at least five or all of the six audited performance measures. Eight rural, four regional, four metropolitan and two county councils did not meet OLG’s benchmarks for two out of the six audited performance measures. Three rural councils did not meet OLG’s benchmarks for three out of the six audited performance measures.

The following table summarises how the councils performed across the six audited performance measures.

Number of OLG benchmarks met by councils   Number of councils  
Metropolitan Regional Rural County
6 12 12 29 5
5 17 21 17 5
4 4 4 8 2
3 -- -- 3 --
Not available* 1 -- -- --
Total 34 37 57 12

* The financial statements for Bayside Council are not yet presented for audit.
Source: Audited Financial Statements for 2016–17.

Appendix ten lists the performance of each council against all performance measures.

NSW councils own and manage a significant range of assets, including infrastructure, property, plant and equipment with a total value of $136 billion.

Many of the issues that our local government audits identified related to asset management. This chapter discusses some of the asset accounting issues we found, focusing on five areas:

  • overall asset management issues
  • asset registers
  • asset valuation
  • recognition and asset useful life estimates
  • asset policy and planning.
Observations Conclusion or recommendation
4.1 High risk issues

Significant matters reported to those charged with council governance
Our 2016–17 audits identified ten high risk issues related to the accuracy of asset registers, restricted assets and asset revaluations.

High risk issues affect council’s ability to maintain their assets in the condition required to deliver essential services.
4.2 Asset reporting

Accuracy of asset registers
Our audits identified instances where councils had multiple asset registers, inaccurate or incomplete registers, unreconciled registers, or uncontrolled manual spreadsheets.

Maintaining accurate asset records is important as it enables councils to manage their assets effectively and report on finances appropriately.

Unrecorded land and infrastructure assets
Twenty-four councils had not recorded $145 million worth of assets, mainly land and infrastructure assets.

Assets not captured in council records is at risk of not being subject to their care and control, nor recorded in the financial statements.

Rural fire-fighting equipment
At 30 June 2017, forty-six councils did report vested rural fire-fighting equipment in their financial statements. However, 62 councils did not record vested fire-fighting equipment in their financial statements. These rural fire‑fighting equipment assets are not reported in either State government or local government financial statements.

Recommendation
The Office of Local Government should address the different practices across the local government sector in accounting for rural fire‑fighting equipment before 30 June 2018.

In doing so, the Office of Local Government should work with NSW Treasury to ensure there is a whole‑of‑government approach.

4.3 Asset valuation

Restricted assets
Our audits found that ten councils did not appropriately consider restrictions on the use of community land and land under roads when determining asset fair values in accordance with Australian Accounting Standards.

Nine councils corrected the land values in their 2016–17 financial statements, reducing the reported value of community land and land under roads by $12.1 billion.

The valuation of community land and land under roads should reflect the physical and legislative restrictions on these assets as required by Australian Accounting Standards. The impact of restrictions can be significant.

Councils should consider engaging experts to assist with the determination of asset fair values, as necessary.

Asset revaluations
Our audits found many cases where councils did not review valuation results, comply with applicable codes, or work effectively with valuers to obtain accurate asset valuations.
Valuing large infrastructure assets is a complex process. Councils would benefit if the process is started earlier and there is a clear plan to ensure valuations are appropriately managed and documented.

4.4 Asset useful life estimates

Asset useful life estimates
We found considerable variability in councils' useful lives for similar assets.

In some cases, the useful lives of assets are not reviewed annually or supported by regular condition assessment.

Depreciation is a significant expense for councils and therefore impacts on reported financial results and key performance indicators.

To comply with Australian Accounting Standards, councils need to reassess the useful lives of all assets annually.

Regular condition assessments are essential to identify maintenance requirements and maintain service delivery.

4.5 Asset policy and planning

Asset management strategy
Thirteen councils do not have an asset management policy, strategy and plan, as required by OLG's Integrated Planning and Reporting Framework. Newly amalgamated councils have until 30 June 2018 to implement this.
An effective asset management strategy, policy and plan helps councils to manage their assets appropriately over their life cycle and to make informed decisions on the allocation of resources.

Asset overview

NSW councils own and manage a significant range of assets, including infrastructure, property, plant and equipment.

At 30 June 2017, the combined carrying value of NSW council assets was as follows.

Good governance systems help councils to operate effectively and comply with relevant laws and standards. Internal controls assist councils to operate reliably and produce effective financial statements.

This chapter highlights the high risk issues we found and reports on a range of governance and control areas. Governance and control issues relating to asset management and information technology are covered in separate chapters.

Observation Conclusion or recommendation
5.1 High risk issues
Significant matters reported to those charged with council governance
Our 2016–17 audits identified 36 high risk governance and internal control deficiencies across 17 councils.  Asset practices accounted for the highest number of high risk issues and information technology accounted for the largest overall number of control deficiencies. These matters are covered in chapters four and six respectively.
We reported:
  • seventeen high risk issues relating to governance, purchase-to-pay, financial accounting and payroll processes
  • ten high risk issues relating to asset practices
  • nine high risk issues related to information technology management.
High risk issues affect council’s ability to achieve their objectives and increase the risk of fraud and error. 
5.2 Governance
Audit committees
Councils are currently not required to have an audit, risk and improvement committee. Consequently, 53 councils do not have an audit committee.

Proposed legislative changes will require councils to establish an audit, risk and improvement committee by March 2021.

Recommendation
Councils should early adopt the proposed requirement to establish an audit, risk and improvement committee.

Internal audit
Councils are currently not required to have an internal audit function. Consequently, 52 councils do not have this function.

Recommendation
The Office of Local Government should introduce the requirement for councils to establish internal audit functions and update its 2010 Internal Audit Guidelines.

Council entities
The Office of Local Government's register of entities approved under section 358 of the Local Government Act 1993 is incomplete.

Recommendation
The Office of Local Government should maintain an accurate register of council entities approved under section 358 of the Local Government Act 1993.

The Local Government Act 1993 does not stipulate a financial reporting framework for council entities.    

Recommendation
The Office of Local Government should establish a financial reporting framework for council entities.

Policies and procedures
We identified 50 high and moderate risk issues across 33 councils where policies and procedures over critical business processes did not exist or had not been updated.

It is important there are current policies, standards and guidelines available to staff and contractors across all critical business processes.

Legislative compliance frameworks
Our audits found that 45 councils do not have sufficient processes to show they are complying with legislative requirements.

Councils can improve practices in monitoring compliance with key laws and regulations. This includes implementing a legislative compliance framework, register and policy.

Risk management
We identified 15 high and moderate risk issues across 15 councils where risk management practices could be strengthened.

Council risk management practices are enhanced when there is a fit-for-purpose risk management framework, register and policy to outline how risks are identified, managed and monitored.
5.3 Internal controls

Financial accounting
We identified 45 high and moderate risk control deficiencies across 41 councils concerning the use of manual journals to adjust council financial records. This can increase the risk of fraud and error.

We identified 51 high and moderate risk issues across 39 councils where reconciliation processes need to improve to support the preparation of accurate financial statements

Sound financial accounting processes include controls to ensure:

  • a person other than the preparer authorises manual journals
  • key account reconciliations are prepared and reviewed.
Purchasing and payables
We found 102 high and moderate risk deficiencies in purchasing and payable controls across 64 councils. Sound purchasing controls are important to minimise error, unauthorised purchases, fraud and waste.

As councils spend a substantial amount each year to procure goods and services, strong controls over purchasing and payment practices are critical. These include:

  • a review of changes to vendor master file data by an appropriate independent officer
  • an independent review and approval of purchases, including credit card transactions
  • compliance with Tendering Guidelines for NSW Local Government.

Payroll
We identified 71 high and moderate risk deficiencies in payroll controls across 48 councils. Weaknesses in payroll controls could result in incorrect payments being made to employees, due to error or fraud.

Managing excess annual leave balances was a challenge for 32 councils.

Effective payroll controls are important because employee expenses represent a large portion of council expenditure. These controls include segregation of duties in the review of payroll master file data, timesheets, leave forms, payroll exception reports and termination payments.

Excessive annual leave balances can have implications on employee costs, disrupts service delivery and affect work, health and safety. Excess annual leave balances should be continuously monitored and managed.

Like most public sector agencies, councils increasingly rely on information technology (IT) to deliver services and manage sensitive information. While IT delivers considerable benefits, it also presents risks that councils need to address.

Our review of council IT systems focused on understanding the processes and controls that support the integrity, availability and security of the data used to prepare financial statements. This chapter outlines issues in three broad areas:

  • high risk issues
  • access to IT systems
  • IT governance.
Issues Conclusion
6.1 High risk issues
Significant matters reported to those charged with council governance
Our 2016–17 audits identified nine high risk IT control deficiencies across seven councils. The issues related to user access controls, privileged access controls and user developed applications. High risk issues affect council’s ability to achieve their objectives and increase the risk of fraud and error.
6.2 Access to IT systems
User access controls
We identified 107 issues across 56 councils where user access controls could be strengthened.

Inadequate IT policies and controls around user access, including privileged access, increases the risk of individuals having excessive or unauthorised access to critical financial systems and data.

Privileged access
We identified 86 examples across 64 councils of inappropriate privileged access, inadequate review of access and insufficient retention and review of access logs.

 

User developed applications
User developed applications (UDAs) are computing applications, tools and processes developed or managed outside IT administration. UDAs may allow users to bypass formal user access controls.

Our audits found 22 councils using spreadsheets for business operations, decision making and financial reporting that were not adequately secured, with changes that were not tracked, tested or reviewed.

We also identified five councils where finance staff and senior management use database query tools to directly modify financial data, circumventing system-based business process controls.

It is important councils are aware of all circumstances they are relying on UDAs to limit the risk of errors and potential misuse. This allows councils to:

  • transition UDA functions to internal systems where possible
  • ensure UDAs are adequately controlled where they continue to use them
  • regularly review access rights to UDAs and back-up business-critical information.
6.3 IT Governance

Strategy, policies and procedures
Around one in four councils do not have an IT strategy or operational plan. Some councils also need to develop or improve IT policies and procedures.

Sixty-six councils do not have an adequate information security policy.

IT governance is enhanced where there is:

  • a fit-for-purpose IT strategy and operational plan
  • appropriate policies, standards and guidelines across all critical IT processes
  • a formally defined process to support security and access to all systems.

Disaster recovery and business continuity
Our audits identified that 17 councils do not have a documented plan to recover critical business functions in the event of a disaster.

The ability to restore data from backups is critical to ensure business continuity in the face of a system disaster.

We also found that 15 councils do not periodically test their ability to restore backups of data relevant to financial reporting.

Sound management of disaster recovery and business continuity includes:

  • a documented plan for how critical business functions will be recovered in the event of a disaster, which is periodically reviewed and tested
  • the ability to restore backed-up data, which is periodically tested.

We expect to focus on these areas in our future audits.

Published

Actions for Volume Eight 2012 focusing on Transport and Ports

Volume Eight 2012 focusing on Transport and Ports

Transport
Industry
Compliance
Financial reporting
Fraud
Information technology
Infrastructure
Management and administration
Procurement
Project management
Regulation
Risk
Workforce and capability

We issued unqualified audit opinions on the transport entities’ 30 June 2012 financial statements.

Some of the findings of the report include:

  • government funding to the public transport operators totalled $4.4 billion in 2011-12 ($3.7 billion in 2010-11)

  • passenger services revenue only covered 20 per cent of RailCorp's operating costs

  • Transport for NSW has formalised a protocol to mitigate the risk of potential conflicts of interests

  • At present, no sustainability framework exists for the transport agencies around environment and sustainability. Transport for NSW should complete its Environment and Sustainability Policy Framework by June 2013 and should publicly report its results annually

  • Transport patronage continued to grow with 510 million journeys on train, bus and ferry services

  • CityRail had two peak hour periods where only 36 per cent and 39 per cent of services were on time

  • On-time running performance for Sydney Ferries was above the NSW 2021 plan target of 98.5 per cent for most routes in 2011-12

  • Customer surveys by transport agencies no longer specifically address crowding on public transport. Transport for NSW should observe and report on crowding on all transport modes

  • Over 2,500 transport staff, or 8.3 per cent of the workforce, have excessive leave balances. All transport entities should do more to reduce excessive annual leave balances to ensure they will comply with new targets set by the Premier.