Refine search Expand filter

Audit progress

- Any -

Sector

- Any -

Year

- Any -

Report type

- Any -

Topic

- Any -

Reports

Published

Transport 2019

Transport
Asset valuation
Financial reporting
Infrastructure
Internal controls and governance
Management and administration
Service delivery
Workforce and capability

This report details the results of the financial audits of NSW Government's Transport cluster for the financial year ended 30 June 2019. The report focuses on key observations and findings from the most recent financial statement audits of agencies in the Transport cluster.

Unqualified audit opinions were issued for all agencies' financial statements. However, valuations of assets continue to create challenges across the cluster. The Audit Office identified some deficiencies in relation to asset valuations at Transport for NSW, Roads and Maritime Services, Rail Corporation New South Wales and Sydney Metro.

The Audit Office noted an increase in findings on internal controls across the Transport cluster. Key themes related to information technology, asset management and employee leave entitlements. The report also highlights the status of significant infrastructure projects across the Transport cluster.

The report makes several recommendations including:

  • agency finance teams need to be consulted on major business decisions and commercial transactions at the time of their execution to assess the financial reporting impacts
  • the Department of Transport should ensure consistent accounting policies are applied across its controlled entities.

Download the Transport 2019 report (PDF)

This report analyses the results of our audits of financial statements of the Transport cluster for the year ended 30 June 2019. The table below summarises our key observations.

1. Machinery of Government changes
Transport for NSW, as the
lead agency, will absorb the
functions of Roads and
Maritime Services

The NSW Government announced its intention to integrate Roads and Maritime Services (RMS) into Transport for NSW (TfNSW) as part of the Machinery of Government changes.

This change was not included in the Administrative Orders as the Transport Administration Act 1988 No. 109 governs the composition of the Transport cluster. The Transport Administration Amendment (RMS Dissolution) Act 2019 (the Act) received assent on 22 November 2019. The Act dissolves RMS and transfers the assets, rights and liabilities of RMS to TfNSW. As at the date of this Report, the Act is not yet in force.

Transport is considering the impact of the changes on its operating model and financial reporting.
2. Financial reporting
Audit opinions

Unqualified audit opinions were issued on the 2018–19 financial statements of all agencies in the Transport cluster.

TfNSW and Sydney Metro obtained a three-week extension from NSW Treasury to submit their financial statements for audit to resolve accounting issues surrounding the valuation of property, plant and equipment.

The Department of Transport reported total consolidated property, plant and equipment of $158 billion at 30 June 2019. In 2018–19, there were issues with asset valuations at TfNSW, RMS, Sydney Metro and Rail Corporation New South Wales (RailCorp), resulting in adjustments after the submission of financial statements for audit and the correction of a prior period error.

There was also a prior period error resulting from an agreement between TfNSW and the former UrbanGrowth Development Corporation due to a lack of assessment of the financial reporting implications at the time of signing the agreement.

Recommendation: Agency finance teams need to be consulted on major business decisions and commercial transactions to assess their accounting impacts at the time of their execution, rather than at the end of a financial year. Agencies also need to resolve all key accounting issues such as valuations as part of the early close procedures.

This would improve the quality of financial reporting and avoid the need for extensions for agencies to submit their financial statements for audit.
Preparedness for new
accounting standards		 Agencies across the cluster are progressing in their implementation of the new accounting standards.

Transport cluster agencies need to improve their contracts registers to ensure they have a complete list of contracts and agreements to assess the impact of the new accounting standards.
Valuation of assets remains
a challenge in the
Transport cluster

Whilst agencies complied with the requirements of the accounting standards and NSW Treasury policies on valuations, the Audit Office identified some deficiencies in relation to asset valuations across the cluster.

TfNSW reported a retrospective correction of a prior period error at 1 July 2017 which resulted in a reduction in the valuation of its Country Rail Network earthworks by $2.1 billion. This was due to survey results which identified the earthworks were flatter and lower than estimated in the valuation at 30 June 2017.

RMS made several adjustments during the year to correct asset values due to changes to valuation assumptions or data improvements. This included:

  • reduction of $318 million in the value of land under roads
  • decrease of $84.9 million to the value of land and buildings
  • changes to the value of traffic control and traffic signal network assets, due to data improvements.

Sydney Metro North West officially opened in May 2019 and reported total assets of $9.1 billion. Sydney Metro derecognised $322 million in assets constructed to facilitate its operation but transferred to councils and utilities.
Inconsistent accounting
policies across the
Transport cluster

There was an inconsistency identified in the cluster relating to the valuation of substratum land. In 2018–19, RailCorp derecognised $109 million of substratum land to ensure consistency in its approach with other Transport agencies.

As the parent entity, the Department of Transport needs to ensure accounting policies are consistently applied across all controlled entities for consolidation purposes. Inconsistencies in the application of accounting standards across agencies will impact comparability of financial reporting and decision making across the Transport cluster.

Recommendation: The Department of Transport should ensure consistent accounting policies are applied across its controlled entities.
Revenue growth

Public transport passenger revenue increased by $89.0 million (5.9 per cent) in 2018–19, and patronage increased by 37.8 million (4.9 per cent) across all modes of transport based on data provided by TfNSW.

The increase in revenue is mainly due to an increase in patronage as well as the annual increase in fares.
Negative Opal cards

Negative balance Opal cards resulted in $2.9 million in revenue not collected in 2018–19 ($10.4 million since the introduction of Opal).

In January 2019, Transport made a change to the Sydney Airport stations to prevent customers with high negative balances exiting the station. In addition, in late 2018, Transport increased the minimum top up values for new cards at the airport stations.

Recommendation (repeat): TfNSW should implement further measures to prevent the loss of revenue from passengers tapping off with negative balance Opal cards.
3. Audit observations
Internal controls There was an increase in findings on internal controls across the Transport cluster. Key themes relate to information technology, employee leave entitlements and asset management.

Twenty-nine per cent of all issues were repeat issues. The majority of the repeat issues related to information technology controls.
Write-off of assets In addition to a $322 million derecognition of assets transferred to councils and utilities by Sydney Metro and a $109 million derecognition of substratum land at RailCorp, the Transport cluster wrote-off $278 million of assets related to roads, bridges, maritime assets, traffic signals and controls network.

These mainly related to roads, bridges, maritime assets, traffic signals and the control network where new infrastructure assets substantially replaced an existing asset as part of construction activities.
Transport Asset Holding
Entity (TAHE)		 TAHE was established to be a dedicated asset manager for the delivery of public transport asset management. The Transport Administration Amendment (Transport Entities) Act 2017 will transition RailCorp into TAHE. RailCorp is now expected to transition to TAHE from 1 July 2020 (previously 1 July 2019). Several working groups have been considering various aspects of the TAHE transition including its status as a for profit Public Trading Enterprise, the operating model and the impact of the new accounting standards AASB 16 'Leases' and AASB 1059 'Service Concession Arrangements: Grantors'. The considerations of these aspects identified several challenges in the implementation of TAHE which has led to the revised transition date. Given the delays in implementation, it is important to clarify the intent of the TAHE model.
Excess annual leave

Twenty-six per cent of Transport employees have annual leave balances exceeding 30 days. Of the employees with excess leave balances, 732 (10.3 per cent) did not take any annual leave in 2018–19.

Recommendation (repeat): Transport entities should further review the approach to managing excess annual leave in 2019–20. They should:

  • monitor current and projected leave balances to the end of the financial year each month
  • agree formal leave plans with employees to reduce leave balances over an acceptable timeframe
  • ensure leave plans are actioned appropriately
  • encourage all staff with excess leave balances take a minimum two-week period of leave per year.
Completeness and
accuracy of contracts
registers

There are no centralised processes to record all significant contracts and agreements in a register across the Transport cluster.

Across the Transport cluster, contracts and agreements are maintained by the individual agencies using disparate registers. Agencies must perform detailed assessments of their existing contracts and agreements to quantify the impact of the new accounting standards (AASB 16 ‘Leases’, AASB 15 ‘Revenue from Contracts with Customers’, AASB 1058 ‘Income of Not-for-Profit Entities’ and AASB 1059 'Service Concession Arrangements: Grantors').

In 2018–19, there was also a prior period error resulting from an agreement between TfNSW and another government agency due to a lack of assessment of the financial reporting implications at the time of signing the agreement.

A lack of a complete register of all contracts and agreements increases the risk that agencies may not be able to assess the full impact of the new accounting standards, as well as perform a complete assessment of the financial reporting implications of contracts and agreements.

Recommendation: Transport agencies should implement a process to centrally capture all significant contracts and agreements entered. This will ensure:

  • agencies are fully aware of contractual and other obligations
  • appropriate assessment of financial reporting implications
  • assessment of new accounting standards, in particular AASB 16 ‘Leases’, AASB 15 'Revenue from Contract with Customers', AASB 1058 'Income of Not-for-Profit Entities ' and AASB 1059 'Service Concession Arrangements: Grantors' are accurate and complete.

 

This report provides parliament and other users of the Transport cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

This cluster was impacted by the Machinery of Government changes on 1 July 2019. The NSW Government announced its intention to integrate Roads and Maritime Services (RMS) into Transport for NSW (TfNSW). This report is focused on the Transport cluster prior to these changes. Please refer to the section on Machinery of Government changes for more details.

Machinery of Government refers to how the government organises the structures and functions of the public service. Machinery of Government changes are where the government reorganises these structures and functions, and are given effect by Administrative orders.

The Transport cluster was impacted by recent Machinery of Government changes. These changes were announced by the Department of Premier and Cabinet but were not included in the Administrative Orders as the Transport Administration Act 1988 No. 109 governs the composition of the Transport cluster. It was the intention of government to transfer the functions of the RMS into TfNSW. This requires legislative changes to the Transport Administration Act 1988 No. 109.

Section highlights

Under the Machinery of Government changes, the NSW Government will transfer the functions of RMS into TfNSW.

  • The Transport Administration Amendment (RMS Dissolution) Act 2019 (the Act) received assent on 22 November 2019.
  • The Act will dissolve RMS and transfer its functions, assets, rights and liabilities to TfNSW.
  • As at the date of this report, the Act is not yet in force.
  • There are risks and challenges for asset and liability transfers, governance and retention of knowledge.
  • As of 1 July 2019, administrative arrangements (delegations and reporting line changes) were put in place to enable TfNSW and RMS to operate within a single management structure, while still remaining as separate legal entities.
  • Transport is working on a number of options as to how to implement the changes. 

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Transport cluster for 2019.

Section highlights

  • Unqualified audit opinions were issued on all agencies' financial statements.
  • RMS required an extension from NSW Treasury for their early close procedures.
  • TfNSW and Sydney Metro required extensions to submit their year-end financial statements.
  • Valuation of assets remains a challenge across the cluster.
  • There remains Opal cards with negative balances.
  • Sydney Metro derecognised assets of $322 million in relation to assets constructed for third parties.
  • Inconsistencies in the application of accounting policies across cluster agencies impact comparability of financial reporting across the Transport cluster.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Transport cluster.

Section highlights

  • There was an increase in findings on internal controls across the Transport cluster. Twenty-nine per cent of all issues were repeat issues.
  • Transport entities wrote-off over $278 million of assets which were replaced by new assets or technology.
  • Twenty-six per cent of Transport employees have excess annual leave.
  • There are no processes to ensure all significant contracts and agreements are captured by agencies in a centralised register.

Appendix one – Timeliness of financial reporting by agency 

Appendix two – Management letter findings by agency 

Appendix three – List of 2019 recommendations 

Appendix four – Status of 2017 and 2018 recommendations 

Appendix five – Cluster agencies 

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Internal Controls and Governance 2019

Education
Community Services
Finance
Health
Industry
Justice
Planning
Premier and Cabinet
Transport
Treasury
Whole of Government
Compliance
Cyber security
Fraud
Information technology
Internal controls and governance
Management and administration
Procurement
Project management

This report covers the findings and recommendations from the 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector. The 40 agencies selected for this report constitute around 84 per cent of total expenditure for all NSW public sector agencies.

The report provides insights into the effectiveness of controls and governance processes across the NSW public sector. It evaluates how agencies identify, mitigate and manage risks related to:

  • financial controls
  • information technology controls
  • gifts and benefits
  • internal audit
  • contingent labour
  • sensitive data.

The Auditor-General recommended that agencies do more to prioritise and address vulnerabilities in their internal controls and governance. The Auditor-General also recommended agencies increase the transparency of their management of gifts and benefits by publishing their registers on their websites.

This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2019.

1. Internal control trends

New, repeat and high risk findings

There was an increase in internal control deficiencies of 12 per cent compared to last year. The increase is predominately due to a 100 per cent increase in repeat financial and IT control deficiencies.

Some agencies attributed the delay in actioning repeat findings to the diversion of staff from their regular activities to implement and operationalise the recent Machinery of Government changes. As a result, actions to address audit recommendations have been deferred or re prioritised, as the changes are implemented.

Agencies need to ensure they are actively managing the risks associated with having these vulnerabilities in internal control systems unaddressed for extended periods of time.
Common findings

A number of findings were common to multiple agencies. These findings often related to areas that are fundamental to good internal control environments and effective organisational governance, such as:

  • out of date policies or an absence of policies to guide appropriate decisions
  • poor record keeping and document retention
  • incomplete or inaccurate centralised registers or gaps in these registers
  • policies, procedures or controls no longer suited to the current organisational structure or business activities.

2. Information technology controls

IT general controls

We examined information security controls over key financial systems that support the preparation of agency financial statements. We found:

  • user access administration deficiencies at 58 per cent of agencies related to granting, review and removal of user access
  • an absence of privileged user activity reviews at 35 per cent of agencies
  • password controls that did not align to password policies at 20 per cent of agencies.

We also found 20 per cent of agencies had deficient IT program change controls, mainly related to segregation of duties in approval and authorisation processes, and user acceptance testing of program changes prior to deployment into production environments. User acceptance testing helps identify potential issues with software incompatibility, operational workflows, absent controls and software issues, as well as areas where training or user support may be required.

3. Gifts and benefits

Gifts and benefits registers

All agencies had a gifts and benefits policy and 90 per cent of agencies maintain a gifts and benefits register. However, 51 per cent of the gifts and benefits registers we examined contained incomplete declarations, such as missing details for the approving officer, value of the gift and/or benefit offered and reasons supporting the decision.

In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate, compliant with policy and were not direct or indirect inducements to the recipients to favour suppliers or service providers.

Agencies should ensure their gifts and benefits register includes all key fields specified in the Public Service Commission's minimum standards for gifts and benefits. Agencies should also perform regular reviews of the register to ensure completeness and ensure any gift or benefit accepted by a staff member meets the public's expectations for ethical behaviour.
Managing gifts and benefits

We found opportunities to improve gifts and benefits processes and enhance transparency. For example, only three per cent of agencies publish their gifts and benefits registers on their websites.

Agencies can improve management of gifts and benefits by:

  • ensuring agency policies comprehensively cover the elements necessary to make it effective in an operational environment, such as identifying risks specific to the agency and actions that will be taken in the event of a policy breach
  • establishing and publishing a statement of business ethics on the agency's website to clearly communicate expected behaviours to clients, customers, suppliers and contractors
  • providing on-going training, awareness activities and support to employees, not just at induction
  • publishing their gifts and benefits registers on their websites to demonstrate a commitment to a transparently ethical environment.
Reporting and monitoring

Only 35 per cent of agencies reported trends in the number and nature of gifts and benefits recorded in their registers to the agency's senior executive management and/or a governance committee.

Agencies should regularly report to the agency executive or other governance committee on trends in the offer and acceptance of gifts and benefits.

4. Internal audit

Obtaining value from the internal audit function

Agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value. For example, only 73 per cent of CAEs regularly attend meetings of the agency board or executive management committee.

Internal audit functions can add greater value by involving the CAE more extensively in executive forums as an observer.

Internal audit functions should also consider producing an annual report on internal audit. An annual report allows the internal audit function to report on their performance and add value by drawing to the attention of audit and risk committees and senior management strategic issues, thematic trends and emerging risks.
Role of the Chief Audit Executive

Forty-five per cent of agencies assigned responsibilities to the Chief Audit Executive (CAE) that were broader than internal audit, but 17 per cent of these had not documented safeguards to protect the independence of the CAE.

The reporting lines and status of the CAE at some agencies also needs review. At two agencies, the CAE reported to the CFO.

Agencies should ensure:

  • the reporting lines for the CAE comply with the NSW Treasury policy, and the CAE does not report functionally or administratively to the finance function or other significant recipients of internal audit services
  • the CAE's duties are compatible with preserving their independence and where threats to independence exist, safeguards are documented and approved.
Quality assurance and improvement program

Thirty-five per cent of agencies did not have a documented quality assurance and improvement program for its internal audit function.

The policy and the International Standards for the Professional Practice of Internal Auditing require agencies to have a documented quality assurance and improvement program. The results of this program should be reported annually.

Agencies should ensure there is a documented and operational Quality Assurance and Improvement Program for the internal audit function that covers both internal and external assessments.

5. Managing contingent labour

Obtaining value for money from contingent labour

According to NSW Procurement data, spend on contingent labour has increased by 75 per cent over the last five years, to $1.5 billion in 2018–19. Improvements in internal processes and a renewed focus on agency monitoring and oversight of contingent labour can help ensure agencies get the best value for money from their contingent workforces.

Agencies can improve their management of contingent labour by:

  • preparing workforce plans to inform their resourcing strategy and ensure that engaging contingent labour aligns with the strategy and best meets business needs
  • involving agency human resources units in decisions about engaging contingent labour
  • regularly reporting on contingent labour use and tenure to agency executive teams
  • strengthening on-boarding and off-boarding processes.

We also found 57 per cent of the 23 agencies we examined with contingent labour spend of more than $5 million in 2018–19 have implemented the government's vendor management system and service provider 'Contractor Central'.

6. Managing sensitive data

Identifying and assessing sensitive data

Sixty-eight per cent of agencies maintain an inventory of their sensitive data and where it resides. However, these inventories are not always complete and risks may be overlooked.

Agencies can improve processes to manage sensitive data by:

  • identifying and maintaining an inventory of sensitive data through a comprehensive and structured process
  • assessing the criticality and sensitivity of the data so that protection of high risk data can be prioritised.
Managing data breaches

Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents.

Agencies should maintain a data breach register to effectively manage the actions undertaken to contain, evaluate and remediate each data breach.

 

This report covers the findings and recommendations from our 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies (refer to Appendix three) in the NSW public sector. The 40 agencies selected for this volume constitute around 84 per cent of total expenditure for all NSW public sector agencies.

Although the report includes several agencies that have changed as a result of the Machinery of Government changes that were effective from 1 July 2019, its focus on sector wide issues and insights means that its findings remain relevant to NSW public sector agencies, including newly formed agencies that have assumed the functions of abolished agencies.

This report offers insights into internal controls and governance in the NSW public sector

This is the third report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:

  • highlighting the potential risks posed by weaknesses in controls and governance processes
  • helping agencies benchmark the adequacy of their processes against their peers
  • focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.

Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. For example, if they do not have strong information technology controls, sensitive information may be at risk of unauthorised access and misuse.

Areas of specific focus of the report have changed since last year

Last year's report topics included transparency and performance reporting, management of purchasing cards and taxi use, and fraud and corruption control. We are reporting on new topics this year and re-visiting agency management of gifts and benefits, which we first covered in our 2017 report. Re-visiting topics from prior years provides a baseline to show the NSW public sectors’ progress implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.

Our audits do not review all aspects of internal controls and governance every year. We select a range of measures and report on those that present heightened risks for agencies to mitigate. This year the report focusses on:

  • internal control trends
  • information technology controls, including access to agency systems
  • protecting sensitive information held within agencies
  • managing large and diverse workforces (controls around employing and managing contingent workers)
  • maintaining an ethical culture (management of gifts and benefits)
  • effectiveness of internal audit function and its oversight by Audit and Risk Committees.

The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, internal controls and audit observations are included in the individual 2019 cluster financial audit reports, which will be tabled in parliament from November to December 2019.

Internal controls are processes, policies and procedures that help agencies to:

  • operate effectively and efficiently
  • produce reliable financial reports
  • comply with laws and regulations
  • support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.

Key conclusions and sector wide learnings

We identified four high risk findings, compared to six last year. None of the findings are common with those in the previous year. There was an overall increase of 12 per cent in the number of internal control deficiencies compared to last year. The increase is predominately due to a 100 per cent increase in the number of repeat financial and IT control deficiencies.
 
Some agencies attributed the delay in actioning repeat findings to the diversion of staff from their regular activities to implement and operationalise the recent Machinery of Government changes. As a result, actions to address audit recommendations have been deferred or re-prioritised, as the changes are implemented. Agencies need to ensure they are actively managing the risks associated with having these vulnerabilities in internal control systems unaddressed for extended periods of time.
 
We also identified a number of findings that were common to multiple agencies. These common findings often related to areas that are fundamental to good internal control environments and effective organisational governance. Examples include:
  • out of date policies or an absence of policies to guide appropriate decisions
  • poor record keeping and document retention
  • incomplete or inaccurate centralised registers or gaps in these registers.

Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.

Key conclusions and sector wide learnings
Government agencies’ financial reporting is heavily reliant on information technology (IT). We continue to see a high number of deficiencies related to IT general controls, particularly those related to user access administration. These controls are key in adequately protecting IT systems from inappropriate access and misuse.
IT is also important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our financial audits do not review all agency IT systems. For example, IT systems used to support agency service delivery are generally outside the scope of our financial audit. However, agencies should also consider the relevance of our findings to these systems.
Agencies need to continue to focus on assessing the risks of inappropriate access and misuse and the implementation of controls to adequately protect their systems, focussing on the processes in place to grant, remove and monitor user access, particularly privileged user access.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage gifts and benefits. 

Key conclusions and sector wide learnings

We found most agencies have implemented the Public Service Commission's minimum standards for gifts and benefits. All agencies had a gifts and benefits policy and 90 per cent of agencies maintained a gifts and benefits register and provided some form of training to employees on the treatment of gifts and benefits.

Based on our analysis of agency registers, we found some areas where opportunities existed to make processes more effective. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate and compliant with policy. Fifty-one per cent of the gifts and benefits registers reviewed contained declarations where not all fields of information had been completed. Seventy-seven per cent of agencies that maintained a gifts and benefits register did not include all key fields suggested by the minimum standards.

Areas where agencies can improve their management of gifts and benefits include:

  • ensuring agency policies comprehensively cover the elements necessary to make it effective in an operational environment, such as identifying risks specific to the agency and actions that will be taken in the event of a policy breach
  • establishing and publishing a statement of business ethics on the agency's website to clearly communicate expected behaviours to clients, customers,suppliers and contractors
  • updating gifts and benefits registers to include all key fields suggested by the minimum standards, as well as performing regular reviews of the register to ensure completeness
  • providing on-going training, awareness activities and support to employees, not just at induction
  • regularly reporting gifts and benefits to executive management and/or a governance committee such as the audit and risk committee, focussing on trends in the number and types of gifts and benefits offered to and accepted by agency staff
  • publishing their gifts and benefits registers on their websites to demonstrate a commitment to a transparently ethical environment.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency internal audit functions.

Key conclusions and sector wide learnings 

We found agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems as required by TPP15-03 'Internal Audit and Risk Management Policy for the NSW Public Sector'. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value, including: 

  • documenting and implementing safeguards to address conflicting roles performed by the Chief Audit Executive (CAE)
  • ensuring the reporting lines for the CAE comply with the NSW Treasury policy, and the CAE reports neither functionally or administratively to the finance function or other significant recipients of internal audit services
  • involving the CAE more extensively in executive forums as an observer
  • documenting a Quality Assurance and Improvement Program for the internal audit function and performing both internal and external performance assessments to identify opportunities for continuous improvement
  • reporting against key performance indicators or a balanced scorecard and producing an annual report on internal audit to bring to the attention of the audit and risk committee and senior management strategic issues, thematic trends and emerging risks that may require further attention or resources.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to on-board, manage and off-board contingent labour.

Key conclusions and sector wide learnings

Agencies have implemented controls to manage contingent labour and most agencies have some level of reporting and oversight of contingent labour at an executive level. However, the increasing trend in spend on contingent labour warrants a renewed focus on agency monitoring and oversight of their use of contingent labour. Over the last five years spend on contingent labour has increased by 75 per cent, to $1.5 billion in 2018–19.

There are also some key gaps that limit the ability of agencies to effectively manage contingent labour. Key areas where agencies can improve their management of contingent labour include: 

  • preparing workforce plans to inform their resourcing strategy, and confirm prior to engaging contingent labour, that this solution aligns with the strategy and best meets business needs
  • involving agency human resources units in decisions about engaging contingent labour
  • regularly reporting on contingent labour use to agency executive teams, particularly in terms of trends in agency spend, tenure and compliance with policies and procedures
  • strengthening on-boarding and off-boarding processes, including establishing checklists to on-board and off-board contingent labour, making provisions for knowledge transfer, and assessing, documenting and capturing performance information.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of governance and processes in relation to the management of sensitive data.

Key conclusions and sector wide learnings

Information technology risks are rapidly increasing. More interfaces between agencies and greater connectivity means the amounts of data agencies generate, access, store and share continue to increase. Some of this information is sensitive information, which is protected by the Privacy Act 1988.

It is important that agencies understand what sensitive data they hold, the risks associated with the inadvertent release of this information and how they are mitigating those risks. We found that agencies need to continue to identify and record their sensitive data, as well as expand the methods they use to identify sensitive data. This includes data held in unstructured repositories, such as network shared drives and by agency service providers.

Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents.

Key areas where agencies can improve their management of sensitive data include:

  • identifying sensitive data, based on a comprehensive and structured process and maintaining an inventory of the data
  • assessing the criticality and sensitivity of the data so that the protection of high risk data can be prioritised
  • developing comprehensive data breach management policies to ensure data breaches are appropriately managed
  • maintaining a data breach incident register to record key information in relation to identified data breaches incidents, including the estimated cost of the breach
  • providing on-going training and awareness activities to employees in relation to sensitive data and managing data breaches.

Appendix one – List of 2019 recommendations 

Appendix two – Status of 2018 recommendations

Appendix three – In-scope agencies

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Engagement of probity advisers and probity auditors

Transport
Education
Health
Compliance
Internal controls and governance
Procurement
Project management
Workforce and capability

Three key agencies are not fully complying with the NSW Procurement Board’s Direction for engaging probity practitioners, according to a report released today by the Acting Auditor-General for New South Wales, Ian Goodwin. They also do not have effective processes to achieve compliance or assure that probity engagements achieved value for money.

Probity is defined as the quality of having strong moral principles, honesty and decency. Probity is important for NSW Government agencies as it helps ensure decisions are made with integrity, fairness and accountability, while attaining value for money.

Probity advisers provide guidance on issues concerning integrity, fairness and accountability that may arise throughout asset procurement and disposal processes. Probity auditors verify that agencies' processes are consistent with government laws and legislation, guidelines and best practice principles. 

According to the NSW State Infrastructure Strategy 2018-2038, New South Wales has more infrastructure projects underway than any state or territory in Australia. The scale of the spend on procuring and constructing new public transport networks, roads, schools and hospitals, the complexity of these projects and public scrutiny of aspects of their delivery has increased the focus on probity in the public sector. 

A Procurement Board Direction, 'PBD-2013-05 Engagement of probity advisers and probity auditors' (the Direction), sets out the requirements for NSW Government agencies' use and engagement of probity practitioners. It confirms agencies should routinely take into account probity considerations in their procurement. The Direction also specifies that NSW Government agencies can use probity advisers and probity auditors (probity practitioners) when making decisions on procuring and disposing of assets, but that agencies:

  • should use external probity practitioners as the exception rather than the rule
  • should not use external probity practitioners as an 'insurance policy'
  • must be accountable for decisions made
  • cannot substitute the use of probity practitioners for good management practices
  • not engage the same probity practitioner on an ongoing basis, and ensure the relationship remains robustly independent. 

The scale of probity spend may be small in the context of the NSW Government's spend on projects. However, government agencies remain responsible for probity considerations whether they engage external probity practitioners or not.

The audit assessed whether Transport for NSW, the Department of Education and the Ministry of Health:

  • complied with the requirements of ‘PBD-2013-05 Engagement of Probity Advisers and Probity Auditors’
  • effectively ensured they achieved value for money when they used probity practitioners.

These entities are referred to as 'participating agencies' in this report.

We also surveyed 40 NSW Government agencies with the largest total expenditures (top 40 agencies) to get a cross sector view of their use of probity practitioners. These agencies are listed in Appendix two.

Conclusion

We found instances where each of the three participating agencies had not fully complied with the requirements of the NSW Procurement Board Direction ‘PBD-2013-05 Engagement of Probity Advisers and Probity Auditors’ when they engaged probity practitioners. We also found they did not have effective processes to achieve compliance or assure the engagements achieved value for money.

In the sample of engagements we selected, we found instances where the participating agencies did not always:

  • document detailed terms of reference
  • ensure the practitioner was sufficiently independent
  • manage probity practitioners' independence and conflict of interest issues transparently
  • provide practitioners with full access to records, people and meetings
  • establish independent reporting lines   reporting was limited to project managers
  • evaluate whether value for money was achieved.

We also found:

  • agencies tend to rely on only a limited number of probity service providers, sometimes using them on a continuous basis, which may threaten the actual or perceived independence of probity practitioners
  • the NSW Procurement Board does not effectively monitor agencies' compliance with the Direction's requirements. Our enquiries revealed that the Board has not asked any agency to report on its use of probity practitioners since the Direction's inception in 2013. 

There are no professional standards and capability requirements for probity practitioners

NSW Government agencies use probity practitioners to independently verify that their procurement and asset disposal processes are transparent, fair and accountable in the pursuit of value for money. 

Probity practitioners are not subject to regulations that require them to have professional qualifications, experience and capability. Government agencies in New South Wales have difficulty finding probity standards, regulations or best practice guides to reference, which may diminish the degree of reliance stakeholders can place on practitioners’ work.

The NSW Procurement Board provides direction for the use of probity practitioners

The NSW Procurement Board Direction 'PBD-2013-15 for engagement of probity advisers and probity auditors' outlines the requirements for agencies' use of probity practitioners in the New South Wales public sector. All NSW Government agencies, except local government, state owned corporations and universities, must comply with the Direction when engaging probity practitioners. This is illustrated in Exhibit 1 below.

Appendix one – Response from agencies

Appendix two – List of selected agencies

Appendix three – About the audit

Published

Workforce reform in three amalgamated councils

Local Government
Management and administration
Project management
Workforce and capability

The Inner West Council and the Snowy Monaro and Queanbeyan-Palerang Regional Councils have all made progress towards efficient organisational structures following the amalgamation of their former council areas in 2016, according to a report released today by the Auditor-General of New South Wales.

All three councils are now operating with a single workforce and have largely achieved the milestones they planned for the first stage of their amalgamations. None have finished reviewing and aligning services across their former council areas nor integrated their ICT systems. They need to do this to be in a position to implement an optimal structure. 

 

On 12 May 2016, the NSW Government announced the amalgamation of 42 councils into 19 new councils. This followed a period of 18 months during which the NSW Independent Pricing and Regulatory Tribunal (IPART) had assessed councils' ‘fitness for the future’, and communities were consulted about proposed mergers. A further amalgamated council was created on 9 September 2016.

Upon amalgamation, existing elected councils were abolished, interim General Managers appointed, and Administrators engaged to undertake the role of the previously elected councils until Local Government elections were held 18 months later. During the period of administration, councils were asked to report on the progress of their amalgamations to the Department of Premier and Cabinet (DPC).

Council amalgamations not only require a re-drawing of boundaries, but re-establishment of local representation, decisions about alignment of services across the former council areas, and establishment of an amalgamated workforce.

The objective of this audit was to assess whether three councils, Inner West Council, Queanbeyan-Palerang Regional Council and Snowy Monaro Regional Council, are effectively reforming their organisation structures to realise efficiency benefits from amalgamation and managing the impact on staff.

Conclusion
The three councils we examined have made progress towards an efficient organisation structure.

Following amalgamation, all three councils developed detailed plans to bring their former workforces together, review positions and salaries, amalgamate salary structures and align human resources policies. All three councils have largely achieved the milestones included in these plans.
Benefits realisation plans show that councils did not expect to achieve material savings or efficiencies from workforce reform within the first three years of amalgamation.
Two councils do not clearly report on whether their reform initiatives are achieving benefits.

Administrators at all three councils endorsed lower savings targets than the NSW Government’s early analysis suggested may be possible. All three councils have plans or strategies to progress and achieve benefits from the amalgamation. However, Inner West Council and Snowy Monaro Regional Council could more clearly link their reform initiatives with expected benefits and include this in public reporting.

Amalgamations represent a substantial period of change for affected communities and amalgamated councils should be routinely reporting to their communities about the costs and benefits of amalgamation.

Councils have not yet determined their future service offerings and service levels nor completed integration of ICT systems. These decisions need to be made before an optimal organisation structure can be implemented.

Before amalgamated councils can implement an optimal organisation structure, they need to review and confirm their customer service offerings and service levels in consultation with their communities. This work is underway but is not yet complete in any of the councils.

Progress towards an efficient structure has been slowed by staff protections in the Local Government Act 1993 (the Act) and a range of logistical and administrative issues associated with amalgamation. These include multiple IT systems and databases that need to be integrated and different working conditions, policies and practices in the former councils that are not yet fully
harmonised.

The councils implemented legislated staff protections and focused on the people side of change but cannot reliably measure the impact of their change management efforts.

The Act provides protections that reduce the impact of amalgamations on staff. Beyond implementing these protections, the councils have communicated with staff, sought to prepare them for change, and involved staff in key decisions. All councils have conducted staff surveys over time. However, at this stage these staff surveys have not provided an effective or reliable measure of the impact of change management efforts. 

Appendix one - Response from councils and Office of Local Government

Appendix two - Compliance with staff protections in the Local Government Act 1993

Appendix three - About the audit

Appendix four - Performance auditing

 

Parliamentary Reference: Report number #317 - released 1 May 2019

Published

Transport Access Program

Transport
Infrastructure
Project management
Service delivery

The following report is available in an Easy English version that is intended to meet the needs of some people with lower literacy skills, some people with an intellectual disability and some people from different cultural backgrounds.

View the Easy English version of the Transport Access Program report

Transport for NSW’s process for selecting and prioritising projects for the third stage of its Transport Access Program balanced compliance with national disability standards with broader customer outcomes. Demographics, deliverability and value for money were also considered. However, Transport for NSW does not know the complete scope of work required for full compliance, limiting its ability to demonstrate that its approach is effective, according to a report released today by the Auditor-General for New South Wales, Margaret Crawford.

Access to transport is critical to ensuring that people can engage in all aspects of community life, including education, employment and recreation. People with disability can encounter barriers when accessing public transport services. In 2015, there were 1.37 million people living with disability in New South Wales.

Accessible public transport is about more than physical accessibility. It also means barrier-free access for people who have vision, hearing or cognitive impairments. All users, not just people with disability, benefit from improvements to the accessibility and inclusiveness of transport services. 

Transport for NSW has an obligation under Australian Government legislation to provide accessible services to people with disabilities in a manner which is not discriminatory. Under the Disability Standards for Accessible Public Transport 2002 (the DSAPT - an instrument of the Disability Discrimination Act 1992 (the Act) (Commonwealth)), there is a requirement to modify and develop new infrastructure, means of transport and services to provide access for people with disabilities. All public transport operators are required to ensure that at least 90 per cent of their networks met DSAPT by December 2017 and the networks will need to be 100 per cent compliant with all parts of the standards by 31 December 2022. Trains are not required to be fully compliant with DSAPT until December 2032. 

The Transport Access Program (TAP) is Transport for NSW's largest program with a specific focus on improving access to public transport for people with disability. The TAP is a series of projects to upgrade existing public transport infrastructure across four networks: Sydney Trains, Intercity Trains, Regional Trains and Sydney Ferries. Transport for NSW established the TAP as a rolling program and, to date, it has delivered the first tranche of TAP (TAP 1) and is completing the final projects for the second tranche (TAP 2). NSW budget papers estimate that by 30 June 2018, Transport for NSW had spent $1.2 billion in the TAP since its commencement in 2011-12.

After the completion of TAP 1 and TAP 2 (as well as through other transport infrastructure programs), Transport for NSW estimates that 58.5 per cent of the Sydney Trains, Regional Trains and Intercity Trains networks, and 66 per cent of the Sydney Ferries network, will be accessible. To close the significant gap in compliance with the DSAPT target, the objective for TAP 3 is ‘to contribute to Disability Discrimination Act 1992 related targets through DSAPT compliance upgrades’. 

The audit assessed whether Transport for NSW has an effective process to select and prioritise projects as part of the TAP, with a specific focus on the third tranche of TAP funding.

In August 2018, at the commencement of this audit, Transport for NSW intended to complete the selection of projects for the TAP 3 final business case in December 2018. Transport for NSW advise that it now intends to complete the development stage and final business case in the first quarter of 2019, prior to the final investment decision of the TAP program. This report is based on the TAP 3 strategic business case and information provided by Transport for NSW up to December 2018.

Conclusion
Transport for NSW’s process for selecting and prioritising projects for TAP 3 balanced DSAPT compliance goals with broader customer outcomes. It also considered demographics, deliverability and value for money. However, Transport for NSW does not know the complete scope of work required for full DSAPT compliance, and this limits its ability to demonstrate that its approach is effective. 
Transport for NSW has applied most of the external review recommendations from previous funding rounds to the implementation of the third round of TAP funding (TAP3), with positive results. Changes made include a clear objective for TAP 3 to focus on improving compliance, improved governance arrangements, and better consideration of deliverability and design during project planning. 
Through TAP 3, Transport for NSW is also trying to better address disability access in a way that balances DSAPT compliance with other considerations - such as population demographics, access to services and value for money. Transport for NSW developed an objective prioritisation and selection methodology to assess projects for TAP 3 funding. 
Transport for NSW cannot quantify the work needed to meet DSAPT compliance targets across the rail and ferry networks as it has not completed a comprehensive audit of compliance. This information is needed to ensure the effective targeting of funding, and to measure the contribution of TAP 3 work to meeting the DSAPT compliance targets. Instead, Transport for NSW has undertaken a phased approach to completing a comprehensive audit of compliance across the networks, with a focus on first assessing compliance at locations that are not wheelchair accessible. This creates two problems. First, Transport for NSW does not know the complete scope of work required to achieve DSAPT compliance. Second, not all wheelchair accessible locations fully meet DSAPT standards.
Transport for NSW's proposed communication plan for the schedule of TAP 3 funded works does not align with its Disability Inclusion Action Plan 2018-2022. The Disability Inclusion Action Plan commits Transport for NSW to providing a full list of stations and wharves to be upgraded with their estimated time of construction when the next round of funding, TAP 3, is announced. Given the long timeframes associated with improving transport infrastructure, this information is important as it allows people to make informed decisions about where they live, work or study. Instead, Transport for NSW plans to communicate information to customers on a project by project basis.

In 2015, there were 1.37 million people living with disability in New South Wales. Access to transport is critical to ensuring that people can engage in all aspects of community life, including education, employment and recreation. People with disability can encounter barriers when accessing public transport services. 

The social model of disability, outlined in the United Nations Convention on the Rights of Persons with Disabilities, views people with disability as not disabled by their impairment but by the barriers in the community and environment that restrict their full and effective participation in society on an equal basis with others. 

Accessible public transport is more than the provision of physical access to premises and conveyances, it provides barrier-free access for people who have vision, hearing or cognitive impairments. All users, not just people with disability, benefit from improvements to the accessibility and inclusiveness of transport services.

According to the Australian Bureau of Statistics, the main types of difficulties experienced by people with disability when using public transport relate to steps (39.9 per cent), difficulty getting to stops and stations (25 per cent), fear and anxiety (23.3 per cent) and lack of seating or difficulty standing (20.7 per cent).

Transport for NSW has a Disability Inclusion Action Plan (the Action Plan) 2018-2022 that sets an overall framework for planning, delivering and reporting on initiatives to increase accessibility of the transport network. It covers all elements of the journey experienced when using public transport, including journey planning, staff training, customer services and interaction between the physical environment and modes of transport. Appendix five outlines the guiding principles of the Action Plan.

Transport for NSW's Transport Social Policy branch developed the Action Plan in consultation with internal and external stakeholders. The director of the Transport Social Policy branch is a member of the TAP executive steering committee, which supports alignment between the Action Plan and TAP.

Transport for NSW's Disability Inclusion Action Plan describes a customer focussed approach to accessibility

One of the guiding principles of the Action Plan is ‘intelligent compliance’. Transport for NSW describes this as compliance that prioritises customer-focused outcomes over a narrow focus on legal compliance with accessibility standards. As well as being compliant, infrastructure should be practical, usable, fit for purpose and convenient. 

The TAP prioritisation and selection methodology reflects Transport for NSW’s focus on intelligent compliance. We consider this a reasonable approach as had Transport for NSW focussed exclusively on achieving compliance with the DSAPT targets by upgrading the most affordable infrastructure, some locations, that are used by more customers, would remain inaccessible to people with disability. However, this approach should not be seen as an alternative to Transport for NSW meeting its DSAPT compliance obligations.

TAP program staff consult with the Accessible Transport Advisory Committee

The Accessible Transport Advisory Committee (ATAC) has representatives from disability and ageing organisations, who provide expert guidance to Transport for NSW on access and inclusion. The ATAC provide guidance and feedback on projects and project solutions, including user testing where appropriate. TAP program staff provide regular updates at ATAC meetings, which include briefings on progress. The ATAC also provides feedback and suggestions to TAP program staff, which is considered and sometimes included in current and future projects.For example, in March 2017 the TAP program team briefed the ATAC on the challenges with respect to a number of ferry wharves and sought support for DSAPT exemptions proposed in the TAP 3 strategic business case.

Case study: Feedback on Braille lettering for lift buttons
In June 2018, the Program team sought feedback on a variety of lift button options to improve accessibility on future TAP projects. In September 2018, during the ATAC meeting attended by the Audit Office, the program team sought feedback on the standard designs for TAP 3. Some ATAC members noted that the standard design included Braille lettering on the lift buttons, and that this was not good practice because people can accidently press the button while reading it. As a result, Transport for NSW are incorporating this feedback into design requirements for the lifts for TAP 3, which will consider larger buttons, clearer Braille and Braille signage adjacent to the button.

Transport for NSW has not briefed the Advisory Committee on the outcome of the prioritisation and selection process

TAP program staff briefed the Advisory Committee about the prioritisation and selection methodology, after the Minister approved it in 2016. However, Transport for NSW have not briefed or consulted the Advisory Committee on the outcome of the prioritisation process. Infrastructure NSW noted this issue during its review of the strategic business case. 

Transport for NSW advised us that it established the ATAC as an advisory group, and that Transport for NSW does not disclose sensitive information to it. Transport for NSW intends to share the outcome of the prioritisation process following the completion of the TAP 3 development stage and final investment decision.

The TAP communication plan does not fully meet the requirements of the Disability Inclusion Action Plan

The Disability Inclusion Action Plan includes an action item to ‘provide a listing of stations and wharves to be upgraded with estimated time of construction as each new tranche of the Transport Access Program is announced’ The TAP Communication Plan that we reviewed does not include this provision instead focussing on communication on a per project basis. Given the long timeframes associated with improving transport infrastructure, this information is important as it allows people to make informed decisions about where they live, work or study.

Appendix one - Response from agency

Appendix two - Compliance requirements of Disability Standards for Accessible Public Transport

Appendix three - TAP 1 and TAP 2 sub-programs

Appendix four - Prioritisation Assessment for the TAP 3 Strategic Business Case

Appendix five - The guiding principles of Transport for NSW's Disability Inclusion Action Plan

Appendix six - Transport projects and programs that contribute to DSAPT compliance

Appendix seven - About the audit

Appendix eight - Performance auditing

 

Parliamentary Reference - Report number #314 - released 19 February 2019.

Published

Volume Eight 2012 focusing on Transport and Ports

Transport
Industry
Compliance
Financial reporting
Fraud
Information technology
Infrastructure
Management and administration
Procurement
Project management
Regulation
Risk
Workforce and capability

We issued unqualified audit opinions on the transport entities’ 30 June 2012 financial statements.

Some of the findings of the report include:

  • government funding to the public transport operators totalled $4.4 billion in 2011-12 ($3.7 billion in 2010-11)

  • passenger services revenue only covered 20 per cent of RailCorp's operating costs

  • Transport for NSW has formalised a protocol to mitigate the risk of potential conflicts of interests

  • At present, no sustainability framework exists for the transport agencies around environment and sustainability. Transport for NSW should complete its Environment and Sustainability Policy Framework by June 2013 and should publicly report its results annually

  • Transport patronage continued to grow with 510 million journeys on train, bus and ferry services

  • CityRail had two peak hour periods where only 36 per cent and 39 per cent of services were on time

  • On-time running performance for Sydney Ferries was above the NSW 2021 plan target of 98.5 per cent for most routes in 2011-12

  • Customer surveys by transport agencies no longer specifically address crowding on public transport. Transport for NSW should observe and report on crowding on all transport modes

  • Over 2,500 transport staff, or 8.3 per cent of the workforce, have excessive leave balances. All transport entities should do more to reduce excessive annual leave balances to ensure they will comply with new targets set by the Premier.

 

Published

Monitoring Local Government

Local Government
Premier and Cabinet
Compliance
Internal controls and governance
Management and administration

The Division of Local Government (DLG) has helped many NSW councils improve their long-term financial planning and asset management practice. Many councils are serving their communities well. However, because DLG lacks the power, it finds it difficult to respond effectively when things go wrong.

 

Parliamentary reference - Report number #225 - released 26 September 2012

View our audit program
View audit program
EXPLORE
upcoming audits
Have your say
CONTRIBUTE