Reports
Cyber security in local government
What this report is about
NSW local councils provide a wide range of essential services and infrastructure to their communities and are increasingly reliant on digital technologies.
Councils need to manage cyber security risks to ensure their information, data and systems are appropriately safeguarded. Councils also need to be prepared to detect, respond and recover when a cyber security incident occurs.
The audit assessed how effectively three selected councils identified and managed cyber security risks.
The audit also included the Department of Planning, Housing and Infrastructure (Office of Local Government) and Department of Customer Service (Cyber Security NSW), due to their roles in providing guidance and support to local councils.
Audit findings
The audit found that the selected councils are not effectively identifying and managing cyber security risks. Each of the councils undertook activities to improve their cyber security during the audit period, but this audit found significant gaps in their cyber security risk management and cyber security processes.
Such gaps result in unmitigated risks to the security of information and assets which, if compromised, could impact their local communities, service delivery and public infrastructure.
Cyber Security NSW and the Office of Local Government recommend that councils adopt requirements in the Cyber Security Guidelines for Local Government, but could do more to monitor whether the Guidelines are enabling better cyber security risk management in the sector.
Audit recommendations
In summary, the councils should:
- integrate assessment and monitoring of cyber security risks into corporate governance processes
- self-assess their performance against Cyber Security NSW's guidelines for local government
- develop and implement a risk-based cyber security improvement plan and program of activities
- develop, implement and test a cyber incident response plan.
Cyber Security NSW and the Office of Local Government should regularly consult on cyber security risks facing local government, and review the effectiveness of guidelines and related resources for the sector.
While this report focuses on the performance of the selected councils, the findings and recommendations should be considered by all councils to better understand their risks and challenges relevant to managing cyber security risks.
Read the PDF report
Parliamentary reference - Report number #392- released 26 March 2024
Local Government 2023
What this report is about
Results of the local government sector financial statement audits for the year ended 30 June 2023.
Findings
Unqualified audit opinions were issued for 85 councils, eight county councils and 12 joint organisations.
Qualified audit opinions were issued for 36 councils due to non-recognition of rural firefighting equipment vested under section 119(2) of the Rural Fires Act 1997.
The audits of seven councils, one county council and one joint organisation remain in progress at the date of this report due to significant accounting issues.
Fifty councils, county councils and joint organisations missed the statutory deadline of submitting their financial statements to the Office of Local Government, within the Department of Planning, Housing and Infrastructure, by 31 October.
Audit management letters included 1,131 findings with 40% being repeat findings and 91 findings being high-risk. Governance, asset management and information technology continue to represent 65% of the key areas for improvement.
Fifty councils do not have basic governance and internal controls to manage cyber security.
Recommendations
To improve quality and timeliness of financial reporting, councils should:
- adopt early financial reporting procedures, including asset valuations
- ensure integrity and completeness of asset source records
- perform procedures to confirm completeness, accuracy and condition of vested rural firefighting equipment.
To improve internal controls, councils should:
- track progress of implementing audit recommendations, and prioritise high-risk repeat issues
- continue to focus on cyber security governance and controls.
Read the PDF report
Regulation insights
What this report is about
In this report, we present findings and recommendations relevant to regulation from selected reports between 2018 and 2024.
This analysis includes performance audits, compliance audits and the outcomes of financial audits.
Effective regulation is necessary to ensure compliance with the law as well as to promote positive social and economic outcomes and minimise risks with certain activities.
The report is a resource for public sector leaders. It provides insights into the challenges and opportunities for more effective regulation.
Audit findings
The analysis of findings and recommendations is structured around four key themes related to effective regulation:
- governance and accountability
- processes and procedures
- data and information management
- support and guidance.
The report draws from this analysis to present insights for agencies to promote effective regulation. It also includes relevant examples from recent audit reports.
In this report, we also draw out insights for agencies that provide a public sector stewardship role.
The report highlights the need for agencies to communicate a clear regulatory approach. It also emphasises the need to have a consistent regulatory approach, supported by robust information about risks and accompanied with timely and proportionate responses.
The report highlights the need to provide relevant support to regulated parties to facilitate compliance and the importance of transparency through reporting of meaningful regulatory information.
Read the PDF report
Driver vehicle system
What this report is about
Transport for NSW (TfNSW) uses the Driver vehicle System (DRIVES) to support its regulatory functions. The system covers over 6.2 million driver licences and over seven million vehicle registrations.
DRIVES first went live in 1991 and has been significantly extended and updated since, though is still based around the same core system. The system is at end of life but has become an important service for Service NSW and the NSW Police Force.
DRIVES now includes some services to other parts of government and non-government entities which have little or no connection to transport. There are 141 users of DRIVES in total, including commercial insurers, national regulators, and individual citizens.
This audit assessed whether TfNSW is effectively managing DRIVES and planning to transition it to a modernised system.
Audit findings
TfNSW has not effectively planned the replacement of DRIVES.
It is now working on its third business case for a replacement system but has failed to learn lessons from its past attempts.
In the meantime, TfNSW has not taken a strategic approach to managing DRIVES’ growth.
TfNSW has been slow to reduce the risk of misuse of personal information held in DRIVES. With its delivery partner Service NSW, TfNSW has also been slow to develop and implement automatic monitoring of access.
TfNSW uses recognised processes for managing most aspects of DRIVES, but has not kept the system consistently available for users. TfNSW has lacked accurate service availability information since June 2022, when it changed its technology support provider.
TfNSW needs to significantly prioritise cyber security improvements to DRIVES. TfNSW is seeking to lift DRIVES’ cyber defences, but it will not achieve its stated target safeguard level until December 2025.
Even then, one of the target safeguards will not be achieved in full until DRIVES is modernised.
Audit recommendations
TfNSW should:
- implement a service management framework including insight into the views of DRIVES users, and ensuring users can influence the service
- ensure it can accurately and cost effectively calculate when DRIVES is unavailable due to unplanned downtime
- ensure implementation of a capability to automatically detect anomalous patterns of access to DRIVES
- ensure that DRIVES has appropriate cyber security and resilience safeguards in place as a matter of priority
- develop a clear statement of the future role in whole of government service delivery for the system
- resolve key issues currently faced by the DRIVES replacement program including by:
- clearly setting out a strategy and design for the replacement
- preparing a specific business case for replacement.
Read the PDF report
Parliamentary reference - Report number #388 - released 20 February 2024
Transport 2023
What this report is about
Result of the Transport portfolio of agencies' financial statement audits for the year ended 30 June 2023.
The audit found
Unqualified audit opinions were issued for all Transport portfolio agencies.
An 'emphasis of matter' paragraph was included in the Transport Asset Holding Entity of New South Wales' (TAHE) independent auditor's report, which draws attention to management's disclosure regarding proposed changes to TAHE's operating model.
Government's decision to convert TAHE into a non-commercial Public Non-Financial Corporation may impact the future valuation and the control of TAHE's assets.
Transport for NSW's valuation of roads and bridges resulted in a net increase to its asset value by $15.7 billion.
Transport for NSW and Sydney Metro have capitalised over $300 million of tender bid costs paid to unsuccessful tender bidders relating to significant infrastructure projects. Whilst NSW Treasury policy provides clarity on the reimbursement of unsuccessful bidders' costs, clearer guidance on how to account for these costs in agency's financial statements is required.
The key audit issues were
The number of issues reported to management decreased from 53 in 2021–22 to 49 in 2022–23.
High-risk findings include:
- gaps in how Sydney Metro manages its contractors and how conflicts of interest are recorded and managed
- future financial reporting implications to account for government's proposed changes to TAHE's future operating model, including asset valuations and control assessments of assets and operations
- Parramatta Park Trust's tree assets' valuation methodology needs to be addressed.
Recommendations were made to address the identified deficiencies.
This report provides Parliament and other users of the Transport portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Transport portfolio of agencies (the portfolio) for 2023.
Section highlights
- Unqualified audit opinions were issued on all the portfolio agencies’ 30 June 2023 financial statements.
- An 'Emphasis of Matter' paragraph was included in the Transport Asset Holding Entity of New South Wales’ (TAHE) Independent Auditor's Report to draw attention to management's disclosure regarding the proposed changes to TAHE's future operating model.
- The total number of errors (including corrected and uncorrected) in the financial statements increased by 59% compared to the prior year.
- The recent government's decision to convert TAHE into a non-commercial Public Non-Financial Corporation may impact the future valuation and the control of TAHE’s assets.
- Transport for NSW needs to further improve its quality assurance processes over comprehensive valuations, in particular, ensuring key inputs used in the valuations are properly supported and verified.
- Transport for NSW and Sydney Metro capitalised over $300 million of bid costs paid to unsuccessful bidders. NSW Treasury’s Bid Cost Contributions Policy does not contemplate how these costs should be recognised in agency’s financial statements. Transport agencies should work with NSW Treasury to develop an accounting policy for the bid cost contributions to ensure consistent application across the sector.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Transport portfolio.
Section highlights
- The 2022–23 audits identified four high risks and 28 moderate risk issues across the portfolio. Thirty-nine per cent of issues were repeat findings.
- Four high risk findings include:
- TAHE’s asset valuations (new)
- TAHE’s control of assets and operations (new)
- Sydney Metro’s management of contractors and conflicts of interest (new)
- Parramatta Park Trust’s valuation of trees (repeat).
- The total number of findings decreased from 53 in 2021–22 to 49 in 2022–23. Many repeat findings related to control weaknesses over the asset valuation, payroll processes, conflicts of interest and information technology user access administration.
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
State heritage assets
What the report is about
This audit assessed how effectively the Department of Planning and Environment (Heritage NSW) is overseeing and administering heritage assets of state significance.
Heritage that is rare, exceptional or outstanding to New South Wales may be listed on the State Heritage Register under the Heritage Act 1977. This provides assets with legal recognition and protection. Places, buildings, works, relics, objects and precincts can be listed, whether in public or private ownership.
Heritage NSW has administrative functions and regulatory powers, including under delegation from the Heritage Council of NSW, relevant to the listing, conservation and adaptive re-use of heritage assets of state significance.
In summary, the audit assessed whether Heritage NSW:
- is effectively administering relevant advice and decisions
- is effectively supporting and overseeing assets
- has established clear strategic priorities and can demonstrate preparedness to implement these.
What we found
Heritage NSW does not have adequate oversight of state significant heritage assets, presenting risks to its ability to promote the objects of the Heritage Act.
Information gaps and weaknesses in quality assurance processes limit its capacity to effectively regulate activities affecting assets listed on the State Heritage Register.
Heritage NSW has adopted a focus on customer service and recently improved its timeliness in providing advice and making decisions about activities affecting listed assets. But Heritage NSW has not demonstrated how its customer-focused priorities will address known risks to its core regulatory responsibilities.
Listed assets owned by government entities are often of high heritage value. Heritage NSW could do more to promote effective heritage management among these entities.
What we recommended
The report made eight recommendations to Heritage NSW, focusing on:
- improving quality assurance over advice and decisions
- improving staff guidance and training
- defining and maintaining data in the State Heritage Register
- clarifying its regulatory intent and approach
- sector engagement and interagency capability to support heritage outcomes.
The Heritage Act 1977 (the Heritage Act) and accompanying regulation provide the legal framework for the identification, conservation and adaptive re-use of heritage assets in New South Wales.
The Department of Planning and Environment (Heritage NSW) has responsibility for policy, legislative and program functions for state heritage matters, including supporting the Minister for Heritage to administer the Heritage Act.
Heritage assets that are rare, exceptional or outstanding beyond a local area or region may be listed on the State Heritage Register under the Heritage Act. These assets include places, buildings, works, relics, moveable objects and precincts, and assets that have significance to Aboriginal communities in New South Wales. Assets nominated for and listed on the State Heritage Register ('listed assets') may be owned privately or publicly, including by local councils and state government entities.
The Heritage Act establishes the Heritage Council of NSW (the Heritage Council) to undertake a range of functions in line with its objectives. Heritage NSW provides administrative support to the Heritage Council, for example providing advice on assets that have been nominated for listing on the State Heritage Register. Many of Heritage NSW’s core activities also relate to exercising functions and powers under delegation from the Heritage Council. These include making administrative decisions about works affecting listed assets, and exercising powers to regulate asset owners’ compliance with requirements under the Heritage Act.
Heritage NSW states that heritage:
| …gives us a sense of our history and provides meaningful insights into how earlier generations lived and developed. It also enriches our lives and helps us to understand who we are. |
According to Heritage NSW, an effective heritage system will facilitate the community in harnessing the cultural and economic value of heritage.
The objective of this audit was to assess how effectively the Department of Planning and Environment (Heritage NSW) is overseeing and administering heritage assets of state significance.
For this audit, ‘heritage assets of state significance’ refers to items (including a place, building, work, relic, moveable object or precinct) listed on the State Heritage Register ('listed assets'), and those which have been nominated for listing.
ConclusionThe Department of Planning and Environment (Heritage NSW) does not have adequate oversight of state significant heritage assets. Information gaps and weaknesses in certain assurance processes limit its capacity to effectively regulate activities affecting assets listed on the State Heritage Register. These factors also constrain its ability to effectively support voluntary compliance and promote the objects of the Heritage Act, which include encouraging conservation and adaptive re-use.Heritage NSW has adopted a focus on customer service and recently improved the timeliness of its advice and decisions on activities affecting listed assets. But Heritage NSW has not demonstrated how its customer service priorities will address known risks to its regulatory responsibilities. It could also do more to enable and promote effective heritage management among state government entities that own listed assets.The information that Heritage NSW maintains about assets listed on the State Heritage Register ('listed assets') is insufficient for its regulatory and owner engagement purposes. Data quality and completeness issues have arisen since the register was established in 1999. But Heritage NSW's progress to address important gaps in the register, and its other information systems, has been limited in recent years. These gaps limit Heritage NSW’s capacity to detect compliance breaches early and implement risk-based regulatory responses, and to strategically target its owner engagement activities to promote conservation and re-use. Heritage NSW makes decisions on applications for works on listed assets, requiring technical skills and professional judgement. But Heritage NSW does not provide its staff with adequate guidance to ensure that consistent approaches are used, and it lacks sufficient quality assurance processes. There are similar weaknesses in Heritage NSW's oversight of decisions on applications that are delegated to other government entities. Heritage NSW has prioritised the implementation of customer service-focused activities, policies, and programs to reduce regulatory burdens on asset owners since 2017. For example, Heritage NSW has refreshed its website, introduced new information management systems, and implemented new regulation for the self-assessment of exemptions for minor works. However, Heritage NSW has not taken steps to mitigate oversight and quality risks introduced with the reduced regulatory burdens. Heritage NSW has made some, but to date insufficient, progress on a key project to update its publications. These documents (over 150 publications) are intended to play an important role in promoting voluntary compliance and supporting heritage outcomes. Heritage NSW started a new project to update relevant publications in April 2023. Heritage NSW has recently implemented processes to improve its efficiency, such as screening new nominations for listing on the State Heritage Register. Heritage NSW has also reported improvements in the time it takes to decide on applications for works affecting listed assets. In the third quarter of 2022–23, 87% of decisions were made within the statutory timeframes. This compares to 48% in 2021–22. Heritage NSW has similarly improved how quickly it provides heritage advice on major projects, with 90% of advice reported as delivered on time in the third quarter of 2022–23, compared to 44% in 2020–21. Assets owned by state government entities comprise a large proportion of State Heritage Register listings. These assets are often of high heritage value or situated within large and complex precincts or portfolios. But Heritage NSW does not implement targeted capability building activities to support good practice heritage management among state government entities and to promote compliance with their obligations under the Heritage Act. The expected interaction between Heritage NSW's strategic plans and activities, and the priorities of the Heritage Council of NSW, is unclear. Actions to clarify the relevant governance arrangements have also been slow following a review in 2020 but this work re-commenced in late 2022. Heritage NSW has been progressing work to draft reforms to the Heritage Act. This follows recommendations made in a 2021 Upper House Inquiry into the Heritage Act. To build preparedness for future reforms, Heritage NSW will need to do more to address the risks and opportunities identified in this audit report. In particular, it will need to ensure it has sufficient information and capacity to implement a risk-based regulatory approach; clear and effective governance arrangements with the Heritage Council of NSW; and enhanced engagement with government entities to promote the conservation and adaptive re-use of listed assets in public ownership. |
This chapter assesses the effectiveness of Heritage NSW's oversight of state heritage assets, including its visibility of listed assets, and its oversight of regulatory decision-making. It also assesses Heritage NSW's activities to engage with owners to meet their obligations under the Heritage Act and to support heritage outcomes.
This chapter assesses the timeliness of Heritage NSW’s provision of advice, recommendations, and decisions on heritage issues to support heritage management outcomes with respect to listed assets.
This chapter assesses whether the Department of Planning and Environment (Heritage NSW) has established clear strategic priorities to effectively oversee and administer activities related to listed assets, and its preparedness to implement reforms. It also assesses the adequacy of planning activities and governance arrangements to support the achievement of strategic directions.
Appendix one – Response from agency
Appendix two – About the audit
Appendix three – Performance auditing
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #384 - released 27 June 2023
Financial Management and Governance in MidCoast Council
Introduction
The Auditor-General's financial and performance audits of local councils aim to improve financial management, governance and public accountability across the local government sector.
Annual Local Government reports to Parliament have consistently highlighted risks and weaknesses across the sector in relation to financial management and governance. We will continue to focus on these matters as a priority area in our forward work program.
While this report focuses on MidCoast Council, the findings should be considered by all councils to better understand the challenges and opportunities when addressing financial sustainability and financial management needs.
Findings and recommendations around the effectiveness of long-term financial planning, comprehensive and timely financial reporting and financial management governance arrangements are relevant for all councils.
What this report is about
The Local Government Act 1993 requires councils to apply sound financial management principles, including sustainable expenditure, effective financial management and regard to intergenerational equity.
This audit assessed whether MidCoast Council has effective financial management arrangements that support councillors and management to fulfill their responsibilities as financial stewards.
What we found
MidCoast Council has not met all legislative and policy requirements for long-term financial planning.
From FY2019–20 to FY2020–21, the Council had financial management and governance gaps. Some gaps were addressed throughout FY2021–22.
MidCoast Council experienced significant challenges in its implementation of a consolidated financial management system following amalgamation in 2016 and the merging of MidCoast Water in 2017. This led to gaps in finance processes and data quality.
What we recommended
The report recommends that MidCoast Council should:
- ensure its long-term financial plan meets legislative and policy requirements
- undertake service reviews to better understand net costs to inform budget and financial planning decisions
- improve the quality of asset management information to inform budget and financial planning decisions
- use the financial management components of the MC1 system to its full potential
- address control and process gaps identified in audits and reviews
- ensure competency of those responsible for finance and budget
- ensure financial sustainability initiatives account for the cost of services and asset management information.
Effective financial management is important in ensuring that councils achieve their long-term objectives, remain financially viable and deliver intended benefits to the community.
Sustainable financial management has been a priority for the local government sector since 2013 and continues to be one of the highest rated risks and priorities among councils in 2023.
According to data provided by the Department of Planning and Environment, during FY2020–21, NSW local councils:
- collected $7.8 billion in rates and annual charges
- received $5.8 billion in grants and contributions
- incurred $4.8 billion of employee benefits and on costs
- held $16.8 billion of cash and investments
- managed $175.2 billion in infrastructure, property plant and equipment
- entered into $3.7 billion of borrowings.
The Local Government Act 1993 (LG Act) requires local councils to apply sound financial management principles including responsible and sustainable expenditure, investment, and effective financial and asset management. Under the LG Act and the Local Government Regulation 2021 (LG Regulation) councils are required to:
- establish and monitor their budget position
- clearly establish approaches to raise revenue, including from rates and other sources
- develop and implement integrated planning to ensure financial sustainability in line with community priorities and needs
- regularly report on their financial performance through financial statements.
The objective of the audit is to assess whether MidCoast Council (the Council) has effective financial management arrangements that support councillors and management to fulfil their financial stewardship responsibilities. It considers whether:
- the Council has an effective governance framework for financial management, through the existence of governance, risk management, internal controls and provision of adequate financial management training, including whether:
- governance, risk management and internal controls are in place for financial management
- adequate financial management and governance training and support has been provided to councillors, management and operational managers.
- the Council has quality and comprehensive internal financial management reporting, including whether:
- councillors and management have identified and implemented essential internal financial management reporting elements
- council’s financial systems and data have integrity, and support identified financial management report production requirements
- council reports are relevant, consistent, reliable, understandable, and tailored towards the requirements of key users (appendix two provides more information about the characteristics of effective financial management reporting).
- the financial management governance and reporting arrangements support councillors and management to fulfil their financial stewardship responsibilities, including whether councillors and management use internal financial management reporting to:
- support budget decisions, resource allocation and cost setting (for example fees and charges)
- monitor financial sustainability
- assess operational efficiency, financial services and investments
- make improvements where necessary.
This audit completed fieldwork during November 2022 to February 2023. The audit period of review was from 1 July 2019 to 30 June 2022.
Conclusion
MidCoast Council has not effectively carried out long-term financial planning to address its identified long-term financial sustainability challenges.
MidCoast Council has not met all legislative and policy requirements to effectively carry out long-term financial planning. It has not effectively considered and communicated how it will achieve financial sustainability goals and has not identified options to achieve such goals through its long-term financial plan.
Since 2020, and throughout 2021 and 2022, MidCoast Council has identified a need to focus on developing strategies for financial sustainability following the projected operating deficit for its general fund over the next ten years.
In September 2022, the Council took early steps to implement plans that aim to address the identified financial sustainability issues, but the Council has not yet established effective processes to analyse the true cost of services and address its unreliable asset condition data. Both are required to accurately inform its long-term resourcing strategy.
Between FY2019–20 and FY2020–21, MidCoast Council had gaps in its financial management and governance arrangements. The Council has taken some actions to address the gaps throughout FY2021–22.
Between FY2019–20 and FY2020–21, MidCoast Council did not ensure effective financial management governance and reporting arrangements. Over that time, the Council did not perform monthly reconciliation and reporting processes that would provide timely information and assurance to management and councillors over the Council's finances. It did not ensure that all financial management reporting met statutory deadlines for submission to councillors.
During this period, reviews, financial audits and internal audits identified risks to, and gaps in, finance processes, systems and controls. The consequences of these gaps were increased use of manual processes, and risks to the integrity of financial data and information used by management.
During FY2021–22, MidCoast Council implemented actions and processes that have increased transparency and led to improved financial governance. These include addressing and implementing some audit recommendations, and implementing monthly financial management reporting and month-end reconciliations.
MidCoast Council has commenced a $21 million program to improve its customer experience, asset management, ICT and back office business processes. The Council advises that this program has a five-year implementation timeframe and it expects to achieve financial benefits over the ten years following commencement.
MidCoast Council experienced significant challenges in its implementation of a consolidated financial management system following amalgamation in 2016 and the merging of MidCoast Water functions in 2017. This has led to gaps in finance processes and data quality within the system.
In 2016, following amalgamation, MidCoast Council commenced work to procure and implement an enterprise resource planning system which included a consolidated financial management system. In 2017, Council further merged with MidCoast Water and arrangements were made to implement the system (MC1) after the functions of MidCoast water were incorporated. The Council continued to use four separate financial management systems until it commenced a progressive implementation of MC1 from 2019 to 2021. Across MC1's implementation, the Council experienced significant challenges relating to change management, user functionality and configuration.
This meant that the Council did not ensure that all of its staff were using MC1 effectively and efficiently, which led to gaps in finance processes and data quality, and delays in delivering integrated and automated financial processes across the amalgamated Council.
Since implementation, MidCoast Council has used MC1 to carry out finance processes required to collect rates, prepare budgets, monitor expenditure and income and prepare financial statements.
Appendix one – Response from agency
Appendix two – Characteristics of effective financial management reporting
Appendix three – About the audit
Appendix four – Performance auditing
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #381 - released 16 June 2023
Local Government 2022
This report is about
Results of the local government sector financial statement audits for the year ended 30 June 2022.
What we found
Unqualified audit opinions were issued for 83 councils, 11 joint organisations and nine county councils' financial statements.
The financial audits for two councils and two joint organisations are in progress due to accounting issues.
Fifty-seven councils and joint organisations (2021: 41) required extensions to submit their financial statements to the Office of Local Government (OLG), within the Department of Planning and Environment (the department).
The audit opinion on Kiama Municipal Council's 30 June 2021 financial statements was disclaimed due to deficient books and records.
Qualified audit opinions were issued on 43 councils' financial statements due to non-recognition of rural firefighting equipment vested under section 119 (2) of the Rural Fires Act 1997. Forty-seven councils appropriately recognised this equipment.
What we recommended
Consistent with the NSW Government's accounting position and the department's role of assessing councils' compliance with legislative responsibilities, standards or guidelines, the department should intervene where councils do not recognise vested rural firefighting equipment.
The key issues
There were 1,045 audit findings reported to councils in audit management letters, with 52% being unresolved from prior years.
What we recommended
Councils need to track progress of implementing audit recommendations, giving priority to high-risk and repeat issues.
Ninety-three high-risk matters were identified across the sector mainly relating to asset management, information technology, financial accounting and council governance procedures.
Asset valuations
Audit management letters reported 267 findings relating to asset management. Fifty-three councils had deficiencies in processes that ensure assets are fairly stated.
What we recommended
Councils need to complete timely asset valuations (repeat recommendation).
Integrity and completeness of asset source records
Fifty-two councils had weak processes over the integrity of fixed asset registers.
What we recommended
Councils need to improve controls that ensure integrity of asset records (repeat recommendation).
Cybersecurity
Our audits found that 47% of councils did not have a cyber security plan.
What we recommended
All councils need to prioritise creation of a cyber security plan to ensure data and assets are safeguarded.
Pursuant to the Local Government Act 1993 I am pleased to present my Auditor-General's report on Local Government 2022. My report provides the results of the 2021–22 financial audits of 126 councils, 11 joint organisations and nine county councils. The audits for two councils and two joint organisations are in progress due to significant accounting issues.
Unqualified audit opinions were issued for 83 councils, 11 joint organisations and nine county councils' 2021–22 financial statements. The statements for 43 councils were qualified due to non-recognition of rural firefighting equipment vested under section 119 (2) of the Rural Fires Act 1997. And the audit opinion on Kiama Municipal Council's 30 June 2021 financial statements was disclaimed due to deficiencies in books and records.
This year has again been challenging for many New South Wales local councils still recovering from the impact of emergency events and facing cost and resourcing pressures. We appreciate the efforts of council staff and management in meeting their financial reporting obligations. We share a mutual interest in raising the standard of financial management in this sector, and the importance of accurate and transparent reporting.
Disappointingly, accounting for the value of rural firefighting equipment vested in councils continued to be an unnecessary distraction and resulted in 43 councils having their financial statements qualified. We continue to recommend that the Office of Local Government should intervene where councils fail to comply with Australian Accounting Standards by not recognising assets vested to them under section 119(2) of the Rural Fires Act 1997.
Sound financial management is critical to councils' ability to instil trust and properly serve their communities. The recommendations in this report are intended to further improve their financial management and reporting capability, and encourage sound governance arrangements and cyber resilience. I am committed to continuing this work with councils in the 2022–23 year and beyond.
Margaret Crawford PSM
Auditor-General for New South Wales
Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines audit observations related to the financial reporting audit results of councils and joint organisations.
Section highlights
|
A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations, and support ethical government.
This chapter outlines the overall trends in governance and internal controls across councils and joint organisations in 2021–22.
Financial audits focus on key governance matters and internal controls supporting the preparation of councils’ financial statements. Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues are reported to management and those charged with governance through audit management letters. These letters include our observations, related implications, recommendations and risk ratings.
Section highlights
|
Total number of findings reported in audit management letters decreased
The following shows the overall findings of the 2021–22 audits reported in management letters compared with the previous year.
Appendix two – Status of audits
Appendix three – Councils received qualified audit opinions
Appendix four – Common reasons for council extensions
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Natural disasters
What this report is about
This report draws together the financial impact of natural disasters on agencies integral to the response and impact of natural disasters during 2021–22.
What we found
Over the 2021–22 financial year $1.4 billion from a budget of $1.9 billion was spent by the NSW Government in response to natural disasters.
Total expenses were less than the budget due to underspend in the following areas:
- clean-up assistance, including council grants
- anticipated temporary accommodation support
- payments relating to the Northern Rivers Business Support scheme for small businesses.
Natural disaster events damaged council assets such as roads, bridges, waste collection centres and other facilities used to provide essential services. Additional staff, contractors and experts were engaged to restore and repair damaged assets and minimise disruption to service delivery.
At 30 June 2022, the estimated damage to council infrastructure assets totalled $349 million.
Over the first half of the 2022–23 financial year, councils experienced further damage to infrastructure assets due to natural disasters. NSW Government spending on natural disasters continued with a further $1.1 billion spent over this period.
Thirty-six councils did not identify climate change or natural disaster as a strategic risk despite 22 of these having at least one natural disaster during 2021–22.
Section highlights
|
Section highlights
|
Regulation and monitoring of local government
What the report is about
The Office of Local Government (OLG) in the Department of Planning and Environment is responsible for strengthening the local government sector, including through its regulatory functions.
This audit assessed whether the OLG is effectively monitoring and regulating the sector under the Local Government Act 1993. The audit covered:
- the effectiveness of departmental arrangements for the OLG to undertake its regulatory functions
- whether the OLG has effective mechanisms to monitor and respond to risks and issues relating to council compliance and performance.
What we found
The OLG does not conduct effective, proactive monitoring to enable timely risk-based responses to council performance and compliance issues.
The OLG has not clearly defined and communicated its regulatory role to ensure that its priorities are well understood.
The OLG does not routinely review the results of its regulatory activities to improve its approaches.
The department lacks an adequate framework to define, measure and report on the OLG's performance, limiting transparency and its accountability.
The OLG's new strategic plan presents an opportunity for the OLG to better define, communicate, and deliver on its regulatory objectives.
What we recommended
The OLG should:
- publish a tool to support councils to self-assess risks and report on their performance and compliance
- ensure its council engagement strategy is consistent with its regulatory approach
- report each year on its regulatory activities and performance
- publish a calendar of its key sector support and monitoring activities
- enhance processes for internally tracking operational activities
- develop and maintain a data management framework
- review and update frameworks and procedures for regulatory responses.
The Local Government Act 1993 (the LG Act) provides the legal framework for the system of local government in New South Wales. The LG Act describes the functions of councils, county councils and joint organisations which should be exercised consistent with the guiding principles and requirements of the LG Act. Councils also have functions and responsibilities under other Acts.
There are 128 local councils, nine county councils and 13 joint organisations of councils in the New South Wales local government sector. Each council is unique in size and location, owns and manages assets, and delivers services for their communities. According to 2021–22 data provided by the Department of Planning and Environment (the department), local councils managed $175.2 billion in infrastructure, property plant and equipment, held $16.8 billion of cash and investments, collected $7.8 billion in rates and charges and entered into $3.7 billion of borrowings. Councils' decision-making responsibilities directly impact the communities they serve, including responsibilities relevant to financial management, economic development, environmental sustainability and community wellbeing.
Under the LG Act, each elected council is accountable to the community they serve. In addition to Auditor-General reports, issues relating to council performance and compliance have been identified in public inquiries commissioned by the Minister for Local Government and investigations by the Independent Commission Against Corruption, NSW Ombudsman and Office of Local Government (OLG). Challenges and opportunities related to the operations and sustainability of the local government sector have also been reported by the sector and identified in reports by NSW government agencies such as the Independent Pricing and Regulatory Tribunal.
The department is the primary state government agency with responsibility for policy, legislative, regulatory and program functions for local government matters. The Office of Local Government (OLG) is a business unit within the department that advises the Minister for Local Government and exercises delegated functions of the Secretary of the Department of Planning and Environment under the LG Act.
Key departmental planning documents state that the OLG is responsible for strengthening the sustainability, performance, integrity, transparency and accountability of the local government sector. As the state regulator of the local government sector, the OLG aims to promote voluntary compliance, build councils' capacity for high performance, and intervene only when 'warranted and appropriate'. Relevant regulatory activities include issuing guidelines, investigating councils and councillors, and supporting the Minister for Local Government's discretionary intervention powers. The OLG's other functions include developing policy, administering grants and programs, supporting local government election processes, and issuing certain approvals.
The objective of this audit was to assess whether the OLG is effectively monitoring and regulating the local government sector under the LG Act. The assessment included:
- the effectiveness of departmental arrangements for the OLG to undertake its regulatory functions
- whether the OLG has effective mechanisms to monitor and respond to risks and issues relating to council compliance and performance.
This report focuses on the OLG’s activities relevant to powers under Chapter 13 of the LG Act, and related regulatory activities, such as monitoring risks, issuing guidance and engaging with councils. It also examines strategic and operational planning for these activities in the context of the OLG's other activities, and departmental arrangements to oversee and enable the OLG's regulatory effectiveness.
Other OLG activities were not in scope of the audit but are commented on in this report where contextually relevant. This includes the OLG's responsibilities under the LG Act with respect to councillor misconduct, and the 2022 review of the councillor misconduct framework commissioned by the former Minister for Local Government.
ConclusionThe Office of Local Government (OLG) in the Department of Planning and Environment (the department) does not conduct effective, proactive monitoring to enable timely risk-based responses to council performance and compliance issues. Council performance and compliance varies and a range of issues continue across the local government sector – some significant – that can impact on councils' operations and sustainability. The department recognises that an effective and efficient sector is 'crucial to the economic and social wellbeing of communities across the State,' but the OLG does not routinely review the results of its regulatory activities to improve its approaches. The OLG has also not clearly defined and communicated its regulatory role to ensure that its priorities are well understood. Inadequate performance measurement and reporting on its regulatory activities is a significant transparency and accountability issue, and the OLG cannot demonstrate that it is effectively regulating the local government sector. The department lacks an adequate framework to define, measure and report on the OLG's performance as the state regulator of the sector under the Local Government Act 1993 (the LG Act). The OLG's various council engagement activities are not well structured and coordinated towards delivering on a clearly defined regulatory role and its regulatory priorities are not well understood. In 2022, the OLG identified, in its new strategic plan, that there is a need for it to define its role in the sector. It would be expected that a clearly defined role already underpins its aim to 'strike the right mix of monitoring, intervention, capability improvement and engagement activities'. The OLG collects various sources of information about council compliance and performance but its systems and processes do not enable structured, proactive sector monitoring to enable timely, risk-based responses. Ineffective sector monitoring is a particular issue in the context of compliance, financial management and governance risks that have been identified in inquiries and reviews by other government agencies including integrity bodies and reported by the sector. Audit Office data for 2021–22 shows that 62 councils did not have or regularly update key corporate governance policies, and 63 do not have basic controls to manage cyber security risks. Further, 31 councils or joint organisations did not meet the statutory requirement to have an audit, risk and improvement committee by 30 June 2022.1 Overall, the OLG has made limited progress on projects that have been identified since 2019 to improve its sector monitoring, such as updating its performance measurement framework for councils. These factors limit its capacity to identify and act on issues early. In early 2023, the OLG started to implement a new council risk assessment tool. The OLG's two main frameworks to guide its sector improvement and intervention activities were last updated in 2014 and 2017. The OLG considered relevant statutory criteria when advising the Minister on the use of powers to issue performance improvement and suspension orders under the LG Act. But the OLG lacks complete and approved procedures to guide staff when preparing advice and recommendations related to interventions, and other response options. This creates risks to the consistency and transparency of relevant processes. The department and the OLG have identified that resourcing issues present a risk to the OLG's regulatory functions. Projects since 2021 to review the OLG's budget did not progress. The OLG does not routinely review the costs or evaluate the effectiveness of its regulatory activities. The OLG's 2022–2026 strategic plan sets out a vision to be, 'A trusted regulator and capability builder enabling councils to better serve their communities'. Implementing the strategic plan presents an opportunity for the OLG to better define, communicate, and deliver on its regulatory objectives towards strengthening the sector. The OLG advises that a delivery plan and performance indicators for its new strategy are being developed, alongside work resulting from the 2022 review of the councillor misconduct framework. |
This chapter considers the effectiveness of departmental arrangements for the OLG to undertake its regulatory functions.
This chapter assesses whether the OLG has effective mechanisms to monitor and respond to risks and issues relating to council compliance and performance.
The OLG’s 2017 Improvement and Intervention Framework is intended to guide appropriate responses to council compliance or performance risks and issues. The publicly available framework states that generally, the OLG will encourage councils to meet their obligations before a more formal intervention will be considered. It also states that any intervention or improvement response will be proportionate to the circumstances.
Appendix one – Response from agency
Appendix two – Statutory powers relevant to council accountability under the Local Government Act
Appendix three – About the audit
Appendix four – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #380 - released 23 May 2023
