Refine search Expand filter

Audit progress

- Any -

Sector

- Any -

Year

- Any -

Report type

- Any -

Topic

- Any -

Reports

Published

Internal controls and governance 2021

Whole of Government
Compliance
Cyber security

This report analyses the internal controls and governance of the 25 largest agencies in the NSW public sector, excluding state owned corporations and public financial corporations, for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the ‘Report on State Finances’ focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the ‘Report on State Finances’ has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no matters in this report impacting the Total State Sector Accounts we have decided to break with normal practice and table this report ahead of the ‘Report on State Finances’.

What the report is about

This report analyses the internal controls and governance of the 25 largest agencies in the NSW public sector, excluding state owned corporations and public financial corporations, for the year ended 30 June 2021.

What we found

Internal control trends

The proportion of control deficiencies identified as high risk this year increased to 2.8 per cent (2.5 per cent in 2019–20). Six high risk findings related to financial controls while three related to IT controls. Two were repeat findings from the previous year.

Repeat findings of control deficiencies now represent 49 per cent of all findings (42 per cent in 2019–20).

Information technology

We continue to see a high number of deficiencies relating to IT general controls, particularly around user access administration and privileged user access which affected 82 per cent of agencies.

Cyber security

Agencies' self-assessed maturity levels against the NSW Cyber Security Policy (CSP) mandatory requirements are low. Although agencies are required to demonstrate continuous improvement against the CSP, 20 per cent have not set target levels and of those that have set target levels, 40 per cent have not met their target levels.

Policies, processes and definition around security incidents and data breaches lack consistency. Improvement is required to ensure breaches are recorded in registers and action taken to address the root cause of incidents.

Conflicts of interest

Agencies' policies generally meet the minimum requirements of the Ethical Framework set out in the Government Sector Employment Act 2013. However, few meet the Independent Commission Against Corruption's best practice guidelines. Policies could be strengthened in relation to requirements around annual declarations of interests from employees and contractors.

Masterfile management

Policies governing the management of supplier masterfiles and employee masterfiles existed in 79 per cent and 54 per cent of agencies respectively.

Weaknesses were identified in those policies. Access restriction, segregation of duties and record keeping were the most common opportunities for improvement.

Tracking recommendations

Most agencies do not maintain a register to monitor recommendations from performance audits and public inquiries. Registers of recommendations could be improved to include risk ratings and record revisions to due dates. While recommendations can take several years to fully address, the oldest open items were originally due for completion by June 2016.

What we recommended

Agencies should:

  • prioritise actions to address repeat control deficiencies, particularly those that have been repeated findings for a number of years
  • prioritise improvements to their cyber security and resilience as a matter of urgency
  • formalise and implement policies on tracking and monitoring the progress of implementing recommendations from performance audits and public inquiries.

Fast facts

The 25 largest NSW government agencies in this report cover all nine clusters and represent over 95 per cent of total expenditure for NSW public sector.

  • high risk audit findings were identified this year
  • 40% of agencies have not formally accepted residual cyber risk based on their self-assessed maturity levels
  • 52% of agencies do not have a policy on tracking recommendations from performance audits and public inquiries
  • 50% of all internal control deficiencies identified in 2020–21 were repeat findings
  • 75% is the average completion rate of annual staff declarations of interests.

Internal controls are processes, policies and procedures that help agencies to:

  • operate effectively and efficiently
  • produce reliable financial reports
  • comply with laws and regulations
  • support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.

The scope of this year's report covers 25 general government sector agencies. Last year's report covered 40 agencies within the total state sector. For consistency and comparability, we have adjusted the 2020 results to include only the agencies remaining within scope of this year's report. Therefore, the 2020 figures will not necessarily align with those reported in our 2020 report.

Section highlights

  • We identified nine high risk findings, compared to eight last year, with two findings repeated from last year. Six of the nine findings related to financial controls and three related to IT controls.
  • The proportion of repeat deficiencies has increased from 44 per cent in 2019–20 to 50 per cent in 2020–21. The longer these weaknesses in internal control systems exist, the higher the risk that they may be exploited and consequential impact.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agency controls to manage key financial systems.

Section highlights

  • We continue to see a high number of deficiencies related to IT general controls, particularly those related to user access administration and privileged user access.
  • Agencies are increasingly contracting out key IT services to third parties, however, weaknesses in IT service providers' controls can expose an agency to cyber security risks.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' cyber security planning and governance arrangements.

Section highlights

  • Agencies' self‑assessed cyber maturity levels against the NSW Cyber Security Policy mandatory requirements are low and have not met their target levels. Forty per cent of agencies have not formally accepted the residual risk from gaps between their target and current maturity levels.
  • Most agencies have conducted cyber awareness training to staff during 2020–21. Some have further enhanced this training through awareness exercises such as simulated phishing emails to test staff knowledge.
  • Registers of security incidents and breaches are not consistent across agencies. Four agencies recorded nil breaches during 2020–21, however, their definition of incidents and breaches was not consistent with other agencies. For instance, they did not include account compromises or denial of service attacks. Only seven agencies' registers included details of actions taken to resolve issues.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' conflicts of interest management processes.

Section highlights

  • Most agencies have established conflicts of interest policies consistent with the mandatory requirements of the Code of Ethics and Conduct for NSW Government sector employees. Agencies' policies could be strengthened to apply the standard they apply to senior executives to all employees and contractors. Currently, only senior employees are required to make annual declarations of interests, yet the ability to make or influence decisions is delegated to others in the organisation.
  • Half of agencies' policies specify units or divisions that are at higher risk of conflicts of interest arising due to the nature of their business. Policies should identify additional measures at the unit/division level to mitigate these risks.
  • On average, less than 75 per cent of staff completed annual declarations of interest where required. This could be improved with ongoing staff training and awareness, and follow up on incomplete conflicts of interest.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agency's management of supplier and employee masterfiles.

Section highlights

  • Most agencies have established policies or procedures on supplier masterfile management, however, only 56 per cent do for employee masterfile management.
  • Less than half of agencies review user access rights to supplier or employee masterfiles which contain sensitive information and are susceptible to fraud. Access to edit the masterfiles should be limited to authorised personnel for whom it is required to perform their duties.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' processes to track and monitor the implementation of recommendations from performance audits and public inquiries.

Section highlights

  • Less than half of all agencies have a formal policy on monitoring recommendations from performance audits or public inquiries. Agencies should formalise and implement policies on tracking and monitoring the progress of those recommendations.
  • 56 per cent of agencies maintain a register of recommendations from performance audits or public inquiries. Registers could be improved to include features such as risk/priority rating, milestone due dates, record of revisions to due dates and explanatory comments.
  • Recommendations can take several years to address, with the oldest unactioned items we noted dating back to 2016. Agencies reported completion of a third of recommendations that were raised within the last year.

Published

Universities 2020 audits

Universities
Cyber security
Financial reporting
Internal controls and governance

What the report is about

Results of the financial statement audits of the public universities in NSW for the year ended 31 December 2020.

What we found

Unqualified audit opinions were issued for all ten universities.

Two universities reported retrospective corrections of prior period errors.

Universities were impacted by the COVID-19 pandemic with student enrolments decreasing in 2020 compared to 2019 by 10,032 (3.3 per cent). Of this decrease 8,310 students were from overseas.

In response to the pandemic, each university provided welfare support, created student hardship funds, provided accommodation and flexibility on payment of course fees. State and Commonwealth governments provided additional support to the sector.

Six universities recorded negative net operating results in 2020 (two in 2019). The combined revenues of the ten universities from fees and charges decreased by $361 million (5.8 per cent).

Despite the impact of the COVID-19 pandemic, which will continue to impact the financial results of universities in 2021, enrolments of overseas students in semester one of 2021 increased at two universities. This growth meant that total overseas student enrolments increased by 7,944 or 5.8 per cent across the sector as a whole. However, eight universities experienced decreases in overseas student enrolments compared to semester one of 2020. All universities have experienced growth in domestic student enrolments.

What the key issues were

There were 110 findings reported to universities in audit management letters.

Three high risk findings were identified. One related to the continued work by the University of New South Wales to assess its liability for underpayment of casual staff entitlements. The other two deficiencies were at Charles Sturt University, relating to financial reporting implications of major contracts, and resolving issues identified by an internal review of its employment contracts to reliably quantify the university’s liability to its employees.

What we recommended

Universities should prioritise actions to address repeat findings. Forty-five findings were repeated from 2019, of which 23 related to information technology.

Fast facts

There are ten public universities in NSW with 51 local controlled entities and 23 overseas controlled entities.

  • $10.9bn Total combined revenue in 2020, a decrease of $538.5 million (4.7 per cent) from 2019.
  • 106,984 Overseas student enrolments in 2020, a decrease of 8,310 students (7.2 per cent) from 2019.
  • 3 High risk management letter findings were identified.
  • $11.0bn Total combined expenditure in 2020, a decrease of $147.8 million (0.9 per cent) from 2019.
  • 182,683 Domestic student enrolments in 2020, a decrease of 1,722 students (0.9 per cent) from 2019.
  • 41% Of reported issues were repeat issues.

Further information

Please contact Ian Goodwin, Deputy Auditor-General on 9275 7347 or by email.

This report analyses the results of our audits of the financial statements of the ten universities in NSW for the year ended 31 December 2020. The table below summarises our key observations.

1. Financial reporting

Financial reporting The 2020 financial statements of all ten universities received unmodified audit opinions.

Two universities reported retrospective corrections of prior period errors. The University of Sydney reported errors relating to the underpayment of staff entitlements and the fair value of buildings. Charles Sturt University reported an error relating to how it had calculated right‑of‑use assets and lease liabilities on initial application of the new leasing standard in the previous year.
Impacts of COVID‑19

Student enrolments decreased in 2020 compared to 2019 by 10,032 (3.3 per cent). Of this decrease, 8,310 students were from overseas.

The ongoing impact of COVID‑19 in the short‑term, on semester one enrolments for 2021 compared to semester one of 2020, has been mixed:

  • all universities in NSW experienced a growth in their domestic student enrolments
  • eight universities experienced decreases in overseas student enrolments.

During 2020, universities provided welfare support to students, created student hardship funds, provided accommodation, and flexibility on payment of course fees.

State and Commonwealth governments provided additional support to the sector:

  • those university controlled entities eligible to receive JobKeeper payments received a combined amount under the Commonwealth scheme totalling $47.6 million in 2020
  • the NSW Government launched a University Loan Guarantee scheme.
Financial results

Six universities recorded negative net operating results in 2020 (two in 2019). While most universities experienced decreased revenue in 2020, only four had reduced their expenses to a level that was less than revenue.
Revenue from operations

Universities' revenue streams were impacted in 2020 by the COVID‑19 pandemic, with fees and charges decreasing by $361 million (5.8 per cent).

Government grants as a proportion of total revenue increased for the first time in five years to 34 per cent in 2020.

Nearly 40 per cent of universities' total revenue from course fees in 2020 (40.9 per cent in 2019) came from overseas students from three countries: China, India and Nepal (same in 2019). Students from these countries of origin contributed $2.2 billion ($2.4 billion in 2019) in fees. Some universities continue to be dependent on revenues from students from these destinations and their results are more sensitive to fluctuations in demand as a result.
Other revenues

Overall philanthropic contributions to universities increased by 32.2 per cent in 2020 to $222 million ($167.9 million in 2019). The University of Sydney and the University of New South Wales attracted 75.2 per cent of the total philanthropic contributions in 2020 (69.5 per cent in 2019).

Total research income for universities was $1.4 billion in 20191, with the University of Sydney and the University of New South Wales attracting 66.5 per cent of the total research income of all universities in NSW (65.2 per cent in 2018).
Expenditure Universities initiated cost saving measures in response to the COVID‑19 pandemic. The cost of redundancy programs increased employee related expenses in 2020 by 4.4 per cent to $6.5 billion ($6.2 billion in 2019). The cost of redundancies offered in 2020 across the universities totalled $293.9 million. Combined other expenses decreased to $2.8 billion in 2020, a reduction of $436 million (13.4 per cent).

2. Internal controls and governance

Internal control findings One hundred and ten internal control deficiencies were identified in 2020 (108 in 2019). Forty‑five findings were repeated from 2019, of which 23 related to information technology.

Recommendation: Universities should prioritise actions to address repeat findings on internal control deficiencies in a timely manner. Risks associated with unmitigated control deficiencies may increase over time.

Three high risk internal control deficiencies were identified, namely:

  • The University of New South Wales should continue work to assess its liability for the underpayment of casual staff entitlements. This issue was also reported last year.
  • Two high risk deficiencies were identified at Charles Sturt University. One related to misunderstanding the requirements of the new accounting standard in relation to recognising grant funding revenue for construction work. The second related to resolving issues identified by an ongoing internal review of its employment contracts to enable a reliable quantification as to the university's liability to its employees.

Gaps in information technology (IT) controls comprised the majority of the remaining deficiencies. Deficiencies included a lack of sufficient privileged user access reviews and monitoring, payment files being held in editable formats and accessible by unauthorised persons, and password settings not aligning with the requirements of information security policies.
Business continuity and disaster recovery planning All universities have a business continuity policy supported with a business impact analysis.

Except for Macquarie University, all other universities had disaster recovery plans prepared for all of the IT systems that support critical business functions. Macquarie University’s disaster recovery plans were still in progress at 31 December 2020.

Only half of the universities' policies require regular testing of their business continuity plans and six universities' plans do not specify staff must capture, asses and report disruptive incidents.

3. Teaching and research

Graduate employment outcomes Eight out of ten universities were reported as having full‑time employment rates of their undergraduates in 2020 that were greater than the national average.

Six universities were reported as having full‑time employment rates of their postgraduates in 2020 that were greater than the national average.
Student enrolments by field of education Enrolments at universities in NSW decreased the most in Management and Commerce courses and Engineering and Related Technologies courses. The largest increase in enrolments was in Society and Culture courses.
Achieving diversity outcomes Five universities in 2019 were reported as meeting the target enrolment rate for students from low socio‑economic status (SES) backgrounds.

Seven universities were reported to have increased their enrolments of students from Aboriginal and Torres Strait Islander backgrounds in 2019. The target growth rate for increases in enrolments of Aboriginal and Torres Strait Islander students (to exceed the growth rate of enrolments of non‑indigenous students by at least 50 per cent) was achieved in 2019.
 1 2020 data, which is compiled by the Australian Department of Education and Training, is not yet available.

This report provides Parliament with the results of our financial audits of universities in NSW and their controlled entities in 2020, including our analysis, observations and recommendations in the following areas:

  • financial reporting
  • internal controls and governance
  • teaching and research.

Financial reporting is an important element of governance. Confidence and transparency in university sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations on the financial reporting of universities in NSW for 2020.

Financial results

The graph below shows the net results of individual universities for 2020.

Appropriate and robust internal controls help reduce risks associated with managing finances, compliance and administration of universities.

This chapter outlines the internal controls related observations and insights across universities in NSW for 2020, including overall trends in findings, level of risk and implications.

Our audits do not review all aspects of internal controls and governance every year. The more significant issues and risks are included in this chapter. These along with the less significant matters are reported to universities for management to address.

Universities' primary objectives are teaching and research. They invest most of their resources to achieve quality outcomes in academia and student experience. Universities have committed to achieving certain government targets and compete to advance their reputation and their standing in international and Australian rankings.

This chapter outlines teaching and research outcomes for universities in NSW for 2020.

Appendix one – Status of 2019 recommendations

Appendix two – Universities' controlled entities

Published

Report on Local Government 2020

Local Government
Asset valuation
Compliance
Cyber security
Financial reporting
Fraud
Information technology
Infrastructure
Internal controls and governance
Procurement

What the report is about

Results of the local government sector council financial statement audits for the year ended 30 June 2020.

What we found

Unqualified audit opinions were issued for 127 councils, 9 county councils and 13 joint organisation audits in 2019–20. A qualified audit opinion was issued for Central Coast Council.

Councils were impacted by recent emergency events, including bushfires and the COVID-19 pandemic. The financial implications from these events varied across councils. Councils adapted systems, processes and controls to enable staff to work flexibly.

What the key issues were

There were 1,435 findings reported to councils in audit management letters.

One extreme risk finding was identified related to Central Coast Council’s use of restricted funds for general purposes.

Fifty-three high risk matters were identified across the sector:

  • 21 high risk matters relating to asset management
  • 14 high risk matters relating to information technology
  • 7 high risk matters relating to financial reporting
  • 4 high risk matters to council governance procedures
  • 3 high risk matters relating to financial accounting
  • 3 high risk matters relating to purchasing and payables
  • 1 high risk matter relating to cash and banking.

More can be done to reduce the number of errors identified in financial reports. 61 councils required material adjustments to correct errors in previous audited financial statements.

Fast facts

  • 150 councils and joint organisations in the sector
  • 99% unqualified audit opinions issued for the 30 June 2020 financial statements
  • 490 monetary misstatements were reported in 2019-20
  • 61 prior period errors reported
  • 53 high risk management letters findings identified
  • 49% of reported issues were repeat issues

Rural fire fighting equipment

Sixty-eight councils did not record rural fire fighting equipment worth $119 million in their financial statements.

The NSW Government has confirmed these assets are not controlled by the NSW Rural Fire Service and are not recognised in the financial records of the NSW Government.

What we recommended

The Office of Local Government should communicate the State's view that rural firefighting equipment is controlled by councils in the local government sector, and therefore this equipment should be properly recorded in their financial statements.

Central Coast Council

A qualified opinion was issued for Central Coast Council (the Council) relating to two matters.

Council did not conduct the required revaluation to support the valuation of roads.

Council also disclosed a prior period error relating to restrictions of monies collected for their water, sewer, and drainage operations, which, based on the NSW Crown Solicitor’s advice, should be considered a change in accounting policy.

What we recommended

The Office of Local Government should clarify the legal framework relating to restrictions of water, sewerage and drainage funds (restricted reserves) by either seeking an amendment to the relevant legislation or by issuing a policy instrument to remove ambiguity from the current framework.

Key financial information

In 2019-20, councils:

  • collected $7.3 billion rates and annual charges
  • received $4.7 billion grants and contributions 
  • incurred $4.8 billion of employee benefits and on-costs
  • held $14.2 billion of cash and investments
  • managed $160.0 billion of infrastructure, property, plant and equipment
  • entered into $3.3 billion of borrowings.

Further information

Please contact Ian Goodwin, Deputy Auditor-General on 9275 7347 or by email.

 

Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision making are enhanced when financial reporting is accurate and timely.

This chapter outlines audit observations related to the financial reporting of councils and joint organisations.

Highlights

  • The Office of Local Government within the Department of Planning, Industry and Environment (OLG) extended the statutory deadline for councils and joint organisations to lodge their audited financial statements by an additional month to 30 November 2020 due to the COVID-19 pandemic.
  • One hundred and thirty-three councils and joint organisations (2019: 117) lodged audited financial statements with the OLG by the revised statutory deadline of 30 November (2019: 30 October). Sixteen (2019: 30) councils received extensions to submit audited financial statements to OLG. Canberra Region Joint Organisation did not submit their audited financial statements by the statutory deadline and did not formally apply for extension before the deadline lapsed.
  • Unqualified audit opinions were issued for 127 councils, nine county councils and 13 joint organisation audits in 2019–20. A qualified audit opinion was issued for Central Coast Council.
  • Unqualified audit opinions were issued for the 2018–19 financial audits of Hilltops, MidCoast and Murrumbidgee Councils, which were not completed at the time of tabling the 'Local Government 2019' report in Parliament.
  • The total number and dollar value of corrected and uncorrected financial statement errors increased compared with the prior year.
  • Sixty-eight councils did not record rural fire fighting equipment in their financial statements worth $119 million. The NSW Government has confirmed these assets are not controlled by the NSW Rural Fire Service and are not recognised in the financial records of the NSW Government.
  • The total number of prior period financial statement errors increased from 59 in the prior year to 61, but the total dollar value of the errors decreased from $1,272 million to $813 million.
  • Councils implemented three new accounting standards in 2019–20 relating to revenue and leases.

 

Recent emergency events, including drought, bushfires, floods and the COVID-19 pandemic have impacted councils.

This chapter will provide insights into how these events have impacted councils, including:

  • financial implications of the emergency events
  • changes to councils' operating models, processes and controls
  • accessibility to technology and the maturity of councils' systems and controls to prevent unauthorised and fraudulent access to data
  • receipt and delivery of stimulus packages or programs at short notice.

Highlights

  • All councils were impacted by the recent emergency events.
  • Councils changed governance, policies, systems and processes to respond to the recent emergency events.
  • Challenges were experienced adapting Information Technology (IT) infrastructure and controls to enable staff to work from home.
  • Sixty-five per cent of councils updated business continuity plans and 42 per cent updated disaster recovery plans as a response to recent emergency events.
  • Councils received various forms of assistance from government relating to the recent emergencies, which was used to provide support to local communities.

Recent emergency events significantly impacted councils

Recent emergencies, including drought, bushfires, floods and the COVID-19 pandemic have brought particular challenges for councils and their communities.

 

A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations and support ethical government.

This chapter outlines the overall trends in governance and internal control findings across councils, county councils and joint organisations in 2019–20. It also includes the findings reported in the 2018–19 audits of Hilltops, MidCoast and Murrumbidgee councils as these audits were finalised after the Report on Local Government 2019 was published.

Financial audits focus on key governance matters and internal controls supporting the preparation of councils' financial statements. Audit findings are reported to management and those charged with governance through audit management letters.

Highlights

  • Total number of findings reported in audit management letters decreased from 1,985 in 2018–19 to 1,435 in 2019–20.
  • One extreme risk finding was identified in 2019–20 (2018–19: nil).
  • Total number of high-risk findings decreased from 82 in 2018–19 to 53 in 2019–20. Thirty per cent of the high-risk findings identified in 2018–19 were reported as high-risk findings in 2019–20.
  • Forty-nine per cent of findings reported in audit management letters were repeat or partial repeat findings.
  • Governance, asset management and information technology (IT) comprise over 61 per cent of findings and continue to be key areas requiring improvement.
  • Fifty-six councils could strengthen their policies, processes and controls around fraud prevention and legislative compliance.
  • Sixty-eight councils had deficiencies in their processes to revalue infrastructure assets.
  • Fifty-eight councils have yet to implement basic governance and internal controls to manage cybersecurity.
  • Sixty-four councils should formalise and periodically review their IT policies and procedures.

Total number of findings reported in audit management letters decreased

In 2019–20, 1,435 findings were reported in audit management letters (2018–19: 1,985 findings). An extreme risk finding was also identified this year related to Central Coast Council's use of restricted funds. The total number of high-risk findings decreased to 53 (2018–19: 82 high-risk findings).

Findings are classified as new, repeat or ongoing findings, based on:

  • new findings were first reported in 2019–20 audits
  • repeat findings were first reported in prior year audits, but remain unresolved in 2019–20
  • ongoing findings were first reported in prior year audits, but the action due dates to address the findings are after 2019–20.

Findings are categorised as governance, financial reporting, financial accounting, asset management, purchases and payables, payroll, cash and banking, revenue and receivables, or information technology. The high-risk and common findings across these areas are explored further in this chapter.

Audit Office’s work plan for 2020–21 onwards

Focus on local council's response and recovery from recent emergencies

Local councils and their communities will continue to experience the effects of recent emergency events, including the bushfires, floods and the COVID 19 pandemic for some time. The full extent of some of these events remain unclear and will continue to have an impact into the future. The recovery is likely to take many years.

The Office of Local Government (OLG) within the Department of Planning, Industry and Environment is working with other state agencies to assist local councils and their communities to recover from these unprecedented events.

These events have created additional risks and challenges, and changed the way that councils deliver their services.

We will take a phased approach to ensure our financial and performance audits address the following elements of the emergencies and the Local Government's responses:

  • local councils' preparedness for emergencies
  • its initial responses to support people and communities impacted by the 2019–20 bushfires and floods, and COVID-19
  • the governance and oversight risks that arise from the need for quick decision making and responsiveness to emergencies
  • the effectiveness and robustness of processes to direct resources toward recovery efforts and ensure good governance and transparency in doing so
  • the mid to long-term impact of government responses to the natural disasters and COVID-19
  • whether government investment has achieved desired outcomes.

Planned financial audit focus areas in Local Government

During 2020–21, the financial audits will focus on the following key areas:

  • cybersecurity, including:
    • cybersecurity framework, policies and procedures
    • assessing the controls management has to address the risk of cybersecurity incidents
    • whether cybersecurity risks represent a risk of material misstatement to council's financial statements
  • budget management
  • financial sustainability
  • quality and timeliness of financial reporting
  • infrastructure, property, plant and equipment
  • information technology general controls.

Audit, risk and improvement committees

All councils are required to have an audit, risk and improvement committee by March 2022

The requirement for all councils to establish an audit, risk and improvement committee was deferred by 12 months to March 2022 due to the COVID 19 pandemic.

Audit, risk and improvement committees are an important contributor to good governance. They help councils to understand strategic risks and how they can mitigate them. An effective committee helps councils to build community confidence, meet legislative and other requirements and meet standards of probity, accountability and transparency.

Local Government elections

Local Government elections were postponed for one year due to the COVID 19 pandemic

The Local Government elections were deferred for one year due to the COVID 19 pandemic and will now be held on 4 September 2021. As the statutory deadline for the 2020–21 financial statements is 30 October 2021, some of the newly elected councillors will be required to endorse them.

Implementation of AASB 1059

Accounting standards implementation continue next year

AASB 1059 is effective for councils for the 2020–21 financial year.

A service concession arrangement typically involves a private sector operator that is involved with designing, constructing or upgrading assets used to provide public services. They then operate and maintain those assets for a specified period of time and is compensated by the public sector entity in return. Examples of potential service concession arrangements impacting councils include roads, community housing, childcare services and nursing homes.

AASB 1059 may result in councils recognising more service concession assets and liabilities in their financial statements.

 

Appendix one – Response from the Department of Planning, Industry and Environment

Appendix two – NSW Crown Solicitor’s advice

Appendix three – Status of 2019 recommendations

Appendix four – Status of audits

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

View our audit program
View audit program
EXPLORE
upcoming audits
Have your say
CONTRIBUTE