Reports
CBD South East Sydney Light Rail: follow-up performance audit
This is a follow-up to the Auditor-General's November 2016 report on the CBD South East Sydney Light Rail project. This follow-up report assessed whether Transport for NSW has updated and consolidated information about project costs and benefits.
The audit found that Transport for NSW has not consistently and accurately updated project costs, limiting the transparency of reporting to the public.
The Auditor-General reports that the total cost of the project will exceed $3.1 billion, which is above the revised cost of $2.9 billion published in November 2019. $153.84 million of additional costs are due to omitted costs for early enabling works, the small business assistance package and financing costs attributable to project delays.
The report makes four recommendations to Transport for NSW to publicly report on the final project cost, the updated expected project benefits, the benefits achieved in the first year of operations and the average weekly journey times.
The CBD and South East Light Rail is a 12 km light rail network for Sydney. It extends from Circular Quay along George Street to Central Station, through Surry Hills to Moore Park, then to Kensington and Kingsford via Anzac Parade and Randwick via Alison Road and High Street.
Transport for NSW (TfNSW) is responsible for planning, procuring and delivering the Central Business District and South East Light Rail (CSELR) project. In December 2014, TfNSW entered into a public private partnership with ALTRAC Light Rail as the operating company (OpCo) responsible for delivering, operating and maintaining the CSELR. OpCo engaged Alstom and Acciona, who together form its Design and Construct Contractor (D&C).
On 14 December 2019, passenger services started on the line between Circular Quay and Randwick. Passenger services on the line between Circular Quay and Kingsford commenced on 3 April 2020.
In November 2016, the Auditor-General published a performance audit report on the CSELR project. The audit found that TfNSW would deliver the CSELR at a higher cost with lower benefits than in the approved business case, and recommended that TfNSW update and consolidate information about project costs and benefits and ensure the information is readily accessible to the public.
In November 2018, the Public Accounts Committee (PAC) examined TfNSW's actions taken in response to our 2016 performance audit report on the CSELR project. The PAC recommended that the Auditor-General consider undertaking a follow-up audit on the CSELR project. The purpose of this follow-up performance audit is to assess whether TfNSW has effectively updated and consolidated information about project costs and benefits for the CSELR project.
Conclusion
Transport for NSW has not consistently and accurately updated CSLER project costs, limiting the transparency of reporting to the public. In line with the NSW Government Benefits Realisation Management Framework, TfNSW intends to measure benefits after the project is completed and has not updated the expected project benefits since April 2015.Between February 2015 and December 2019, Transport for NSW (TfNSW) regularly updated capital expenditure costs for the CSELR in internal monthly financial performance and risk reports. These reports did not include all the costs incurred by TfNSW to manage and commission the CSELR project.
Omitted costs of $153.84 million for early enabling works, the small business assistance package and financing costs attributable to project delays will bring the current estimated total cost of the CSELR project to $3.147 billion.
From February 2015, TfNSW did not regularly provide the financial performance and risk reports to key CSELR project governance bodies. TfNSW publishes information on project costs and benefits on the Sydney Light Rail website. However, the information on project costs has not always been accurate or current.
TfNSW is working with OpCo partners to deliver the expected journey time benefits. A key benefit defined in the business plan was that bus services would be reduced owing to transfer of demand to the light rail - entailing a saving. However, TfNSW reports that the full expected benefit of changes to bus services will not be realised due to bus patronage increasing above forecasted levels.
Appendix one – Response from agency
Appendix two – Governance and reporting arrangements for the CSELR
Appendix three – 2018 CSELR governance changes
Appendix four – About the audit
Appendix five – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #335 - released 11 June 2020
Integrity of data in the Births, Deaths and Marriages Register
This report outlines whether the Department of Customer Service (the department) has effective controls in place to ensure the integrity of data in the Births, Deaths and Marriages Register (the register), and to prevent unauthorised access and misuse.
The audit found that the department has processes in place to ensure that the information entered in the register is accurate and that any changes to it are validated. Although there are controls in place to prevent and detect unauthorised access to, and activity in the register, there were significant gaps in these controls. Addressing these gaps is necessary to ensure the integrity of information in the register.
The Auditor-General made nine recommendations to the department, aimed at strengthening controls to prevent and detect unauthorised access to, and activity in the register. These included increased monitoring of individuals who have access to the register and strengthening security controls around the databases that contain the information in the register.
The NSW Registry of Births Deaths and Marriages is responsible for maintaining registers of births, deaths and marriages in New South Wales as well as registering adoptions, changes of names, changes of sex and relationships. Maintaining the integrity of this information is important as it is used to confirm people’s identity and unauthorised access to it can lead to fraud or identity theft.
The NSW Registry of Births Deaths and Marriages (BD&M) is responsible for maintaining registers of births, deaths and marriages in New South Wales. BD&M is also responsible for registering adoptions, changes of name, changes of sex and relationships. These records are collectively referred to as 'the Register'. The Births, Deaths and Marriages Registration Act 1995 (the BD&M Act) makes the Registrar (the head of BD&M) responsible for maintaining the integrity of the Register and preventing fraud associated with the Register. Maintaining the integrity of the information held in the Register is important as it is used to confirm people's identity. Unauthorised access to, or misuse of the information in the Register can lead to fraud or identity theft. For these reasons it is important that there are sufficient controls in place to protect the information.
BD&M staff access, add to and amend the Register through the LifeLink application. While BD&M is part of the Department of Customer Service, the Department of Communities and Justice (DCJ) manages the databases that contain the Register and sit behind LifeLink and is responsible for the security of these databases.
This audit assessed whether BD&M has effective controls in place to ensure the integrity of data in the Births, Deaths and Marriages Register, and to prevent unauthorised access and misuse. It addressed the following:
- Are relevant process and IT controls in place and effective to ensure the integrity of data in the Register and the authenticity of records and documents?
- Are security controls in place and effective to prevent unauthorised access to, and modification of, data in the Register?
ConclusionBD&M has processes and controls in place to ensure that the information entered in the Register is accurate and that amendments to the Register are validated. BD&M also has controls in place to prevent and detect unauthorised access to, and activity in the Register. However, there are significant gaps in these controls. Addressing these gaps is necessary to ensure the integrity of the information in the Register. BD&M has detailed procedures for all registrations and amendments to the Register, which include processes for entering, assessing and checking the validity and adequacy of source documents. Where BD&M staff have directly input all the data and for amendments to the Register, a second person is required to check all information that has been input before an event can be registered or an amendment can be made. BD&M carries out regular internal audits of all registration processes to check whether procedures are being followed and to address non-compliance where required. BD&M authorises access to the Register and carries out regular access reviews to ensure that users are current and have the appropriate level of access. There are audit trails of all user activity, but BD&M does not routinely monitor these. At the time of the audit, BD&M also did not monitor activity by privileged users who could make unauthorised changes to the Register. Not monitoring this activity created a risk that unauthorised activity in the Register would not be detected. BD&M has no direct oversight of the database environment which houses the Register and relies on DCJ's management of a third-party vendor to provide the assurance it needs over database security. The vendor operates an Information Security Management System that complies with international standards, but neither BD&M nor DCJ has undertaken independent assurance of the effectiveness of the vendor's IT controls. |
Appendix one – Response from agency
Appendix two – About the audit
Appendix three – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #330 - released 7 April 2020.
Albert 'Tibby' Cotter Walkway
On 17 September 2015, the Acting Auditor-General of New South Wales, Tony Whitfield, released a report on the Albert ‘Tibby’ Cotter Walkway which crosses over Anzac Parade in Moore Park. The Walkway’s primary function is to cater for event patrons in the precinct. Moore Park is listed on the State Heritage Register and is an open space specifically established to cater for public recreation.
Roads and Maritime Services (RMS) delivered the Walkway to an extremely tight timeframe. It was operational for the 2015 Cricket World Cup at the Sydney Cricket Ground as promised by the government. However, the World Cup deadline added substantially to the total cost of the Walkway, which is projected to be $38 million.
Transport for NSW and RMS could not provide evidence of a compelling economic or financial argument to support the construction of the Walkway or for the tight deadline. Also, the processes they adopted to provide assurance of the project’s value for money were not adequate.
Parliamentary reference - Report number #260 - released 17 September 2015
Sydney metropolitan bus contracts
On 9 September 2015, the Acting Auditor-General of New South Wales, Tony Whitfield, released a report on Sydney Metropolitan Bus Service Contracts.
All scheduled bus services in the Sydney metropolitan area are provided under contracts with the public and private operators. The contracts allow Transport for NSW (TfNSW) to determine what bus services are provided and to whom. This audit assessed the effectiveness of TfNSW’s design and management of these contracts.
Bus services provided under the Sydney Metropolitan Bus Service Contracts have largely been effective and efficient. Operators are mostly meeting their key performance indicators. Customer satisfaction is better than under the previous contracts and improving, patronage is increasing, and the unit costs of providing services are now lower than under the previous contracts.
However, punctuality remains a problem. Private operators are mostly starting their trips on time, but rarely meeting their mid and end-of-trip targets. State Transit Authority’s (STA) punctuality is improving but is worse than private operators, and other areas of performance are generally below private operators.
The current situation is a substantial improvement over what we found in our 2010 audit on the previous contracts.
Parliamentary reference - Report number #258 - released 9 September 2015
Identifying productivity in the public sector
This report examines selected areas of government activity to see if sufficient information was available to identify and assess changes in productivity. The areas examined were primary and secondary school public education, acute inpatient care in NSW public hospitals, CityRail, the NSW Police Force, and the NSW Local Court.
Productivity is commonly defined as the amount of output per unit of input.
Parliamentary reference - Report number #256 - released 16 July 2015
Implementing performance audit recommendations
NSW Government agencies have sound processes for implementing performance audit recommendations in Auditor-General’s Reports to Parliament. There are many cases of good practice. For example, some agencies formed a steering committee and developed a detailed plan to implement recommendations. Another incorporated the implementation of recommendations into both its business plan and the work plans of individual officers who were managing projects. Most agencies also used their Audit and Risk Committees to monitor recommendations.
We found some cases where agencies can improve how they coordinate actions to address recommendations. Most agencies were not revisiting these actions to determine whether they remain appropriate.
Parliamentary reference - Report number #254 - released 24 June 2015
Government advertising 2015
The Government Advertising Act 2011 requires the Auditor-General to conduct an annual performance audit to check NSW Government agency compliance with the Act.
This audit focused on the Department of Premier and Cabinet’s (DPC) role in monitoring government agencies compliance with government advertising requirements, and examined advertising campaigns run by Destination NSW and the Sydney Opera House.
Parliamentary reference - Report number #253 - released 22 June 2015
Large construction projects
The independent assurance given to the NSW Government and sponsor agencies on the viability of large capital projects throughout their lifecycle is inadequate. Government policy is regularly not followed and not properly communicated to those responsible for implementing such policy.
This audit sought to test the effectiveness of the NSW capital project assurance system - which includes gateway reviews and reporting - but significant levels of non-compliance identified in our case studies prevented this. The NSW Commission of Audit also identified this issue in 2012. Gateway reviews are conducted by independent reviewers at key stages of a project’s life cycle and provide an independent assessment on a project’s readiness to proceed to the next stage.
Parliamentary reference - Report number #252 - released 7 May 2015
Security of critical IT infrastructure
Roads and Maritime Services and Transport for NSW have deployed many controls to protect traffic management systems but these would have been only partially effective in detecting and preventing incidents and unlikely to support a timely response. There was a potential for unauthorised access to sensitive information and systems that could have disrupted traffic.
Until Roads and Maritime Services’ IT disaster recovery site is fully commissioned, a disaster involving the main data centre is likely to lead to higher congestion in the short-term as traffic controllers would be operating on a regional basis without the benefit of the Traffic Management Centre.
Parliamentary reference - Report number #248 - released 21 January 2015
Prequalification Scheme: Performance and Management Services
There have been tangible improvements in the time it takes NSW Government agencies to engage consultants through the Government’s Prequalification Scheme. The Scheme was introduced in February 2008 to improve agencies’ procurement of consultants. More than 300 service providers have been prequalified and over $300 million worth of consultancy services have been provided. Ideally agencies should know what assignments each consultant has won, for what services, what their rates are and how well they have performed. Agencies should then be free to contact other agencies before engaging a consultant.
Parliamentary reference - Report number #216 - released 28 September 2011
