Reports
Audit Insights 2018-2022
What the report is about
In this report, we have analysed the key findings and recommendations from our audit reports over the past four years.
This analysis includes financial audits, performance audits, and compliance audits of state and local government entities that were tabled in NSW Parliament between July 2018 and February 2022.
The report is framed by recognition that the past four years have seen significant challenges and emergency events.
The scale of government responses to these events has been wide-ranging, involving emergency response coordination, service delivery, governance and policy.
The report is a resource to support public sector agencies and local government to improve future programs and activities.
What we found
Our analysis of findings and recommendations is structured around six key themes:
- Integrity and transparency
- Performance and monitoring
- Governance and oversight
- Cyber security and data
- System planning for disruption
- Resource management.
The report draws from this analysis to present recommendations for elements of good practice that government agencies should consider in relation to these themes. It also includes relevant examples from recent audit reports.
In this report we particularly call out threats to the integrity of government systems, processes and governance arrangements.
The report highlights the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit.
A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.
Fast facts
- 72 audits included in the Audit Insights 2018–2022 analysis
- 4 years of audits tabled by the Auditor-General for New South Wales
- 6 key themes for Audit Insights 2018–2022.
I am pleased to present the Audit Insights 2018–2022 report. This report describes key findings, trends and lessons learned from the last four years of audit. It seeks to inform the New South Wales Parliament of key risks identified and to provide insights and suggestions to the agencies we audit to improve performance across the public sector.
The report is framed by a very clear recognition that governments have been responding to significant events, in number, character and scale, over recent years. Further, it acknowledges that public servants at both state and council levels generally bring their best selves to work and diligently strive to deliver great outcomes for citizens and communities. The role of audit in this context is to provide necessary assurance over government spending, programs and services, and make suggestions for continuous improvement.
A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.
However, in this report we particularly call out threats to the integrity of government systems, processes and governance arrangements. We highlight the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit. Arguably, these considerations are never more important than in an increasingly complex environment and in the face of significant emergency events and they will be key areas of focus in our future audit program.
While we have acknowledged the challenges of the last few years have required rapid responses to address the short-term impacts of emergency events, there is much to be learned to improve future programs. I trust that the insights developed in this report provide a helpful resource to public sector agencies and local government across New South Wales. I would be pleased to receive any feedback you may wish to offer.
Margaret Crawford
Auditor-General for New South Wales
| Integrity and transparency | Performance and monitoring | Governance and oversight | Cyber security and data | System planning | Resource management |
| Insufficient documentation of decisions reduces the ability to identify, or rule out, misconduct or corruption. | Failure to apply lessons learned risks mistakes being repeated and undermines future decisions on the use of public funds. | The control environment should be risk-based and keep pace with changes in the quantum and diversity of agency work. | Building effective cyber resilience requires leadership and committed executive management, along with dedicated resourcing to build improvements in cyber security and culture. | Priorities to meet forecast demand should incorporate regular assessment of need and any emerging risks or trends. Absence of an overarching strategy to guide decision-making results in project-by-project decisions lacking coordination. | Governments must weigh up the cost of reliance on consultants at the expense of internal capability, and actively manage contracts and conflicts of interest. |
| Government entities should report to the public at both system and project level for transparency and accountability. | Government activities benefit from a clear statement of objectives and associated performance measures to support systematic monitoring and reporting on outcomes and impact. | Management of risk should include mechanisms to escalate risks, and action plans to mitigate risks with effective controls. | In implementing strategies to mitigate cyber risk, agencies must set target cyber maturity levels, and document their acceptance of cyber risks consistent with their risk appetite. | Service planning should establish future service offerings and service levels relative to current capacity, address risks to avoid or mitigate disruption of business and service delivery, and coordinate across other relevant plans and stakeholders. | Negotiations on outsourced services and major transactions must maintain focus on integrity and seeking value for public funds. |
| Entities must provide balanced advice to decision-makers on the benefits and risks of investments. | Benefits realisation should identify responsibility for benefits management, set baselines and targets for benefits, review during delivery, and evaluate costs and benefits post-delivery. | Active review of policies and procedures in line with current business activities supports more effective risk management. | Governments hold repositories of valuable data and data capabilities that should be leveraged and shared across government and non-government entities to improve strategic planning and forecasting. | Formal structures and systems to facilitate coordination between agencies is critical to more efficient allocation of resources and to facilitate a timely response to unexpected events. | Transformation programs can be improved by resourcing a program management office. |
| Clear guidelines and transparency of decisions are critical in distributing grant funding. | Quality assurance should underpin key inputs that support performance monitoring and accounting judgements. | Governance arrangements can enable input into key decisions from both government and non-government partners, and those with direct experience of complex issues. | Workforce planning should consider service continuity and ensure that specialist and targeted roles can be resourced and allocated to meet community need. | ||
| Governments must ensure timely and complete provision of information to support governance, integrity and audit processes. | |||||
| Read more | Read more | Read more | Read more | Read more | Read more |
This report brings together a summary of key findings arising from NSW Audit Office reports tabled in the New South Wales Parliament between July 2018 and February 2022. This includes analysis of financial audits, performance audits, and compliance audits tabled over this period.
- Financial audits provide an independent opinion on the financial statements of NSW Government entities, universities and councils and identify whether they comply with accounting standards, relevant laws, regulations, and government directions.
- Performance audits determine whether government entities carry out their activities effectively, are doing so economically and efficiently, and in accordance with relevant laws. The activities examined by a performance audit may include a selected program or service, all or part of an entity, or more than one government entity. Performance audits can consider issues which affect the whole state and/or the local government sectors.
- Compliance audits and other assurance reviews are audits that assess whether specific legislation, directions, and regulations have been adhered to.
This report follows our earlier edition titled 'Performance Audit Insights: key findings from 2014–2018'. That report sought to highlight issues and themes emerging from performance audit findings, and to share lessons common across government. In this report, we have analysed the key findings and recommendations from our reports over the past four years. The full list of reports is included in Appendix 1. The analysis included findings and recommendations from 58 performance audits, as well as selected financial and compliance reports tabled between July 2018 and February 2022. The number of recommendations and key findings made across different areas of activity and the top issues are summarised at Exhibit 1.
The past four years have seen unprecedented challenges and several emergency events, and the scale of government responses to these events has been wide-ranging involving emergency response coordination, service delivery, governance and policy. While these emergencies are having a significant impact today, they are also likely to continue to have an impact into the future. There is much to learn from the response to those events that will help the government sector to prepare for and respond to future disruption. The following chapters bring together our recommendations for core elements of good practice across a number of areas of government activity, along with relevant examples from recent audit reports.
This 'Audit Insights 2018–2022' report does not make comparative analysis of trends in public sector performance since our 2018 Insights report, but instead highlights areas where government continues to face challenges, as well as new issues that our audits have identified since our 2018 report. We will continue to use the findings of our Insights analysis to shape our future audit priorities, in line with our purpose to help Parliament hold government accountable for its use of public resources in New South Wales.
Appendix one – Included reports, 2018–2022
Appendix two – About this report
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
NSW planning portal
What the report is about
The ePlanning program is an initiative of the Department of Planning and Environment (the department) to deliver a digital planning service for New South Wales through the NSW planning portal (the portal).
Using the portal, relevant planning activities can be carried out online, including all stages of development applications.
The portal has been developed under three separate business cases in 2013, 2014 and 2020.
In late 2019, the government mandated the use of the portal for all development applications. This decision took effect across 2020–21.
This audit assessed the effectiveness of the department's implementation, governance and stakeholder engagement in delivering the NSW planning portal.
What we found
Since implementation commenced in 2013, the NSW planning portal has progressively achieved its objectives to provide citizens with access to consolidated planning information, and allow them to prepare and submit development applications online.
Shortcomings in the department's initial planning and management of the program led to a significant time overrun. It has taken the department longer and cost significantly more to implement the portal than first anticipated.
In recent years the department has improved the planning, implementation and governance of the ePlanning program, resulting in improved delivery of the portal’s core functions.
The department now has a clear view of the scope necessary to finalise the program, but has not yet published the services it plans to implement in 2022 and 2023.
Mandating the use of the portal for all development applications changed the program's strategic risk environment and required the department to work more closely with a cohort of stakeholders, many of whom did not want to adopt the portal.
Despite this change, the department kept its overall delivery approach the same.
While implementation of the portal has delivered financial benefits, the department has overestimated their value.
The Department has only reported benefits since 2019 and has not independently assured the calculation of benefits.
What we recommended
By December 2022, the department should:
- publish a roadmap of the services it expects to release on the portal across 2022 and 2023
- update its ePlanning program assumptions, benefits targets and change management approach to reflect the government's decision to mandate the use of the portal for all stages of a development application
- independently assure and report publicly the correct calculation of ePlanning program benefits.
Fast facts
- 10 years taken to implement the portal when completed
- 3 years longer than initially planned to implement the portal
- $146m capital expenditure on the portal when completed
- $38.5m more spent than planned in the business cases.
The ePlanning program is an initiative of the Department of Planning and Environment (the department) to deliver a digital planning service for New South Wales through the NSW planning portal (the portal, or the planning portal). The department defines the portal as an online environment where community, industry and government can work together to better understand and meet their obligations under the Environmental Planning and Assessment Act 1979 (NSW). Using the portal, relevant planning activities can be carried out online throughout New South Wales. This includes, but is not limited to:
- applying for and gaining planning approval
- applying for and gaining approval for building works, sub-dividing land and similar activities
- issuing occupancy and other certificates.
The portal has been developed under three separate business cases. The first business case in 2013 led to the creation of a central portal, which made planning information available to view by planning applicants and allowed some planning applications to be lodged and tracked online.
Under a second business case prepared in 2014, the department set out to improve and widen the functions available via the portal. The department prepared a third business case in 2020 to fund further improvements to the portal over the period July 2020 to June 2023. The third business case also extended the portal's functions to support the building and occupation stages of the planning cycle.
In late 2019, the government mandated the use of the portal for all stages of development applications. This decision took effect across 2020–21 and applied to all councils as well as certifiers and others involved in the planning process.
The objective of this performance audit was to assess the effectiveness of the department's implementation, governance and stakeholder engagement in delivering the NSW planning portal. We investigated whether:
- delivery of the NSW planning portal was planned effectively
- sound governance arrangements are in place to ensure effective implementation of the program
- users of the NSW planning portal are supported effectively to adopt and use the system.
Conclusion
Since implementation commenced in 2013, the NSW planning portal has progressively achieved its objectives to provide citizens with access to consolidated planning information and allow them to prepare and submit development applications online. Implementation was initially hindered by deficiencies in planning and it has taken the department significantly longer and cost significantly more to implement the portal than first anticipated. While the portal's implementation has delivered financial benefits, the department has overestimated their value. As a result, the department cannot yet demonstrate that the portal has achieved overall financial benefits, relative to its costs.
In the first two years of the ePlanning program, the department delivered a portal that allowed planners, developers, certifiers and the public to view important planning information. However, the department found the delivery of a second, transactional version of the portal in 2017 to be much more challenging. This version was intended to offer more integrated information and allow development applications to be submitted and managed online. The department did not rollout this version after a pilot showed significant weaknesses with the portal's performance. A subsequent review found that this was partly because the department did not have a clear view of the portal’s role or the best way to implement it. In recent years the department has improved the planning, implementation and governance of the ePlanning program resulting in improved delivery of the portal’s core functions.
By the time the program reaches its scheduled completion in 2023, it will have taken the department ten years and around $146 million in capital expenditure to implement the portal. This will be significantly longer and more expensive than the department originally expected. This overrun is partly due to an increased scope of services delivered through the portal and an initial under-appreciation of what is involved in creating a standard, central resource such as the portal. The department also experienced some significant implementation difficulties – which saw the transactional portal discontinued after it was found to be not fit for purpose. Following this, the department re-set the program in 2017–18 and re-planned much of the portal's subsequent development.
In November 2019, the New South Wales Government decided to mandate the use of the portal for all stages of development applications by the end of 2020–21. The department had previously planned that the portal would be progressively adopted by all councils and other stakeholders over the five years to 2025. The decision to mandate the portal's use for all development applications brought forward many of the portal's benefits as well as the challenges of its implementation. The department did not change its overall delivery approach in response to the changed risks associated with the government's decision to mandate use of the portal.
The current version of the portal has given the department more timely and comprehensive planning information and has helped New South Wales to provide continuous planning services during COVID-19 lockdowns, which interrupted many other public functions. The portal has also delivered financial benefits, however the department has not independently assured benefits calculations carried out by its consultant, and the reported benefits are overstated. In addition, some stakeholders report that the portal is a net cost to their organisation. This has included some certifiers and some councils which had implemented or had started to implement their own ePlanning reforms when use of the portal was mandated in 2019. The department now needs to address the issues faced by these stakeholders while continuing to deliver the remaining improvements and enhancements to the portal. Over the remaining year of the program, it will be critical that the department focuses on the agreed program scope and carefully evaluates any opportunities to further develop the portal to support future planning reforms.
This part of the report sets out how:
- the ePlanning program has been planned and delivered
- users of the portal have been supported
- the program has been governed.
This part of the report sets out the ePlanning program's:
- expected and reported financial benefits
- calculation of financial benefits.
In 2019, the department increased its expectations for net financial benefits
The department's three ePlanning business cases each forecast substantial financial benefits from the implementation of the planning portal. The department expected that most financial benefits would flow to planning applicants due to a quicker and more consistent planning process. It also expected that government agencies and councils would benefit from the portal.
| Business case 1 ($ million) |
Business case 2 ($ million) |
Business case 3 ($ million) |
Total ($ million) |
|
|---|---|---|---|---|
| Benefits | 90.0 | 44.3 | 270.9 | 405.2 |
| Costs | 43.3 | 29.4 | 89.8 | 162.5 |
| Net benefits | 46.7 | 15.0 | 181.1 | 242.7 |
Source: Audit Office analysis of data provided by the Department of Planning and Environment.
In 2019 the department commissioned a review to explore opportunities to better identify, monitor and realise the benefits of the ePlanning program. Using this work, the department updated the expected benefits for business cases 1 and 2 to take account of:
- errors and miscalculations in the original benefits calculations
- slower delivery of the portal and changes to the take-up of portal services by councils
- changes to the services supported by the portal.
| Original business case 1 and 2 (combined) ($ million) |
New business case 1 and 2 (combined) ($ million) |
|
|---|---|---|
| Benefits | 134.3 | 210.6 |
| Costs | 72.7 | 96.3 |
| Net benefits | 61.7 | 114.3 |
Source: Audit Office analysis of data provided by the Department of Planning and Environment.
Reported benefits significantly exceed the current targets
In September 2021, the department reported that the program had achieved $334 million of benefits over the three financial years up to June 2021 plus the first two months of 2021–22. These reported benefits were significantly higher than expected.
| 2018–19 ($ million) |
2019–20 ($ million) |
2020–21 ($ million) |
July to August 2021 ($ million) |
Total ($ million) |
|
|---|---|---|---|---|---|
| Benefits | 5.2 | 68.8 | 214.7 | 45.1 | 333.8 |
| Target | 2.5 | 14.4 | 56.7 | 19.2 | 92.8 |
| Amount and per cent above target | 2.7 108% |
54.4 378% |
158 279% |
25.9 135% |
241 260% |
The department attributes the higher-than-expected financial benefits to the following:
- benefit targets have not been updated to reflect the impact of the 2019 decision to mandate the use of the portal for all development applications. This decision brought forward the expected benefits as well as potential costs of the program. However, the department did not update its third business case which was draft at the time. The business case was subsequently approved in July 2020
- one-off cost savings for agencies not having to develop their own systems
- public exhibitions of planning proposals continuing to be available online during 2020 when some newspapers stopping printing due to COVID-19.
The calculation of benefits is overstated
The department reported $334 million of benefits in September 2021 due to the ePlanning program. This calculation is overstated because:
- a proportion of reported benefits is likely to be due to other planning reforms
- the calculation of the largest single benefit is incorrect
- the reported benefits may not fully account for dis-benefits reported by some stakeholders.
The program’s benefits are calculated primarily from changes in planning performance data, such as the time it takes to determine a planning development application. The department currently attributes the benefits from shorter planning cycles entirely to the effect of the ePlanning program. However, planning cycles are impacted by many other factors such as the complexity of planning regulations and the availability of planning professionals. Planning cycles may also be impacted by other departmental initiatives which are designed to improve the time that it takes for a planning application to be evaluated. The Introduction describes some of these initiatives.
The largest contribution to the department’s September 2021 benefit report was an estimated saving of $151 million for developers due to lower costs associated with holding their investment for a shorter time. However, the department’s calculation of this benefit assumes a high baseline for the time to determine a development application. It also assumes that all development applications except for additions or alterations to existing properties will incur financing costs. However, a small but material number of these applications will be self-financed. The calculation also includes several data errors in spreadsheets.
The calculation of some benefits relies upon an extrapolation of the benefits experienced by a small number of early-adopter councils, including lower printing and scanning costs, fewer forms and quicker processing times. However, some councils report that their costs have increased following the introduction of the portal, primarily because aspects of the portal duplicate work that they carry out in their own systems. The portal has also required some councils to re-engineer aspects of their own systems, such as the integration of their planning systems with other council systems such as finance or property and rating systems. It has also required councils to create new ways of integrating council information systems with the planning portal.
The department has published information to help councils and certifiers to automatically integrate their systems with the planning portal. This approach uses application programming interfaces (or APIs) which are an industry-standard way for systems to share information. In April and May 2021, the government granted $4.8 million to 96 regional councils to assist with the cost of developing, implementing and maintaining APIs. The maximum amount of funding for each council was $50,000. The department is closely monitoring the implementation of APIs by councils and other portal users. Once they are fully implemented the department expects APIs to reduce costs incurred by stakeholders.
The department has not yet measured stakeholder costs. It was beyond the scope of this audit to validate these costs.
The department has not independently assured the calculation of reported benefits
In 2020 the department appointed an external provider to calculate the benefits achieved by the ePlanning program. The department advised that it chose to outsource the calculation of benefits because the provider had the required expertise and because it wanted an independent calculation of the benefits. The process involves:
- extraction and verification of planning performance data by the department
- population of data input sheets by the department
- calculation of benefits by the external provider using the data input
- confirmation by the department that the calculation includes all expected benefit sources.
The department does not have access to the benefits calculation model which is owned and operated by the external provider. The department trusts that the provider correctly calculates the benefits and does not verify the reported benefit numbers. However, as the benefits model involves many linked spreadsheets and approximately 300 individual data points, there is a risk that the calculation model contains errors beyond those discussed in this audit.
The reported benefits have only been calculated since 2019
The department originally intended to track benefits from October 2014. However, it only started to track benefits in 2019 when it appointed an external provider to calculate the benefits achieved by the portal. Any benefits or dis-benefits between the introduction of the portal and 2019 are unknown and not included in the department’s calculation of benefits.
Appendix one – Response from agency
Appendix two – About the audit
Appendix three – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #366 - released 21 June 2022
Managing native vegetation
The report found the clearing of native vegetation on rural land is not effectively regulated and managed. The processes supporting the regulatory framework are weak and there is no evidence-based assurance that clearing of native vegetation is carried out in accordance with approvals.
In 2014 an expert panel completed a review of biodiversity legislation in NSW. The panel’s recommendations included repealing the Native Vegetation Act 2003, proposing a new Act with the goal of maintaining a healthy, productive and resilient environment for the greatest wellbeing of the community, and recommending that management of native vegetation in the context of existing agricultural management would be assisted and supervised by Local Land Services (LLS).
Following the panel report, the NSW Government undertook major biodiversity conservation and land management reforms which saw the introduction of the Biodiversity Conservation Act 2016 (NSW) and the Local Land Services Amendment Act 2016 (NSW). The reforms commenced in August 2017. The Native Vegetation Act 2003, the Threatened Species Conservation Act 1995, the Nature Conservation Trust Act 2001, and parts of the National Parks and Wildlife Act 1974 were repealed.
Under the legislative reforms, the Biodiversity Conservation Act 2016 and Local Land Services Amendment Act 2016, which amended the Local Land Services Act 2013, aim to ensure a balanced approach to land management and biodiversity conservation in NSW.
A core objective of the Biodiversity Conservation Act 2016 is to conserve biodiversity at bioregional and state scales. A core objective of the Local Land Service Act 2013 is to ensure the proper management of natural resources in the social, economic and environmental interests of the state, consistently with the principles of ecologically sustainable development.
The integrated package of reforms included:
- new arrangements that allow land owners to improve productivity while responding to environmental risks
- new ways to assess and manage the biodiversity impacts of development
- a new state Environmental Planning Policy for managing impacts on native vegetation in urban areas
- significant investment in conservation of private land
- a risk-based system for regulating human and business interactions with native plants and animals
- streamlined approvals and dedicated resources to help reduce the regulatory burden.
Transition to this land management framework began on 25 August 2017 with the commencement of the Land Management (Native Vegetation) Code.
The overall objectives of the reforms are:
- to arrest and ultimately reverse the current decline in the state’s biodiversity while facilitating ecologically sustainable development, in particular efficient and sustainable agricultural development
- enable landholders to improve the efficiency of their agricultural systems and take a more active role in providing incentive and supporting landholders to improve the condition and function of their ecological systems.
The objective of this audit is to assess whether the clearing of native vegetation in rural areas is effectively regulated and managed by the Office of Environment and Heritage (OEH) and LLS under these legislative frameworks. The audit also examined the progress of the Biodiversity Conservation Trust in implementing the Biodiversity Conservation Investment Strategy as a counterbalance to rural land clearing.
At the time of this audit OEH was responsible for preparing the Native Vegetation Regulatory map and for compliance enforcement in relation to unlawful land clearing. Post 1 July 2019, under machinery of government changes, OEH will be abolished and its activities relevant to this audit will be moved to the new Department of Planning, Industry and Environment. For the purposes of this audit we will continue to refer to it as OEH.
|
Conclusion
The clearing of native vegetation on rural land is not effectively regulated and managed because the processes in place to support the regulatory framework are weak. There is no evidence-based assurance that clearing of native vegetation is being carried out in accordance with approvals. Responses to incidents of unlawful clearing are slow, with few tangible outcomes. Enforcement action is rarely taken against landholders who unlawfully clear native vegetation. There are processes in place for approving land clearing but there is limited follow-up to ensure approvals are complied with. Procedures and systems are in place for assessing applications and issuing approvals for land clearing. Approvals contain conditions for managing clearing and setting aside land for conservation as a counterbalance to permitted clearing.
There is limited follow-up or capacity to gauge whether landholders are complying with the conditions of approvals and effectively managing areas of their land that have been set aside for conservation (i.e. 'set asides').
Certificate assessments are used to grant landholders permission to clear. All assessments we reviewed generally complied with the Land Management (Native Vegetation) Code 2018 (the Code).
The rules around land clearing may not be responding adequately to environmental risks.
The Code, which contains conditions under which the thinning or clearing of native vegetation can be approved on regulated land, is intended to allow landholders to improve productivity while responding to environmental risks. That said, it may not be achieving this balance. For example, the Code allows some native species to be treated as ‘invasive’ when they may not be invading an area, provides little protection for groundcover and limited management requirements for set asides. There is also limited ability under the Code to reject applications for higher risk clearing proposals. The release of the Native Vegetation Regulatory (NVR) map has been delayed, limiting landholders' ability to determine if their plans for clearing are lawful.
OEH has applied significant effort in developing a native vegetation regulatory map to guide landholders on which land they can and can’t clear without approval. However, in November 2016 the then Minister for Primary Industries advised Parliament that the two largest land categories of the NVR map will not come into effect until the relevant Ministers are satisfied stakeholders have sufficient confidence in the maps’ accuracy. Not releasing the map has made it harder for landholders to identify the portions of their land that are regulated and ensure they comply with land clearing rules. It has also limited OEH’s ability to consult on and improve the accuracy of the map. There are significant delays in identifying unlawful clearing and few penalties imposed.
Unexplained land clearing can take over two years to identify and analyse, making it difficult to minimise environmental harm or gather evidence to prosecute unlawful clearing. Despite around 1,000 instances of unexplained clearing identified by OEH and over 500 reports to the environmental hotline each year, with around 300 investigations in progress at any one time, there are only two to three prosecutions, three to five remediation orders and around ten penalty notices issued each year for unlawful clearing. Further, OEH is yet to commence any prosecutions under the current legislation which commenced in August 2017. Land clearing and private land conservation investment have both increased.
Clearing of native vegetation has increased in recent years. At the same time, the government is also investing in properties with high environmental value with a focus on improving the mix of endangered ecological communities conserved in perpetuity. Processes are in place for identifying and prioritising areas of land for investment but the funding provided to each region is not always consistent with these priorities. |
Local Land Services (LLS) is responsible for processing notifications and issuing certificates to landholders for managing the thinning or clearing of native vegetation on rural land through the ‘Land Management (Native Vegetation) Code 2018’ (the Code). This work includes monitoring and reporting on the implementation of the Code, including the establishment and management of set asides.
OEH is responsible for compliance and enforcement in relation to unlawful land clearing. It is also responsible for producing the NVR map, designed to show landholders where land clearing can occur without approval, where approval is required, and where land clearing is not permitted. Post 1 July 2019, under machinery of government changes, OEH will be abolished and its activities relevant to this audit will be moved to the new Department of Planning, Industry and Environment.
Appendix one - Response from agencies
Appendix three - About the audit
Appendix four - Performance auditing
Parliamentary Reference: Report number #324 - released 27 June 2019
Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Internal Controls and Governance 2018
The Auditor-General for New South Wales Margaret Crawford found that as NSW state government agencies’ digital footprint increases they need to do more to address new and emerging information technology (IT) risks. This is one of the key findings to emerge from the second stand-alone report on internal controls and governance of the 40 largest NSW state government agencies.
This report analyses the internal controls and governance of the 40 largest agencies in the NSW public sector for the year ended 30 June 2018.
This report covers the findings and recommendations from our 2017–18 financial audits that relate to internal controls and governance at the 40 largest agencies (refer to Appendix three) in the NSW public sector.
This report offers insights into internal controls and governance in the NSW public sector
This is our second report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. The way agencies deliver services increasingly relies on contracts and partnerships with the private sector. Many of these arrangements deliver front line services, but others provide less visible back office support. For example, an agency may rely on an IT service provider to manage a key system used to provide services to the community. The contract and service level agreements are only truly effective where they are actively managed to reduce risks to continuous quality service delivery, such as interruptions caused by system outages, cyber security attacks and data security breaches.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures, and report on those that present heightened risks for agencies to mitigate. This report divides these into the following five areas:
- Internal control trends
- Information technology (IT), including IT vendor management
- Transparency and performance reporting
- Management of purchasing cards and taxis
- Fraud and corruption control.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, controls and service delivery comments are included in the individual 2018 cluster financial audit reports, which will be tabled in Parliament from November to December 2018.
The focus of the report has changed since last year
Last year's report topics included asset management, ethics and conduct, and risk management. We are reporting on new topics this year. We plan to introduce new topics and re-visit our previous topics in subsequent reports on a cyclical basis. This will provide a baseline against which to measure the NSW public sectors’ progress in implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Agencies selected for the volume account for 95 per cent of the state's expenditure
While we have covered only 40 agencies in this report, those selected are a large enough group to identify common issues and insights. They represent about 95 per cent of total expenditure for all NSW public sector agencies.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of findings, level of risk and the most common deficiencies we found across agencies. The rest of this volume presents this year’s controls and governance findings in more detail.
| Observation | Conclusions and recommendations |
|---|---|
| 2.1 High risk findings | |
| We found six high risk findings (seven in 2016–17), one of which was repeated from both last year and 2015–16. | Recommendation: Agencies should reduce risk by addressing high risk internal control deficiencies as a priority. |
| 2.2 Common findings | |
| We found several internal controls and governance findings common to multiple agencies. | Conclusion: Central agencies or the lead agency in a cluster can play a lead role in helping ensure agency responses to common findings are consistent, timely, efficient and effective. |
| 2.3 New and repeat findings | |
| Although internal control deficiencies decreased over the last four years, this year has seen a 42 per cent increase in internal control deficiencies. | The increase in new IT control deficiencies and repeat IT control deficiencies signifies an emerging risk for agencies. |
| IT control deficiencies feature in this increase, having risen by 63 per cent since last year. The number of repeat IT control deficiencies has doubled and is driven by the increasing digital footprint left by agencies as government prioritises on-line interfaces with citizens, and the number of transactions conducted through digital channels increases |
Recommendation: Agencies should reduce IT risks by:
|
Government agencies’ financial reporting is now heavily reliant on information technology (IT). IT is also increasingly important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our audits reviewed whether agencies have effective controls in place to manage both key financial systems and IT service contracts.
| Observation | Conclusions and recommendations |
|---|---|
| 3.1 Management of IT vendors | |
| Contract management framework Although 87 per cent of agencies have a contract management policy to manage IT vendors, one fifth require review. |
Conclusion: Agencies can more effectively manage IT vendor contracts by developing policies and procedures to ensure vendor management frameworks are kept up to date, plans are in place to manage vendor performance and risk, and compliance with the framework is monitored by:
|
| Contract risk management Forty-one per cent of agencies are not using contract management plans and do not assess contract risks. Half of the agencies that did assess contract risks, had not updated the risk assessments since the commencement of the contract. |
Conclusion: Instead of applying a 'set and forget' approach in relation to management of contract risks, agencies should assess risk regularly and develop a plan to actively manage identified risks throughout the contract lifecycle - from negotiation and commencement, to termination. |
|
Performance management Only 24 per cent of agencies sought assurance about the accuracy of vendor reporting against KPIs, yet sixty-seven per cent of the IT contracts allow agencies to determine performance based payments and/or penalise underperformance. |
Conclusion: Agencies are monitoring IT vendor performance, but could improve outcomes and more effectively manage under-performance by:
|
|
Transitioning services Where IT vendor contracts do make provision for transitioning-out, only 28 per cent of agencies have developed a transitioning-out plan with their IT vendor. |
Conclusion: Contract transition/phase out clauses and plans can mitigate risks to service disruption, ensure internal controls remain in place, avoid unnecessary costs and reduce the risk of 'vendor lock-in'. |
| Contract Registers Eleven out of forty agencies did not have a contract register, or have registers that are not accurate and/or complete. |
Conclusion: A contract register helps to manage an agency’s compliance obligations under the Government Information (Public Access) Act 2009 (the GIPA Act). However, it also helps agencies more effectively manage IT vendors by:
Recommendation: Agencies should ensure their contract registers are complete and accurate so they can more effectively govern contracts and manage compliance obligations. |
| 3.2 IT general controls | |
| Governance Ninety-five per cent of agencies have established policies to manage key IT processes and functions within the agency, with ten per cent of those due for review. |
Conclusion: Regular review of IT policies ensures risks are considered and appropriate strategies and procedures are implemented to manage these risks on a consistent basis. An absence of policies can lead to ad-hoc responses to risks, and failure to consider emerging IT risks and changes to agency IT environments. |
|
User access administration
|
Recommendation: Agencies should strengthen the administration of user access to prevent inappropriate access to key systems. |
| Privileged access Forty per cent of agencies do not periodically review logs of the activities of privileged users to identify suspicious or unauthorised activities. |
Recommendation: Agencies should:
|
| Password controls Twenty-three per cent of agencies did not comply with their own policy on password parameters. |
Recommendation: Agencies should ensure IT password settings comply with their password policies. |
| Program changes Fifteen per cent of agencies had deficient IT program change controls mainly related to segregation of duties and authorisation and testing of IT program changes prior to deployment. |
Recommendation: Agencies should maintain appropriate segregation of duties in their IT functions and test system changes before they are deployed. |
This chapter outlines our audit observations, conclusions and recommendations from our review of how agencies reported their performance in their 2016–17 annual reports. The Annual Reports (Statutory Bodies) Regulation 2015 and Annual Reports (Departments) Regulation 2015 (annual reports regulation) currently prescribes the minimum requirements for agency annual reports.
| Observation | Conclusion or recommendation |
| 4.1 Reporting on performance | |
|
Only 57 per cent of agencies linked reporting on performance to their strategic objectives. The use of targets and reporting performance over time was limited and applied inconsistently. |
Conclusion: There is significant disparity in the quality and consistency of how agencies report on their performance in their annual reports. This limits the reliability and transparency of reported performance information. Agencies could improve performance reporting by clearly linking strategic objectives to reported outcomes, and reporting on performance against targets over time. NSW Treasury may need to provide more guidance to agencies to support consistent and high-quality performance reporting in annual reports. |
|
There is no independent assurance that the performance metrics agencies report in their annual reports are accurate. Prior performance audits have noted issues related to the collection of performance information. For example, our 2016 Report on Red Tape Reduction highlighted inaccuracies in how the dollar-value of red tape reduction had been reported. |
Conclusion: The ability of Parliament and the public to rely on reported information as a relevant and accurate reflection of an agency's performance is limited. The relevance and accuracy of performance information is enhanced when:
|
| 4.2 Reporting on reports | |
|
Agency reporting on major projects does not meet the requirements of the annual reports regulation. Forty-seven per cent of agencies did not report on costs to date and estimated completion dates for major works in progress. Of the 47 per cent of agencies that reported on major works, only one agency reported detail about significant cost overruns, delays, amendments, deferments or cancellations. |
NSW Treasury produce an annual report checklist to help agencies comply with their annual report obligations. Recommendation: Agencies should comply with the annual reports regulation and report on all mandatory fields, including significant cost overruns and delays, for their major works in progress. |
|
The information the annual reports regulation requires agencies to report deals only with major works in progress. There is no requirement to report on completed works. Sixteen of 30 agencies reported some information on completed major works. |
Conclusion: Agencies could improve their transparency if they reported, or were required to report:
|
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency preventative and detective controls over purchasing card and taxi use for 2017–18.
| Observation | Conclusion or recommendation |
| 5.1 Management of purchasing cards | |
| Volume of credit card spend Purchasing card expenditure has increased by 76 per cent over the last four years in response to a government review into the cost savings possible from using purchasing cards for low value, high volume procurement. |
Conclusion: The increasing use of purchasing cards highlights the importance of an effective framework for the use and management of purchasing cards. |
| Policy framework We found all agencies that held purchasing cards had a policy in place, but 26 per cent of agencies have not reviewed their purchasing card policy by the scheduled date, or do not have a scheduled revision date stated within their policy. |
Recommendation: Agencies should mitigate the risks associated with increased purchasing card use by ensuring policies and purchasing card frameworks remain current and compliant with the core requirements of TPP 17–09 'Use and Management of NSW Government Purchasing Cards'. |
| Preventative controls We found that:
|
Agencies have designed and implemented preventative controls aimed at deterring the potential misuse of purchasing cards. Conclusion: Further opportunities exist for agencies to better control the use of purchasing cards, such as:
|
|
Detective controls Major reviews, such as data analytics (29 per cent of agencies) and independent spot checks (49 per cent of agencies) are not widely used. |
Agencies have designed and implemented detective controls aimed at identifying potential misuse of purchasing cards. Conclusion: More effective monitoring using purchasing card data can provide better visibility over spending activity and can be used to:
|
| 5.2 Management of taxis | |
| Policy framework Thirteen per cent of agencies have not developed and implemented a policy to manage taxi use. In addition:
|
Conclusion: Agencies can promote savings and provide more options to staff where their taxi use policies:
|
| Detective controls All agencies approve taxi expenditure by expense reimbursement, purchasing card and Cabcharge, and have implemented controls around this approval process. However, beyond this there is minimal monitoring and review activity, such as data monitoring, independent spot checks or internal audit reviews. |
Conclusion: Taxi spend at agencies is not significant in terms of its dollar value, but it is significant from a probity perspective. Agencies can better address the probity risk by incorporating taxi use into a broader purchasing card or fraud monitoring program. |
Fraud and corruption control is one of the 17 key elements of our governance lighthouse. Recent reports from ICAC into state agencies and local government councils highlight the need for effective fraud control and ethical frameworks. Effective frameworks can help protect an agency from events that risk serious reputational damage and financial loss.
Our 2016 Fraud Survey found the NSW Government agencies we surveyed reported 1,077 frauds over the three year period to 30 June 2015. For those frauds where an estimate of losses was made, the reported value exceeded $10.0 million. The report also highlighted that the full extent of fraud in the NSW public sector could be higher than reported because:
- unreported frauds in organisations can be almost three times the number of reported frauds
- our 2015 survey did not include all NSW public sector agencies, nor did it include any NSW universities or local councils
- fraud committed by citizens such as fare evasion and fraudulent state tax self-assessments was not within the scope of our 2015 survey
- agencies did not estimate a value for 599 of the 1,077 (56 per cent) reported frauds.
Commissioning and outsourcing of services to the private sector and the advancement of digital technology are changing the fraud and corruption risks agencies face. Fraud risk assessments should be updated regularly and in particular where there are changes in agency business models. NSW Treasury Circular TC18-02 NSW Fraud and Corruption Control Policy now requires agencies develop, implement and maintain a fraud and corruption control framework, effective from 1 July 2018.
Our Fraud Control Improvement Kit provides guidance and practical advice to help organisations implement an effective fraud control framework. The kit is divided into ten attributes. Three key attributes have been assessed below; prevention, detection and notification systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency fraud and corruption controls for 2017–18.
| Observation | Conclusion or recommendation |
| 6.1 Prevention systems | |
|
Prevention systems Only 54 per cent of agencies have an employment screening policy and all agencies have IT security policies, but gaps in IT security controls could undermine their policies. |
Conclusion: Most agencies have implemented fraud prevention systems to reduce the risk of fraud. However poor IT security along with other gaps in agency prevention systems, such as employment screening practices heightens the risk of fraud and inappropriate use of data. Agencies can improve their fraud prevention systems by:
|
| Twenty-three per cent of agencies were not performing fraud risk assessments and some agency fraud risk assessments may not be as robust as they could be. | Conclusion: Agencies' systems of internal controls may be less effective where new and emerging fraud risks have been overlooked, or known weaknesses have not been rectified. |
| 6.2 Detection systems | |
| Detection systems Several agencies reported they were developing a data monitoring program, but only 38 per cent of agencies had already implemented a program. |
Studies have shown data monitoring, whereby entire populations of transactional data are analysed for indicators of fraudulent activity, is one of the most effective methods of early detection. Early detection decreases the duration a fraud remains undetected thereby limiting the extent of losses. Conclusion: Data monitoring is an effective tool for early detection of fraud and is more effective when informed by a comprehensive fraud risk assessment. |
| 6.3 Notification systems | |
| Notification system All agencies have notification systems for reporting actual or suspected fraud and corruption. Most agencies provide multiple reporting lines, provide training and publicise options for staff to report actual or suspected fraud and corruption. |
Conclusion: Training staff about their obligations and the use of fraud notification systems promotes a fraud-aware culture |
Planning and Environment 2017
The following report highlights results of financial audits of agencies in the Planning and Environment cluster. The report focuses on key observations and findings from the most recent audits of these agencies.
The audits were completed for most agencies in the cluster and unqualified audit opinions issued. Issues identified during the financial statement audits of seven small agencies delayed their finalisation beyond the statutory deadline, and six of these remain incomplete. Apart from these small agencies, the quality of financial reporting across the cluster remained at a high standard.
This report provides Parliament and others with the audit results, observations and recommendations for Planning and Environment cluster agencies. The report has been structured into two chapters focussing on financial reporting and controls and service delivery.
The Planning and Environment cluster plays a role in ensuring each community across New South Wales receives the services and infrastructure it needs.
This chapter outlines our audit observations and recommendations related to financial reporting and controls of Planning and Environment cluster agencies for 2016–17.
| Observation | Conclusion or recommendation |
2.1 Quality of financial reporting |
|
|
Unqualified audit opinions were issued for 39 of the 45 cluster agencies' financial statements. |
Issues identified during the financial statement audits of seven smaller agencies delayed their completion. Six audits remain incomplete at the date of this report. Apart from these seven small agency audits, the quality of financial reporting across the cluster remained at a high standard. |
2.2 Timeliness of financial reporting |
|
|
Seven agencies' financial statement audits were not completed by the statutory deadline with six audits incomplete at the date of this report. |
Issues identified during the financial statement audits of seven smaller agencies delayed their finalisation beyond the statutory deadline. These agencies would benefit from performing additional early close procedures in future reporting periods. |
2.3 Financial and sustainability analysis |
|
|
Water and Electricity utility agencies continue to operate with low liquidity ratios. |
A liquidity ratio below one is an indicator that an entity may not be able to pay its debts as and when they fall due. Whilst liquidity ratios were below one, utility agencies demonstrated they can continue to support ongoing operations due to:
|
2.5 Internal controls |
|
|
One in six internal control weaknesses reported in 2016–17 were repeat issues. |
Delays in implementing audit recommendations can prolong the risk of fraud and error. Recommendation (repeat issue): anagement letter recommendations to address internal control weaknesses should be actioned promptly, with a focus on addressing repeat issues. |
|
Nine of these internal control weaknesses related to the creation, modification, deletion and review of user access to financial systems. |
These control weaknesses may compromise the integrity and security of financial data. Recommendation (repeat issue): Management of user administration over financial systems should be strengthened to prevent inappropriate access to financial information. |
This chapter outlines our audit observations, conclusions and recommendations relating to service delivery for 2016–17.
| Observation | Conclusion or recommendation |
3.1 Premier's and State priorities |
|
| The Planning and Environment cluster is responsible for delivering five Premier's and State priorities. |
One priority target was achieved in 2016–17, two targets are on track to be achieved and progress towards one target slowed. Progress against one target cannot be determined. |
3.2 Planning |
|
|
Housing Completion |
|
| There were 63,506 housing completions in 2016–17. This was 4.1 per cent above the Premier’s priority target of delivering 61,000 housing completions per year. |
The Australian Bureau of Statistics data shows the housing completions target was achieved in 2016–17. |
|
Housing supply |
|
| The number of approvals for new houses in 2016–17 was 72,472 against the State priority target of more than 50,000 approvals per year. |
The Australian Bureau of Statistics data indicates the housing approvals target was achieved in 2016–17. |
|
Major project assessment |
|
| State significant developments are not clearly defined for the purposes of reporting against the State priority target. | The Department of Planning and Environment will clarify with the Department of Premier and Cabinet which developments are captured by the State priority target. |
| The Department of Planning and Environment’s data shows the time taken to assess complex State significant developments increased by 16 per cent in 2016–17 while the time taken to assess less complex developments reduced by 20 per cent. | The Department of Planning and Environment considers it is on track to meet the State priority target of halving the time taken to assess State significant developments, despite uncertainty over the target measure. |
|
Housing acceleration fund |
|
|
Program business cases were not developed for projects in Housing Acceleration Fund Rounds 1 to 4. The Department advised a program business case will be developed for Housing Acceleration Fund Round 5 projects. |
A program business case is necessary to ensure related projects are evaluated, managed and coordinated effectively. |
|
A benefit realisation review process has not yet been approved for Housing Acceleration Fund projects. The Department of Planning and Environment advised it is developing a benefit realisation review process. |
A benefit realisation review process is necessary to determine whether funded projects achieved intended outcomes. |
|
Greater Sydney Commission |
|
| The Greater Sydney Commission forecasts a further 725,000 dwellings in the greater Sydney region will be required up to 2036 to meet housing demand. | In response to population growth, the Commission has set a five-year housing supply target of 189,100 houses across the five Greater Sydney Commission districts. |
|
ePlanning system |
|
| The Department of Planning and Environment did not perform a benefit realisation review for phase one of the ePlanning project. It has committed to performing a benefit realisation review after completion of phase two in 2018. | It cannot be determined if phase one of the project delivered expected outcomes as a benefit realisation review was not performed. |
3.3. Environment and Heritage |
|
| Litter volume in New South Wales was 6.6 litres per 1,000 square metres in 2016–17, an increase of 16 per cent from the prior year. This is above the Premier's priority litter volume target of 4.2 litres per 1,000 square metres by 2020. | The Environment Protection Authority's data indicates the progress towards the target of reducing the volume of litter by 40 per cent by 2020 has slowed. |
| The NSW Government plans to invest $240 million to facilitate strategic biodiversity conservation on private land. | Performance measures have not yet been developed for the private land conservation program. |
3.4 Water |
|
| IPART reduced water usage charges for most Sydney Water Corporation customers in 2016–17. | Water usage prices in New South Wales compare favourably to larger water utilities in other jurisdictions. |
|
Hunter Water Corporation's water recycling and water conservation performance has been stable over recent years. The volume of Sydney Water Corporation’s recycled water reduced by 12 per cent in 2016–17 compared to the previous year. |
Sydney Water Corporation experienced reduced industry demand for recycled water. Several large industrial customers relocated away from Sydney. |
3.5 Arts and culture |
|
| A State priority target is to increase overall attendance at cultural venues and events in New South Wales by 15 per cent from 2014–15 levels by 2019. | The Department of Planning and Environment's data indicates overall attendance increased by 16 per cent in 2015–16, although attendance fluctuated across individual venues and events. This indicates progress towards achieving the overall target by 2019. |
Mining Rehabilitation Security Deposits
The Department of Planning and Environment requires mining companies to rehabilitate sites according to conditions set in the mining development approval. The Department holds mining rehabilitation security deposits that are meant to cover the full cost of rehabilitation if a mining company defaults on its rehabilitation obligations.
Parliamentary reference - Report number #285 - released 11 May 2017
2016 - An overview
This report focuses on key observations and findings from 2016 audits and highlights key areas of focus for financial and performance audits in 2017.
| Financial reporting | |
| Observation | Conclusion |
| Only one qualified audit opinion was issued on the 2015–16 financial statements of NSW public sector agencies, compared to two in 2014–15. | The quality of financial reporting continued to improve across the NSW public sector. |
| More 2015–16 financial statements and audit opinions were signed within three months of the year end. | Timely financial reporting was facilitated by more agencies resolving significant accounting issues early, completing asset valuations on time and compiling sufficient evidence to support financial statement balances. |
|
NSW Treasury’s early close procedures in 2015–16 were again successful in improving the quality and timeliness of financial reporting, largely facilitated by the early resolution of accounting issues. For 2016–17, NSW Treasury has narrowed the scope of mandatory early close procedures. |
The narrowed scope of mandatory early close procedures may diminish the good performance in ensuring the quality and timeliness of financial reporting achieved in recent years. To mitigate this risk, NSW Treasury has mandated that agencies perform non-financial asset valuations and prepare proforma financial statements in their early close procedures. It also encourages them to continue with the good practices embedded in recent years. |
| Although most agencies complied with NSW Treasury’s early close asset revaluation procedures we identified areas where they can improve. | Asset revaluations need to commence early enough to ensure all assets are identified and the results are analysed, recorded and reflected accurately in the early close financial statements. |
| Number of misstatements | |||||
| Year ended 30 June | 2015-16 | 2014-15 | 2013-14 | 2012-13 | 2011-12 |
| Total reported misstatements | 298 | 396 | 459 | 661 | 1,077 |
All material misstatements identified by agencies and audit teams were corrected before the financial statements and audit opinions were signed. A material misstatement relates to an incorrect amount, classification, presentation or disclosure in the financial statements that could reasonably be expected to influence the economic decisions of users.
Significant matters reported to the portfolio Minister, Treasurer and Agency Head
In 2015–16, we reported the following significant matters to the portfolio Minister, Treasurer and agency head in our Statutory Audit Reports:
Appropriate financial controls help ensure the efficient and effective use of resources and the implementation and administration of agency policies. They are essential for quality and timely decision making.
In 2015–16, our audit teams made the following key observations on the financial controls of NSW public sector agencies.
| Financial controls | |
| Observation | Conclusion |
| More needs to be done to implement audit recommendations on a timely basis. We found 212 internal control issues identified in previous audits had not been adequately addressed by 30 June 2016. |
Delays in implementing audit recommendations can impact the quality of financial information and the effectiveness of decision making. Agencies need to ensure they have action plans, timeframes and assigned responsibilities to address recommendations in a timely manner. |
| Agencies continue to face challenges managing information security. Most information technology issues we identified related to poor IT user administration in areas like password controls and inappropriate access. | Agencies should review the design and effectiveness of information security controls to ensure data is adequately protected. |
|
We found shared service provider agreements did not always adequately address information security requirements. |
Where agencies use shared service providers they should consider whether the service level arrangements adequately address information security. |
| Thirteen of 108 agencies required to attest to having a minimum set of information security controls did not do so in their 2015 annual reports. | The 'NSW Government Digital Information Security Policy' recognises the growing need for effective information security. With cyber security threats continuing to increase as digital services expand we plan to look at cyber security as part of our 2017–18 performance audit program. |
| We identified instances where service level agreements with shared service providers were outdated, signed too late or did not exist. | Corporate and shared service arrangements are more effective when service level arrangements are negotiated and signed in time, clearly detail rights and responsibilities and include meaningful KPIs, fee arrangements and dispute resolution processes. |
| Internal controls at GovConnect, the private sector provider of transactional and information technology services to many NSW public sector agencies were ineffective in 2015–16. We found mitigating actions taken to manage transition risks from ServiceFirst to GovConnect were ineffective in ensuring effective control over client transactions and data. | The Department of Finance, Services and Innovation should ensure GovConnect addresses the control deficiencies. It should also examine the breakdowns in the transition of the shared service arrangements and apply the learnings to other services being transitioned to the private sector. |
| Maintenance backlogs exist in several NSW public sector agencies, including Roads and Maritime Services, Sydney Trains, NSW Health, the Department of Education and the Department of Justice. | To address backlog maintenance it is important for agencies to have asset lifecycle planning strategies that ensure newly built and existing assets are funded and maintained to a desired service level. |
Planning and Environment 2016
Auditor-General, Margaret Crawford released a report on the planning and environment cluster today, concluding that the quality of financial reporting is improving. However, the cluster can improve its financial controls and governance framework.
Volume Twelve 2015 Part Two Water
The distributions to the NSW Government increased from $690 million in 2013-14 to $1.0 billion in 2014-15. The increase was largely due to a higher dividend from Sydney Water Corporation.
Volume Nine 2015 Planning and Environment
The NSW Environment Protection Authority has reduced the average time to assess contaminated sites from 203 days in 2013-14 to 73 days in 2014-15. It is also improving transparency by making more information on its performance publicly available.
In 2014-15, the Department of Planning and Environment increased new housing approvals across New South Wales by 12 per cent to 58,252, exceeding the State priority target of 50,000. It also reduced the time taken to assess major projects from about three years in 2013-14 to four months in 2014-15.
