About this report

The NSW and Commonwealth governments announced the Special Disaster Assistance (SDA) grant program to support primary production businesses affected by significant flood events in areas of NSW in August and September 2022.

This audit assessed whether the NSW Rural Assistance Authority (RAA) and the NSW Reconstruction Authority (Reconstruction Authority) implemented the SDA - storms and floods AGRN 1030 and AGRN 1034 program in line with the principles and mandatory requirements outlined in the Grants Administration Guide, and in line with the program guidelines.

This audit was conducted following a request from the Special Minister of State that the Auditor-General conduct a recurring performance audit of emergency relief grants under section 27B(3)(c) of the Government Sector Audit Act 1983.

Findings

The RAA and the Reconstruction Authority followed the program guidelines and met most of the requirements of the Grants Administration Guide in administering the program.

However, the RAA did not implement appropriate controls to mitigate the risk of fraud for applicants who received only the upfront payment of $25,000. It did not require evidence of how these funds would be spent, or validate claims of estimated damage, before distributing the payments. The total value of these payments was approximately $40 million.

The RAA conducted an effective process to determine each applicant’s eligibility for the program and implemented appropriate fraud controls for higher-value grants.

The Memorandum of Understanding between the RAA and the Reconstruction Authority has not been updated since 2015. Neither agency conducted a cost-benefit analysis to assess value for money or planned an evaluation of the program. There were also gaps in the way that the RAA managed program risks.

Recommendations

Both audited agencies should:

• update the Memorandum of Understanding to better define responsibilities for grants administration.

The NSW Rural Assistance Authority should:

• improve its risk management of grant programs by:
  • defining its risk tolerance
  • ensuring appropriate controls to reduce fraud risks are in place
• ensure that conflict of interest declarations are collected from all assessment and claims staff
• update its cost estimate model
• develop additional performance measures for future grant programs.

The NSW Reconstruction Authority should:

• complete the cost-benefit analysis and outcome evaluation for the program.

New South Wales experienced multiple rain events between February and November 2022, which resulted in flooding across the state. Owing to the significant impact of this flooding on primary producers, the NSW and Commonwealth governments announced a series of SDA grant programs to support primary production businesses.³

The purpose of the AGRN⁴ 1030 (Southern and Central West NSW Floods from August 2022 onwards) and AGRN 1034 (NSW Flooding from 14 September 2022 onwards) SDA program was to provide a timely and proportionate response to minimise the impact these storm and flood events had on primary producers and allow them to return to normal operations as soon as possible. Applications for the SDA program opened on 18 November 2022 and closed on 30 June 2023.

Under the AGRN 1030 and 1034 SDA program, 28 LGAs were declared disaster-affected in Southern and Central West NSW in August 2022. A further 47 LGAs were declared disaster-affected across NSW in September 2022, including all 28 LGAs affected by the August event, bringing the total to 75 declared LGAs plus the Unincorporated Far West Area.

The agencies’ Memorandum of Understanding does not clearly set out responsibilities for key aspects of grant program development and evaluation

The GAG sets out expectations for how multiple agencies involved in grants administration should define responsibilities, including:

• agencies should agree between themselves which agency is responsible for applicable mandatory requirements set out in the GAG during the planning and design phase of a grant program
• mandatory requirements are recommended to be captured in a MoU, particularly if funds are transferred between the agencies for the purpose of delivering the grant.

The MoU between the Reconstruction Authority and the RAA was last updated in 2015 and does not clearly set out responsibilities for some of the mandatory requirements of the GAG.

For example, the MoU does not specify which agency was responsible for the design of the program, including the responsibility for conducting a CBA during its development. A CBA was not conducted during the program’s development. This is discussed in more detail below. The MoU sets out some responsibilities relating to the evaluation of the program but it does not establish responsibility for determining whether the outcomes and benefits of the program were realised. Under the MoU:

• the RAA is required to submit a Post Disaster Assessment Report which captures data on the number of applications, number of approvals and value of grants paid
• the Reconstruction Authority is required to operate a compliance function to ensure that expenditure claimed against the DRFA complies with the NSW Disaster Assistance Guidelines and the MoU.

These evaluation mechanisms only relate to financial and probity oversight and do not include responsibilities for key aspects of evaluation, including determining if the program met intended outcomes and the impact of the program relative to its costs.

In addition, the MoU does not outline which agency was responsible for probity in program design, defining the risk tolerance for the program or for the management of program risks. Key risk management activities such as defining program risk tolerance and the ongoing monitoring of program risks were not conducted.

The RAA and the Reconstruction Authority are working together to draft an updated MoU. However, as at April 2025 the MoU had not been finalised.

The Rural Assistance Authority did not clearly define its risk tolerance for this program

The Reconstruction Authority identified key risks and defined its tolerance for strategic risks, such as those relating to the administration of the DRFA. The Reconstruction Authority did not define a risk tolerance that was relevant to this program, but it was not responsible for administering the program and so the RAA was best placed to identify a relevant program risk tolerance.

The RAA did not define its tolerance for key program risks, such as in a risk appetite statement. Although the GAG does not mandate the development of risk appetite statements for grant programs, the lack of a risk appetite statement meant that there was no guidance available for the RAA as the administering agency to inform risk-based decisions, including risks relating to balancing the risk of fraud with speed of assessment.

The program’s Assurance and Probity Plan assessed the program as having a low probity risk, but the RAA did not retain documentation to explain how this risk rating was determined. The RAA advised that the program was assessed as low-risk because:

• it was open and non-competitive
• it did not involve any discretionary decision-making or external involvement in decision-making
• there was no comparative merit-based assessment against other applicants.

The RAA also advised that the program was considered low-risk because the agency had previously administered similar programs and therefore was aware of the inherent program, grantee and governance risks. As there was no risk appetite statement in place, this assessment was made without a formal framework that considered the RAA’s overall approach to risk.

A risk appetite statement may have informed key decision points in the program. For example, the RAA did not require evidence of how funds would be spent before distributing upfront payments. This increased the risk that fraudulent applications would be approved. Defining its risk tolerance for the program may have helped the RAA to manage this risk.

In addition, in October 2023, the RAA implemented a rule which stated that it would not validate proof of payment for reimbursements below $2,500, which it termed the ‘de minimis’ rule. The RAA considered the impact of this change on fraud risk. However, because it did not have a defined risk tolerance to assist with decision-making, the RAA did not have a framework to determine whether these risks were within the tolerance it was willing to accept.

The Department of Regional NSW (DRNSW) had a risk management framework in place at the time of the program; it defined a risk tolerance across all of DRNSW for various types of risk, including for entities like the RAA, which formed part of DRNSW at the time. It stated that the agency had a low-risk appetite for fraud and corruption. Although the RAA’s risk management plan aligns with DRNSW’s approach, there is no evidence that the RAA used DRNSW’s risk appetite statement to guide its decision-making in relation to risk-based decisions.

The Rural Assistance Authority identified risks for the program but it did not adequately monitor these risks

The RAA Risk Management Plan states that the program Steering Committee is responsible for overseeing and monitoring the program risk register throughout the program’s lifecycle. Although the Steering Committee monitored risks prior to the program launch, it did not meet after the program launched and there is no evidence that the program risk register or program risks were reviewed, discussed or monitored beyond this point. This lack of monitoring meant that the RAA did not have a comprehensive view of how changes in the program risk profile may have impacted program delivery. Risks were reported at each of the Steering Committee meetings that occurred before program launch, but these risks remained the same at each meeting even when those risks were no longer relevant. The Steering Committee’s minutes are not clear on whether the risks were discussed in detail or reassessed during these meetings.

The RAA created a risk register for the program, including designing controls for each of the identified risks and identifying actions to further reduce those risks. The program risk register was last updated in October 2022, with no evidence that this document was updated regularly after this date. This is despite changes in the program’s risk profile. For example, the risk register identified a risk related to the program being upgraded from DRFA category C to category D which would result in a more complex application process. This change in category occurred, impacting the program’s overall risk profile. However, there was no evidence that the program’s risk register was revised once the program changed to a category D program.

The RAA designed and implemented mitigating controls to reduce the likelihood or impact of identified risks. For example, to reduce the risk of fraudulent applications, the agency required financial assessments of all applicants to be conducted to ensure their eligibility for the program. The RAA undertook these financial assessments for each applicant. The RAA also included a declaration on the application form to provide a legal avenue to recover fraudulently acquired funds.

The RAA also identified a risk that program delivery would not be timely. To mitigate this risk, the RAA planned to monitor and report on processing and notification times for the program. As discussed below, the RAA regularly reported to the executive on program timelines, though there were long processing times for both assessments and grant claims.

The RAA’s enterprise risk management occurs through the agency-wide Assurance Working Group (AWG). This group is responsible for reviewing key business processes, high-risk areas and key risk controls that inform business improvement processes. The group only discusses broader, enterprise-wide risks relevant to the RAA’s agency-wide objectives, rather than program-specific risks. Although some of the risks that are reviewed by the AWG may be relevant to the management of the RAA’s programs, risks specific to each program are not discussed in the AWG. The AWG did not review or discuss the program’s risk register, demonstrating that it was not responsible for the program-level risks. The AWG monitoring alone was not sufficient to manage risks to the AGRN 1030 and 1034 program, as program-level risks were not monitored specifically.

The Rural Assistance Authority implemented appropriate fraud controls for higher-value grants, but not for applicants who only received the up-front payments

The GAG requires agencies to develop and implement fraud controls that are proportionate to the value and risk of the grant. RAA identified the risk of fraudulent applications being submitted to the program as high, due to the substantial value of the grants. However, the controls in place to mitigate the risk of fraud posed by people only claiming the upfront payment were not appropriate given the value of the grant.

Under the program guidelines, applicants were able to receive the upfront payment of up to $25,000 without providing proof of payment. The program guidelines stated that the payment would be provided on the basis of quotes or estimated costs. The RAA required applicants to provide an estimated value of damage and a description of the impact of the flood event(s). If applicants did not claim any further funding above the $25,000 threshold, they were not required to submit any further documentation to prove that the applicant planned to spend the upfront payment on eligible expenditure in compliance with the guidelines.

In addition to not requiring evidence of how the grant recipient planned to use their upfront payment, the RAA also did not collect proof that the payment had been spent on eligible items to confirm that it complied with the grant guidelines, unless an applicant was making subsequent claims for funding above the upfront payment. As it did not seek to validate the planned or actual use of the upfront payment, the RAA did not put in place appropriate controls to manage the risk of fraud among the upfront payments.

Of the 8,959 approved and disbursed applications to the program, 1,701 claimed $25,000 or less and were therefore only required to submit an estimate of their damage to receive the grant. This made up 19% of applications to the program, with a total value of approximately $40 million. Some of these applicants provided further evidence to support their claim, but this was not required. The provision of up-front grants is discussed further in the next chapter.

The RAA did require paid tax invoices to be provided prior to payment of claims above the upfront $25,000. For payments above this threshold, applicants were required to provide invoices and proof of payment for both the upfront payment and any amount over the $25,000. A payment officer checked this evidence for claims, and this work was verified by a program officer. This served as an appropriate control for the risk of fraudulent applications above the upfront payment threshold.

The RAA advised that it engaged with Service NSW and the RAA’s equivalent agencies in Queensland and Victoria to ensure applicants were not applying for payments under other grant programs that may have resulted in their ineligibility for the SDA program. Applicant details were cross-referenced with a list of applicants from these grant programs as part of the eligibility assessment process.

The RAA identified 32 out of 10,715 applications as potentially fraudulent. The value of these applications was $982,002, with only one of these grants being disbursed. The RAA is in the process of reclaiming the $25,000 payment from this applicant.⁷ The limitations of the fraud controls in place mean that the RAA is not able to determine if potential fraud rates within the program are higher.

The Rural Assistance Authority obtained internal probity advice for the program

The GAG requires officials to seek probity advice for complex, high-risk or high-value programs to support the design, application, assessment and decision-making phases of the program. The RAA identified this program as having a low probity risk and as such the GAG requirement did not apply. As noted above, the rationale for assessing the program as low-risk was not documented.

The program’s Assurance and Probity Plan outlined its assurance activities, along with the responsibilities for and frequency of these activities. The plan advised that due to the program being assessed as low-risk, an external probity advisor was not required. As such, the RAA sought internal probity advice, which was provided by staff from the governance team.

The Rural Assistance Authority did not effectively identify conflicts of interest

The GAG states that officials should ensure that any real or perceived conflicts of interest are effectively avoided, managed and disclosed. The RAA’s Fraud and Corruption Control Plan documents a series of controls and their owners, and outlines how the agency should identify and control potential fraud and corruption by its staff and third parties. The plan describes a series of controls to manage conflicts of interest, including developing conflict of interest registers for each program and training with common scenarios and guidance from senior staff. The RAA did not ensure that conflicts of interest for those administering and overseeing the program were identified and therefore effectively managed.

The Assurance and Probity Plan outlined a requirement for all Steering Committee members to make an active conflict of interest declaration for the program, including declaring if they did not have a conflict. Five of the 16 members of the Steering Committee did not make any declaration for the program, and four of these five members had not made an annual conflict of interest declaration.

In addition, 63 of the 88 officers involved in the assessment or payments processes for the program did not have a conflict of interest declaration recorded. Most of these officers were temporary staff employed specifically to process applications for the SDA programs. This was because the RAA’s onboarding documentation only required staff to identify if they had a conflict of interest. It did not require staff to assert that they did not have a conflict of interest, which is not in line with good conflict of interest management. All staff, including those engaged temporarily, are required to complete a training module on DRNSW’s code of ethics and conduct during onboarding and to complete it again annually as part of their refresher training.

The Assurance and Probity Plan stated that RAA policies and procedures relating to conflicts of interest are consistent with DRNSW conflict of interest policies. However, DRNSW did not have a specific conflict of interest policy in place when the program was being administered. In place of a specific policy, DRNSW’s Code of Ethics and Conduct contained a brief outline of the process for declaring conflicts of interest. The process outlined did not cover risk mitigation strategies for conflicts, review of disclosures or the process for handling breaches.

The Department of Primary Industries and Regional Development, which RAA is now a part of, implemented a specific conflict of interest policy in November 2024, along with an updated Code of Ethics and Conduct. The new policy requires staff who work in high-risk roles to submit an annual conflict of interest declaration. High-risk roles are defined in the policy to include those involved in administering or advising on grants or approvals. The RAA advised that it has adjusted its procedures to require all RAA staff to complete an annual conflict of interest declaration, in line with this policy.

The Rural Assistance Authority did not actively manage conflicts of interest for the program

The conflict of interest declarations made by RAA assessment and payment officers are held in a register managed by DRNSW. The Fraud and Corruption Control Plan advised that the RAA’s conflicts of interest would be managed by key RAA staff for the SDA programs. Due to DRNSW’s management of the conflict of interest register, the RAA could not readily access declared conflicts of interest without having to make a specific request to DRNSW. This limited the RAA’s oversight of conflicts of interest.

RAA advised that assessment and payment officers were able to see some details of each applicant prior to processing their applications so they could determine if they had a conflict of interest. If they identified that they had a conflict of interest, they would be deemed unable to complete the assessment or approval and another staff member would undertake it. If a staff member wished to apply for a grant under the program, the staff member had to declare the application through DRNSW’s declarations portal. The assessment and approval of this application had to be performed by an independent staff member.

The RAA was reliant on staff identifying conflicts and recusing themselves from processing applications and claims where required. There is no evidence that line managers actively monitored the processing of applications or claims to ensure staff were not processing applications or claims where there was a declared conflict of interest.

In addition, staff were required to recuse themselves from assessment or approval of grants for their relatives. This was an informal process managed by the officer’s line manager, and the RAA advised that these situations were recorded as a file note. The RAA did not monitor these cases at a program level. If it was perceived as a conflict, officers were required to formally submit a conflict of interest declaration for the register.

The program guidelines mostly aligned with Grants Administration Guide requirements

The GAG mandates that grant program guidelines include the following information:

• the purpose and objectives of the grant
• selection criteria and assessment process
• grant value
• opening and closing dates
• any support available to grant applicants
• application outcome date (not relevant for this program)
• source agency or agencies
• the decision-maker.

The program guidelines met all of the above requirements. The program’s overall compliance with the mandatory requirements of the GAG is set out in Appendix 2.

The GAG also states that, where relevant, a description of complaint handling and review and/or access to information mechanisms should be included in program guidelines. The guidelines for the program did not include a description of the complaint handling process, despite the RAA having an appeals process for the program. This process was attached to refusal emails sent to applicants, along with a link to lodge an appeal. Although refused applicants were made aware of this process, this was not communicated to all potential grantees in the program guidelines. Publishing this information in the guidelines could have provided a more accessible and transparent system for applicants.

Neither agency conducted a cost-benefit analysis to assess value for money in the program design as required by the Grants Administration Guide

The GAG requires public officials to demonstrate at the planning and design stage of the program how it will deliver value for money by identifying benefits and costs. This CBA provides a valuable tool for decision-makers to understand the expected impact of a program.

Neither the RAA nor the Reconstruction Authority conducted a CBA at the program design stage to assess the grant program’s value for money. As a mandatory requirement of the GAG it was necessary for the agencies to ensure that the CBA for the program was undertaken. Neither agency was assigned responsibility for conducting a CBA in the MoU.

The GAG advises that for time-critical grant opportunities, which likely includes emergency relief grants, it may be possible to assess value for money through a more streamlined rapid CBA. This was not undertaken as an alternative. NSW Treasury’s Disaster Cost Benefit Framework (TPG23-17) also outlines the requirements for disaster-related programs’ CBA. It advises that when responding to a disaster there may be insufficient time to complete a CBA prior to funding.

For grant programs over $50 million, the GAG recommends that the post-program evaluation includes a CBA. In addition, TPG23-17 states that where disaster resilience initiatives valued at over $10 million are not supported by a business case and CBA, it is mandatory to complete an evaluation and ex-post CBA within a reasonable period of time. The Reconstruction Authority plans to conduct an economic evaluation of the program that will include a post-program CBA. A CBA conducted after the program can assist in determining whether the program achieved its intended objectives and provided value for money.

The Rural Assistance Authority’s model for estimating the total cost of the program significantly underestimated the total expenditure

While a CBA was not undertaken, the RAA did estimate the costs of the program before it launched. The RAA had commissioned modelling in 2021 to allow it to estimate the costs of future disaster events. The model used previous disaster events, including flood events, to predict the number of applicants, the number of approved applications, the amount of funding predicted to be approved and the amount of funding predicted to be disbursed to applicants. The RAA model used data from the February to March 2021 and the November 2021 flood events to underpin its assumptions. While these were the two most recent completed flood programs, the 2022 flood events were significantly larger and saw different applicant behaviour than that observed in the previous two events. There is now an opportunity for the RAA to revisit its cost estimate modelling to update the assumptions that are used with data from the 2022 SDA programs.

Using this model, the RAA estimated that the total cost of the program would be $267.6 million; it provided this estimate to the then Resilience NSW to inform the overall program budget. The RAA first advised the then Resilience NSW about this figure on 27 October 2022 and again on 7 November 2022. When the RAA first provided this advice, 55 LGAs had been disaster-declared and were therefore eligible for the program. When the RAA provided this advice the second time, 66 LGAs had been disaster-declared but the RAA did not update its assumptions to revise the expected program expenditure. If it had updated its assumptions, the RAA could have provided more accurate figures to the then Resilience NSW to estimate the program budget. A total of 75 LGAs and the Unincorporated Far West Area were disaster-declared.

The total program cost of $536.5 million was double the initial estimate. The model had a number of assumptions that resulted in this cost being underestimated. Even if cost estimates had factored in all of the disaster declared areas, the total cost of the program would most likely have been underestimated due to these other assumptions proving inaccurate. The assumptions and estimates compared to actual expenditure are outlined in Table 2 and include:

• an underestimation of the amount that each applicant would apply for
• the percentage of applicants that would be approved
• the amount of money that each approved applicant would claim back from their allowed maximum.

Source: Rural Assistance Authority modelling and Audit Office of NSW analysis.

Further, there were some differences between the 2021 flood programs and the AGRN 1030 and 1034 flood events. In particular, the previous events allowed six months for applications and 12 months for claims. In this case, the program was open for seven months and claims were open for 18 months, providing a greater opportunity for businesses to lodge applications and claims. The RAA advised that the Reconstruction Authority did not request forecasting based on these extended application and claim periods.

Inaccurate cost estimates meant that decisions were made on the basis of incorrect assumptions. The approved program budget assumed that $267.6 million was an accurate forecast, however the Reconstruction Authority had to seek approval in August 2023 and May 2024 for additional funds to make up the program shortfall. The RAA advised that monthly forecasts were provided to the Reconstruction Authority to support the request for additional funds. In addition, the RAA based its resourcing and administration assumptions on the initial cost estimate, meaning that its estimated administration costs and the number of staff that were contracted to administer this program was significantly lower than would have been the case if the assumptions had been more accurate. The RAA added more staff during the program when it became clear that the program would exceed the expected level of demand.

⁷ A ‘Show Cause’ letter was issued to this applicant to provide them the opportunity to rectify the issues identified with their application. As the applicant did not respond, a tax invoice was issued requesting the payment to be repaid to RAA.

The Rural Assistance Authority conducted an effective process to determine each applicant’s eligibility for the program

The GAG states that all grants should have clear eligibility criteria that outline the minimum requirements an applicant must meet to be eligible for funding. The program guidelines outlined the criteria that would determine applicant eligibility for the grant. Administering a program in accordance with its guidelines is a mandatory requirement of the GAG. This is essential to ensure the program is administered fairly and that the program achieves its objectives. The program’s overall compliance with the mandatory requirements of the GAG is set out in Appendix 2.

To determine whether the grant program had been administered in line with the program guidelines, the audit team tested a sample of applications, which included the assessment of application eligibility. All approved applicants examined by the audit team were correctly found to be eligible. All rejected applicants in the sample were correctly found to be ineligible.

To ensure applicants were assessed equitably against the eligibility criteria, assessment officers were provided with an assessment template and training guidance. This documentation provided guidance on interpreting the program guidelines and was designed to ensure that each applicant would be assessed consistently.

In line with the program guidelines, assessment officers reviewed the lodged tax returns and financial statements to ensure that applicants derived at least 50% of their gross income from the primary production enterprise. They also reviewed applicant ABNs to ensure that these were active and current at the time of the flood event(s), and LGA rate notices to determine if the enterprises were located within an eligible area. Applicants were also required to provide an estimated value and description of damage incurred.

The assessment of this evidence was entered into the assessment template for each applicant and the completed template was provided as written advice to a program officer as the decision-maker. The program officer then approved or declined the application based on the advice provided by the assessment officer. For each application, the RAA retained documentation that related to the application outcome and the reasoning behind the outcome. It also documented the decisions on both approved and rejected applications.

The Rural Assistance Authority processed most claims for the grant program in accordance with the program guidelines and the Grants Administration Guide

The program guidelines outlined a list of items and activities that were eligible for reimbursement, along with the evidence required to claim. This list was created to ensure that only eligible expenses were reimbursed. In addition, the RAA provided further guidance to payment officers, particularly covering more difficult situations that may arise. This included creating a payment schedule template. This documentation aimed to ensure that each claim was assessed against the same criteria.

For anyone seeking to claim additional funds after receiving the upfront payment, payment officers reviewed the invoices submitted, including the supplier, date, invoice amount and the description for each claim. Payments officers reviewed the invoice item descriptions to determine if expenses were eligible for reimbursement under the program guidelines. In addition, payment officers reviewed proof of payment for these invoices, usually in the form of bank statements. The payment schedule and the supporting evidence was provided to the program officer as written advice for approval or denial.

The procedure for assessing and processing the upfront payments is discussed in detail below.

The audit team tested a sample of applications for the program, which included the processing of claims for these applications. The sample demonstrated that invoices and proof of payment were retained for all applicants who claimed funding above the $25,000 upfront payment amount. Payment schedules were generated for these applicants, and invoice and payment data was entered into the schedule template to evidence claim eligibility. The payments made aligned with the invoices and followed the established process.

Most of the applicants in the sample were only reimbursed for eligible expenditure. The audit team identified one applicant who was reimbursed for ‘business advice post-flood’, which was not eligible expenditure under the program guidelines. The documentation retained for this applicant did not outline any reasons for approving the ineligible expense, as required by the GAG.

Applicants were required to provide proof of payment for any previous SDA grants they had made under the other 2021 and 2022 storm and flood disaster events before they could receive payment from the AGRN 1030 and 1034 SDA program. Payment officers checked if applicants had made claims under previous programs and validated this expenditure as per the guidelines.

The Rural Assistance Authority did not require evidence of how funds would be spent or validate claims of estimated damage before distributing the upfront payments

Applicants who had not successfully applied for grants under previous iterations of the SDA program were entitled to an upfront payment of $25,000 without the need to provide invoices at the point of application. Applicants who had received grant payments under previous SDA programs were only eligible for the upfront payment if they had fully validated their previous grant funding. The RAA advised that this was to assist primary producers with their cash flow by providing them with enough money to begin recovery works.

The program guidelines, which were designed by the RAA and approved by the then Resilience NSW, stated that payment would be provided on the basis of quotes or estimated costs. The guidelines also included an application checklist which specified the documentation the applicant would need to provide at the point of application. This checklist included ‘quotes, estimates, photos, valid tax invoices and proof of payment (if you have them)’. The program guidelines did not explicitly require applicants to provide evidence to support their estimates or to validate their expenditure post payment.

The frequently asked questions (FAQs) for the program, which were published on the RAA website, stated that reasonable evidence was required to be submitted by all applicants to prove damage from the flood event(s). The following examples of evidence were listed:

• quotes or estimates for works to be completed
• tax invoices of expenses incurred for clean-up or salvage works already completed following the flood event(s)
• photos of damaged property with time, date and location stamps (not mandatory).

The audit team tested a sample of 16 applicants who received only an upfront payment of $25,000 or less. Two applicants in the sample submitted evidence of their intention to spend this money in accordance with the program guidelines although this was not required by the guidelines. The remaining applicants submitted an estimated value of the damage and explained the impact of the flood on their business, which was confirmed by an assessment officer through a phone call. The RAA advised that the purpose of this phone call was to test the applicant’s claim against results from the Primary Industries Natural Disaster damage survey. This is an online survey that farmers, DPIRD, Local Land Services Staff and agricultural industry representatives can use to record damage to primary production and animals from natural disasters such as floods, fires and storms. Assessment officers could use this data to assess if applicants’ claims were consistent with the level of damage recorded in the survey results.

While it was in line with the guidelines, by not collecting this evidence, the RAA could not ensure that applicants who applied for payments below the $25,000 threshold had estimated damage accurately or validate that applicants intended to spend, or had in fact spent the grant in line with the program guidelines. The lack of appropriate controls increased the risk of fraudulent applications being made for these upfront payments and funds disbursed to those applications, as well as the risk that the upfront payments were not spent on eligible activities.

The program guidelines included a provision for the RAA to request additional evidence from applicants once a payment had been made. However, the RAA did not validate these applications post program to confirm that grant money had been spent in line with the guidelines.

There were long processing times for both assessments and grant claims throughout most of the life of the program

As discussed above, and as shown in Exhibits 3 and 4, there was a steady flow of applications and claims throughout the program before a sharp increase prior to the program closing. Due to the number of applications and grant claims exceeding the original estimates for the program, the RAA was not adequately prepared for the volume of applications, and this resulted in long processing times for both assessments and grant claims.

As can be seen in Exhibit 5, the average number of days required to process a grant application increased from 19 days for applications lodged in November 2022, the first month of the program, to 118 days for applications lodged in June 2023, the final month that applications were open. This excludes time where the RAA was waiting for additional information from the applicant. The RAA’s target was to process 80% of applications within 20 days. However, only 13.5% of grant applications for the AGRN 1030 and 1034 program were assessed in this timeframe. The average processing time for applications across the course of the program was 73 days.

The Rural Assistance Authority developed performance measures but there were no indicators for program outcomes

The RAA describes its overall objective as ‘farming businesses and other rural industries are more innovative, productive and resilient due to efficient provision of well-targeted government assistance programs by the RAA’.

To support this, the RAA has developed the following three performance measures that apply across all of the grant programs it administers:

• timeframe to provide RAA assistance to the point of decision for grant applications – 80% of grant applications have a decision in 20 days
• level of RAA customer satisfaction at the point of application – 80% of customers report a positive point of application experience
• level of RAA customer satisfaction post-application – 80% of customers report a positive post-application experience.

The RAA aggregates performance across these indicators for all its grant programs, and the RAA also measures performance against these indicators for its programs individually. While these measures are all valuable in understanding the RAA’s grant administration performance, they do not allow for the outcomes of RAA programs to be evaluated. In particular, they do not consider a program’s impact on the RAA’s overall objective, such as the impact of the program on innovation, productivity and resilience. Measuring the outcomes of a program allows for an agency to determine whether the program has achieved its objective and was an effective use of money.

The timeliness indicator allows the RAA to measure one element of its efficiency by identifying the speed with which grant applications are assessed. However, there is no performance indicator in place to consider the timeliness of claim processing. Developing this performance indicator would allow the RAA to determine more clearly whether claims processing is occurring in a timely manner.

While customer satisfaction with the program was high, the Rural Assistance Authority did not meet its timeliness target

The RAA’s performance against its established targets for customer satisfaction at the point of application and post-application exceeded the targets of 80% of customers reporting a positive experience. To collect information about customer satisfaction, the RAA conducted an online customer survey with each applicant, where applicants were asked to rate their satisfaction with a variety of metrics, including satisfaction with program guidelines and ease of application.

The results of the RAA customer satisfaction surveys are shown in Table 3.

Note that satisfied includes both ‘satisfied’ and ‘very satisfied’ as a response, and ‘unsatisfied’ includes both ‘unsatisfied’ and ‘very unsatisfied’.
Source: RAA customer satisfaction surveys

The results demonstrate that customer satisfaction with the program was high. This includes satisfaction with the processing time of applications which, as noted in the previous chapter, consistently worsened throughout the course of the program.

The RAA also asked about the difficulty of applications and the contract approval process. The results of these surveys are shown in Table 4.

Note that ‘easy’ includes both ‘easy and ‘very easy’ as a response, and ‘difficult’ includes both ‘difficult’ and ‘very difficult’.
Source: RAA customer satisfaction surveys.

The RAA advised that it uses the difficulty of application and difficulty of contract approval results, shown in Table 4, to determine whether it has met its customer satisfaction results of 80% of customers having a positive experience. The RAA aggregates the easy and neutral results to determine whether the target has been met, meaning that even neutral results are considered positive experiences. Calculated this way, 93% of customers had a positive experience at point of application and 96% had a positive experience post application. This calculation means that the RAA exceeded its target of 80% of customers having a positive experience at the point of application and post approval. However, as shown in Table 4, if neutral responses are excluded from this analysis and only ‘easy’ or ‘very easy’ responses are included, the RAA did not meet this target.

The RAA had a target of 80% of grant applications having a decision in 20 days. The RAA advised that this only includes business days and does not include time that is spent waiting for applicants to provide additional information after RAA has requested it. With these rules applied, only 13.5% of grant applications for the AGRN 1030 and 1034 program were assessed within 20 days. It was important for RAA to assess applications in a timely way in order to fulfil the program purpose of providing a timely and proportionate response to the disaster event.

Program performance was regularly reported to the Rural Assistance Authority’s management, allowing it to provide oversight of the program

Each week, the performance of the RAA in the AGRN 1030 and 1034 program was reported to management as a high-level dashboard. This included a review of the number of applications per day, the number of applications completed each day, outstanding cases, customer satisfaction and total funding disbursed through the program. This allowed management to provide a degree of oversight of the program’s performance against its key performance indicators.

In addition, the RAA reported performance against all of its grant programs to its Audit and Risk Committee (ARC) on a quarterly basis. These reports contained an aggregation of the performance across all of the disaster grants being administered by the RAA, including the volume of applications, the completion rates of assessments and the amount of money disbursed. In addition, performance against the three performance indicators outlined above was also reported to the ARC. This reporting allowed the ARC to receive an agency-wide view of grant administration performance.

The Reconstruction Authority is planning to conduct an outcome evaluation for the program

While the GAG does not set out a mandatory requirement for officials to undertake an evaluation of the outcomes of a grant program, it does recommend that agencies make a decision on evaluating based on the value, risk and significance of the grant program. The GAG refers to the NSW Treasury policy TPG 22-22 Policy and Guidelines: Evaluation, which recommends an evaluation of programs valued at over $50 million. Given that the program disbursed $536.5 million, it is reasonable to expect an outcome evaluation to be undertaken as a matter of good practice.

As noted above, the MoU between the Reconstruction Authority and the RAA does not set out the responsibility for undertaking an outcome evaluation of the program. Similarly, there is no responsibility established in the MoU to determine the overall benefits delivered by the program as part of a CBA. Not outlining these responsibilities risks gaps in program evaluation for future grant programs. As a result of this gap, neither agency was assigned initial responsibility for planning an evaluation.

In December 2024, the Reconstruction Authority received approval to undertake an outcome evaluation that will allow it to determine the outcomes achieved by the program. This evaluation is also planned to include an evaluation of the overall benefits and outcomes of the program, an economic evaluation – which will fulfil the purpose of an ex ante CBA, discussed above – and a process evaluation, which will consider how the program has been delivered. In addition, the RAA conducted a process evaluation of the program in August 2023.

Appendix 1 – Responses from audited agencies

Appendix 2 – Program compliance with the Grants Administration Guide

Appendix 3 – About the audit

Appendix 4 – Performance auditing

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #405 released 20 May 2025.

About this report

The report presents the results of the local government sector financial audits for the year ended 30 June 2024.

Audit results

Unqualified audit opinions were issued for 124 (of 128) councils, 8 (of 9) county councils, and 11 (of 13) joint organisations.

Disclaimers of opinion were issued for Glen Innes Severn Council and the New England Weeds Authority.

Qualified audit opinions were issued for Snowy Valleys Council and Moree Plains Shire Council.

Timeliness improved as 88% of councils lodged their audited financial statements by the statutory deadline of 31 October (67% in the previous year).

Findings

Financial sustainability is a concern for some councils

There were 35 councils that met none or just one of the three key financial sustainability benchmarks. Sixteen councils have insufficient cash and investments, not subject to external restrictions, to meet three months of their expenses (excluding depreciation and interest).

Revenue growth lags expenditure growth after adjusting for inflation, resulting in negative growth in real terms.

About 40% of councils did not break even in 2023–24.

Cyber security remains a risk

Cyber security controls have improved, especially regarding cyber governance. However, control gaps were identified in cyber security training and risk management of third-party systems.

Recommendations

• The Department of Planning, Housing and Infrastructure should reduce councils’ financial reporting burden, and remove non-value-adding disclosures from financial statements.
• Councils should perform more robust month-end processes, quality reviews of financial statements and supporting working papers before they are submitted for audit.

Financial reporting is an important element of good governance. Confidence in, and transparency of, local government decision-making is enhanced when financial reporting is accurate and timely.

This chapter outlines the financial reporting audit results of councils, county councils and joint organisations.

Financial sustainability is the ability to meet current and future financial obligations without reducing essential services or borrowing money to fund successive operational deficits. This is achieved by ensuring that over the medium and longer term, revenue is sufficient to cover expenses, cash flow and risks are well managed, long-term financial planning is effective and sources of revenue are diverse.

Councils are required to prepare long-term financial plans to help ensure they remain financially viable. Benchmarks established by the OLG are used to assess past performance and indicate areas where councils are under pressure.

The graphs and tables presented in this chapter are prepared from councils’ financial statement data and in many cases represent averages of the metropolitan, regional and rural councils.

Governance is the framework of rules, processes and systems that enable organisations to achieve goals and comply with legal requirements. Good governance promotes public confidence in the integrity and effectiveness of councils’ systems and operations. A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations, and support ethical government.

This chapter outlines our findings on internal controls and governance across councils, county councils and joint organisations.

Financial audits focus on the key internal controls and governance that support the preparation of financial statements. Breakdowns and weaknesses in internal controls can increase the risk of fraud and error. Our management letters report deficiencies in internal controls, matters of governance interest and unresolved issues to those charged with governance. These letters also include risk ratings, implications, recommendations and management responses.

This chapter focuses on the cyber security environment for councils, how they have assessed and responded to the relevant risks, and the extent to which they have implemented or plan to implement controls. We also focus on how councils educate and raise awareness of cyber security risks for those with access to their IT systems and information.

The Audit Office’s Annual Work Program

Each year, the Audit Office’s Annual Work Program includes an ongoing strategic assessment of the risks and challenges facing government. It outlines future focus areas for financial audits, as well as planned performance audit topics published as a three-year rolling program. We aim to inform the NSW Parliament, the public sector and the community about key risks we identify, as well as priorities and expected timeframes for delivering our work. This helps give our stakeholders the best opportunity to prepare for, and engage with, our audits.

Our financial audit program for local government includes:

• assessments of controls and governance on cyber security
• analyses of financial sustainability
• reporting of findings and recommendations.

Audits will target the efficient and responsible use of public resources

The Government Sector Audit Act 1983 provides that the Auditor-General may have regard to the wastage of public resources in the exercise of their functions and may deal with reports made by public officials about serious and substantial waste of public money. The Audit Office defines serious and substantial waste as the uneconomical, inefficient or ineffective use of resources, whether authorised or unauthorised, and which could result in a loss of public funds or resources.

Waste can result in an opportunity cost for councils where money could have been used for better purposes, or better spent on achieving the same purpose. Waste can also lead to higher costs being incurred to address failings in either procurement, budgeting or contract management.

Our audits may focus on whether procurement practices, budgeting and contract management have effectively reduced waste.

Our performance audit program for local government includes the following performance audits in progress.

Coastal management reforms

The coast is one of NSW’s greatest assets and is home to nearly 85% of the state’s population. The NSW Government has established a framework to manage the coastal environment in a sustainable way for the wellbeing of the people of NSW. The key policy instruments are the Coastal Management Act 2016, under which local councils in the coastal zone prepare coastal management programs, and the State Environmental Planning Policy (Resilience and Hazards) 2021.

The Department of Climate Change, Energy and Water (DCCEEW) and the DPHI oversee and facilitate implementation of the coastal management framework by local councils.

This audit will answer the following questions:

• Are the DCCEEW and the DPHI effectively overseeing and facilitating councils’ implementation of the coastal management framework?
• Have councils effectively developed plans and priorities for coastal management?

Long-term financial planning

Sustainable financial management is a significant risk and priority for the local government sector. Under the legislative and policy requirements, all NSW local councils must prepare and adopt a long-term financial plan. This plan should reflect and inform decision-making for important processes like longer-term strategic planning, and immediate and short-term budget processes.

This audit will assess whether selected local councils have established effective and compliant long-term financial plans that promote financial sustainability and reflect their communities’ priorities for services and assets.

Appendix 1 – Response from the Office of Local Government within the Department of Planning, Housing and Infrastructure

Appendix 2 – Status of previous recommendations

Appendix 3 – Status of audits

Appendix 4 – Council liquidity

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What this report is about

Results of the local government sector financial statement audits for the year ended 30 June 2023.

Findings

Unqualified audit opinions were issued for 85 councils, eight county councils and 12 joint organisations.

Qualified audit opinions were issued for 36 councils due to non-recognition of rural firefighting equipment vested under section 119(2) of the Rural Fires Act 1997.

The audits of seven councils, one county council and one joint organisation remain in progress at the date of this report due to significant accounting issues.

Fifty councils, county councils and joint organisations missed the statutory deadline of submitting their financial statements to the Office of Local Government, within the Department of Planning, Housing and Infrastructure, by 31 October.

Audit management letters included 1,131 findings with 40% being repeat findings and 91 findings being high-risk. Governance, asset management and information technology continue to represent 65% of the key areas for improvement.

Fifty councils do not have basic governance and internal controls to manage cyber security.

Recommendations

To improve quality and timeliness of financial reporting, councils should:

• adopt early financial reporting procedures, including asset valuations
• ensure integrity and completeness of asset source records
• perform procedures to confirm completeness, accuracy and condition of vested rural firefighting equipment.

To improve internal controls, councils should:

• track progress of implementing audit recommendations, and prioritise high-risk repeat issues
• continue to focus on cyber security governance and controls.

Pursuant to the Local Government Act 1993 I am pleased to present my Auditor-General’s report on Local Government 2023. My report provides the results of the 2022–23 financial audits of 121 councils, eight county councils and 12 joint organisations. It also includes the results of the 2021–22 audits for two councils and two joint organisations which were completed after tabling of the Auditor-General’s report on Local Government 2022. The 2022–23 audits for eight councils, one county council and one joint organisation remain in progress due to significant accounting issues.

This will be my last consolidated report on local councils in NSW as my term as Auditor-General ends in April. Without a doubt, the change in mandate to make me the auditor of the local government sector has been the biggest challenge in my term. Challenging for councils as they adjust to consistent audit arrangements and for the staff of the Audit Office of NSW as they learn about the issues facing NSW councils.

The change in mandate aimed to improve the quality of financial management and reporting across the sector. This will take time. But this report does show some ‘green shoots’ with more councils submitting financial reports to the Office of Local Government by 31 October and more councils having Audit, Risk and Improvement Committees. 

I also want to acknowledge that councils face significant challenges responding to and recovering from emergency events whilst cost and resourcing pressures have been persistent.

The findings from our audits identify opportunities to further improve timeliness and quality of financial reporting and integrity of systems and processes. The recommendations in this report are also intended to improve financial management and reporting capability, encourage sound governance, and boost cyber resilience.

Margaret Crawford PSM
Auditor-General for New South Wales

Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines audit observations related to the financial reporting audit results of councils, county councils and joint organisations.

A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations, and support ethical government.

This chapter outlines the overall trends in governance and internal controls across councils, county councils and joint organisations in 2022–23.

Financial audits focus on key governance matters and internal controls supporting the preparation of councils’ financial statements. Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues are reported to management and those charged with governance through audit management letters. These letters include our observations with risk ratings, related implications, and recommendations.

Appendix one – Response from the Office of Local Government within the Department of Planning, Housing and Infrastructure

Appendix two – NSW Crown Solicitor’s advice

Appendix three – Status of previous recommendations

Appendix four – Status of audits

Appendix five – Councils received qualified audit opinions for non-recognition of rural firefighting equipment

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What this report is about

Results of the Regional NSW financial statements audits for the year ended 30 June 2023.

What we found

Unqualified audit opinions were issued on all completed audits in the Regional NSW portfolio agencies.

The number of monetary misstatements identified in our audits increased from 28 in 2021–22 to 30 in 2022–23.

What the key issues were

Effective 1 July 2023, staff employed in the Northern Rivers Reconstruction Corporation Division of the Department of Regional NSW transferred to the NSW Reconstruction Authority Staff Agency.

The Regional NSW portfolio agencies were migrated into a new government wide enterprise resourcing planning system.

The total number of audit management letter findings across the portfolio of agencies decreased from 36 to 23.

A high risk matter was raised for the NSW Food Authority to improve the internal controls in the information technology environment including monitoring and managing privilege user access.

What we recommended

Local Land Services should prioritise completing all mandatory early close procedures.

Portfolio agencies should:

• ensure any changes to employee entitlements are assessed for their potential financial statements impact under the relevant Australian Accounting Standards
• prioritise and address internal control deficiencies identified in audit management letters.

This report provides Parliament and other users of the Regional NSW portfolio of agencies financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Regional NSW portfolio of agencies (the portfolio) for 2023.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Regional NSW portfolio.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What this report is about

Results of the Premier and Cabinet portfolio of agencies' financial statement audits for the year ended 30 June 2023.

What we found

Unqualified audit opinions were issued for all Premier and Cabinet portfolio agencies.

What the key issues were

The Administrative Arrangements Orders, effective 1 July 2023, changed the name of the Department of Premier and Cabinet to the Premier's Department and transferred parts of Department of Premier and Cabinet to The Cabinet Office.

The number of monetary misstatements identified in our audits decreased from 15 in 2021–22 to 12 in 2022–23.

The total number of management letter findings across the portfolio of agencies increased from ten in 2021–22 to 20 in 2022–23.

Thirty per cent of all issues were repeat issues. The most common repeat issues related to deficiencies in controls over financial reporting.

What we recommended

Portfolio agencies should:

• ensure any changes to employee entitlements are assessed for their potential financial statements impact under the relevant Australian Accounting Standards
• prioritise and address internal control deficiencies identified in Audit Office management letters.

This report provides Parliament and other users of the Premier and Cabinet portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Premier and Cabinet portfolio of agencies (the portfolio) for 2023.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Premier and Cabinet portfolio.

Appendix one – Early close procedures

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What the report is about

This report analyses the internal controls and governance of the 25 largest agencies in the NSW public sector, excluding state-owned corporations and public financial corporations, for the year ended 30 June 2022.

What we found

Internal control trends

The proportion of control deficiencies identified as high-risk this year increased to 8.2% (5.9% in 2020–21). Sixteen of the 23 high-risk findings related to financial controls while seven related to IT controls.

Repeat findings of control deficiencies now represent 48% of all findings (47% in 2020–21).

Information technology

There continues to be a high number of deficiencies relating to IT general controls, particularly around user access reviews, which affected 56% of agencies.

Cyber security

Agencies' self-assessed maturity levels against the NSW Cyber Security Policy mandatory requirements are lower than target levels. Overall, maturity levels against the Australian Cyber Security Centre's Essential Eight controls have not improved since last year.

Management of cyber risks relating to third party IT service providers should be improved. IT service providers may pose risks to the agency if the provider's cyber security controls have weaknesses.

Consultants and contractors

Agencies risk over-reliance on the same consultants and contractors. A quarter of agencies have re-engaged the same contractor over the past five years.

Employment screening Twenty-four per cent of agencies have not complied with the employment screening requirements of the Government Sector Employment Act 2013 with regard to citizenship or residency. Screening and induction practices for non-permanent workers are often less stringent than for permanent employees. This can pose increased risks to an entity of not detecting applicants with false credentials or a history of corrupt conduct.

Contract management

Half of all agencies' procurement contract registers are incomplete, which is non-compliant with the Government Information (Public Access) Act 2009.

What we recommended

Agencies should:

• prioritise actions to address repeat control deficiencies
• prioritise improvements to their cyber security and resilience
• reinforce mandatory cyber training to all staff and improve completion rates
• ensure that contractor engagements that have been renewed over multiple years are periodically reassessed against the market.

Internal controls are processes, policies and procedures that help agencies to:

• operate effectively and efficiently
• produce reliable financial reports
• comply with laws and regulations
• support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year's controls and governance findings in more detail.

For consistency and comparability, we have adjusted the 2021 results to incorporate additional audit findings that were reported after the date of the 'Internal controls and governance 2021' report. Therefore, the 2021 figures will not necessarily align with those reported in our 2021 report.

This section also covers how agencies have complied with TD 21-04 during 2021–22.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agency controls to manage key financial systems.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' cyber security planning and governance arrangements.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' practices in engaging external experts, such as consultants and contractors.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' employment screening practices.

This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' contract management processes.

What the report is about

Result of the Regional NSW cluster agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for Regional NSW cluster agencies. Two audits are ongoing.

What the key issues were

The Department of Regional NSW (the department) and Local Land Services (LLS) accepted changes to their office leasing arrangements managed by Property NSW.

These changes resulted in the collective derecognition of $100.6 million of rights-of-use-assets and $110.4 million of lease liabilities.

In 2021–22, the cluster agencies continued to assist communities in their recovery from recent weather emergencies, including significant flooding in New South Wales.

The Northern Rivers Reconstruction Corporation was established in May 2022 to rebuild communities in the Lismore and Northern Rivers region impacted by floods.

The number of matters reported to management decreased from 36 in 2020–21 to 14 in 2021–22.

Five moderate risk issues were identified and 14% of reported issues were repeat issues.

One moderate risk issue was a repeat issue related to Local Land Services' annual fair value assessment of the asset improvements on land reserves used for moving stock.

This report provides Parliament and other users of the Regional NSW cluster financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Regional NSW cluster (the cluster) for 2022.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Regional NSW cluster.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

What the report is about

In this report, we have analysed the key findings and recommendations from our audit reports over the past four years.

This analysis includes financial audits, performance audits, and compliance audits of state and local government entities that were tabled in NSW Parliament between July 2018 and February 2022.

The report is framed by recognition that the past four years have seen significant challenges and emergency events.

The scale of government responses to these events has been wide-ranging, involving emergency response coordination, service delivery, governance and policy.

The report is a resource to support public sector agencies and local government to improve future programs and activities.

What we found

Our analysis of findings and recommendations is structured around six key themes:

• Integrity and transparency
• Performance and monitoring
• Governance and oversight
• Cyber security and data
• System planning for disruption
• Resource management.

The report draws from this analysis to present recommendations for elements of good practice that government agencies should consider in relation to these themes. It also includes relevant examples from recent audit reports.

In this report we particularly call out threats to the integrity of government systems, processes and governance arrangements.

The report highlights the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit.

A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.

I am pleased to present the Audit Insights 2018–2022 report. This report describes key findings, trends and lessons learned from the last four years of audit. It seeks to inform the New South Wales Parliament of key risks identified and to provide insights and suggestions to the agencies we audit to improve performance across the public sector.

The report is framed by a very clear recognition that governments have been responding to significant events, in number, character and scale, over recent years. Further, it acknowledges that public servants at both state and council levels generally bring their best selves to work and diligently strive to deliver great outcomes for citizens and communities. The role of audit in this context is to provide necessary assurance over government spending, programs and services, and make suggestions for continuous improvement.

A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.

However, in this report we particularly call out threats to the integrity of government systems, processes and governance arrangements. We highlight the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit. Arguably, these considerations are never more important than in an increasingly complex environment and in the face of significant emergency events and they will be key areas of focus in our future audit program.

While we have acknowledged the challenges of the last few years have required rapid responses to address the short-term impacts of emergency events, there is much to be learned to improve future programs. I trust that the insights developed in this report provide a helpful resource to public sector agencies and local government across New South Wales. I would be pleased to receive any feedback you may wish to offer.

Margaret Crawford
Auditor-General for New South Wales

This report brings together a summary of key findings arising from NSW Audit Office reports tabled in the New South Wales Parliament between July 2018 and February 2022. This includes analysis of financial audits, performance audits, and compliance audits tabled over this period.

• Financial audits provide an independent opinion on the financial statements of NSW Government entities, universities and councils and identify whether they comply with accounting standards, relevant laws, regulations, and government directions.
• Performance audits determine whether government entities carry out their activities effectively, are doing so economically and efficiently, and in accordance with relevant laws. The activities examined by a performance audit may include a selected program or service, all or part of an entity, or more than one government entity. Performance audits can consider issues which affect the whole state and/or the local government sectors.
• Compliance audits and other assurance reviews are audits that assess whether specific legislation, directions, and regulations have been adhered to.

This report follows our earlier edition titled 'Performance Audit Insights: key findings from 2014–2018'. That report sought to highlight issues and themes emerging from performance audit findings, and to share lessons common across government. In this report, we have analysed the key findings and recommendations from our reports over the past four years. The full list of reports is included in Appendix 1. The analysis included findings and recommendations from 58 performance audits, as well as selected financial and compliance reports tabled between July 2018 and February 2022. The number of recommendations and key findings made across different areas of activity and the top issues are summarised at Exhibit 1.

The past four years have seen unprecedented challenges and several emergency events, and the scale of government responses to these events has been wide-ranging involving emergency response coordination, service delivery, governance and policy. While these emergencies are having a significant impact today, they are also likely to continue to have an impact into the future. There is much to learn from the response to those events that will help the government sector to prepare for and respond to future disruption. The following chapters bring together our recommendations for core elements of good practice across a number of areas of government activity, along with relevant examples from recent audit reports.

This 'Audit Insights 2018–2022' report does not make comparative analysis of trends in public sector performance since our 2018 Insights report, but instead highlights areas where government continues to face challenges, as well as new issues that our audits have identified since our 2018 report. We will continue to use the findings of our Insights analysis to shape our future audit priorities, in line with our purpose to help Parliament hold government accountable for its use of public resources in New South Wales.

Appendix one – Included reports, 2018–2022

Appendix two – About this report

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Water regulation aims to achieve sustainable environmental, economic and social outcomes from the management of water resources, consistent with the Water Management Act 2000. Following recommendations from reviews into water theft, reforms were made to strengthen water regulation, compliance and enforcement – including the establishment of the Natural Resources Access Regulator (NRAR) in 2018. The Department of Climate Change, Energy, the Environment and Water shares responsibility for issuing water access licences and approvals with the state-owned corporation, WaterNSW.

This audit will assess how effectively the relevant agencies are undertaking planning, licensing and regulatory functions to ensure secure, sustainable and transparent water sharing in NSW. This topic may also consider how effectively the department has implemented reforms to enhance water metering technology and rules, and the efficacy of NRAR’s activities to support this program.

What the report is about

The report examined whether NSW Treasury, Service NSW and the Department of Customer Service effectively administered grants programs funded under the $750 million Small Business Support Fund, including:

• $10,000 Small Business Support Grant
• $3,000 Small Business Recovery Grant.

What we found

The agencies effectively implemented the grants within required timeframes, reflecting the NSW Government’s decision to deliver urgent financial support to small businesses impacted by the COVID-19 pandemic.

NSW Treasury met urgent timeframes to design the grants and Service NSW made timely payments in line with the grants' objectives and eligibility criteria.

Service NSW and the Department of Customer Service strengthened processes to detect and minimise fraud in response to identified external fraud risks, and to investigate suspected fraudulent applications.

Fraud security checks and investigations are ongoing, and the agencies will not know the full extent of fraud across the grants until these processes have been completed.

The agencies regularly monitored and reported on the timeliness of payments to small business applicants but have not yet measured all benefits of the grants programs.

The $10,000 Support Grant and the $3,000 Recovery Grant have provided around $630 million in one off grant payments to eligible small businesses.

What we recommended

NSW Treasury should finalise and implement an evaluation of both grants programs, including obtaining feedback from businesses.

Service NSW should develop a framework that documents expected controls for how it administers grants, including business processes, fraud control and governance and probity requirements.

Service NSW should publish information on all grants programs, including grants distribution and uptake.

The Department of Customer Service should ensure its processes for managing conflicts of interest meets its policy requirements.

Upcoming performance audit

The Audit Office is conducting a further performance audit into grants administration for disaster relief focussing on bushfire grants. This is planned to complete in 2021-22.

Further information

Please contact Ian Goodwin, Deputy Auditor-General on 9275 7347 or by email.

The NSW Government responded to the partial shutdown of the NSW economy caused by the COVID-19 pandemic in 2020 by, among other measures, announcing on 3 April 2020 that it would place $750 million into the Small Business Support Fund (the Fund).

Under the Fund, the NSW Government would pay one-off grants of up to $10,000 to small business impacted by the shutdown. The objectives of the $10,000 Small Business Support Grant ($10,000 Support Grant) were to:

• ease the pressure on small businesses that have been affected by the COVID-19 pandemic
• support the ongoing operations of small businesses highly impacted by the COVID-19 restrictions
• deliver cash-flow into small businesses as soon as possible so that small businesses could meet pressing financial needs.

Grant applications were assessed against eligibility criteria that were determined by the NSW Government. The eligibility criteria for the $10,000 Support Grant required an employing small business to demonstrate it was significantly impacted by the COVID-19 pandemic by self-declaring or demonstrating a significant decline of 75 per cent or more in turnover compared to 2019. Documentation requirements were relaxed for small businesses within highly impacted industries.

In June 2020, the NSW Government announced a second round of one-off grants of up to $3,000 to small businesses that were highly impacted by the COVID-19 pandemic ($3,000 Recovery Grant). The objective of the $3,000 Recovery Grant was to help small businesses in 'highly impacted industries' — those directly impacted by the restrictions and closures put in place under the Public Health Orders — to meet the costs of safely reopening or scaling up operations.

The eligibility criteria for the $3,000 Recovery Grant required that a small business be in a highly impacted industry, demonstrate that it was significantly impacted by the COVID-19 pandemic by declaring a significant decline in turnover, and had costs associated with reopening under the 'COVID-Safe' requirements.

NSW Treasury and Service NSW implemented both grants on behalf of the NSW Government. The process of applying for a grant was intended to be quick and easy, with Service NSW using automated assessments and simple online application forms to process applications. Applicants applied for the $10,000 Support Grant through the Service NSW website between 14 April 2020 to 30 June 2020 and applied for the $3,000 Small Business Recovery Grant between 1 July 2020 and 31 August 2020.

At May 2021, around $520 million has been paid to over 52,500 grant applicants under the $10,000 Support Grant and around $109 million had been paid to around 36,700 grant applicants under the $3,000 Recovery Grant.

The Audit Office plans to undertake a performance audit into grants administration for disaster relief focussing on bushfire grants in 2021–22.

This audit assessed whether the grants funded under the $750 million Small Business Support Fund were effectively administered and implemented to provide disaster relief. It addressed the following questions:

• Were funded grants programs planned, designed and targeted effectively?
• Were funded grants programs implemented in line with the objectives and criteria and delivery requirements?
• Have agencies established measures to monitor intended benefits and outcomes?

This audit did not seek to assess the effectiveness of any other grant programs or stimulus measures. It also did not seek to assess the impact of the funding on applicants, or the future prospects of small businesses that received support.

1. Key findings

Around $630 million in timely one-off grant payments have been made to small businesses

Service NSW and NSW Treasury have paid around $630 million in one-off grant payments to small businesses via two grants administered under the $750 million Small Business Support Fund. At May 2021:

• around $520 million has been paid to over 52,500 grant applications received for the $10,000 Small Business Support Grant ($10,000 Support Grant)
• around $109 million has been paid to 36,700 grant applications received for the $3,000 Small Business Recovery Grant ($3,000 Recovery Grant).

Across both grants, over 65,000 small businesses received a payment across either grant, and over 23,000 businesses received payments under both grants.

NSW Treasury advise that, while no data was collected on the time to pay applicants for the $10,000 Support Grant, from its monitoring of the grants' outputs it was satisfied that payment timeframes met its expectations. Service NSW met its targeted time to pay applicants with payments made within ten days for the $3,000 Recovery Grant.

Funds for both grants were not fully spent due to limitations in data and uncertainty of the COVID-19 pandemic's impact. At May 2021, the final demand for the $10,000 Support Grant was around 30 per cent less than initially anticipated and the final demand for the $3,000 Recovery Grant was around 40 per cent less than initially anticipated.

NSW Treasury developed proposals establishing high level design and delivery expectations within rapid timeframes

NSW Treasury put forward proposals to the NSW Government for the two grants administered under the $750 million Small Business Support Fund. It met rapid timeframes for producing this advice: within one day for the $10,000 Support Grant and within four days for the $3,000 Recovery Grant. NSW Treasury's advice to the NSW Government on how to best target the total funding, eligibility criteria and the feasibility of delivering the grants through Service NSW was based on comparable grants programs – including the $10,000 Small Business Bushfire Support Grant – which at that time were ongoing.

The proposals established, at a high-level, the rationale for the grants, expected financial costs, risks and analysis on budget impacts, and confirmation that Service NSW could deliver the grants applications platform. NSW Treasury's demand projections were uncertain due to limited data in the early stages of the pandemic regarding potential economic impact.

Given the tight timeframes, the proposals did not fully consider all planning and design aspects for both grants. For example, there was minimal identification of the costs and benefits of the programs, and a lack of detailed design and delivery requirements. The proposals outlined that arrangements to finalise the risk management, controls, and auditing plan would be agreed by Service NSW and NSW Treasury before implementation.

In future circumstances where urgent advice on program design is required, NSW Treasury could set clearer expectations for the delivery agency, including fully considering costs, benefits and delivery requirements that could be carried through to project governance and implementation.

Service NSW implemented both grants in line with delivery expectations

Service NSW met urgent timeframes to stand-up both grants: 11 days for the $10,000 Support Grant and 26 days for the $3,000 Recovery Grant. Delivery expectations for each grant were established under a grant project agreement (grant agreement). Service NSW delivered the online application platform, assessment of applications, payments and reporting of the grants' uptake as per the grant agreements.

The urgent timeframes to deliver the grants contributed to gaps in Service NSW's project and risk management processes throughout the lifecycle of both grants. For example, the requirement to meet pressing timeframes for the $10,000 Support Grant launch meant agencies had reduced time to achieve sign-off on key documentation. As a result, important documents and processes – including the grant agreement, risk documentation and key business process and quality assurance processes – were not finalised ahead of launch.

Quality assurance and compliance processes for detecting fraud were not settled until after the conclusion of the applications for the $10,000 Support Grant, and were not completed until late 2020. Some project documents, including risk registers, communication plans and project briefs are still not finalised.

The longer timeframe to develop the $3,000 Recovery Grant meant that agencies were able to build on their understanding of the implementation requirements from the $10,000 Support Grant, and better document these expectations and understanding while ensuring that key documents and sign-offs were in place prior to launch.

Service NSW tightened its risk management and controls in response to evidence of fraudulent applications

In May 2020, Service NSW and the Department of Customer Service (DCS) were alerted to suspected fraudulent activity within grants administered by Service NSW. Initially, Service NSW anticipated that up to $8.8 million of the $10,000 Support Grant was at risk of exposure to fraudulent applications. However, Service NSW reported that, at April 2021, $1.9 million for the $10,000 Support Grant and $254,000 for the $3,000 Recovery Grant from paid applications were at risk of fraud exposure.

Following an internal review of the potential exposure to fraudulent or ineligible applications, Service NSW implemented additional automated security checks on applications, increased manual assessments of grant applications, established a dedicated taskforce for grants administration and engaged a unit within DCS to manage high-risk investigations.

Service NSW and DCS's increased governance and oversight has resulted in an established case management function, increased referrals to law enforcement, prioritised investigations of suspicious applications and the development of a 'Fraud Control Framework' aimed at addressing external fraud risks. Given Service NSW had limited experience in these processes in context of administering grant payments, such actions were an appropriate response.

Security checks and investigations of suspicious applications are ongoing. Service NSW will not know the full extent of fraud across the grants until these processes have been fully completed.

Service NSW and Department of Customer Service can improve how conflicts of interest are managed for future programs

Compliance with agency policies and processes to manage conflicts of interest and financial subdelegations demonstrates that investment decisions are being made by appropriately skilled and experienced staff, allowing agencies to operate efficiently, and reducing the risk of internal fraud.

DCS was unable to produce employee conflicts of interest declarations for the $10,000 Support Grant. Therefore, it is not known how many employees had completed conflicts of interest declarations for this round.

DCS provided information on conflicts of interest declarations for the $3,000 Recovery Grant. Twenty-nine per cent of declarations provided for employees undertaking grant assessments for the $3,000 Recovery Grant were incomplete at March 2021, and a further nine per cent were not finalised even though they indicated a real, potential or perceived conflict.

For future grants programs, ensuring compliance with conflicts of interest policies would help DCS and Service NSW to have greater confidence that conflicts of interest are appropriately identified and managed.

NSW Treasury has not yet measured all benefits or outcomes of the grants

In April 2021, NSW Treasury updated its evaluation plan for the $10,000 Support Grant and $3,000 Recovery Grant in support of an economic evaluation to commence from mid-2021. The updated evaluation plan outlines inputs, activities, and outputs as well as immediate, short term and medium term outcomes for both grants.

The evaluation will consider the extent to which both grants achieved their intended outcomes, and whether the economic benefits exceeded the costs to help inform decisions about the nature and design of any future small business support programs. This will complement, and feed into a broader review of all NSW Government COVID-19 stimulus measures.

Service NSW rapidly developed an approach to administer the grants

Over recent disasters, such as the 2019–20 bushfires and the COVID-19 pandemic, Service NSW has been responsible for administering grant programs on behalf of other government agencies.

Service NSW implemented both grants under its Project Management Framework and under each grant agreement with NSW Treasury as it does not have its own grants administration framework. To address the risks that emerged during delivery, Service NSW developed an approach to standardise and monitor the administration of the grants while they were being implemented.

Service NSW now has an opportunity to establish a grants administration framework, based on the processes, lessons and outcomes captured under the grants administration taskforce and in developing its fraud control framework. Embedding these processes into business as usual for grants administration will enable Service NSW to have a consistent set of expectations for controls, business processes and governance and probity requirements for future grants it implements.

2. Recommendations

By December 2021, NSW Treasury should:

1. finalise and implement an evaluation of the $10,000 Support Grant and $3,000 Recovery Grant, including obtaining direct feedback from businesses on how grant funds achieved the grant objectives.

By December 2021, Service NSW should:

2. develop a grants administration framework, which documents expected controls – including fraud controls – business processes and governance and probity requirements

3. publish information on all grants programs, including grants distribution and uptake.

By December 2021, the Department of Customer Service should:

4. ensure its process for managing conflicts of interest meets policy requirements by:

• ensuring employees promptly declare any real, potential or perceived conflicts of interest
• annually producing a list of conflicts of interest for records retention purposes
• requiring a separate register of conflicts of interest declarations where a grant program is deemed as high risk.

3. Lessons for grants administered within urgent timeframes

The two grants this audit examined were administered within a context of urgent timeframes, and increased complexity and uncertainty about the impact of the COVID-19 pandemic. The following lessons are shared to assist sponsor and delivery agencies in administering future grants where rapid implementation is required.

Sponsor agencies should consider the following lessons:

1. develop an approach to define and measure benefits for rapidly developed programs and projects where a full business case and cost-benefit analysis is not feasible

2. establish common processes and expectations for co-administered grants:

• periodically assure agencies' capability to deliver grants programs
• agree and establish risk appetite statements with administering agencies
• clearly establish expected performance levels and targets under any agreement

3. review the processes and outcomes of rapidly developed programs, capture lessons learned, and apply these in planning and delivering future programs.

Delivery agencies should consider the following lessons:

1. risk management and risk appetite:

• perform robust assessment procedures to ensure risks associated with delivery of the project are identified
• ensure the controls implemented adequately address identified risks
• agree and document the acceptable risk appetite at the outset
• review risk management processes after the grants are issued when unable to finalise risk management processes ahead of launch

2. grant agreements between NSW public sector agencies:

• ensure agreements are finalised in a timely manner
• ensure agreements clearly outline:
  • roles and responsibilities of both parties,
  • changes in scope of services provided
  • fees and charges applicable

3. frameworks for grants administration:

• ensure that there is a common set of expectations in place to guide grants administration including standard controls and processes for managing risk, capturing lessons learned and reporting on outcomes.

Appendix one – Response from agencies

Appendix two – Summary of other COVID‑19 Stimulus and Support for small businesses in NSW in April 2020

Appendix three – Public Health Orders

Appendix four – Highly impacted industries

Appendix five – About the audit

Appendix six – Performance auditing

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #352 - released (24 June 2021).