Refine search Expand filter

Audit progress

- Any -

Sector

- Any -

Year

- Any -

Report type

- Any -

Topic

- Any -

Reports

Published

Effectiveness of SafeWork NSW in exercising its compliance functions

Finance
Industry
Health
Compliance
Internal controls and governance
Management and administration
Procurement
Project management
Regulation
Risk

What this report is about 

This report assesses how effectively SafeWork NSW, a part of the Department of Customer Service (DCS), has performed its regulatory compliance functions for work health and safety in New South Wales. 

The report includes a case study examining SafeWork NSW's management of a project to develop a realtime monitoring device for airborne silica in workplaces. 

Findings 

There is limited transparency about SafeWork NSW's effectiveness as a regulator. The limited performance information that is available is either subsumed within DCS reporting (or other sources) and is focused on activity, not outcomes. 

As a work health and safety (WHS) regulator, SafeWork NSW lacks an effective strategic and data-driven approach to respond to emerging WHS risks. 

It was slow to respond to the risk of respirable crystalline silica in manufactured stone. 

SafeWork NSW is constrained by an information management system that is over 20 years old and has passed its effective useful life. 

While it has invested effort into ensuring consistent regulatory decisions, SafeWork NSW needs to maintain a focus on this objective, including by ensuring that there is a comprehensive approach to quality assurance. 

SafeWork NSW's engagement of a commercial partner to develop a real-time silica monitoring device did not comply with key procurement obligations. 

There was ineffective governance and process to address important concerns about the accuracy of the real-time silica monitoring device. 

As such, SafeWork NSW did not adequately manage potential WHS risks. 

Recommendations 

The report recommended that DCS should: 

  • ensure there is an independent investigation into the procurement of the research partner for the real-time silica detector 
  • embed a formal process to review and set its annual regulatory priorities 
  • publish a consolidated performance report 
  • set long-term priorities, including for workforce planning and technology uplift 
  • improve its use of data, and start work to replace its existing complaints handling system 
  • review its risk culture and its risk management framework 
  • review the quality assurance measures that support consistent regulatory decisions

 

Read the PDF report.

Parliamentary reference - Report number #390 - released 27 February 2024
 

Published

Health 2023

Health
Whole of Government
Asset valuation
Compliance
Financial reporting
Information technology
Internal controls and governance
Project management
Regulation
Risk
Shared services and collaboration
Workforce and capability

What this report is about

Results of the Health portfolio of agencies' financial statement audits for the year ended 30 June 2023.

The audit found

Unmodified audit opinions were issued for all Health portfolio agencies' financial statements. 

The number of monetary misstatements increased in 2022–23, driven by key accounting issues, including the first-time recognition of paid parental leave and plant and equipment fair value adjustments. 

The key audit issues were 

NSW Health identified errors regarding the recognition and calculation of long service leave entitlements for employees with ten or more years of service that had periods of part time service in the first ten years, resulting in prior period restatements. 

Comprehensive revaluation of buildings at the Graythwaite Charitable Trust found errors in the previous year's valuation, resulting in prior period restatements. 

New parental leave legislation increased employee liabilities for portfolio agencies. The Ministry of Health corrected the consolidated financial statements to record parental leave liabilities for all agencies within the Health portfolio.   

A repeat high-risk issue relates to processing time records by administrators that have not been reviewed prior to running the pay cycle.   

Thirty per cent of reported issues were repeat issues. 

The audit recommended 

Portfolio agencies should ensure any changes to employee entitlements are assessed for their potential financial statements impact under the relevant Australian Accounting Standards. 

Portfolio agencies should address deficiencies that resulted in qualified reports on:   

  • the design and operation of shared service controls
  • prudential non-compliance at residential aged care facilities.

 

This report provides Parliament and other users of the Health portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Health portfolio of agencies (the portfolio) for 2023.

Section highlights

  • Unqualified audit opinions were issued for all portfolio agencies required to prepare general purpose financial statements.
  • The total number of errors (including corrected and uncorrected) in the financial statements increased compared to the prior year.
  • The Ministry of Health retrospectively corrected an $18.9 million adjustment in its financial statements relating to long service leave entitlements for certain employees.
  • Graythwaite Charitable Trust retrospectively corrected a $4.2 million adjustment in its financial statements related to prior period valuations. 

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines observations and insights from our financial statement audits of agencies in the Health portfolio.  

 Section highlights 

  • The 2022–23 audits identified one high-risk and 57 moderate risk issues across the portfolio.
  • The high-risk matter related to the forced-finalisation of time records.
  • The total number of findings increased from 67 to 111 in 2022–23.
  • Thirty per cent of the issues were repeat issues. Most repeat issues related to internal control deficiencies or non-compliance with key legislation and/or central agency policies.
  • Forced-finalisation of time records, accounting for the new paid parental leave provision and user access review deficiencies were the most commonly reported issues.
  • Qualified Assurance Practitioner's reports were issued on:
    • the design and operation of controls as documented by HealthShare NSW
    • the Ministry's Annual Prudential Compliance Statements in relation to residential aged care facilities.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

 

Published

Regional road safety

Transport
Health
Community Services
Internal controls and governance
Management and administration
Project management
Risk

What this report is about

Around one-third of the state’s population lives in regional NSW, but deaths on regional roads make up around two-thirds of the state’s road toll.

Transport for NSW (TfNSW) is responsible for managing road safety outcomes across the NSW road network. This audit assessed the effectiveness of TfNSW’s delivery of road safety strategies, plans and policies in regional areas.

The NSW Road Safety Action Plan 2022–2026 has the stated goal of ‘no death or serious injury occurring on the road transport network’ by 2050.

What we found

There is a disproportionate amount of trauma on regional roads, but there are no specific road safety plans or trauma reduction targets for regional NSW.

TfNSW advises that the setting of state-wide road safety targets is consistent with other jurisdictions and international best practice. However, the proportion of road fatalities and serious injuries in regional NSW is almost the same as ten years ago.

There is no regional implementation plan to assist TfNSW to target the Road Safety Action Plan 2026 to regional areas.

TfNSW considers that local road safety outcomes should be managed by councils, but only 52% of regional councils participated in its Local Government Road Safety Program (LGRSP) in 2022–23. This program has not been updated since 2014, despite commitments to do so in 2021 and 2022.

TfNSW has not undertaken a systematic and integrated analysis of the combined impact of its road safety strategies and plans in regional NSW since 2012.

TfNSW reports against the Community Road Safety Fund (CRSF) annually but there is no consolidated, public reporting on total road safety funding allocated to regional NSW. The Fund underspend increased from 12% in 2019–20 to 20% in 2022–23.

What we recommended

We recommended TfNSW:

  • develop a regional implementation plan to support the NSW Road Safety Action Plan, including a framework to annually measure, analyse and publicly report on progress
  • develop a plan to measure and mitigate risks causing underspend in the CRSF
  • expedite the review of the LGRSP including recommendations to increase involvement of regional councils.

Disclosure of confidential information

Under the Government Sector Audit Act 1983 (the Act), the Auditor-General may disclose confidential information if, in the Auditor-General’s opinion, the disclosure is in the public interest, and that disclosure is necessary for the exercise of the Auditor-General’s functions.

Confidential information in the Act means Cabinet information or information subject to legal privilege. This performance audit report contained confidential information.

The NSW Premier has certified that in his opinion the disclosure of the confidential information was not in the public interest.

The confidential information has been redacted from this report.

Under section 36A(2) of the Government Sector Audit Act 1983, the Auditor-General may authorise the disclosure of confidential information if, in the Auditor-General’s opinion, the disclosure is in the public interest and necessary for the exercise of the Auditor-General’s functions. Confidential information under the Government Sector Audit Act 1983 means Cabinet information, or information that could be subject to a claim of privilege by the State or a public official in a court of law. This performance audit report contained confidential information which, in the opinion of the Auditor-General, is in the public interest to disclose and that disclosure is necessary for the exercise of the Auditor-General’s functions.

On 26 October 2023, pursuant to section 36A(2)(b) of the Government Sector Audit Act 1983, the Auditor-General notified the NSW Premier of the intention to include this information in the published report, having formed the opinion that its disclosure is in the public interest and is necessary for the exercise of the Auditor-General’s functions.

On 23 November 2023, pursuant to section 36A(2)(c) of the Government Sector Audit Act 1983, the NSW Premier certified that, in his opinion, the proposed disclosure of the confidential information contained in this report was not in the public interest. The Premier’s certificate follows. Section 36A(4) states that a certificate of the Premier that it is not in the public interest to disclose confidential information is conclusive evidence of that fact.

The issuance of the certificate by the NSW Premier prevents the publication of this information. The relevant sections of the report containing confidential information have been redacted.

One-third of the New South Wales population resides in regional areas, but two-thirds of the state’s road crash fatalities take place on regional roads.

Between 2017 and 2021, the average number of fatalities for every 100,000 of the population living in regional New South Wales was 8.33 — approximately four times higher than the equivalent measure for Greater Sydney. Similarly, the average number of serious injuries in regional New South Wales over the same period was 75.24 per 100,000 of the population, compared with 50.53 in Greater Sydney. Further, more than 70% of people who lose their lives in accidents on regional roads are residents of regional areas.

Residents of regional areas face particular transport challenges. They often need to travel longer distances for work, health care, or recreation purposes, yet their public transport options are more limited than metropolitan residents. Vehicle safety is also an issue. According to the NSW Road Safety Progress Report 2021, of the light vehicles registered in New South Wales that were manufactured in or after 2000, 48.4% of light vehicles in regional areas had a five-star Australasian New Car Assessment Program (ANCAP) rating, compared to 54.8% in metropolitan areas. Road conditions in regional areas can also be more challenging for drivers.

Regional New South Wales covers 98.5% of the total area of the state. The road network in New South Wales is vast — spanning approximately 200,000 kilometres.

The road network includes major highways, state roads and local roads. Speed limits range from 10 km/hr in high pedestrian shared zones, up to 110 km/hr on high volume and critical road corridors. Eighty per cent of the network has a 100 km/h speed limit, which is mostly applied as a default speed limit, regardless of the presence of safety features and treatments.

Speed is the primary causal factor in more crashes in New South Wales than any other factor, and car crashes in regional areas are more likely to be fatal because of the higher average speeds involved.

The responsibility for managing road safety outcomes across the entire New South Wales road network lies with Transport for NSW (TfNSW), pursuant to Schedule 1 of the Transport Administration Act 1988.

While its safety responsibilities are state-wide, TfNSW does not own or directly manage all of the road network in regional New South Wales, which spans approximately 200,000 kilometres. Approximately 80% of the roads are classified as Local Roads and are administered and managed by local councils. Local councils also maintain Regional Roads that run through their local government areas. TfNSW is responsible for managing State Roads (approximately 20% of roads), which are major arterial roads. It also provides funding for councils to manage over 18,000 km (approximately 10%) of state-significant Regional Roads.

According to TfNSW, between 2016 and 2020, there were 9,776 people killed or seriously injured on roads in regional New South Wales. Adding to the tragic loss of life, according to TfNSW, the estimated cost to the community between 2016 and 2020 resulting from regional road trauma and fatalities was around $13.7 billion.

TfNSW also noted that the ‘risk of road trauma is pervasive, and a combination of effective road safety measures is required to systematically reduce this risk’.

TfNSW released its first long-term road-safety strategy in December 2012, which introduced the goal of ‘Vision Zero’ — a long-term goal of zero deaths or serious injuries on NSW roads. The terminology was changed to ‘Towards Zero’ in the 2021 Road Safety Plan and has been retained in the NSW Road Safety Action Plan 2022–2026. Towards Zero has the stated goal of ‘no death or serious injury occurring on the road transport network’ by 2050.

The objective of this audit is to assess the effectiveness of TfNSW’s delivery of ‘Towards Zero’ in regional areas.

In making this assessment, the audit examined whether TfNSW:

  • is effectively reducing the number of fatalities and serious injuries on regional roads
  • has an effective framework, including governance arrangements, for designing and refreshing the NSW Road Safety Strategy 2012–2021 and the NSW Road Safety Action Plan 2022–2026
  • effectively makes use of whole-of-government and other relevant sources of data to support decision-making, and to evaluate progress and outcomes
  • effectively manages accountabilities, including roles and responsibilities, with respect to road safety outcomes and the use of data.

This audit focused on the policies and strategies used by TfNSW for managing road safety outcomes in regional areas. We did not evaluate individual road safety projects, programs and initiatives as part of this audit.

Whilst Regional Roads and Local Roads (as defined by the Road Network Classifications) are owned and maintained by local councils, we included these roads in this audit as TfNSW may advise and assist councils to promote and improve road safety, as well as manage grant programs that focus on improving road safety outcomes on these roads. Hereafter, unless otherwise stated, references to ‘regional roads’ refer to all classifications of roads in the state which are in regional New South Wales, irrespective of their ownership.

Local councils in regional areas are key stakeholders for the purposes of this audit, and we interviewed eight as part of the audit process (noting that this was not intended to be a representative sample). Road asset management by local councils is also out of scope for this audit as it is the focus of a subsequent performance audit by the Audit Office of New South Wales.b

The Audit Office of New South Wales has undertaken several performance audits relating to road safety since 2009 and these have been referenced while undertaking this audit. They include:

  • Condition of State Roads (August 2006)
  • Improving Road Safety: Heavy Vehicles (May 2009)
  • Improving Road Safety: School Zones (March 2010)
  • Improving Road Safety: Speed Cameras (July 2011)
  • Regional Assistance Programs (May 2018)
  • Mobile speed cameras (October 2018)
  • Rail freight and Greater Sydney (October 2021).

Conclusion

TfNSW has acknowledged that there is a disproportionate amount of road trauma on regional roads in the NSW Road Safety Strategy 2012–2021, the NSW Road Safety Plan 2021, and the NSW Road Safety Action Plan 2022–2026. However, TfNSW has not articulated or evaluated a strategy for implementing road safety policy in regional New South Wales to assist in guiding targeted activities to address regional road trauma. There is also no transparency about the total amount of funding invested in improving road safety outcomes for regional New South Wales.

People living in regional New South Wales make up one-third of the state’s population, but deaths on regional roads make up around two-thirds of the state’s total road toll. This statistic is almost the same in 2023 as it was ten years ago when TfNSW released its first long-term road safety strategy.

More than 70% of people who died on roads between 2012 and 2022 in regional New South Wales were residents of regional areas. Speed is the greatest contributing factor to road fatalities and serious injuries across the entire state. However, it is responsible for more fatalities on regional roads (43%) than in Greater Sydney (34%).

TfNSW’s road safety strategies and plans acknowledge that most road fatalities occur in regional New South Wales but none of its existing strategies or plans show evidence of tailoring measures to suit particular regional settings or ‘hot spots’. There are infrastructure initiatives (such as Saving Lives on Country Roads) and behavioural programs targeting regional areas (such as Driver Reviver). However, these activities are not aligned to a regional-specific strategy or plan that addresses issues specific to regional areas.

TfNSW has state-wide responsibility for managing road safety outcomes. TfNSW advised the audit that a regional plan and regional trauma reduction targets are not needed as the state-wide plan and targets apply equally for all areas of New South Wales, and local road safety factors are best managed by local councils. TfNSW partners with local councils. However, only 52% of councils in regional New South Wales participate in TfNSW’s Local Government Road Safety Program, compared to 84% of councils in metropolitan areas. TfNSW has not undertaken any evaluations to determine whether projects completed under the Local Government Road Safety Program have reduced road trauma at the local level.

Notwithstanding the above points, TfNSW works with local councils (who are road authorities for local roads in their respective areas under the Roads Act 1993) and other key stakeholders such as the NSW Police Force to achieve the NSW Government’s road safety policy objectives.

TfNSW advised that ‘the setting of state-wide road safety targets is consistent with other jurisdictions and international best practice. Importantly, delivery of road safety countermeasures is tailored and applied with a focus on road user groups across all geographic locations to maximise trauma reductions’. There may be legitimate reasons for the existing approach, as articulated by TfNSW. However, the proportion of road fatalities in regional New South Wales roads has not reduced since 2012 – despite a long-term reduction in the overall number of deaths on the state’s roads between 2012–2021. The audit report has recommended that a regionally focused implementation plan could address this issue. TfNSW has accepted this report’s recommendation that such a plan be developed.

Specific road safety initiatives targeted to regional areas have not been implemented or expanded

Text removed pursuant to section 36A of the Government Sector Audit Act 1983 (NSW), in compliance with the issuance of a Premier’s certificate preventing the publication of this information.

TfNSW increased the use of other forms of automated enforcement (such as tripling enforcement hours in mobile speed cameras).
However, the use of automated enforcement has a strong metropolitan focus with most red light and fixed speed cameras being in metropolitan areas. Average speed cameras are the only camera type overwhelmingly located in regional areas but these apply only to heavy vehicles and are positioned on major freight routes. 

There is no consolidated, public reporting of what proportion of total road safety funding is directed to regional New South Wales each year. The main source of funding for road safety in New South Wales, the Community Road Safety Fund, has been underspent since 2019.

Fines from camera-detected speeding, red-light and mobile phone use offences are required to be used solely for road safety purposes through the Community Road Safety Fund (CRSF), as set out in the Transport Administration Amendment (Community Road Safety Fund) Act 2012.

The CRSF has been underspent every year since 2019–20. The underspend has increased from 12% in 2019–20 to 20% in 2022–23 where the full year underspend was forecasted to be $104 million. Of this underspend, $13.5 million was dedicated for regional road infrastructure projects. TfNSW advised the audit that much of the underspend is the result of delays to infrastructure projects due to COVID-19, bushfires, and floods, as well as skills shortages. However, TfNSW has not provided any evidence that it had a plan to mitigate these risks – meaning the level of underspend could continue to grow. TfNSW also advised ‘there is no reason to expect budget management and controls will not return to pre-COVID circumstances’.

In total, TfNSW received $700 million in funding for road safety in 2021–22 (including federal contributions and the Community Road Safety Fund). Of this, $411 million (or ~59%) was directed to regional New South Wales. This is the most recent comprehensive financial data that was provided by TfNSW to the audit team. The 2022–23 NSW Budget allocated $880 million for road safety in 2022–23, with a forecasted total allocation for road safety of $1.6 billion in recurrent expenses and $0.8 billion in capital expenditure over the period 2022–23 to 2025–26.

Appendix one – Response from Transport for NSW

Appendix two – The Safe Systems framework and NSW road safety strategies and plans

Appendix three – About the audit

Appendix four – Performance auditing

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #386 - released 30 November 2023

Published

Management of the Critical Communications Enhancement Program

Finance
Health
Justice
Whole of Government
Cyber security
Information technology
Infrastructure
Internal controls and governance
Project management
Risk
Service delivery
Shared services and collaboration

What the report is about

Effective radio communications are crucial to NSW's emergency services organisations.

The Critical Communications Enhancement Program (CCEP) aims to deliver an enhanced public safety radio network to serve the five emergency services organisations (ESOs), as well as a range of other users.

This report assesses whether the NSW Telco Authority is effectively managing the CCEP.

What we found

Where it has already been delivered (about 50% of the state), the enhanced network meets most of the requirements of ESOs.

The CCEP will provide additional infrastructure for public safety radio coverage in existing buildings agreed to with ESOs. However, radio coverage inside buildings constructed after the CCEP concludes will be at risk because building and fire regulations do not address the need for in-building public safety radio coverage.

Around 98% of radios connected to the network can be authenticated to protect against cloning, though only 42% are.

The NSW Telco Authority has not settled with ESOs on how call encryption will be used across the network. This creates the risk that radio interoperability between ESOs will not be maximised.

When completed, the public safety radio network will be the only mission critical radio network for ESOs. It is unclear whether governance for the ongoing running of the network will allow ESOs to participate in future network operational decisions.

The current estimated capital cost for the NSW Telco Authority to complete the CCEP is $1.293 billion. This is up from an estimated cost of $400 million in 2016. The estimated capital cost was not publicly disclosed until $1.325 billion was shown in the 2021–22 NSW Budget Papers.

We estimate that the full cost to government, including costs to the ESOs, of implementing the enhanced network is likely to exceed $2 billion.

We made recommendations about

  • The governance of the enhanced Public Safety Network (PSN) to support agency relationships.
  • The need to finalise a Traffic Mitigation Plan for when the network is congested.
  • The need to provide advice to the NSW Government about the regulatory gap for ensuring adequate network reach in future buildings.
  • The need to clarify how encryption and interoperability will work on the enhanced network.
  • The need for the NSW Telco Authority to comply with its policy on Infrastructure Capacity Reservation.
  • Expediting measures to protect against the risk of cloning by unauthenticated radios.

Public safety radio networks are critical for operational communications among Emergency Services Organisations (ESOs), which in New South Wales include:

  • NSW Ambulance
  • Fire and Rescue NSW
  • NSW Police Force
  • NSW Rural Fire Service
  • NSW State Emergency Service.1

Since 1993, these five ESOs have had access to a NSW Government owned and operated radio communications network, the Public Safety Network (PSN), to support their operational communications. Around 60 to 70 other entities also have access to this network, including other NSW government entities, Commonwealth government entities, local councils, community organisations, and utility companies.

Pursuant to the Government Telecommunications Act 2018 ('the Act'), the New South Wales Government Telecommunications Authority ('NSW Telco Authority') is responsible for the establishment, control, management, maintenance and operation of the PSN.2

Separate to the PSN, all ESOs and other government entities have historically maintained their own radio communication capabilities and networks. Accordingly, the PSN has been a supplementary source of operational radio communications for these entities.

These other radio networks maintained by ESOs and other entities are of varying size and capability, with many ageing and nearing their end-of-life. There was generally little or no interoperability between networks, infrastructure was often co-located and duplicative, and there were large gaps in geographic coverage.

In 2016, the NSW Telco Authority received dedicated NSW Government funding to commence the Critical Communications Enhancement Program (CCEP).

According to NSW Telco Authority's 2021–22 annual report, the CCEP is a transformation program for operational communications for NSW government agencies. The CCEP '…aims to deliver greater access to public safety standard radio communications for the State’s first responders and essential service agencies'. The objective of CCEP is to consolidate the large number of separate radio networks that are owned and operated by various NSW government entities and to enhance the state’s existing shared PSN. The program also aims to deliver increased PSN coverage throughout New South Wales.

The former NSW Government intended that as the enhanced PSN was progressively rolled-out across NSW, ESOs would migrate their radio communications to the enhanced network, before closing and decommissioning their own networks.

About this Audit

This audit assessed whether the CCEP is being effectively managed by the NSW Telco Authority to deliver an enhanced PSN that meets ESOs' requirements for operational communications.

We addressed the audit objective by answering the following two questions:

  1. Have agreed ESO user requirements for the enhanced PSN been met under day-to-day and emergency operational conditions?
  2. Has there been adequate transparency to the NSW Government and other stakeholders regarding whole-of-government costs related to the CCEP?

In answering the first question, we also considered how the agreed user requirements were determined. This included whether they were supported by evidence, whether they were sufficient to meet the intent of the CCEP (including in considering any role for new or alternative technologies), and whether they met any relevant technical standards and compliance obligations (including for cyber security resilience).

While other NSW government agencies and entities use the PSN, we focused on the experience of the five primary ESOs because these will be the largest users of the enhanced PSN.

Both the cost and time required to complete the CCEP roll-out have increased since 2016. While it was originally intended to be completed in 2020, this is now forecast to be 2027. Infrastructure NSW has previously assessed the reasons for the increases in time and cost. A summary of the findings made by Infrastructure NSW is presented in Chapter 1 of this report. Accordingly, as these matters had already been assessed, we did not re-examine them in this performance audit.

The auditee for this performance audit is the NSW Telco Authority, which is a statutory authority within the Department of Customer Service portfolio.

In addition to being responsible for the operation of the PSN, section 5 of the Act also prescribes that the NSW Telco Authority is:

  • to identify, develop and deliver upgrades and enhancements to the government telecommunications network to improve operational communications for government sector agencies
  • to develop policies, standards and guidelines for operational communications using telecommunications networks.

The NSW Telco Authority Advisory Board is established under section 10 of the Act. The role of the board is to advise the NSW Telco Authority and the minister on any matter relating to the telecommunications requirements of government sector agencies and on any other matter relating to the functions of the Authority. As of 2 June 2023, the responsible minister is the Minister for Customer Service and Digital Government.

The five identified ESOs are critical stakeholders of the CCEP and therefore they were consulted during this audit. However, the ESOs were not auditees for this performance audit.

Conclusion

In areas of New South Wales where the enhanced Public Safety Network has been implemented under the Critical Communications Enhancement Program, the NSW Telco Authority has delivered a radio network that meets most of the agreed requirements of Emergency Services Organisations for routine and emergency operations.
In April 2023, the enhanced Public Safety Network (PSN) was approximately 50% completed. In areas where it is used by Emergency Services Organisations (ESOs), the PSN generally meets agreed user requirements. This is demonstrated through extensive performance monitoring and reporting, which shows that agreed performance standards are generally achieved. Reviews by the NSW Government and the NSW Telco Authority found that the PSN performed effectively during major flood events in 2021 and 2022.

Where it is completed, PSN coverage is generally equal to or better than each ESO's individual pre-existing coverage. The NSW Telco Authority has a dedicated work program to address localised coverage gaps (or 'blackspots') in those areas where coverage has otherwise been substantively delivered. Available call capacity on the network far exceeds demand in everyday use. Any operational issues that may occur with the PSN are transparent to ESOs in real time.

The NSW Telco Authority consulted extensively with ESOs on requirements for the enhanced PSN, with relatively few ESO requirements not being included in the specifications for the enhanced PSN. Lessons from previous events, including the 2019–20 summer bushfires, have informed the design and implementation of the enhanced PSN (such as the need to ensure adequate backup power supply to inaccessible sites). The network is based on the Project 25 technical standards for mission-critical radio communications, which is widely-accepted in the public safety radio community throughout Australia and internationally.

There is no mechanism to ensure adequate radio coverage within new building infrastructure after the CCEP concludes, but the NSW Telco Authority and ESOs have agreed an approach to prioritise existing in-building sites for coverage for the duration of the CCEP.
The extent to which the PSN works within buildings and other built structures (such as railway tunnels) is of crucial importance to ESOs, especially the NSW Police Force, NSW Ambulance, and Fire and Rescue NSW. This is because a large proportion of their operational communications occurs within buildings.

There is no mechanism to ensure the adequacy of future in-building coverage for the PSN in new or refurbished buildings after the CCEP concludes. Planning, building, and fire regulations are silent on this issue. We note there are examples in the United States of how in-building coverage for public safety radio networks can be incorporated into building or fire safety codes.

In regard to existing buildings, it is not possible to know whether a building requires its own in-building PSN infrastructure until nearby outside radio sites, including towers and antennae, have been commissioned into the network. Only then can it be determined whether their radio transmissions are capable of penetrating inside nearby buildings. Accordingly, much of this work for in-building coverage cannot be done until outside radio sites are finished and operating.

In March 2023, the NSW Telco Authority and ESOs agreed on a list of 906 mandatory and 7,086

non-mandatory sites for in-building PSN coverage. Most of these sites will likely be able to receive radio coverage via external antennae and towers, however this cannot be confirmed until those nearby external PSN sites are completed. The parties also agreed on an approach to prioritising those sites where coverage is needed but not provided by antennae and towers. Available funding will likely only extend to ensuring coverage in sites deemed mandatory, which is nonetheless expected to meet the overall benchmark of achieving 'same or better' coverage than what ESOs had previously.

There is a risk that radio interoperability between ESOs will not be maximised because the NSW Telco Authority has not settled with ESOs how encryption will be used across the enhanced PSN.
End-to-end encryption of radio transmissions is a security feature that prevents radio transmissions being intercepted or listened to by people who are not meant to. The ability of the PSN to provide end-to-end encryption of operational communications is of critical importance to the two largest prospective users of the PSN: the NSW Police Force and NSW Ambulance. Given that encryption excludes other parties that do not have the requisite encryption keys, its use creates an obstacle to achieving a key intended benefit of the CCEP, that is a more interoperable PSN, where first responders are better able to communicate with other ESOs.

Further planning and collaboration between PSN participants are necessary to consider how these dual benefits can be achieved, including in what operational circumstances encrypted interoperability is necessary or appropriate.

The capital cost to the NSW Telco Authority of the CCEP, originally estimated at $400 million in 2016, was not made public until the 2021–22 NSW Budget disclosed an estimate of $1.325 billon.
The estimated capital cost to complete all stages of the CCEP increased over time. This increasing cost was progressively disclosed to the NSW Government through Cabinet processes between 2015–16 and 2021–22.

In 2016, the full capital cost to the NSW Telco Authority of completing the CCEP was estimated to be $400 million. This estimated cost was not publicly disclosed, nor were subsequent increases, until the cost of $1.325 billion was publicly disclosed in the 2021–22 NSW Budget (revised down in the 2022–23 NSW Budget to $1.293 billion).

There has been no transparency about the whole-of-government cost of implementing the enhanced PSN through the CCEP.
In addition to the capital costs incurred directly by the NSW Telco Authority for the CCEP, ESOs have incurred costs to maintain their own networks due to the delay in implementing the CCEP. The ESOs will continue to incur these costs until they are able to fully migrate to the enhanced PSN, which is expected to be in 2027. These costs have not been tracked or reported as part of transparently accounting for the whole-of-government cost of the enhanced PSN. This is despite Infrastructure NSW in 2019 recommending to the NSW Telco Authority that it conduct a stocktake of such costs so that a whole-of-government cost impact is available to the NSW Government.
1 The definition of 'emergency services organisation' is set out in the State Emergency and Rescue Management Act 1989 (NSW). In addition to the five ESOs discussed in this report, the definition also includes: Surf Life Saving New South Wales; New South Wales Volunteer Rescue Association Inc; Volunteer Marine Rescue NSW; an agency that manages or controls an accredited rescue unit; and a non-government agency that is prescribed by the regulations for the purposes of this definition.
2 Section 15(1) of the Government Telecommunications Act 2018 (NSW).

The NSW Telco Authority established and tracked its own costs for the CCEP

Over the course of the program from 2016, the NSW Telco Authority prepared a series of business cases and program reviews that estimated its cost of implementing the program in full, including those shown in Exhibit 6 below.

Exhibit 6: Estimated costs to fully implement the CCEP
Source Capital cost ($ million) Operating cost
($ million)		 Completion date
March 2016 business case 400 37.3 2020
November 2017 internal review 476.7 41.7 2022
March 2020 business case 950–1,050 -- 2025
October 2020 business case 1,263.1 56.1 2026
Source: CCEP business cases as identified.

In response to the 2016 CCEP business case, the then NSW Government approved the NSW Telco Authority implementing the CCEP in full, with funding provided in stages. The NSW Telco Authority tracked its costs against approved funding, with monthly reports provided to the multi-agency Program Steering Committee

Throughout the program, the NSW Government was informed of increasing costs being incurred by the NSW Telco Authority for the CCEP

The various business cases, program updates, and program reviews prepared by the NSW Telco Authority were provided to the NSW Government through the required Cabinet process when seeking approval for the program proceeding and requests for both capital and operational funding. These provided clear indication of the changing overall cost of the CCEP to the NSW Telco Authority, as well as the delays that were being experienced.

There was no transparency to the Parliament and community about changes in the capital cost of the CCEP until the 2021–22 NSW Budget

As the business cases for the CCEP were not publicly available, the only sources of information about capital cost were NSW Budget papers and media releases. The information provided in the annual Budget papers prior to the 2021–22 NSW Budget provided no visibility of the estimated full capital cost to complete all stages of the CCEP. As shown in Exhibit 7 below, this information was fragmented and complex.

Media releases about the progress of the CCEP did not provide the estimated total cost to the NSW Telco Authority of $1.325 billion to complete all stages of the CCEP until June 2021. Prior to this date, media releases only provided funding for the initial stages of the program or for the stages subject to a funding announcement.

Even during the September 2019 and March 2020 Parliamentary Estimate Committee hearings where the costings and delays to the CCEP were raised, the estimated full cost of the CCEP was not revealed.

Exhibit 7: CCEP funding in NSW Budget papers from 2015–16 to 2022–23
Financial year Type of major work Description of expenditure Forecast estimate to complete ($ million) Estimated duration
2015–16 New work Infrastructure Rationalisation Program: Planning and Pilot 18.3 2015–16
2016–17 Work in progress CCEP Planning and Pilot 18.3 2015–17
New work CCEP 45 2016–17
2017–18 New work CCEP 190.75 2017–21
2018–19 Work in progress CCEP North Coast and State-wide Detailed Design 190.75 2017–21
New work CCEP Greater Metropolitan Area 236 2018–22
2019–20 Work in progress CCEP 426.9 2018–22
2020–21 Work in progress CCEP 664.8 2018–22
2021–22 Work in progress CCEP 1,325 2018–26
2022–23 Work in progress CCEP 1,292.8 2018–26
Source: NSW Treasury, Annual State Budget Papers.

The original business case for the CCEP included estimated ESO costs, though these costs were not tracked throughout the program

Estimates for ESO costs for operating and maintaining their own radio networks over the four years from 2016–17 were included in the original March 2016 business case. They included $75.2 million for capital expenditure and $95 million for one-off operating costs. These costs, as well as costs incurred by ESOs due to the delay in the program, were not subsequently tracked by the NSW Telco Authority.

In January 2017, Infrastructure NSW reviewed the CCEP business case of March 2016. In this review, Infrastructure NSW recommended that the NSW Telco Authority identify combined and apportioned costs and cashflow for all ESOs over the CCEP funding period reflecting all associated costs to deliver the CCEP. These to include additional incidental capital costs accruing to ESOs, transition and migration to the new network and the cost (capital and operational) of maintaining existing networks. This recommendation was implemented in the November 2017 program review, with ESO capital costs estimated as $183 million.

In 2019, Infrastructure NSW conducted a Deep Dive Review on the progress of the CCEP. In this review, Infrastructure NSW made what it described as a 'critical recommendation' that the NSW Telco Authority:

…coordinate a stocktake of the costs of operational bridging solutions implemented by PSAs [ESOs] as a result of the 18-month delay, so that a whole-of-government cost impact is available to the NSW Government.  

It should be noted that the delay to CCEP completion now is seven years and that further ‘operational bridging solutions’ have been needed by the ESOs.

'Stay Safe and Keep Operational' costs incurred by ESOs will be significantly higher than originally estimated

Stay Safe and Keep Operational (SSKO) funding was established to provide funding to ESOs to maintain their legacy networks while the CCEP was refreshing and enhancing the PSN. This recognised that much of the network infrastructure relied on by ESOs had reached – or was reaching – obsolescence and would either require extensive maintenance or replacement before the PSN was available for ESOs to migrate to it. ESOs may apply to NSW Treasury for SSKO funding, with their specific proposals being reviewed (and endorsed, where appropriate) by the NSW Telco Authority. Accordingly, SSKO expenditure does not fall within the CCEP budget allocation.

As shown in the table below, extracted from the March 2016 CCEP business case, the total expected cost for SSKO purposes over the course of the CCEP was originally $40 million, assuming the enhanced PSN would be fully available by 2020.

Exhibit 8: Stay Safe and Keep Operational forecast costs, 2017 to 2020
Year 2017 2018 2019 2020 Total
SSKO forecast ($ million) 12.5 15 10 2.5 40
Source: March 2016 CCEP business case.

In October 2022, the expected completion date for the CCEP was re-baselined to August 2027. Accordingly, ESOs will be required to continue to maintain their radio networks using legacy equipment for seven years longer than the original 2020 forecast. This will likely become progressively more expensive and require additional SSKO funding. For example, NSW Telco Authority endorsed SSKO bids for 2022–23 exceeded $35 million for that year alone.

Compared to the original forecast made in the March 2016 CCEP business case of $40 million, we found ESOs had estimated SSKO spending to 2027 will be $292.5 million.

A refresh of paging network used by ESOs and the decommissioning of redundant sites were both removed from the original 2016 scope of the CCEP

Paging

A paging network is considered an important user requirement by the Fire and Rescue NSW, NSW Rural Fire Service, and NSW State Emergency Service. The 2016 CCEP business case included a paging network refresh within the program scope of works. This was reiterated in the November 2017 internal review of the program. These documents did not estimate a cost for this refresh. The March 2020 and October 2020 business cases excluded paging from the program scope. The audit is unable to identify when, why or by whom the decision was made to remove paging from the program scope, something that was also not well communicated to the affected ESOs.

In 2021, after representations from the affected ESOs, the NSW Telco Authority prepared a separate business case for a refresh of the paging network at an estimated capital cost of $60.31 million. This program was subsequently approved by the NSW Government and included in the 2022–23 NSW Budget.

In determining an estimated full whole-of-government cost of delivering the enhanced PSN, we have included the budgeted cost of the paging network refresh on the basis that:

  • it was expressly included in the original approved March 2016 business case
  • the capability is deemed essential to the needs of three ESOs.

Decommissioning costs

The 2016 CCEP business case included cost estimates for decommissioning surplus sites (whether ‘old’ GRN sites or sites belonging to ESOs’ own networks). These estimates were provided for both the NSW Telco Authority ($38 million) and for the ESOs ($55 million). However, while these estimates were described, they were not included as part of the NSW Telco Authority's estimated capital cost ($400 million) or (more relevantly) operating cost ($37.3 million) for the CCEP. This is despite decommissioning being included as one of eight planned activities for the rollout of the program.

In the October 2020 business case, an estimate of $201 million was included for decommissioning agency networks based on a model whereby:

  • funding would be coordinated by the NSW Telco Authority
  • scheduling and reporting through an inter-agency working group and
  • where appropriate, agencies would be appointed as the most appropriate decommissioning party.

This estimated cost is not included in the CCEP budget.

In determining an estimated full whole-of-government cost of the enhanced PSN, we have included the estimated cost of decommissioning on the basis that:

  • decommissioning was included in the 2016 CCEP business case as one of eight 'planned activities for the rollout of the program'
  • effective decommissioning of surplus sites and equipment (including as described in the business case as incorporating asset decommissioning, asset re-use, and site make-good) is an inherent part of the program management for an enhanced PSN
  • costs incurred in decommissioning are entirely a consequence of the CCEP program.

The estimated minimum cost of building an enhanced PSN consistent with the original proposal is over $2 billion

We have derived two estimated minimum whole-of-government costs for delivering an enhanced PSN. These are:

  • $2.04 billion when calculated from NSW Telco Authority data – shown as estimate A in Exhibit 9 below.
  • $2.26 billion when calculated from ESO supplied data – shown as estimate B in Exhibit 9.

Both totals include:

  • budgeted amounts for both CCEP capital expenditure ($1,292.8 million) and operating expenditure ($139 million)
  • the NSW Telco Authority's 2020 estimated cost for decommissioning ($201 million)
  • the NSW Telco Authority's approved funding for paging refresh ($60.3 million).

The two estimated totals primarily vary around the capital expenditure of ESOs (particularly SSKO funding). To determine these costs, we used ESO provided actual SSKO costs to date, as well as their estimates for maintaining their legacy radio networks through to 2027.

The equivalent cost estimates from the NSW Telco Authority were sourced from the November 2017 internal review and the October 2020 business case for CCEP. It should be noted that the amounts for both estimates are not audited, or verified, but do provide an indication of how whole-of-government costs have grown over the course of the program.

The increase in and reasons for the increase in total CCEP costs (capital and one-off operating) incurred or forecast by the NSW Telco Authority (from $437.3 million in 2016 to $1,431.8 million in 2022) have been provided to the NSW Government through various business cases and reviews prepared by the NSW Telco Authority, as well as by reviews conducted by Infrastructure NSW as part of its project assurance responsibilities.

However, the growth in ESO costs and other consequential costs, such as paging and decommissioning, from around $263 million in the 2016 CCEP business case to between $600 million and $800 million, has to a large degree remained invisible and unexplained to the NSW Government and other stakeholders

Exhibit 9: Estimated whole-of-government costs of the enhanced PSN
  Estimated whole-of-government cost, over time
Cost type 20161 20172 20203 2023–Estimate A4 2023–Estimate B5
$ million $ million $ million $ million $ million
CCEP capital expenditure 400a 476.7b 1,263.1c 1,292.8d 1,292.8d
CCEP operating expenditure 37.3a 41.7b 41.5e 139d 139d
CCEP total 437.3 518.4 1,304.6 1,431.8 1,431.8
ESO capital expenditure 75.2a,f 183b,e 75.4e 258.4g 292.5
ESO one-off operating expenditure 93a n.a.l 86.5e 86.5h 273
ESO total 168.2 183 161.9 344.9 565.5
Paging n.a.i n.a.i n.a.j 60.3k 60.3k
Decommissioning 93 n.a.l 201.0 201h 201
Paging and decommissioning total 93 n.a. 201 261.3 261.3
Whole-of-government total 698.5 701.4 1,667.5 2,038 2,258.6
Notes:
  1. Financial year 2016 to Financial year 2020.
  2. Financial year 2016 to Financial year 2021.
  3. Financial year 2016 to Financial year 2025.
  4. Financial year 2016 to Financial year 2026.
  5. Financial year 2022 to Financial year 2025.
  6. Stay Safe and Keep Operational (SSKO) costs plus terminals costs.
  7. November 2017 internal review and October 2020 Business case.
  8. October 2020 Business case.
  9. Included in CCEP capital expenditure at that time.
  10. By 2020, a refresh of the paging network had been removed from the CCEP scope.
  11. A separate business case for a refresh of the paging network was approved by government in 2022.
  12. Figure not included in the source document.
Sources:
  1. March 2016 CCEP business case.
  2. November 2017 Internal Review conducted by the NSW Telco Authority.
  3. October 2020 CCEP business case.
  4. Derived from business cases, with ESO costs drawn from NSW Telco Authority data.
  5. Derived from business cases, with ESO costs based on data provided to the Audit Office of New South Wales by each of the five ESOs.

Appendix one – Response from agency

Appendix two – Trunked public safety radio networks

Appendix three – About the audit

Appendix four – Performance auditing

 

 

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #383 - released 23 June 2023

 

Published

Health 2022

Health
Whole of Government
Asset valuation
Compliance
Cyber security
Financial reporting
Information technology
Infrastructure
Internal controls and governance
Management and administration
Procurement
Risk
Service delivery
Shared services and collaboration
Workforce and capability

What the report is about

Result of Health cluster (the cluster) agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for the financial statements for all Health cluster agencies.

The COVID-19 pandemic continued to increase the complexity and number of accounting matters faced by the cluster. The total gross value of corrected misstatements in 2021–22 was $353.3 million, of which $186.7 million related to an increase in the impairment provision for Rapid Antigen Tests (RATs).

A qualified audit opinion was issued on the Annual Prudential Compliance Statement related to five residential aged care facilities. There were 20 instances (19 in 2020–21) of non-compliance with the prudential responsibilities within the Aged Care Act 1997.

What the key issues were

The total number of matters we reported to management across the cluster decreased from 116 in 2020–21 to 67 in 2021–22. Of the 67 issues raised, four were high risk (three in 2020-21) and 37 were moderate risk (57 in 2020–21). Nearly half of all control deficiencies reported in 2021–22 were repeat issues.

Three unresolved high-risk issues were:

  • COVID-19 inventories impairment – we continued to identify issues relating to management’s impairment model which relies on anticipated future consumption patterns. RATs had not been assessed for impairment.

  • Asset capitalisation threshold – management has not reviewed the appropriateness of the asset capitalisation threshold since 2006.

  • Forced-finalisation of HealthRoster time records – we continued to observe unapproved rosters being finalised by system administrators so payroll can be processed on time. 2.6 million time records were processed in this way in 2021–22.

What we recommended

  • COVID-19 inventories impairment – ensure consumption patterns are supported by relevant data and plans.

  • Assets capitalisation threshold – undertake further review of the appropriateness of applying a $10,000 threshold before capitalising expenditure on property, plant and equipment.

  • Forced-finalisation of HealthRoster time records – develop a methodology to quantify the potential monetary value of unapproved rosters being finalised.

This report provides Parliament and other users of Health cluster (the cluster) agencies' financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

  • financial reporting

  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Health cluster (the cluster) for 2022.

Section highlights

  • Unqualified audit opinions were issued for all cluster agencies required to prepare general purpose financial statements.

  • The total gross value of corrected monetary misstatements for 2021–22 was $353.3 million, of which, $186.7 million related to an increase in the impairment provision for Rapid Antigen Tests.

  • A qualified audit opinion was issued on the ministry's Annual Prudential Compliance Statements.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the cluster.

Section highlights

  • The total number of internal control deficiencies has decreased from 116 in 2020–21 to 67 in 2021–22. Of the 67 issues raised in 2021–22, four were high (2020–21: 3) and 37 were moderate (2020–21: 57); with nearly half of all control deficiencies reported in 2021–22 being repeat issues.

  • The following four issues were reported in 2021–22 as high risk:

    • impairment of COVID-19 inventories

    • inadequate review over the appropriateness of asset capitalisation threshold

    • forced-finalisation of HealthRoster time records

    • COVID-19 vaccination inventories – data quality issue at 31 March 2022.

  • Management of excessive leave balances and poor quality or lack of documentation supporting key agreements continued to be the key repeat issues observed in the 2021–22 financial reporting period.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

New South Wales COVID-19 vaccine rollout

Health
Internal controls and governance
Management and administration
Project management
Risk
Service delivery

What the report is about

The Australian Government led and implemented the Australian COVID-19 vaccine rollout, with the support of state and territory governments. As part of the Australian Government's vaccine rollout, NSW Health launched its vaccination program on 22 February 2021, with responsibility for distributing and administering COVID-19 vaccine stock provided by the Australian Government.

This audit examined the period 1 January 2021 to 31 December 2021 and focused on NSW Health's contribution to the Australian Government led vaccine roll out in four Local Health Districts (LHDs), in particular the administration of two doses of vaccine to people aged 16 and over.

What we found

On 16 October 2021, NSW Health, in partnership with the Australian Government's vaccination program, achieved its first objective to fully vaccinate 80% of people in NSW aged 16 and over. Demand for the vaccine reduced in December 2021, and NSW Health did not reach its target of 95% fully vaccinated for people aged 16 and over until June 2022.

Despite challenges such as uncertain supply and changes to clinical advice affecting vaccine eligibility, NSW Health's overall delivery of vaccination services was effective and efficient.

During the audit period, NSW Health implemented effective strategies to allocate vaccines and reduce wastage to optimise the number of vaccines available.

NSW Health implemented its own booking system after it identified that the Australian Government's system would not manage bookings. There were problems with NSW Health's interim vaccine booking system, and NSW Health fully resolved these issues by September 2021.

As at 19 October 2022, vaccination rates for Aboriginal peoples and culturally and linguistically diverse people remained below the 95% target.

What we recommended

By June 2023, NSW Health should conduct a comprehensive review of the COVID-19 vaccine rollout and incorporate lessons learned into pandemic response plans.

The first three cases of COVID-19 in New South Wales were diagnosed in January 2020. By 30 June 2021, 128 people were being treated in hospital and one person was in intensive care. By the end of December 2021, 187,504 total cases and 663 deaths were reported in New South Wales. As at 27 October 2022, NSW Health reported more than three million total cases and 5,430 deaths.

The COVID-19 pandemic continues to have a significant impact on the people and the health sector of New South Wales. The Australian, state, territory, and local governments have directed significant resources towards health responses and economic recovery.

On 13 November 2020, National Cabinet (comprised of the Australian, state, and territory governments) endorsed the Australian COVID-19 Vaccination Policy. Australia's vaccination program was launched on 21 February 2021 with the goal of providing safe and effective vaccines to the people who most needed them as quickly as possible, to support the physical, mental and economic wellbeing of the nation.

The Australian Government led and implemented the Australian vaccine rollout, with the support of state and territory governments. As part of the Australian Government's vaccine rollout, NSW Health launched its vaccination program on 22 February 2021, with responsibility for distributing and administering COVID-19 vaccine stock provided by the Australian Government.

The overall objective of this audit was to assess the effectiveness and efficiency of NSW Health’s contribution to the Australian COVID-19 vaccine rollout. It is important to note that in New South Wales, primary care providers (GPs and pharmacies) and aged care providers administered the majority of vaccines. Primary care providers and aged care providers are the responsibility of the Australian Government.

The audit had a particular focus on whether NSW Health:

  • set clear vaccination targets underpinned and/or guided by evidence
  • managed the rollout of the vaccination program effectively and efficiently
  • managed demand of vaccines effectively and efficiently.

The audit examined the period 1 January 2021 to 31 December 2021 and focused on NSW Health's contribution to the Australian Government led vaccine rollout in four Local Health Districts (LHDs), in particular the administration of two doses of vaccine to people aged 16 and over. We did not audit the subsequent rollout for ages five to 15, or the booster rollout (third and fourth doses) as these activities mostly occurred outside the date of our review.

This audit also did not assess the Australian Government’s allocation of vaccine supplies to New South Wales because we do not audit the Australian Government's activities. On 17 August 2022, the Australian National Audit Office completed a performance audit which assessed the Australian Department of Health and Aged Care's effectiveness in the planning and implementation of Australia's COVID-19 vaccine rollout.

This audit is one of a series of audits that have been completed or are in progress regarding the New South Wales COVID-19 emergency response. This includes the planned performance audit ‘Coordination of the response to COVID-19 (June to November 2021)’, and financial audit assurance activities focusing on Local Health District processes and controls to manage the receipt, distribution and inventory management of vaccine stock. The Audit Office New South Wales '2022–25 Annual Work Program' details the ongoing focus our audits will have on providing assurance on the effectiveness of emergency responses.

Conclusion

By 12 December 2021, NSW Health had administered two doses of vaccines to one third of eligible people in New South Wales aged 16 and over – contributing significantly to the achievement of the NSW Government vaccination target of 80% fully vaccinated before 31 December 2021. Despite challenges such as uncertain supply and changes to clinical advice affecting vaccine eligibility, NSW Health's overall delivery of vaccination services was effective and efficient.

NSW Health implemented its own booking system after it identified that the Australian Government's system would not manage bookings. There were problems with NSW Health's interim vaccine booking system, and NSW Health fully resolved these issues by September 2021.

Vaccination levels in some vulnerable populations remain below the 95% double dose target currently in place. Access to quality data to regularly measure vaccination rates in some vulnerable populations remains an ongoing challenge for the NSW and Australian Governments. As a result, NSW Health is unable to fully ensure it has delivered on its shared responsibility with the Australian Government to vaccinate vulnerable people.

NSW Health managed challenges regarding the uncertain supply of vaccines from the Australian Government and filled gaps beyond its agreed responsibilities in the National Partnership on COVID-19 Response. During the Delta outbreak of the pandemic, NSW Health sought to achieve the best possible public health outcome from limited vaccine supply by opening up additional vaccination clinics in highly affected areas and redistributing vaccine supplies from areas with fewer cases to highly affected local government areas in south west Sydney.

During the audit period, NSW Health implemented effective strategies to allocate vaccines and reduce wastage to optimise the number of vaccines available. Our financial audit report, 'Health 2022', includes additional information on vaccine supply stock held by NSW Health.

NSW Health demonstrated agility by using a range of strategies to promote vaccination, including direct engagement with communities to develop culturally appropriate services such as pop-up clinics. NSW Heath recruited prominent community members, such as faith leaders, elders and sportspeople, to promote vaccination within their communities. However, at the date of this report, there are still vulnerable populations with vaccination rates lower than the current 95% double dose vaccination target. There is also a lack of regularly updated data for some cohorts which prevents NSW Health from accurately monitoring vaccination rates in some populations it has identified as vulnerable.

In March 2021, NSW Health identified that the booking system provided by the Australian Government was an online directory of vaccine clinics and would not manage bookings. To overcome this, NSW Health amended an internal-use system to be publicly facing. This solution was not user-friendly for staff or those seeking to make an appointment. Between June to September 2021, NSW Health progressively resolved booking system related issues, by developing and rolling out a new purpose-built booking solution for NSW Health vaccination clinics.

Appendix one – Response from agency

Appendix two – Australian audits on the vaccine rollouts

Appendix three – Committee members 

Appendix four – About the audit 

Appendix five – Performance auditing 

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

 

Parliamentary reference - Report number #369 - released 7 December 2022

Published

Audit Insights 2018-2022

Community Services
Education
Environment
Finance
Health
Industry
Justice
Local Government
Premier and Cabinet
Planning
Transport
Treasury
Universities
Whole of Government
Asset valuation
Cross-agency collaboration
Compliance
Cyber security
Financial reporting
Fraud
Information technology
Infrastructure
Internal controls and governance
Management and administration
Procurement
Project management
Regulation
Risk
Service delivery
Shared services and collaboration
Workforce and capability

What the report is about

In this report, we have analysed the key findings and recommendations from our audit reports over the past four years.

This analysis includes financial audits, performance audits, and compliance audits of state and local government entities that were tabled in NSW Parliament between July 2018 and February 2022.

The report is framed by recognition that the past four years have seen significant challenges and emergency events.

The scale of government responses to these events has been wide-ranging, involving emergency response coordination, service delivery, governance and policy.

The report is a resource to support public sector agencies and local government to improve future programs and activities.

What we found

Our analysis of findings and recommendations is structured around six key themes:

  • Integrity and transparency
  • Performance and monitoring
  • Governance and oversight
  • Cyber security and data
  • System planning for disruption
  • Resource management.

The report draws from this analysis to present recommendations for elements of good practice that government agencies should consider in relation to these themes. It also includes relevant examples from recent audit reports.

In this report we particularly call out threats to the integrity of government systems, processes and governance arrangements.

The report highlights the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit.

A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.

Fast facts

  • 72 audits included in the Audit Insights 2018–2022 analysis
  • 4 years of audits tabled by the Auditor-General for New South Wales
  • 6 key themes for Audit Insights 2018–2022.

picture of Margaret Crawford Auditor-General for New South Wales in black dress with city skyline as backgroundI am pleased to present the Audit Insights 2018–2022 report. This report describes key findings, trends and lessons learned from the last four years of audit. It seeks to inform the New South Wales Parliament of key risks identified and to provide insights and suggestions to the agencies we audit to improve performance across the public sector.

The report is framed by a very clear recognition that governments have been responding to significant events, in number, character and scale, over recent years. Further, it acknowledges that public servants at both state and council levels generally bring their best selves to work and diligently strive to deliver great outcomes for citizens and communities. The role of audit in this context is to provide necessary assurance over government spending, programs and services, and make suggestions for continuous improvement.

A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.

However, in this report we particularly call out threats to the integrity of government systems, processes and governance arrangements. We highlight the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit. Arguably, these considerations are never more important than in an increasingly complex environment and in the face of significant emergency events and they will be key areas of focus in our future audit program.

While we have acknowledged the challenges of the last few years have required rapid responses to address the short-term impacts of emergency events, there is much to be learned to improve future programs. I trust that the insights developed in this report provide a helpful resource to public sector agencies and local government across New South Wales. I would be pleased to receive any feedback you may wish to offer.

Margaret Crawford
Auditor-General for New South Wales

Integrity and transparency Performance and monitoring Governance and oversight Cyber security and data System planning Resource management
Insufficient documentation of decisions reduces the ability to identify, or rule out, misconduct or corruption. Failure to apply lessons learned risks mistakes being repeated and undermines future decisions on the use of public funds. The control environment should be risk-based and keep pace with changes in the quantum and diversity of agency work. Building effective cyber resilience requires leadership and committed executive management, along with dedicated resourcing to build improvements in cyber security and culture. Priorities to meet forecast demand should incorporate regular assessment of need and any emerging risks or trends. Absence of an overarching strategy to guide decision-making results in project-by-project decisions lacking coordination. Governments must weigh up the cost of reliance on consultants at the expense of internal capability, and actively manage contracts and conflicts of interest.
Government entities should report to the public at both system and project level for transparency and accountability. Government activities benefit from a clear statement of objectives and associated performance measures to support systematic monitoring and reporting on outcomes and impact. Management of risk should include mechanisms to escalate risks, and action plans to mitigate risks with effective controls. In implementing strategies to mitigate cyber risk, agencies must set target cyber maturity levels, and document their acceptance of cyber risks consistent with their risk appetite. Service planning should establish future service offerings and service levels relative to current capacity, address risks to avoid or mitigate disruption of business and service delivery, and coordinate across other relevant plans and stakeholders. Negotiations on outsourced services and major transactions must maintain focus on integrity and seeking value for public funds.
Entities must provide balanced advice to decision-makers on the benefits and risks of investments. Benefits realisation should identify responsibility for benefits management, set baselines and targets for benefits, review during delivery, and evaluate costs and benefits post-delivery. Active review of policies and procedures in line with current business activities supports more effective risk management. Governments hold repositories of valuable data and data capabilities that should be leveraged and shared across government and non-government entities to improve strategic planning and forecasting. Formal structures and systems to facilitate coordination between agencies is critical to more efficient allocation of resources and to facilitate a timely response to unexpected events. Transformation programs can be improved by resourcing a program management office.
Clear guidelines and transparency of decisions are critical in distributing grant funding. Quality assurance should underpin key inputs that support performance monitoring and accounting judgements. Governance arrangements can enable input into key decisions from both government and non-government partners, and those with direct experience of complex issues.     Workforce planning should consider service continuity and ensure that specialist and targeted roles can be resourced and allocated to meet community need.
Governments must ensure timely and complete provision of information to support governance, integrity and audit processes.          
Read more Read more Read more Read more Read more Read more

 

This report brings together a summary of key findings arising from NSW Audit Office reports tabled in the New South Wales Parliament between July 2018 and February 2022. This includes analysis of financial audits, performance audits, and compliance audits tabled over this period.

  • Financial audits provide an independent opinion on the financial statements of NSW Government entities, universities and councils and identify whether they comply with accounting standards, relevant laws, regulations, and government directions.
  • Performance audits determine whether government entities carry out their activities effectively, are doing so economically and efficiently, and in accordance with relevant laws. The activities examined by a performance audit may include a selected program or service, all or part of an entity, or more than one government entity. Performance audits can consider issues which affect the whole state and/or the local government sectors.
  • Compliance audits and other assurance reviews are audits that assess whether specific legislation, directions, and regulations have been adhered to.

This report follows our earlier edition titled 'Performance Audit Insights: key findings from 2014–2018'. That report sought to highlight issues and themes emerging from performance audit findings, and to share lessons common across government. In this report, we have analysed the key findings and recommendations from our reports over the past four years. The full list of reports is included in Appendix 1. The analysis included findings and recommendations from 58 performance audits, as well as selected financial and compliance reports tabled between July 2018 and February 2022. The number of recommendations and key findings made across different areas of activity and the top issues are summarised at Exhibit 1.

The past four years have seen unprecedented challenges and several emergency events, and the scale of government responses to these events has been wide-ranging involving emergency response coordination, service delivery, governance and policy. While these emergencies are having a significant impact today, they are also likely to continue to have an impact into the future. There is much to learn from the response to those events that will help the government sector to prepare for and respond to future disruption. The following chapters bring together our recommendations for core elements of good practice across a number of areas of government activity, along with relevant examples from recent audit reports.

This 'Audit Insights 2018–2022' report does not make comparative analysis of trends in public sector performance since our 2018 Insights report, but instead highlights areas where government continues to face challenges, as well as new issues that our audits have identified since our 2018 report. We will continue to use the findings of our Insights analysis to shape our future audit priorities, in line with our purpose to help Parliament hold government accountable for its use of public resources in New South Wales.

Appendix one – Included reports, 2018–2022

Appendix two – About this report

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Health 2021

Health
Asset valuation
Compliance
Cyber security
Financial reporting
Infrastructure
Internal controls and governance
Procurement

This report analyses the results of our audits of the Health cluster agencies for the year ended 30 June 2021.

Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.

As there are no outstanding matters relating to audits in the Health cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.

What the report is about

The results of Health cluster (the cluster) agencies' financial statements audits for the year ended 30 June 2021.

What we found

Unmodified audit opinions were issued for the financial statements of all Health cluster agencies.

The COVID-19 pandemic increased the complexity and number of accounting matters faced by the cluster. The total gross value of corrected misstatements in 2020–21 was $250.2 million, of which $226.0 million were pandemic related.

A qualified audit opinion was issued on the Annual Prudential Compliance Statement. The basis of the qualification related to 19 instances (18 in 2018–19) of non-compliance relating to three of the 20 prudential requirements across five aged care facilities.

What the key issues were

The total number of matters we reported to management across the cluster increased from 112 in 2019–20 to 116 in 2020–21. Of the 116 issues raised in 2020–21, three were high risk (one in 2019–20) and 57 were moderate risk (47 in 2019–20). Nearly one half of the issues were repeat issues.

The three new high-risk issues identified were:

Hotel Quarantine (HQ) fees

The absence of a tailored debt recovery strategy, data integrity issues and uncertainties around future HQ arrangements increased risks around the recoverability of HQ fees from travellers.

COVID-19 inventories

Data errors and anomalies in the impairment model and difficulties forecasting key factors impacting the management of Personal Protective Equipment (PPE) increased uncertainty associated with the valuation and impairment of COVID-19 inventories.

COVID-19 vaccines

The Commonwealth did not provide information about the cost of vaccines provided to NSW free of charge, which required the performance of internal valuations to reflect the consumption of vaccines in the financial statements.

What we recommended

Hotel Quarantine (HQ) fees

Develop a tailored assessment methodology to estimate recoverability of HQ fees and work with Revenue NSW to develop a tailored debt recovery strategy.

COVID-19 inventories

Review the current stocktaking and impairment methodology to incorporate validation of data key to the management of COVID-19 related PPE.

COVID-19 vaccines

Work with the Commonwealth to obtain primary price information on COVID-19 vaccines.

Fast facts

The Health cluster, comprising 15 local health districts, five pillars agencies, two specialty health networks and six shared state-wise services agencies, deliver health services to the people of New South Wales.

  • 100% unqualified audit opinions were issued on agencies' 30 June 2021 financial statements
  • 24 monetary misstatements were reported in 2020–21
  • high risk management letter findings were identified
  • 47.4% of reported issues were repeat issues
  • $23.5b property, plant and equipment as at 30 June 2021
  • $26.8b total expenditure incurred in 2020–21

This report provides Parliament and other users of the Health cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely. This chapter outlines our audit observations related to the financial reporting of agencies in the Health cluster (the cluster) for 2021.

Section highlights

  • Unqualified audit opinions were issued for all cluster agencies required to prepare general-purpose financial statements.

  • The total gross value of all corrected monetary misstatements for 2020–21 was $250.2 million, of which $226.0 million were related to complexities arising from the COVID-19 pandemic.

  • A qualified audit opinion was issued on the Ministry's Annual Prudential Compliance Statement.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making. This chapter outlines our observations and insights from our financial statement audits of agencies in the Health cluster.

Section highlights

  • The total number of internal control deficiencies has increased from 112 issues in 2019–20 to 116 in 2020–21. Of the 116 issues raised in 2020–21, three were high (one in 2019–20) and 57 were moderate (47 in 2019–20); with nearly one half of all control deficiencies reported in 2020–21 being repeat issues.
  • The complexities arising from accounting for agreements between governments to respond to the COVID-19 pandemic presented three new high risk audit findings with respect to the:
    • expected rate of recoverability of outstanding Hotel Quarantine fees
    • procurement, stocktaking and impairment of COVID-19 inventories
    • valuation and recognition of COVID-19 vaccines received from the Commonwealth Government.
  • Management of excessive leave balances and poor quality or lack of documentation supporting key agreements were amongst the repeat issues observed again in the 2020–21 financial reporting period.

Findings reported to management

The number of findings reported to management has increased, with 47.4 per cent of all issues being repeat issues

Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of cluster agencies. The Audit Office does this through our management letters, which include observations, implications, recommendations and risk ratings.

In 2020–21, there were 116 findings raised across the cluster (112 in 2019–20). 47.4 per cent of all issues were repeat issues (38.4 per cent in 2019–20).

A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.

The table below describes the common issues identified across the cluster by category and risk rating.

Risk rating Issue
Information technology

Moderate2
7 new,
3 repeat

We identified the need for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with:

  • lack of reviews of user access and privileged user access for
  • HealthRoster
  • Assets and Facilities Management Online
  • vMoney Powerhouse
  • Patient Billing and Revenue Collection system.

Repeat issues included:

  • deficient password controls
  • no independent review for data integrity of any changes made to HealthRoster
  • incomplete reviews of StaffLink User Access.

Low1
4 new,
5 repeat
Internal control deficiencies or improvements

High3

1 new, 

0 repeat

We identified internal control weaknesses across key business processes, including new issues relating to:

  • procurement, stocktaking and impairment of COVID-19 inventories (personal protective equipment)
  • instances where employees' timesheets were approved in advance
  •  monthly reconciliations not reviewed in a timely manner
  • asset revaluation processes at Illawarra Shoalhaven Local Health District.
     

Repeat issues included:

  • forced finalisation of rosters in order to finalise processing of payroll
  • partial repeat issue relating to HealthShare NSW's stocktake process, refer to details in the following section of this report.

Moderate2
6 new,
12 repeat

 Low1
10 new,
4 repeat
Financial reporting

High3

2 new, 
0 repeat

We identified weaknesses with respect to financial reporting in relation to the:

  • expected rate of recoverability of outstanding Hotel Quarantine fees
  • valuation and recognition of COVID-19 vaccines received from the Commonwealth Government
  • application of AASB 16 'Leases'
  • improvement in health agencies' grant register to better support management's accounting treatment under the applicable revenue accounting standards.

Moderate2
6 new,
1 repeat

Low1
8 new,
3 repeat
Governance and oversight
Moderate2
9 new,
5 repeat

We identified opportunities for agencies to improve governance and oversight processes, including:

  • ensure better documentation around governance arrangements for major health capital works delivered by Health Infrastructure
  • absence of documented practices at health agencies level relating to Visiting Medical Officer claims.
     

Repeat issues include:

  • delegations manual for Health Infrastructure remains in draft and has done so since 2017.
Low1
2 new,
2 repeat
Non-compliance with key legislation and/or central agency policies
Moderate2
1 new,
7 repeat

We identified the need for agencies to improve compliance with key legislation and central agency policies, with new findings including:

  • bank signatories list not updated to remove terminated employees
  • subsequent changes made to Junior Medical Officers' approved rosters not approved by an authorised delegate.
     

Repeat issues include:

  • management of excessive annual leave
  • non-compliance with the Government Information (Public Access) Act 2009 (GIPA Act) by Ambulance NSW.
Low1
5 new,
13 repeat

4Extreme risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
3 High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
1 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.

Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.

Complexities arising from the COVID-19 response

The 2020–21 audit identified three new high-risk findings

COVID-19 has presented the cluster with several new accounting challenges. New and evolving matters arose from changes to operating conditions, which characterised the 2020–21 financial reporting period. Issues with a high degree of estimation uncertainty will require ongoing attention as the strategies employed to deal with the COVID-19 pandemic evolve.

Expected rate of recovery of outstanding Hotel Quarantine invoices

The estimation of the amount likely to be recovered is complicated not only by the uncertainties that exist regarding the assumptions those estimations rely upon, but also the debt collection processes and strategies put into place to manage the accumulated debtors' balance. Debt collection is not administered by the cluster, but rather Revenue NSW. We observed an absence of a methodology to assess the likelihood of recovery. Instead, Sydney Local Health District was relying on Revenue NSW to develop and execute on a collection strategy. Sydney Local Health District was using the same approach to hotel quarantine debts as it did to other Health receivables. As the approach to managing international borders evolves over time, so too will the cluster's need to develop robust estimation models to assess the likely collectability of debtors. 

Procurement, management and impairment of COVID-19 inventories

$656.2 million of COVID-19 inventories were procured in 2020–21, with $220.2 million consumed; $558.7 million impaired and a further $217.1 million written off. Estimates of the degree to which inventories are expired, not fit for purpose or are faulty is often based on management judgement at all stages in the procurement cycle.

With respect to the stocktaking methodology applied, the following issues were identified:

  • discrepancies noted in the stock bin listing provided for audit
  • discrepancies in the recount sheet generated
  • inconsistent application of the stocktake methodology
  • inconsistent labelling of quarantined stock
  • a lack of an approach for validating stock expiry dates, which is a key input to the impairment calculations.

Although management had developed processes and a methodology to count as well as to assess the level of inventory that was not fit for purpose, ongoing attention to the operating environment that emerges post pandemic will be important in assessing the degree to which existing COVID-19 inventories can be integrated into a ‘business as usual’ model going forward. Further refinement of the key elements of the stocktaking methodology will also be required to ensure that key inputs upon which management relies to calculate the year-end inventory impairment provision can be appropriately validated.

Valuation and recognition of COVID-19 vaccines received from the Commonwealth Government

The 2020–21 financial reporting period saw the Commonwealth acquire COVID-19 vaccines and provide these to state jurisdictions to dispense to their communities. The vaccines, although provided free of charge require recognition. However, Health entities were not responsible for acquiring the vaccines and data on the vaccines' cost was not shared by the Commonwealth. Management undertook a valuation using publicly available data to estimate the value to attribute to the vaccine inventory; developed new systems and leveraged existing pharmacy systems to track physical quantities received from the Commonwealth and ultimately distributed to NSW citizens. As the response to the pandemic evolves, larger quantities, and new lines of vaccine stock will be dealt with, and policy settings will need to adapt when patterns of distribution of those vaccines (e.g., timing of third booster shots) emerge. The Ministry of Health will need to ensure that the valuations applied to the prices of inventory distributed and held in stock are as accurate as possible. This can be done through further refinement of the existing valuation methodology, obtaining price information from the Commonwealth and engaging specialist pharmaceutical valuers.

Emerging trends

Recognition of provisions without sufficient support

Several NSW Health entities raised accruals and provisions in 2020–21, which did not have an appropriate basis for recognition. Liabilities can only be recognised where there is a present obligation to make a payment arising from a past event. A number of these errors remain uncorrected in the financial statements of those entities as they are not material, individually or in aggregate to the financial statements as a whole. Increased training and guidance are required to ensure that treatment within the cluster is consistent and reflects events that have occurred and give rise to obligations.

Treatment of Commonwealth funding

In the 2020–21 and 2019–20 financial reporting periods, we observed prior period errors arising from the treatment of Commonwealth funding. These errors related to recognising revenue under funding agreements entered into with the Commonwealth in the incorrect period. The conditions of these funding arrangements, the transactional information requiring validation and the circumstances when revenue should be recognised are not always clear and can be complex. Early and continuous engagement with the Commonwealth is required to ensure that revenue recognition principles are consistently applied across the cluster.

Key repeat issues

Management of excessive annual leave

NSW Treasury guidelines stipulate annual leave balances exceeding 30 days are considered excess annual leave balances. Managing excess annual leave balances has been reported as an issue for the cluster for more than five years, with the average percentage of employees with excessive leave balances over the last five years being 36.1 per cent (35.5 per cent over five years covering 2015–16 to 2019–20).

The operational demands required to manage the COVID-19 pandemic have presented new challenges for the cluster in trying to manage its excessive leave balances. 39.2 per cent of employees now have excess leave balances at 30 June 2021 (35.4 per cent at 30 June 2020).

The state's leave policy C2020-12 Managing Accrued Recreation Leave Balances requires agencies to manage excessive leave balances to 30 days or less to maintain their workforces physical and mental health.

Accurate time recording

Forced-finalisation of time records by system administrators within HealthRoster remains an issue and we continue to observe time records forced-finalised by system administrators so pay runs can be finalised on a timely basis. During 2020–21, a total of two million (2.2 million in 2019–20) time records were force approved, which represents 5.7 per cent of total time records (6.9 per cent in 2019–20).

Existence, completeness and accuracy of key agreements

Delivery of major capital projects

Health Infrastructure (a division of the Health Administration Corporation) is responsible for the delivery of major capital projects with a budgeted spend of more than $10.0 million. Health Infrastructure oversee the planning, design, procurement, and construction phases. Capital works in progress are recognised in the financial statements of the health entity that intends to use those assets upon completion. The health entities recognise both the capital work in progress and the revenue associated with the capital funding from the Ministry for the construction of the assets. Capital funding is currently agreed with health entities as part of the annual Service Agreement. The assumption that the health entities control the assets during their construction is consistent with Health Infrastructure's role as an agent for the health entity and the Ministry's policy directive PD2020-033 'Management and control of Health Administration Corporation owned Real Property'.

We continued to observe a lack of clarity regarding agreements between Health Infrastructure, the Ministry and the cluster agency that will eventually receive the completed asset. This can lead to confusion and uncertainty around the rights and obligations of each party to the transaction.

Cross border patient funding arrangements

When patients require medical care in a jurisdiction where they are not generally domiciled, there are arrangements in place to provide funding to support cross border patient treatments. We have previously observed that agreements between NSW and other jurisdictions have not been finalised, and this continues to be the case. In the case of Victoria, no agreement has been finalised for the past seven years.

We continue to note that the cluster has long outstanding receivables and payables with other states. The absence of formal agreements between the states hampers the settlement of the debts relating to the treatment of cross border patients. The following table shows the status of Cross Border Agreements between NSW and other jurisdictions:

States 2014–15 2015–16 2016–17 2017–18 2018–19 2019–20 2020–21
Queensland Signed Signed Signed Signed Signed Not finalised Not finalised
Victoria Not finalised Not finalised Not finalised Not finalised Not finalised Not finalised Not finalised
Australian Capital Territory Signed Signed Signed Signed Signed Signed Not finalised
South Australia Signed Signed Signed Signed Signed Signed Not finalised
Tasmania Signed Signed Signed Signed Signed Signed Not finalised
Northern Territory Signed Signed Signed Signed Signed Signed Not finalised
Western Australia Signed Signed Signed Signed Signed Signed Not finalised

Albury Base Hospital

Albury Base hospital is located on the border of NSW and Victoria and services residents of both states. Documentation supporting the extension of the expired Intergovernmental Agreement 2009–2017 between NSW and Victoria in relation to the integration of health services in Wodonga and Albury could not be located.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

 

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Published

Health 2020

Health
Compliance
Financial reporting
Infrastructure
Internal controls and governance
Service delivery

This report analyses the results of our audits of financial statements of the Health cluster for the year ended 30 June 2020. The table below summarises our key observations.

1. Financial reporting

Financial reporting

Unqualified financial audit opinions

The financial statements of NSW Health and its 25 controlled entities received unqualified opinions.

The number of corrected and uncorrected misstatements increased from the prior year. Misstatements related predominantly to the implementation of new accounting standards, asset revaluations and accounting for new revenue streams to cover the cost of HSW Health’s response to the COVID-19 pandemic.

Qualified compliance audit opinion

We issued a qualified audit opinion for the Ministry of Health’s Annual Prudential Compliance Statement for aged care facilities operated by NSW Health. We identified 18 instances of material non-compliance with the Fees and Payments Principles 2014 (No. 2) (the Principles) in 2019–20 (30 in 2018–19).
Financial performance

NSW Health received an additional $3.3 billion in funding to cover costs associated with its response to the COVID-19 pandemic.

The impacts of the COVID-19 pandemic on the cluster were significant for health entities and included changes to operations, increased revenues, expenditure, assets and liabilities. Cancellation of elective surgery and decreased emergency department presentations meant that despite the pandemic, activity levels at many health entities decreased. Health Pathology and HealthShare were notable exceptions.

In the period to the 30 June 2020, NSW Health reported that over 900,000 COVID-19 tests were conducted. Health Pathology conducted over 500,000 of these tests. Health Pathology's surge requirements were enhanced through arrangements with 13 private sector providers. HealthShare purchased $864.2 million of personal protective equipment.

Overall, NSW Health recorded an operating surplus of $3.1 billion in 2019–20, an increase of $2.0 billion from 2018–19. As in previous years, the surplus largely resulted from additional revenue received to fund capital projects including the construction of new facilities, upgrades and redevelopments. In 2019–20 additional Commonwealth and State funding for the purchase and stockpiling of personal protective equipment also contributed to the operating surplus.
Overtime payments The Ambulance Service of NSW’s (NSW Ambulance) reduced their overtime payments to $79.7 million in 2019–20 ($83.1 million in 2018–19). Overtime payments in 2019–20 included $6.8 million related to the response to the 2019–20 bushfire season. NSW Ambulance overtime payments represent 16.8 per cent of total overtime payments in the cluster.

2. Audit observations

Internal control deficiencies

We identified more internal control deficiencies in 2019–20. The number of repeat issues from prior years also remains high.

NSW Health addressed 18 out of the 25 information system control deficiencies during the year.

Several key agreements lacked formal documentation. This included agreements between the Ministry and health entities, between health entities and agencies in other clusters and between the Ministry and health departments in other jurisdictions.
Infrastructure delivery NSW Health had 44 ongoing major capital projects at 30 June 2020 with a total revised budget of $12.3 billion. The revised total budget of $12.3 billion is $2.0 billion more than the original budget. NSW Health revises budgets when it combines project stages.

This report provides parliament and other users of the Health cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:

  • financial reporting
  • audit observations.

The impacts of the COVID-19 pandemic on the cluster were significant and included changes to the operations of the health entities and increased revenue, expenditure, assets and liabilities.

As a part of this year's audits of health entities, we have considered:

  • financial implications of the COVID-19 emergency at both health entity and cluster levels
  • changes to agencies' operating models
  • agencies' access to technology and the maturity of systems and controls to prevent unauthorised and fraudulent access to data.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.

The response to the COVID-19 pandemic primarily impacted the financial reporting of NSW Health through:

  • additional revenue from the State government in the form of grants and stimulus payments
  • additional revenue from the Commonwealth government under the National Partnership Agreement for COVID-19 to cover part of the cost of responding to the COVID-19 pandemic
  • increased expenses, largely due to increased payments to private health operators to maintain their viability during the COVID-19 pandemic and later to assist with public patient elective surgery waitlists and increased cleaning costs
  • increased purchases of personal protective equipment.

Chapter one outlines the impacts of NSW Health’s response to the COVID-19 pandemic. This chapter outlines our other audit observations related to the financial reporting of agencies in the Health cluster for 2020.

Section highlights

  • Unqualified audit opinions were issued for all health entities’ financial statements, although more misstatements were identified than last year.
  • NSW Health recorded an operating surplus of $3.1 billion, an increase of $2.0 billion from 2018–19. This is largely due to additional capital grants for new facilities, upgrades and redevelopments and additional Commonwealth and State funding for the purchase of personal protective equipment.
  • NSW Health’s expenses increased by 5.5 per cent in 2019–20 (7.0 per cent in 2018–19) despite the impact of the COVID-19 pandemic. The primary causes for the growth in expenses are increases in:
    • employee related expenses due to higher employee numbers, increased overtime and a 2.5 per cent award increase
    • payments to private health operators to maintain their viability during the COVID-19 pandemic and later to assist with public patient elective surgery waitlists
    • payments to private health operators due to the first full year of operation of the Northern Beaches hospital.
  • The Ambulance Service of NSW (NSW Ambulance) continued to report higher overtime payments than other health entities. However, despite the response to the 2019–20 bushfire season, their overtime payments were lower than last year. NSW Ambulance paid $79.7 million in overtime payments in 2019–20 ($83.1 million in 2018–19).
  • A qualified audit opinion was issued for the Ministry of Health’s Annual Prudential Compliance Statement for aged care facilities operated by NSW Health. There were 18 instances of material non-compliance with the Fees and Payments Principles 2014 (No. 2) (the Principles) in 2019–20 (30 in 2018–19)

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

The primary impact of the COVID-19 pandemic on the effectiveness of the internal controls of NSW Health and health entities relates to the effectiveness of controls implemented by HealthShare relating to the stocktake of personal protective equipment inventories. Inventory managed by HealthShare increased by 2,746 per cent during 2019–20. HealthShare’s inventory controls did not maintain pace with the sudden, significant increase.

The impacts of NSW Health’s response to the COVID-19 pandemic are outlined in chapter one. This chapter outlines other observations and insights from our financial statement audits of agencies in the Health cluster.

Section highlights

  • The number of internal control deficiencies has increased since 2018–19. More than a third of control deficiencies are repeat issues.
  • Control deficiencies that relate to managing employees’ leave and employee’s time recording continue to be difficult for entities to resolve, particularly during the ongoing response to the COVID-19 pandemic.
  • Several key agreements were undocumented. These included agreements between the Ministry and the health entities, between health entities, and between the Ministry and entities in other clusters and jurisdictions. These related to:
    • a loan arrangement between the Ministry and HealthShare for $319 million.
    • Northern Sydney Local Health District's use of land and buildings owned by the Graythwaite Charitable Trust
    • agreements for the treatment of New South Wales residents while they are interstate, and interstate residents receiving treatment while they are in New South Wales from Queensland, Victoria, South Australia and the ACT for both 2019–20 and 2018–19.
  • NSW Health reported that they completed nine major capital projects during 2019–20. As at 30 June 2020 there were 44 ongoing major capital health projects in NSW. The revised capital budget for these projects in total was $2.0 billion more than the original budget of $10.3 billion. NSW Health reported the budget revisions are largely the result of combining project stages.

Appendix one – List of 2020 recommendations 

Appendix two – Status of 2019 recommendations 

Appendix three – Financial data

Appendix four – Analysis of financial indicators 

Appendix five – Analysis of performance against budget

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Auditor-General’s Report to Parliament

Health 2020

11 December 2020

This corrigendum has been prepared to amend the following text within the Auditor-General’s Report to Parliament on Health 2020, dated 10 December 2020.

NSW Health emergency department treatment times

On page five the original text was as follows:

NSW Health also measures the percentage of patients whose clinical care in emergency departments is completed within four hours. The measure is used as an indicator of accessibility to public hospital services.

NSW Health aims to complete clinical care in the emergency department for 81 per cent of patients within four hours. In 2019–20 NSW Health reports it completed clinical care within four hours for 72.1 per cent of patients (a 7.3 per cent decrease from 2018–19).

At Western Sydney Local Health District, 59 per cent of patients were treated within the targeted timeframe. NSW Health attribute this to the profile of patients presenting in emergency departments and additional time taken processing COVID-19 patients to ensure staff safety.

The original text has now been changed to:

NSW Health also measures the percentage of patients with total time in the emergency department of four hours or less for each local health district. The measure is used as an indicator of accessibility to public hospital services.

Local Health Districts Target % (2019–20) Actual % (2019–20)
Central Coast 77.0 59.9
Far West 90.2 86.6
Hunter New England 81.0 72.5
Illawarra Shoalhaven 79.0 60.2
Mid North Coast 82.0 76.7
Murrumbidgee 85.3 81.9
Nepean Blue Mountains 79.0 65.5
Northern NSW 81.0 78.2
Northern Sydney 79.0 73.9
South Eastern Sydney 78.0 70.3
South Western Sydney 78.0 61.2
Southern NSW 85.0 83.0
Sydney 76.0 70.9
Sydney Children’s Hospitals Network 80.0 72.1
Western NSW 85.9 81.0
Western Sydney 78.0 59.0
St Vincent's Health Network* 75.0 65.4
* St Vincent’s Health Network Sydney (SVHNS) comprises of St Vincent’s Hospital Sydney Limited as the affiliated health organisation in respect of four recognised establishments under the Health Services Act 1997 (NSW) (Health Services Act). Under the Health Services Act, St Vincent’s Hospital Sydney Limited, is treated as a Network for the purposes of the National Health Reform Agreement in respect of the three recognised establishments: St Vincent’s Hospital, Darlinghurst; Sacred Heart Health Service, Darlinghurst; St Joseph’s Hospital, Auburn; and St Vincent's Correctional Health, Parklea.
Source: NSW Health (unaudited)

The above changes will be reflected in the version of the report published on the Audit Office website and should be considered the true and accurate version.

Published

Internal controls and governance 2020

Education
Environment
Community Services
Finance
Health
Industry
Justice
Premier and Cabinet
Transport
Treasury
Compliance
Cyber security
Information technology
Internal controls and governance
Management and administration
Procurement

The Auditor-General for New South Wales, Margaret Crawford today released her report on the findings and recommendations from the 2019–20 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector.

The bushfire and flood emergencies and the COVID‑19 pandemic continue to have a significant impact on the people and public sector of New South Wales. The scale of the government response to these events has been significant. The report focuses on the effectiveness of internal controls and governance processes, including relevant agencies’ response to the emergencies. In particular, the report focuses on:

  • financial and information technology controls
  • business continuity and disaster recovery planning arrangements
  • procurement, including emergency procurement
  • delegations that support timely and effective decision-making.

Due to the ongoing impact of COVID‑19 agencies have not yet returned to a business‑as‑usual environment. ‘Agencies will need to assess their response to the recent emergencies and update their business continuity, disaster recovery and other business resilience frameworks to reflect the lessons learnt from these events’ the Auditor-General said.

The report noted that special procurement provisions were put in place to allow agencies to better respond to the COVID-19 pandemic. The Auditor-General recommended agencies update their procurement policies to reflect the current requirements of the NSW Procurement Framework and the emergency procurement requirements.

Read the PDF report

This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2020. These 40 agencies constitute an estimated 85 per cent of total expenditure for all NSW public sector agencies.

1. Internal control trends
New, repeat and high risk findings

Internal control deficiencies increased by 13 per cent compared to last year. This is predominately due to a seven per cent increase in new internal control deficiencies and 24 per cent increase in repeat internal control deficiencies. There were ten high risk findings compared to four last year.

The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies.

Agencies should:

  • prioritise addressing high-risk findings
  • address repeat internal control deficiencies by re-setting action plans and timeframes and monitoring the implementation status of recommendations.
Common findings

A number of findings remain common across multiple agencies over the last four years, including:

  • out of date or missing policies to guide appropriate decisions
  • poor record keeping and document retention
  • incomplete or inaccurate centralised registers or gaps in these registers.
2. Information technology controls
IT general controls

We found deficiencies in information security controls over key financial systems including:

  • user access administration deficiencies relating to inadequate oversight of the granting, review and removal of user access at 53 per cent of agencies
  • privileged users were not appropriately monitored at 43 per cent of agencies
  • deficient password controls that did not align to the agency's own password policies at 25 per cent of agencies.

The deficiencies above increase the risk of non-compliance with the NSW Cyber Security Policy, which requires agencies to have processes in place to manage user access, including privileged user access to sensitive information or systems and remove that access once it is not required or employment is terminated.
3. Business continuity and disaster recovery planning
Assessing risks to business continuity and Scenario testing

The response to the recent emergencies and the COVID-19 pandemic has encompassed a wide range of activities, including policy setting, on-going service delivery, safety and availability of staff, availability of IT and other systems and financial management. Agencies were required to activate their business continuity plans in response, and with the continued impact of COVID-19 have not yet returned to a business-as-usual environment.

Our audits focused on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic.

We identified deficiencies in agency business continuity and disaster recovery planning arrangements. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities. Agencies can also improve the content of their BIA. For example, ten per cent of agencies' BIAs did not include recovery time objectives and six per cent of agencies did not identify key IT systems that support critical business functions. Scenario testing improves the effectiveness with which a live crisis is handled, but 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. There were also opportunities to improve the effectiveness of scenario testing exercises by:

  • involving key dependent or inter-dependent third parties who support or deliver critical business functions
  • testing one or more high impact scenarios identified in their business continuity plan
  • preparing a formalpost-exercise report documenting the outcome of their scenario testing.

Agencies have responded to the recent emergencies but addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required.

During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'.
Responding to disruptions

We found agencies' governance functions could have been better informed about responses to disruptive incidents that had activated a business continuity or disaster recovery response between 1 January 2019 to 31 December 2019. For instance:

in 89 per cent of instances where a business continuity response was activated, a post-incident review had been performed. In 82 per cent of these instances, the outcomes were reported to a relevant governance or executive management committee

in 95 per cent of instances where a disaster recovery response was activated, a post incident review had been performed. In 86 per cent of these instances, the outcomes were reported to a relevant governance committee or executive management committee.

Examples of recorded incidents included extensive air quality issues and power outages due to bushfires, system and network outages, and infected and hijacked servers.

Agencies should assess their response to the recent emergencies and the COVID-19 pandemic and update business continuity, disaster recovery and other business resilience frameworks to incorporate lessons learned. Agencies should report to those charged with governance on the results and planned actions.
Management review and oversight Eighty-two per cent and 86 per cent of agencies report to their audit and risk committees (ARC) on their business continuity and disaster recovery planning arrangements, respectively. Only 18 per cent and five per cent of ARCs are briefed on the results of respective scenario testing. Briefing ARCs on the results of scenario testing exercises helps inform their decisions about whether sound and effective business continuity and disaster recovery arrangements have been established.
4. Procurement, including emergency procurement
Policy framework

Agency procurement policies did not capture the requirements of several key NSW Procurement Board Directions (the Directions), increasing the risk of non-compliance with the Directions. We noted: 

  • 67 per cent of agencies did specify that procurement above $650,000 must be open to market unless exempt or procured through an existing Whole of Government Scheme or contract
  • 36 per cent of agencies did specify that procurements above $500,000 payable in foreign currencies must be hedged
  • 69 per cent of agencies' policies did specify that the agency head or cluster CFO must authorise the engagement of consultants where the engagement of the supplier does not comply with the standard commercial framework.

Recommendation: Agencies should review their procurement policies and guidelines to ensure they capture the key requirements of the NSW Government Procurement Policy Framework, including NSW Procurement Board Directions.
Managing contracts

Eighty-eight per cent of agencies maintain a central contract register to record all details of contracts above $150,000, which is a requirement of GIPA legislation. Of the agencies that maintained registers, 13 per cent did not capture all contracts and eight per cent did not include all relevant contract details.

Sixteen per cent of agencies did not periodically review their contract register. Timely review increases compliance with GIPA legislation, and enhances the effectiveness with which procurement business units monitor contract end dates, contract extensions and commence new procurement.
Training and support

Ninety-three per cent of agencies provide training to staff involved in procurement processes, and a further 77 per cent of agencies provide this training on an on-going basis. Of the seven per cent of agencies that had not provided training to staff, we noted gaps in aspects of their procurement activity, including:

  • not conducting value for money assessments prior to renewing or extending the contract with their existing supplier
  • not obtaining approval from a delegated authority to commence the procurement process
  • procurement documentation not specifying certain key details such as the conditions for participation including any financial guarantees and dates for the delivery of goods or supply of services.

Training on procurement activities ensures there is effective management of procurement processes to support operational requirements, and compliance with procurement directions.
Procurement activities While agencies had implemented controls for tender activities above $650,000, 43 per cent of unaccredited agencies did not comply with the NSW Procurement Policy Framework because they had not had their procurement endorsed by an accredited agency within the cluster or by NSW Procurement. This endorsement aims to ensure the procurement is properly planned to deliver a value for money outcome before it commences.
Emergency procurement

As at 30 June 2020, agencies within the scope of this report reported conducting 32,239 emergency procurements with a total contract value of $316,908,485. Emergency procurement activities included the purchase of COVID-19 cleaning and hygiene supplies.

The government, through NSW Procurement released the 'COVID-19 Emergency procurement procedure', which relaxed procurement requirements to allow agencies to make COVID-19 emergency procurements. Our review against the emergency procurement measures found most agencies complied with requirements. For example:

  • 95 per cent of agencies documented an assessment of the need for the emergency procurement for the good and/or service
  • 86 per cent of agencies obtained authorisation of the emergency procurement by the agency head or the nominated employee under Public Works and Procurement Regulation 2019
  • 76 per cent of agencies reported the emergency procurement to the NSW Procurement Board.

Complying with the procedure helps to ensure government resources are being efficiently, effectively, economically and in accordance with the law.

Recommendation: Agency procurement frameworks should be reviewed and updated so they can respond effectively to emergency situations that may arise in the future. This includes:

  • updating procurement policies and guidelines to define an emergency situation, specify who can approve emergency procurement and capture other key requirements
  • using standard templates and documentation to prompt users to capture key requirements, such as needs analysis, supplier selection criteria, price assessment criteria, licence and insurance checks
  • having processes for reporting on emergency procurements to those charged with governance and NSW Procurement.
5. Delegations
Instruments of delegation

We found that agencies have established financial and human resources delegations, but some had not revisited their delegation manuals following the legislative and machinery of government changes. For those agencies impacted by machinery of government changes we noted:

  • 16 per cent of agencies had not updated their financial delegations to reflect the changes
  • 16 per cent of agencies did not update their human resources delegations to reflect the changes.

Delegations manuals are not always complete; 16 per cent of agencies had no delegation for writing off bad debts and 26 per cent of agencies had no delegation for writing off capital assets.

Recommendation: Agencies should ensure their financial and human resources delegation manuals contain regular set review dates and are updated to reflect the Government Sector Finance Act 2018, machinery of government changes and their current organisational structure and roles and responsibilities.
Compliance with delegations

Agencies did not understand or correctly apply the requirements of the Government Sector Finance Act 2018 (GSF Act), resulting in non-compliance with the Act. We found that 18 per cent of agencies spent deemed appropriations without obtaining an authorised delegation from the relevant Minister(s), as required by sections 4.6(1) and 5.5(3) of the GSF Act.

Further detail on this issue will be included in our Auditor-General's Reports to Parliament on Central Agencies, Education, Health and Stronger Communities, which will be tabled throughout December 2020.

Recommendation: Agencies should review financial and human resources delegations to ensure they capture all key functions of laws and regulations, and clearly specify the relevant power or function being conferred on the officer.
6. Status of 2019 recommendations
Progress implementing last year's recommendations

Recommendations were made last year to improve transparency over reporting on gifts and benefits and improve the visibility management and those charged with governance had over actions taken to address conflicts of interest that may arise. This year, we continue to note:

  • 38 per cent of agencies have not updated their gifts and benefits register to include all the key fields required under the minimum standards set by the Public Service Commission
  • 56 per cent of agencies have not provided training to staff and 63 per cent of agencies have not implemented an annual attestation process for senior management
  • 97 per cent of agencies have not published their gifts and benefits register on their website and 41 per cent of agencies are not reporting on trends in the gifts and benefits register to those charged with governance.

While we acknowledge the significance of the recent emergencies, which have consumed agency time and resources, we note limited progress has been made implementing these recommendations. Further detail on the status of implementing all recommendations is in Appendix 2.

Recommendation: Agencies should re-visit the recommendations made in last year's report on internal controls and governance and action these recommendations.

Internal controls are processes, policies and procedures that help agencies to:

  • operate effectively and efficiently
  • produce reliable financial reports
  • comply with laws and regulations
  • support ethical government.

This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.

Section highlights

We identified ten high risk findings, compared to four last year with two findings repeated from the previous year. There was an overall increase of 13 per cent in the number of internal control deficiencies compared to last year due to a seven per cent increase in new internal control deficiencies, and a 24 per cent increase in repeat internal control deficiencies. The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies.

We identified a number of findings that remain common across multiple agencies over the last four years. Some of these findings related to areas that are fundamental to good internal control environments and effective organisational governance. Examples include:

  • out of date or missing policies to guide appropriate decisions
  • poor record keeping and document retention
  • incomplete or inaccurate centralised registers, or gaps in these registers.

Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively.

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.

Section highlights

Government agencies’ financial reporting is heavily reliant on information technology (IT). We continue to see a high number of deficiencies related to IT general controls, particularly those related to user access administration. These controls are key in adequately protecting IT systems from inappropriate access and misuse.

IT is also important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our financial audits do not review all agency IT systems. For example, IT systems used to support agency service delivery are generally outside the scope of our financial audit. However, agencies should also consider the relevance of our findings to these systems.

Agencies need to continue to focus on assessing the risks of inappropriate access and misuse and the implementation of controls to adequately protect their systems, focussing on the processes in place to grant, remove and monitor user access, particularly privileged user access.
 

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency business continuity and disaster recovery planning arrangements.

Section highlights

We identified deficiencies in agency business continuity and disaster recovery planning arrangements and opportunities for agencies to enhance their business continuity management and disaster recovery planning arrangements. This will better prepare them to respond to a disruption to their critical functions, resulting from an emergency or other serious event. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities and 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. Scenario testing improves the effectiveness with which a live crisis is handled.

This section focusses on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic. While agencies have responded to the recent emergencies, proactively addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required.

During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'.

 

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of procurement agency procurement policies and procurement activity.

Section highlights

We found agencies have procurement policies in place to manage procurement activity, but the content of these policies was not sufficiently detailed to ensure compliance with NSW Procurement Board Directions (the Directions). The Directions aim to ensure procurement activity achieves value for money and meets the principles of probity and fairness.

Agencies have generally implemented controls over their procurement process. In relation to emergency procurement activity, agencies reported conducting 32,239 emergency procurements with a total contract value of $316,908,485 up to 30 June 2020. Our review of emergency procurement activity conducted during 2019–20 identified areas where some agencies did not fully comply with the 'COVID-19 Emergency procurement procedure'.

We also found not all agencies are maintaining complete and accurate contract registers. This not only increases the risk of non-compliance with GIPA legislation, but also limits the effectiveness of procurement business units to monitor contract end dates, contract extensions and commence new procurement in a timely manner. We noted instances where agencies renewed or extended contracts without going through a competitive tender process during the year.

 

This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency compliance with financial and human resources delegations.

Section highlights
We found that agencies are not always regularly reviewing and updating their financial and human resources delegations when there are changes to legislation or other organisational changes within the agency or from machinery of government changes. For example, agencies did not understand or correctly apply the requirements of the GSF Act, resulting in non-compliance with the Act. We found that 18 per cent of agencies spent deemed appropriations without obtaining an authorised delegation from the relevant Minister(s), as required by sections 4.6(1) and 5.5(3) of the GSF Act.
In order for agencies to operate efficiently, make necessary expenditure and human resource decisions quickly and lawfully, particularly in emergency situations, it is important that delegations are kept up to date, provide clear authority to decision makers and are widely communicated.

Appendix one – List of 2020 recommendations 

Appendix two – Status of 2019 recommendations

Appendix three – Cluster agencies

 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

View our audit program
View audit program
EXPLORE
upcoming audits
Have your say
CONTRIBUTE