Reports
Actions for Audit Insights 2018-2022
Audit Insights 2018-2022
What the report is about
In this report, we have analysed the key findings and recommendations from our audit reports over the past four years.
This analysis includes financial audits, performance audits, and compliance audits of state and local government entities that were tabled in NSW Parliament between July 2018 and February 2022.
The report is framed by recognition that the past four years have seen significant challenges and emergency events.
The scale of government responses to these events has been wide-ranging, involving emergency response coordination, service delivery, governance and policy.
The report is a resource to support public sector agencies and local government to improve future programs and activities.
What we found
Our analysis of findings and recommendations is structured around six key themes:
- Integrity and transparency
- Performance and monitoring
- Governance and oversight
- Cyber security and data
- System planning for disruption
- Resource management.
The report draws from this analysis to present recommendations for elements of good practice that government agencies should consider in relation to these themes. It also includes relevant examples from recent audit reports.
In this report we particularly call out threats to the integrity of government systems, processes and governance arrangements.
The report highlights the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit.
A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.
Fast facts
- 72 audits included in the Audit Insights 2018–2022 analysis
- 4 years of audits tabled by the Auditor-General for New South Wales
- 6 key themes for Audit Insights 2018–2022.
I am pleased to present the Audit Insights 2018–2022 report. This report describes key findings, trends and lessons learned from the last four years of audit. It seeks to inform the New South Wales Parliament of key risks identified and to provide insights and suggestions to the agencies we audit to improve performance across the public sector.
The report is framed by a very clear recognition that governments have been responding to significant events, in number, character and scale, over recent years. Further, it acknowledges that public servants at both state and council levels generally bring their best selves to work and diligently strive to deliver great outcomes for citizens and communities. The role of audit in this context is to provide necessary assurance over government spending, programs and services, and make suggestions for continuous improvement.
A number of the matters highlighted in this report are similar to those described in our previous Insights Report, (Performance Audit Insights: key findings from 2014–2018) specifically in relation to cyber and information security, to performance measurement, reporting and evaluation, and system and workforce planning and capability.
However, in this report we particularly call out threats to the integrity of government systems, processes and governance arrangements. We highlight the need for balanced advice to government on options and risks, for transparent documentation and reporting of directions and decisions, and for early and open sharing of information with integrity bodies and audit. Arguably, these considerations are never more important than in an increasingly complex environment and in the face of significant emergency events and they will be key areas of focus in our future audit program.
While we have acknowledged the challenges of the last few years have required rapid responses to address the short-term impacts of emergency events, there is much to be learned to improve future programs. I trust that the insights developed in this report provide a helpful resource to public sector agencies and local government across New South Wales. I would be pleased to receive any feedback you may wish to offer.
Margaret Crawford
Auditor-General for New South Wales
Integrity and transparency | Performance and monitoring | Governance and oversight | Cyber security and data | System planning | Resource management |
Insufficient documentation of decisions reduces the ability to identify, or rule out, misconduct or corruption. | Failure to apply lessons learned risks mistakes being repeated and undermines future decisions on the use of public funds. | The control environment should be risk-based and keep pace with changes in the quantum and diversity of agency work. | Building effective cyber resilience requires leadership and committed executive management, along with dedicated resourcing to build improvements in cyber security and culture. | Priorities to meet forecast demand should incorporate regular assessment of need and any emerging risks or trends. Absence of an overarching strategy to guide decision-making results in project-by-project decisions lacking coordination. | Governments must weigh up the cost of reliance on consultants at the expense of internal capability, and actively manage contracts and conflicts of interest. |
Government entities should report to the public at both system and project level for transparency and accountability. | Government activities benefit from a clear statement of objectives and associated performance measures to support systematic monitoring and reporting on outcomes and impact. | Management of risk should include mechanisms to escalate risks, and action plans to mitigate risks with effective controls. | In implementing strategies to mitigate cyber risk, agencies must set target cyber maturity levels, and document their acceptance of cyber risks consistent with their risk appetite. | Service planning should establish future service offerings and service levels relative to current capacity, address risks to avoid or mitigate disruption of business and service delivery, and coordinate across other relevant plans and stakeholders. | Negotiations on outsourced services and major transactions must maintain focus on integrity and seeking value for public funds. |
Entities must provide balanced advice to decision-makers on the benefits and risks of investments. | Benefits realisation should identify responsibility for benefits management, set baselines and targets for benefits, review during delivery, and evaluate costs and benefits post-delivery. | Active review of policies and procedures in line with current business activities supports more effective risk management. | Governments hold repositories of valuable data and data capabilities that should be leveraged and shared across government and non-government entities to improve strategic planning and forecasting. | Formal structures and systems to facilitate coordination between agencies is critical to more efficient allocation of resources and to facilitate a timely response to unexpected events. | Transformation programs can be improved by resourcing a program management office. |
Clear guidelines and transparency of decisions are critical in distributing grant funding. | Quality assurance should underpin key inputs that support performance monitoring and accounting judgements. | Governance arrangements can enable input into key decisions from both government and non-government partners, and those with direct experience of complex issues. | Workforce planning should consider service continuity and ensure that specialist and targeted roles can be resourced and allocated to meet community need. | ||
Governments must ensure timely and complete provision of information to support governance, integrity and audit processes. | |||||
Read more | Read more | Read more | Read more | Read more | Read more |
This report brings together a summary of key findings arising from NSW Audit Office reports tabled in the New South Wales Parliament between July 2018 and February 2022. This includes analysis of financial audits, performance audits, and compliance audits tabled over this period.
- Financial audits provide an independent opinion on the financial statements of NSW Government entities, universities and councils and identify whether they comply with accounting standards, relevant laws, regulations, and government directions.
- Performance audits determine whether government entities carry out their activities effectively, are doing so economically and efficiently, and in accordance with relevant laws. The activities examined by a performance audit may include a selected program or service, all or part of an entity, or more than one government entity. Performance audits can consider issues which affect the whole state and/or the local government sectors.
- Compliance audits and other assurance reviews are audits that assess whether specific legislation, directions, and regulations have been adhered to.
This report follows our earlier edition titled 'Performance Audit Insights: key findings from 2014–2018'. That report sought to highlight issues and themes emerging from performance audit findings, and to share lessons common across government. In this report, we have analysed the key findings and recommendations from our reports over the past four years. The full list of reports is included in Appendix 1. The analysis included findings and recommendations from 58 performance audits, as well as selected financial and compliance reports tabled between July 2018 and February 2022. The number of recommendations and key findings made across different areas of activity and the top issues are summarised at Exhibit 1.
The past four years have seen unprecedented challenges and several emergency events, and the scale of government responses to these events has been wide-ranging involving emergency response coordination, service delivery, governance and policy. While these emergencies are having a significant impact today, they are also likely to continue to have an impact into the future. There is much to learn from the response to those events that will help the government sector to prepare for and respond to future disruption. The following chapters bring together our recommendations for core elements of good practice across a number of areas of government activity, along with relevant examples from recent audit reports.
This 'Audit Insights 2018–2022' report does not make comparative analysis of trends in public sector performance since our 2018 Insights report, but instead highlights areas where government continues to face challenges, as well as new issues that our audits have identified since our 2018 report. We will continue to use the findings of our Insights analysis to shape our future audit priorities, in line with our purpose to help Parliament hold government accountable for its use of public resources in New South Wales.
Appendix one – Included reports, 2018–2022
Appendix two – About this report
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for NSW planning portal
NSW planning portal
What the report is about
The ePlanning program is an initiative of the Department of Planning and Environment (the department) to deliver a digital planning service for New South Wales through the NSW planning portal (the portal).
Using the portal, relevant planning activities can be carried out online, including all stages of development applications.
The portal has been developed under three separate business cases in 2013, 2014 and 2020.
In late 2019, the government mandated the use of the portal for all development applications. This decision took effect across 2020–21.
This audit assessed the effectiveness of the department's implementation, governance and stakeholder engagement in delivering the NSW planning portal.
What we found
Since implementation commenced in 2013, the NSW planning portal has progressively achieved its objectives to provide citizens with access to consolidated planning information, and allow them to prepare and submit development applications online.
Shortcomings in the department's initial planning and management of the program led to a significant time overrun. It has taken the department longer and cost significantly more to implement the portal than first anticipated.
In recent years the department has improved the planning, implementation and governance of the ePlanning program, resulting in improved delivery of the portal’s core functions.
The department now has a clear view of the scope necessary to finalise the program, but has not yet published the services it plans to implement in 2022 and 2023.
Mandating the use of the portal for all development applications changed the program's strategic risk environment and required the department to work more closely with a cohort of stakeholders, many of whom did not want to adopt the portal.
Despite this change, the department kept its overall delivery approach the same.
While implementation of the portal has delivered financial benefits, the department has overestimated their value.
The Department has only reported benefits since 2019 and has not independently assured the calculation of benefits.
What we recommended
By December 2022, the department should:
- publish a roadmap of the services it expects to release on the portal across 2022 and 2023
- update its ePlanning program assumptions, benefits targets and change management approach to reflect the government's decision to mandate the use of the portal for all stages of a development application
- independently assure and report publicly the correct calculation of ePlanning program benefits.
Fast facts
- 10 years taken to implement the portal when completed
- 3 years longer than initially planned to implement the portal
- $146m capital expenditure on the portal when completed
- $38.5m more spent than planned in the business cases.
The ePlanning program is an initiative of the Department of Planning and Environment (the department) to deliver a digital planning service for New South Wales through the NSW planning portal (the portal, or the planning portal). The department defines the portal as an online environment where community, industry and government can work together to better understand and meet their obligations under the Environmental Planning and Assessment Act 1979 (NSW). Using the portal, relevant planning activities can be carried out online throughout New South Wales. This includes, but is not limited to:
- applying for and gaining planning approval
- applying for and gaining approval for building works, sub-dividing land and similar activities
- issuing occupancy and other certificates.
The portal has been developed under three separate business cases. The first business case in 2013 led to the creation of a central portal, which made planning information available to view by planning applicants and allowed some planning applications to be lodged and tracked online.
Under a second business case prepared in 2014, the department set out to improve and widen the functions available via the portal. The department prepared a third business case in 2020 to fund further improvements to the portal over the period July 2020 to June 2023. The third business case also extended the portal's functions to support the building and occupation stages of the planning cycle.
In late 2019, the government mandated the use of the portal for all stages of development applications. This decision took effect across 2020–21 and applied to all councils as well as certifiers and others involved in the planning process.
The objective of this performance audit was to assess the effectiveness of the department's implementation, governance and stakeholder engagement in delivering the NSW planning portal. We investigated whether:
- delivery of the NSW planning portal was planned effectively
- sound governance arrangements are in place to ensure effective implementation of the program
- users of the NSW planning portal are supported effectively to adopt and use the system.
Conclusion
Since implementation commenced in 2013, the NSW planning portal has progressively achieved its objectives to provide citizens with access to consolidated planning information and allow them to prepare and submit development applications online. Implementation was initially hindered by deficiencies in planning and it has taken the department significantly longer and cost significantly more to implement the portal than first anticipated. While the portal's implementation has delivered financial benefits, the department has overestimated their value. As a result, the department cannot yet demonstrate that the portal has achieved overall financial benefits, relative to its costs.
In the first two years of the ePlanning program, the department delivered a portal that allowed planners, developers, certifiers and the public to view important planning information. However, the department found the delivery of a second, transactional version of the portal in 2017 to be much more challenging. This version was intended to offer more integrated information and allow development applications to be submitted and managed online. The department did not rollout this version after a pilot showed significant weaknesses with the portal's performance. A subsequent review found that this was partly because the department did not have a clear view of the portal’s role or the best way to implement it. In recent years the department has improved the planning, implementation and governance of the ePlanning program resulting in improved delivery of the portal’s core functions.
By the time the program reaches its scheduled completion in 2023, it will have taken the department ten years and around $146 million in capital expenditure to implement the portal. This will be significantly longer and more expensive than the department originally expected. This overrun is partly due to an increased scope of services delivered through the portal and an initial under-appreciation of what is involved in creating a standard, central resource such as the portal. The department also experienced some significant implementation difficulties – which saw the transactional portal discontinued after it was found to be not fit for purpose. Following this, the department re-set the program in 2017–18 and re-planned much of the portal's subsequent development.
In November 2019, the New South Wales Government decided to mandate the use of the portal for all stages of development applications by the end of 2020–21. The department had previously planned that the portal would be progressively adopted by all councils and other stakeholders over the five years to 2025. The decision to mandate the portal's use for all development applications brought forward many of the portal's benefits as well as the challenges of its implementation. The department did not change its overall delivery approach in response to the changed risks associated with the government's decision to mandate use of the portal.
The current version of the portal has given the department more timely and comprehensive planning information and has helped New South Wales to provide continuous planning services during COVID-19 lockdowns, which interrupted many other public functions. The portal has also delivered financial benefits, however the department has not independently assured benefits calculations carried out by its consultant, and the reported benefits are overstated. In addition, some stakeholders report that the portal is a net cost to their organisation. This has included some certifiers and some councils which had implemented or had started to implement their own ePlanning reforms when use of the portal was mandated in 2019. The department now needs to address the issues faced by these stakeholders while continuing to deliver the remaining improvements and enhancements to the portal. Over the remaining year of the program, it will be critical that the department focuses on the agreed program scope and carefully evaluates any opportunities to further develop the portal to support future planning reforms.
This part of the report sets out how:
- the ePlanning program has been planned and delivered
- users of the portal have been supported
- the program has been governed.
This part of the report sets out the ePlanning program's:
- expected and reported financial benefits
- calculation of financial benefits.
In 2019, the department increased its expectations for net financial benefits
The department's three ePlanning business cases each forecast substantial financial benefits from the implementation of the planning portal. The department expected that most financial benefits would flow to planning applicants due to a quicker and more consistent planning process. It also expected that government agencies and councils would benefit from the portal.
Business case 1 ($ million) |
Business case 2 ($ million) |
Business case 3 ($ million) |
Total ($ million) |
|
---|---|---|---|---|
Benefits | 90.0 | 44.3 | 270.9 | 405.2 |
Costs | 43.3 | 29.4 | 89.8 | 162.5 |
Net benefits | 46.7 | 15.0 | 181.1 | 242.7 |
Source: Audit Office analysis of data provided by the Department of Planning and Environment.
In 2019 the department commissioned a review to explore opportunities to better identify, monitor and realise the benefits of the ePlanning program. Using this work, the department updated the expected benefits for business cases 1 and 2 to take account of:
- errors and miscalculations in the original benefits calculations
- slower delivery of the portal and changes to the take-up of portal services by councils
- changes to the services supported by the portal.
Original business case 1 and 2 (combined) ($ million) |
New business case 1 and 2 (combined) ($ million) |
|
---|---|---|
Benefits | 134.3 | 210.6 |
Costs | 72.7 | 96.3 |
Net benefits | 61.7 | 114.3 |
Source: Audit Office analysis of data provided by the Department of Planning and Environment.
Reported benefits significantly exceed the current targets
In September 2021, the department reported that the program had achieved $334 million of benefits over the three financial years up to June 2021 plus the first two months of 2021–22. These reported benefits were significantly higher than expected.
2018–19 ($ million) |
2019–20 ($ million) |
2020–21 ($ million) |
July to August 2021 ($ million) |
Total ($ million) |
|
---|---|---|---|---|---|
Benefits | 5.2 | 68.8 | 214.7 | 45.1 | 333.8 |
Target | 2.5 | 14.4 | 56.7 | 19.2 | 92.8 |
Amount and per cent above target | 2.7 108% |
54.4 378% |
158 279% |
25.9 135% |
241 260% |
The department attributes the higher-than-expected financial benefits to the following:
- benefit targets have not been updated to reflect the impact of the 2019 decision to mandate the use of the portal for all development applications. This decision brought forward the expected benefits as well as potential costs of the program. However, the department did not update its third business case which was draft at the time. The business case was subsequently approved in July 2020
- one-off cost savings for agencies not having to develop their own systems
- public exhibitions of planning proposals continuing to be available online during 2020 when some newspapers stopping printing due to COVID-19.
The calculation of benefits is overstated
The department reported $334 million of benefits in September 2021 due to the ePlanning program. This calculation is overstated because:
- a proportion of reported benefits is likely to be due to other planning reforms
- the calculation of the largest single benefit is incorrect
- the reported benefits may not fully account for dis-benefits reported by some stakeholders.
The program’s benefits are calculated primarily from changes in planning performance data, such as the time it takes to determine a planning development application. The department currently attributes the benefits from shorter planning cycles entirely to the effect of the ePlanning program. However, planning cycles are impacted by many other factors such as the complexity of planning regulations and the availability of planning professionals. Planning cycles may also be impacted by other departmental initiatives which are designed to improve the time that it takes for a planning application to be evaluated. The Introduction describes some of these initiatives.
The largest contribution to the department’s September 2021 benefit report was an estimated saving of $151 million for developers due to lower costs associated with holding their investment for a shorter time. However, the department’s calculation of this benefit assumes a high baseline for the time to determine a development application. It also assumes that all development applications except for additions or alterations to existing properties will incur financing costs. However, a small but material number of these applications will be self-financed. The calculation also includes several data errors in spreadsheets.
The calculation of some benefits relies upon an extrapolation of the benefits experienced by a small number of early-adopter councils, including lower printing and scanning costs, fewer forms and quicker processing times. However, some councils report that their costs have increased following the introduction of the portal, primarily because aspects of the portal duplicate work that they carry out in their own systems. The portal has also required some councils to re-engineer aspects of their own systems, such as the integration of their planning systems with other council systems such as finance or property and rating systems. It has also required councils to create new ways of integrating council information systems with the planning portal.
The department has published information to help councils and certifiers to automatically integrate their systems with the planning portal. This approach uses application programming interfaces (or APIs) which are an industry-standard way for systems to share information. In April and May 2021, the government granted $4.8 million to 96 regional councils to assist with the cost of developing, implementing and maintaining APIs. The maximum amount of funding for each council was $50,000. The department is closely monitoring the implementation of APIs by councils and other portal users. Once they are fully implemented the department expects APIs to reduce costs incurred by stakeholders.
The department has not yet measured stakeholder costs. It was beyond the scope of this audit to validate these costs.
The department has not independently assured the calculation of reported benefits
In 2020 the department appointed an external provider to calculate the benefits achieved by the ePlanning program. The department advised that it chose to outsource the calculation of benefits because the provider had the required expertise and because it wanted an independent calculation of the benefits. The process involves:
- extraction and verification of planning performance data by the department
- population of data input sheets by the department
- calculation of benefits by the external provider using the data input
- confirmation by the department that the calculation includes all expected benefit sources.
The department does not have access to the benefits calculation model which is owned and operated by the external provider. The department trusts that the provider correctly calculates the benefits and does not verify the reported benefit numbers. However, as the benefits model involves many linked spreadsheets and approximately 300 individual data points, there is a risk that the calculation model contains errors beyond those discussed in this audit.
The reported benefits have only been calculated since 2019
The department originally intended to track benefits from October 2014. However, it only started to track benefits in 2019 when it appointed an external provider to calculate the benefits achieved by the portal. Any benefits or dis-benefits between the introduction of the portal and 2019 are unknown and not included in the department’s calculation of benefits.
Appendix one – Response from agency
Appendix two – About the audit
Appendix three – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #366 - released 21 June 2022
Actions for Transport 2021
Transport 2021
What the report is about
The results of the Transport cluster agencies’ financial statement audits for the year ended 30 June 2021.
What we found
Unmodified financial statement audit opinions were issued for all Transport cluster agencies. Resolution of issues delayed signing the Transport Asset Holding Entity of NSW (TAHE) until 24 December 2021. Matters relating to TAHE are also reported in the report on State Finances 2021.
Emphasis of Matter - TAHE
An Emphasis of Matter paragraph was included in TAHE's audit opinion to draw attention to uncertainty associated with:
- future access and licence fees that are subject to re-signed agreements
- an additional $4.1 billion of funding that is outside the forward estimates period
- a significant portion of the fair value of TAHE’s non-financial assets is reflected in the terminal value, which is outside the ten-year contract period to 30 June 2031, and the risk that TAHE will not be able to negotiate contract terms to support current projections.
TAHE's transition from RailCorp also changed its valuation of assets to an income approach, resulting in a $20.3 billion decrease to the fair value. The fair value decrease was because the cash flows were not sufficient to support the previous recorded value.
TAHE corrected a misstatement of $1.2 billion relating to the valuation of its assets. This followed significant deliberation on key judgements and assumptions, with TAHE adopting risk assumptions in its valuation that were not in line with comparable benchmarks.
Emphasis of Matter - State Transit Authority of New South Wales
An Emphasis of Matter paragraph was included in the State Transit Authority of NSW's (the Authority) audit opinion to draw attention to the financial statements not prepared on a going concern basis. This was because the NSW Government put the Authority's bus contracts out to competitive tender and accordingly, management assessed the Authority's principal activities are not expected to operate for a full 12 months after 30 June 2021.
The implementation of AASB 1059 ‘Service Concession Arrangements: Grantors’ resulted in a net increase in assets of $23.5 billion across the Transport cluster.
The 2020–21 audits identified six high-risk and 45 moderate risk issues across the cluster. Fourteen of the moderate risk issues were repeat issues, including information technology controls around management of user access for key financial systems and payroll processes.
The high-risk issues, in addition to those related to TAHE and previously reported in the report on State Finances 2021, include:
- absence of conflict of declarations related to land acquisition processes at Transport for NSW
- no evidence of conflict of interest declarations obtained by TAHE from consultants and contractors regarding involvement in other engagements.
What we recommended
TAHE needs to:
- finalise revised commercial agreements to reflect fees detailed in a Heads of Agreement signed on 18 December 2021
- prepare robust projections and business plans to support the required rate of return.
NSW Treasury and TAHE should monitor the risk that control of TAHE assets could change in the future.
Transport for NSW needs to significantly improve its processes to ensure all key information is identified and shared with the Audit Office.
Transport agencies should implement a process to ensure conflicts of interest declarations are completed for land acquisitions and applied consistently across the cluster.
Transport agencies should implement a process to capture all contracts and agreements entered to ensure:
- agencies are aware of contractual obligations
- financial reporting implications are assessed, particularly with respect to leases, revenue and service concession arrangements.
Fast facts
The Transport cluster plans and delivers infrastructure and integrated services across all modes of transport. This includes road, rail, bus, ferry, light rail, cycling and walking. There are 11 agencies in the cluster.
- $128b road and maritime system infrastructure assets as at 30 June 2021
- 100% unqualified audit opinions were issued on agencies 30 June 2021 financial statements
- 26 monetary misstatements were reported in 2020–21
- $24.9b rail systems infrastructure assets as at 30 June 2021
- 6 high-risk management letter findings were identified
- 37% of reported issues were repeat issues
This report provides Parliament and other users of the transport cluster (the cluster) agencies’ financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the cluster for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the cluster.
Section highlights
|
Findings reported to management
The number of findings reported to management has increased, and 37 per cent of all issues were repeat issues
Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.
In 2020–21, there were 73 findings raised across the cluster (56 in 2019–20) and 37 per cent of all issues were repeat issues (43 per cent in 2019–20).
In view of the recent performance audit ‘Managing Cyber Risks’ and compliance audit ‘Compliance with the NSW Cyber Security Policy’ involving the cluster, it is noted with concern that the most common repeat issues related to weaknesses in controls over information technology user access administration and password management. Moderate risk issues included completeness and accuracy of contract registers, accounting for assets and management of supplier and payroll masterfiles.
A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports, and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Control deficiencies may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation, and central agency policies.
The table below describes the common issues identified across the cluster by category and risk rating.
Risk rating | Issue |
Information technology | |
Moderate: 7 new, 4 repeat** |
The financial audits identified opportunities for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with:
|
Low: 4 new, 1 repeat*** | |
Internal control deficiencies or improvements | |
High: 1 new* |
The financial audits identified internal control deficiencies across key business processes, including:
|
Moderate: 15 new, 8 repeat** | |
Low: 2 new, 5 repeat*** | |
Financial reporting | |
High: 3 new* |
The financial audits identified opportunities for agencies to strengthen financial reporting, including:
|
Moderate: 3 new, 1 repeat** | |
Low: 2 new*** | |
Governance and oversight | |
High: 1 new* |
The financial audits identified opportunities for agencies to improve governance and oversight processes, including:
|
Moderate: 2 new** | |
Non-compliance with key legislation and/or central agency policies | |
High: 1 new* |
The financial audits identified the need for agencies to improve its compliance with key legislation and central agency policies, including:
|
Moderate: 4 new, 1 repeat** | |
Low: 1 new, 7 repeat*** |
** Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
*** Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based either on final management letters issued to agencies.
2020–21 audits identified six high-risk findings
High-risk findings were reported at the following cluster agencies.
Agency | Description |
2020–21 findings | |
Transport for NSW (new finding) |
Declaration of conflicts of interest in the land acquisition process In 2021, we conducted a performance audit over the Acquisition of 4–6 Grand Avenue, Camellia which examined:
The report made several recommendations over Transport for NSW’s internal policies and procedures to guide the land acquisition process. As part of the financial audit, we obtained an understanding of key controls and processes relating to the acquisition of land, relevant to the audit of the financial statements. We found that conflicts of interests were not always declared by all officers involved in the land acquisition process. Furthermore, processes for declaring conflicts of interests are not consistently applied across cluster agencies. Out of a sample of 19 land acquisitions tested, we identified:
Management advised that the land acquisition processes, at the time of the land acquisitions, did not require formal conflicts of interests to be declared as they believe that as per Transport for NSW code of conduct, declaration is only required where the staff member considers that a potential or perceived Conflict of Interest exists. However, Transport for NSW's Procurement Policy requires the documentation of formal declarations from all staff involved in procurement activities to formally disclose any conflicts of interest or state that they do not have a conflict of interest. This matter has been included as a high-risk finding in the management letter as absence of rigorous and consistent management of conflicts of interests, and non-compliance with established policies increases the risk that Transport for NSW may be exposed to reputational damage or financial losses in relation to land acquisitions. Furthermore, this may result in lack of probity or value-for money considerations during the land acquisition process. Further details are elaborated below under 'Land acquisitions'. |
Transport Asset Holding Entity of New South Wales (new finding) |
Control over TAHE assets and operations The State-Owned Corporations Act 1989 maintains that all decisions relating to the operation of a statutory state-owned corporation (SOC) are to be made by or under the authority of the board. However, under the Transport Administration Act 1988 (TAA), the functions of TAHE may only be exercised under one or more operating licences issued by the portfolio minister. The current Operating Licence confers terms and conditions for TAHE to carry out its functions, and imposes constraints on TAHE, including (but not limited to):
Such operating licences are short term in nature, and the TAA allows the transport minister (portfolio minister) to grant one or more operating licences to TAHE and may amend, substitute, or impose, amend or revoke conditions of the operating licence. For the current year, the legal form of the arrangements established in its first year of operation imply TAHE has control over the assets based on the Implementation Deed and the agreements signed with the public operators. However, risks remain as TAHE is in its early stages, and the actual substance of operations will need to be observed and considered. Given the restrictions that can be placed on the entity through the Operating Licence, and the ability to make further changes to the Operating Licence and Statement of Expectations set by the portfolio minister, there is a risk there could be limitations placed on the Board of Directors to operate with sufficient independence in its decision-making with respect to the operations of TAHE. Over time, this may further impact the degree of control required by TAHE to satisfy the recognition criteria over its assets. It may also fundamentally change the presentation of TAHE’s financial statements. Future limitations to the degree of control TAHE, and its Board, can exercise over its functions may impact the degree of control TAHE has over its assets going forward. As part of the 2021–22 audit, we will monitor and assess whether, in substance, these assets continue to be controlled by TAHE and whether, in substance, TAHE can operate as an independent SOC. We require management continue to demonstrate that TAHE continues to maintain control over its assets and has the ability to operate as an independent SOC. Further details are described below under 'Transport Asset Holding Entity'. |
Transport Asset Holding Entity of New South Wales (new finding) |
Asset valuation The final updated valuation was based on cash flows that were in a signed Heads of Agreement, which stated that it set out the proposed indicative future access and licence fees which will form the basis of the negotiations between TAHE, Transport for NSW, Sydney Trains and NSW Trains, who will work together to review access fees and licence fees payable under the agreements and to make all necessary changes to the Operating Agreements by 1 July 2022. This adds uncertainty in the cash flows. It is crucial that TAHE formalises these updated fees in legally binding signed access and licence agreements with the relevant parties as soon as possible. Refer below for further details on the Heads of Agreement. |
Transport Asset Holding Entity of New South Wales (new finding) |
Conflict of interest (COI) management For procurement transactions through direct negotiation with single quotes, there was no evidence of COI declarations obtained from the consultants and contractors regarding involvement in other engagements. Contractors and consultants are required to declare actual COI. However, there was no requirement to confirm nil conflict of interest. In addition, there is a risk that perceived COI may not be adequately assessed or managed. TAHE is expected to operate as an independent SOC and would need to ensure any perceived or actual conflict of interest is adequately addressed. Management should implement a process to:
The declarations should consider individuals and relationships that may create, or may be perceived to create, conflicts of interest. |
Transport Asset Holding Entity of New South Wales (new finding) |
Detailed business modelling to support returns On 18 December 2021, Transport for NSW, TAHE and the operators, Sydney Trains and NSW Trains entered into a Heads of Agreement (HoA). This HoA forms the basis of negotiations to revise the pricing within the existing 10-year contracts and deliver upon the shareholders' expectation of a return of 2.5 per cent per annum of contributed equity, including recovering the revaluation loss incurred in 2020–21. TAHE needs to revise its business plan and include detailed business modelling that supports the shareholding ministers' revised expectations of return (2.5 per cent return on the State’s equity injections and recovery of the write-down of assets over the average useful life of those assets) and align the business plan and Statement of Corporate Intent. This requires more detailed projections, estimates and plans that support how TAHE expects to recover the asset write-down and expected returns to government. The current modelling for ten years needs to be enhanced with modelling over the expected recovery period of approximately 33 years. |
Transport Asset Holding Entity of New South Wales (new finding) |
Access price build-up Management explained that in determining access and licence fees for the agreements with Sydney Trains and NSW Trains, assets prior to the commencement of equity injections in 2015–16 were excluded from the calculations. Management explained the premise being that these assets were previously funded by government through capital grants. The replacement and refurbishment of these assets is expected to be through government funded maintenance performed through the public rail operators and/or the equity injections from NSW Treasury rather than through access and licence fees. |
The number of moderate risk findings increased from prior year
Forty-five moderate risk findings were reported in 2020–21, representing a 73.1 per cent increase from 2019–20. Of these, 14 were repeat findings, and 31 were new issues.
Key moderate risk findings related to:
- weaknesses in user access management to key financial systems
- management of contracts and agreements register
- management of supplier and payroll masterfiles
- accounting for assets
- control deficiencies at service organisations
- segregation of duties relating to the hiring of employees
- conflict of interest management
- annual leave management
- review of internal audit charter
- disaster recovery planning.
Transport Asset Holding Entity of New South Wales
Background
The establishment of TAHE was originally announced by the NSW Government in the 2015–16 State Budget. On 1 July 2020, the former Rail Corporation New South Wales (RailCorp), a not-for-profit entity, transitioned to the Transport Asset Holding Entity of New South Wales (TAHE), a for-profit statutory state-owned corporation under the Transport Administration Act 1988. There was no change in the structure of TAHE as a new entity was not created. Ownership remains fully with the government. TAHE, and the former RailCorp, were both classified as Public Non-Financial Corporation (PNFC) entities within the Total State Sector Accounts.
Prior to 1 July 2015, the government paid appropriations to Transport for NSW, a General Government Sector (GGS) agency, to construct transport assets. When completed, these assets were granted to the former RailCorp, a not for-profit entity within the PNFC sector. The grants to the former RailCorp were recorded as an expense in the State’s GGS budget result.
From 1 July 2015, the government announced the creation of TAHE (a dedicated asset manager). Funding for new capital projects was to be provided through equity injections and was no longer recorded as an expense to the GGS budget, even though the business model was yet to be determined. The change, as explained in the 2015–16 State Budget, was due to the expectation that the former RailCorp will transition to TAHE, which was intended, over time to provide a commercial return. That Budget also highlighted how the change, which was largely a change in the basis of accounting, was intended to improve the GGS budget result each year. In total, the GGS has contributed approximately $11.1 billion to TAHE since 2015–16. This includes the equity injections from the GGS to TAHE made in the current year of $2.4 billion.
NSW Treasury initially set a timetable for the stand-up of TAHE of 1 July 2019, which included finalising the business model, operating model and contracts for the use of TAHE's assets. The enactment of the Transport Administration Act 1988 resulted in RailCorp transitioning to TAHE on 1 July 2020, 12 months after its originally planned operational date. Contributions paid to the former RailCorp and subsequently to TAHE by the GGS were treated as equity investments from July 2015 forward. This treatment continued, despite delays in settling the business model. In 2020, the Audit Office raised a high-risk finding due to the significance of the financial reporting impacts and business risks for NSW Treasury and TAHE.
The business model adopted and the flow of funds between transport agencies in the GGS and PNFC sectors is shown in the diagram below. For further details refer to the Report on State Finances 2021.
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Building regulation: combustible external cladding
Building regulation: combustible external cladding
What the report is about
The report focuses on how effectively the Department of Customer Service (DCS) and Department of Planning and Environment (DPE) led reforms addressing the unsafe use of combustible external cladding on existing residential and public buildings.
Nine local councils were included in the audit because they have responsibilities and powers needed to implement the NSW Government’s reforms.
What we found
After the June 2017 Grenfell Tower fire in London, the NSW Government committed to a ten-point action plan, which included establishing the NSW Cladding Taskforce, chaired by DCS, and with DPE as a key member. The Taskforce co-ordinates and oversees the implementation of the plan.
Depending on the original source of development approval, either individual local councils or DPE are responsible for ensuring that buildings are identified, assessed, and remediated. NSW Government-owned buildings are the responsibility of each department.
Identifying buildings potentially at risk was complex and resource intensive. However, on balance, it is likely that most affected buildings have now been identified.
By October 2021, around 40 per cent of assessed high-risk buildings that are the responsibility of local councils had either been remediated or found not to pose an unacceptable fire risk.
By February 2022, almost 50 per cent of affected NSW Government-owned buildings, and 90 per cent of buildings that are the responsibility of DPE, have either been cleared or are in the process of being remediated.
Earlier guidance on some key issues could have been provided by DCS and DPE in the two years after the Grenfell Tower fire. This may have reduced confusion and inconsistency across local councils we audited, and in some NSW Government departments. This especially relates to the application of the Fair Trading Commissioner's product use ban.
Given the inherent risks posed by combustible external cladding, buildings initially assessed as low-risk may also still warrant further action.
While most high-risk buildings have likely been identified, poor information handling makes it difficult to keep track of all buildings from identification, through to risk assessment and remediation.
What we recommended
DCS and DPE should:
- address the confusion surrounding the application of the Commissioner for Fair Trading's product use ban for aluminium composite panels with polyethylene content greater than 30 per cent
- develop an action plan to address buildings assessed as low-risk
- improve information systems to track all buildings from identification through to remediation.
Fast facts
Authority responsible for ensuring that owners make their buildings safe |
Approximate number of buildings referred for further investigation* |
Approximate percentage of buildings remediated or assessed to be safe |
---|---|---|
Local councils | 1,200 | 40% |
NSW Government owned | 66 | 50% |
DPE under delegation from the Minister for Planning |
137 | 90% |
fire from combustible external cladding.
NSW Government's response to the risks posed by combustible external cladding
The NSW Government first became aware of the potential heightened risks posed by combustible external cladding on building exteriors after the 2014 Lacrosse Tower fire in Melbourne. However, it was the tragic loss of life from the Grenfell Tower fire in London, in June 2017, that gave added urgency to the need to address these risks.
Within six weeks of the London fire, the NSW Government committed to a ten-point plan of action for NSW to:
- identify and remediate any buildings with combustible external cladding
- ensure that regulation prevented the unsafe use of such cladding
- ensure that experts involved in providing advice and certifying fire safety measures had the necessary skills and experience.
One of the actions in the ten-point plan was the creation of the NSW Government's Fire Safety and External Wall Cladding Taskforce (the Cladding Taskforce) chaired by the Department of Customer Service (DCS) and with the Department of Planning and Environment (DPE) as a key member.
The ten-point plan also specified that NSW Government departments would be responsible, in regard to buildings they owned to '…audit their buildings and determine if they have aluminium cladding'.
Local councils play a key role in implementing the Government's reforms, given their responsibilities and powers under the Environmental Planning and Assessment Act 1979 (EPA Act) and Local Government Act 1993 (Local Government Act) to approve building works (as 'consent authorities'), as well as to ensure fire safety standards are met. DPE plays an equivalent role for a smaller number of 'State Significant Developments' for which it is the consent authority under delegation from the Minister for Planning.
Commissioner for Fair Trading's building product use ban
On 18 December 2017, the Building Products (Safety) Act 2017 (BPS Act) came into effect in NSW, introducing new laws to prevent the use of unsafe building products. Notably, the BPS Act gave the Secretary of DCS and the Commissioner for Fair Trading the power to ban unsafe uses of building products.
After an extensive consultative process, the Commissioner for Fair Trading used these powers to issue a product use ban on 15 August 2018. This banned the use of external wall cladding of aluminium composite panels with a core comprised of more than 30 per cent polyethylene by mass on new buildings, unless the proposed use was subject to independent fire propagation testing of the specific product and method of application to a building in accordance with relevant Australian Standards.
Buildings occupied before the product use ban came into force are not automatically required to have the banned product removed. Under the BPS Act, consent authorities may determine necessary actions to eliminate or minimise the risk posed by the banned material on existing buildings.
Project Remediate
Project Remediate is a three-year NSW Government program announced in November 2020. The program was designed by the NSW Government to assist building owners of multi-storey apartments (two storeys or more) with high-risk combustible cladding to remediate their building to a high standard and for a fair price.
The scheme is voluntary and includes government paying for the interest on ten-year loans, as well as incorporating assurance and project management services to provide technical and practical support to owners’ corporations and strata managing agents. Building remediations under the program are expected to commence in 2022.
About this audit
This audit assessed whether DCS and DPE effectively led reforms to manage the fire safety risk of combustible external cladding on existing residential and public buildings.
In making this assessment, we considered whether the expressed policy intent of the NSW Government's ten-point plan for fire safety reform had been achieved by asking:
- are the fire safety risks of combustible external cladding on existing buildings identified and remediated?
- is there a comprehensive building product safety scheme that prevents the dangerous use of combustible external cladding products on existing buildings?
- is fire safety certification for combustible external cladding on existing buildings carried out impartially, ethically and in the public interest by qualified experts?
Consistent with the focus of the Cladding Taskforce on multi-storey residential buildings and public buildings, the scope of our audit is limited to buildings categorised under the Building Code of Australia (BCA) as class 2, 3 and 9. These classes are defined in detail in section 1.2, but include: multi-unit residential apartments, hotels, motels, hostels, back-packers, and buildings of a public nature, including health care buildings, schools, and aged care buildings. The scope was also limited to existing buildings, which is defined as buildings occupied by 22 October 2018.
Auditees
The Department of Customer Service chairs the NSW Government's Cladding Taskforce, which is responsible for coordinating the combustible external cladding reforms. The Commissioner of Fair Trading sits within DCS and DCS regulates the industry accreditation scheme for fire safety practitioners, as well as administering the BPS Act.
The Department of Planning and Environment administers the EPA Act and the Environmental Planning and Assessment Regulation 2000 (EPA Regulation), which regulate the building development process. As well as being the delegated consent authority for State Significant Developments, DPE is also responsible for maintaining the mandatory cladding register requiring building owners of multi-storey (BCA class 2, 3 or 9) buildings to register buildings with combustible external cladding on an online portal.
Functions and responsibilities between DCS and DPE varied over time. For example, in October 2019, the DPE building policy team responsible for co-ordinating the DPE response to the combustible cladding issue was transferred to DCS, following changes to agency responsibilities resulting from machinery of government changes. DPE advised this resulted in a lessening of DPE's subsequent policy work on combustible cladding and its involvement in the Cladding Taskforce.
While the focus of the audit was on the oversight and coordination provided by DCS and DPE, nine councils were also auditees for this performance audit. Councils play an essential part as consent authorities for building development approvals in NSW, as well as having responsibilities and powers to ensure fire safety standards. To fully understand how well their activities were overseen and coordinated, a sample of councils was included as auditees.
Nine councils were selected to represent both metropolitan and regional areas, noting that there are very few in-scope buildings in rural areas. The audited councils were:
- Bayside Council
- City of Canterbury Bankstown Council
- Cumberland City Council
- Liverpool City Council
- City of Newcastle Council
- City of Parramatta Council
- City of Ryde Council
- City of Sydney Council
- Wollongong City Council.
Terminology
The two NSW Government department auditees have, over time, been subject to machinery of government changes, which have changed some of their functions and what the departments are called.
Relevant to this audit, the effect of these changes has been:
- the Department of Finance, Services, and Innovation (DFSI) became the Department of Customer Services (DCS) on 1 July 2019
- on 1 July 2019, the Department of Planning and Environment became the Department of Planning, Industry, and Environment (DPIE)
- on 21 December 2021, DPIE became the Department of Planning and Environment (DPE).
To avoid confusion, we use the titles by which these departments are known at the date of this report: the Department of Customer Service and the Department of Planning and Environment.
Conclusion
At July 2017, immediately after the Grenfell Tower fire, there was no reliable source to identify buildings that may have had combustible external cladding. However, it is now likely that most high-risk buildings have been identified.
Following the 2014 Lacrosse Tower fire in Melbourne, the NSW Government recognised that there was a need to be able to identify buildings in NSW that could have combustible external cladding.
The process of identifying buildings that could have combustible external cladding has been complex, resource-intensive, and inefficient principally due to the lack of centralised and coordinated building records in NSW. In total, approximately 1,200 BCA class 2, 3 and 9 buildings have been brought to the attention of councils by either Fire and Rescue NSW (FRNSW), the Cladding Taskforce, or through councils' own inspection for possible further action. In addition, approximately 2,000 more buildings were inspected by FRNSW but not referred to local councils because they either had no combustible external cladding or had combustible external cladding not assessed as being high-risk.
A multi-pronged approach to identifying buildings has been used by the DCS and DPE, through the Cladding Taskforce. While it is impossible to know the full scope of potentially affected buildings, the approach appears thorough in having identified most relevant buildings.
The process of clearing buildings with combustible external cladding has been inconsistent.
In the more than four years since the NSW Government's ten-point plan was announced, around 40 per cent of the buildings brought to the attention of councils have been cleared by either rectification or being found not to pose an unacceptable fire risk. Also, around 50 per cent of NSW Government-owned buildings identified with combustible external cladding and almost 90 per cent of identified buildings for which DPE is consent authority have been cleared or remediation is underway.
While DCS and DPE did seek to work cooperatively with councils and provided high-level guidance on the NSW Government’s fire safety reforms, it took until September 2019 before a model process and other detailed advice was provided to councils to encourage consistent processes. DCS and DPE advice to councils and NSW Government-building owners should have been more timely on two key issues:
- the use of experts in the process of assessing and remediating existing buildings, and
- the implementation of the product use ban on aluminium composite panels with polyethylene content 30 per cent or greater.
Clarifying the application of the product use ban may require consent authorities and building owners to revisit how some buildings have been cleared.
The management of buildings assessed as low-risk by FRNSW, estimated to be over 500, has not been a priority of the Cladding Taskforce to date, despite those buildings potentially posing unacceptable fire risks.
Information management by the Cladding Taskforce is inadequate to provide a high-level of assurance that all known affected buildings have been given proper attention.
While most high-risk buildings have likely been identified, information management is not sufficiently robust to reliably track all buildings through the process from identification, through to risk assessment and, where necessary, remediation.
Reforms to certifier registration schemes are limited to new buildings and do not apply to the existing buildings covered by this audit.
While reforms are limited in application to new buildings, some consent authorities took steps to obtain greater assurance on the quality of the work done by fire safety experts regarding combustible external cladding on existing buildings. For example, by requiring fire safety experts to be appropriately qualified and requiring peer review of cladding risk assessments and proposed remediation plans.
This chapter considers the part played by DCS and DPE as key members of the Cladding Taskforce in ensuring that buildings with combustible external cladding were effectively identified and remediated through processes implemented by:
- local councils or DPE, where those bodies were consent authorities under the EPA Act for the relevant buildings
- in the case of NSW Government buildings, the departments that owned those buildings.
This chapter considers what has been done to deliver a comprehensive building product safety scheme that prevents the dangerous use of combustible external cladding products.
This chapter considers whether reforms have ensured that only people with the necessary skills and experience are certifying buildings and signing off on fire-safety.
Inspections of existing buildings and development of any subsequent action plans to address combustible external cladding are not activities covered by accreditation or registration schemes for building certifiers
Almost all the risk assessment and remediation work done on buildings in the scope of this audit have been undertaken under fire safety orders issued by consent authorities using their powers under the EPA Act. This has been the recommended approach by DPE and DCS since at least 2016 (that is, before the Grenfell Tower fire in London).
While there have been reforms to certifier registrations scheme, these were not intended to ensure that combustible cladding-remediation on existing buildings is supported by people with the necessary skills and experience in fire safety under the fire safety order process. Instead, they are focused on offering better assurance for work done in respect to new building projects where accredited experts certify that building work is carried out in accordance with BCA under the DCS managed certifier registration schemes.
No steps have been taken to ensure the quality of the work done by experts inspecting, assessing the fire risk and developing action plans to address combustible external cladding on existing buildings, other than where consent authorities have chosen to exercise their discretion. This includes requiring fire safety experts to be appropriately qualified and requiring peer review of some cladding risk assessments and remediation plans.
Consent authorities determine whether individuals with accreditation are required for combustible cladding inspection, risk assessments and remediation on existing buildings
Whether an individual with certifier accreditation participates in a cladding inspection, risk assessment, or remediation for an existing building will be determined by what councils as consent authorities specify in their fire safety orders unless building owners opt to use such experts without being directed to do so by the consent authority.
As discussed earlier, councils acting as consent authorities vary in whether they require building owners to engage individuals with certifier accreditation. In most of the councils we audited, A1 or C10 accredited experts were either required, or recommended, to perform functions such as auditing suspected combustible cladding, or conducting fire safety risk assessments and developing plans to rectify combustible cladding.
However, these types of work are not functions covered by the accreditation or registration schemes that apply to building and development certifiers.
Certifier accreditation schemes do not cover cladding remediation work done under fire safety orders
While councils may require or recommend that independent accredited A1 or C10 certifiers be engaged by building owners for cladding risk assessment and remediation, they are not performing those functions as certifiers — they are, in effect, more akin to expert consultants. Accordingly, how they perform their functions and duties is not covered by the legislation supporting the accreditation scheme for certifiers that was operated until July 2020 by the Building Professional Board.
Instead, their use in this process is a convenient and practical way for consent authorities to ensure that building owners use appropriate experts who have the qualifications, skills and experience needed to investigate and identify combustible cladding, and then to formulate appropriate action to deal with such cladding. However, these individuals are not performing regulated or accredited work, are not subject to regulatory oversight, and are not accountable to any accreditation body for the quality of the work they perform.
While councils could (and sometimes do) choose to decline poor quality or incomplete cladding-related work prepared by A1 or C10 certifiers, the burden of resolving poor quality would fall on the building owner, who would have to seek amended or additional risk assessments or rectification plans.
In the absence of regulatory oversight, disincentives for poor quality cladding-related work, may include litigation being commenced by the property owner, harm to the expert's reputation in a small and competitive market, and the potential impact on whether the individual could retain their professional indemnity insurance at a reasonable cost (especially in an environment when many insurance providers withdrew coverage for cladding related work).
Reforms impact on regulated experts doing work on new buildings
The reforms that commenced on 1 July 2020, replaced categories of accreditation with classes of registration, and varied the classes such that:
- accredited building surveyor category A1 became registered building surveyor-unrestricted
- accredited certifier—fire safety engineer category C10 became registered certifiers-fire safety.
The legislation that introduced these reforms, the Building and Development Certifiers Act 2018, also repealed the pre-existing Building Professionals Act 2005 and abolished the Building Professionals Board. The new Act was accompanied by the Building and Development Certifiers Regulation 2020.
While the scope of this audit is limited to existing buildings, we note that there are buildings with combustible external cladding that are yet to be remediated. Just as these processes previously drew on the expertise of A1 and C10 category certifiers, it seems inevitable that the remediation of existing buildings will continue to draw on the expertise of the equivalent new classes of registered building surveyor-unrestricted and registered certifier-fire safety.
Appendix one – Response from agencies
Appendix two – About the audit
Appendix three – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #364 - released 13 April 2022.
Actions for Local government business and service continuity arrangements for natural disasters
Local government business and service continuity arrangements for natural disasters
What the report is about
Natural disaster events, including bushfires and floods, have directly impacted some local councils in New South Wales over recent years. It is important for local councils to effectively plan so that they can continue operations through natural disasters and other disruptions.
This audit assessed the effectiveness of Bega Valley Shire Council and Snowy Valleys Council’s approaches to business and service continuity arrangements for natural disasters.
What we found
Bega Valley Shire Council has a documented approach to planning for business and service continuity that provides for clear decision making processes and accountability.
Bega Valley Shire Council has prepared for identified natural disaster risks to business and service continuity but can do more to monitor how it has implemented controls responding to these risks.
Bega Valley Shire Council did not follow all aspects of its business continuity plan in responding to the 2019–20 bushfires.
Bega Valley Shire Council can do more to ensure its business continuity management approach is regularly reviewed and updated, and that staff are regularly trained in its implementation.
Snowy Valleys Council did not have a finalised approach to ensure business and service continuity until October 2020. Now in place, this approach identifies governance, assigns roles and responsibilities, and includes procedures to retain or resume services. That said, the Council has not adequately documented key elements of its business continuity management approach.
Snowy Valleys Council's strategic risk register identifies that natural disasters may impact its ability to deliver services, but the Council has not identified controls to respond to these risks.
During the 2019–20 bushfires, in the absence of a business continuity plan, Snowy Valleys Council relied on the local knowledge of its staff to manage service continuity in line with directions from the Local Emergency Operations Controller and the combat agency (the Rural Fire Service).
Both councils advised that, during the 2019–20 bushfires, services were maintained, sometimes with adaptation and sometimes with support from other councils, NSW Government and Australian Government agencies.
What we recommended
Bega Valley Shire Council should update and regularly review its business continuity plans, provide business continuity training, and improve its monitoring of risk controls and actions, including for natural disaster impacts.
Snowy Valleys Council should document and monitor all disruption-related risks and controls, regularly review and update its business continuity plans, and progress planned actions to increase staff awareness of business continuity plans.
Across both councils, we recommended that recordkeeping relating to service delivery during natural disasters should be adequate to inform post incident reviews and future updates to business continuity.
Fast facts
- Multiple natural disasters affected the audited councils in 2019–20:
- bushfires in 2019–20
- storms and floods in January 2020
- storms and floods in July and August 2020
- storms and floods in October 2020.
- 6,279km2 Size of Bega Valley Shire Council (area)
- 2,203km2 Area burnt within Bega Valley Shire Council in 2019–20 bushfires
- 8,959km2 Size of Snowy Valleys Council (area)
- 3,339km2 Area burnt within Snowy Valleys Council in 2019–20 bushfires.
Natural disaster events, including bushfires and floods, have directly impacted some local councils in New South Wales over recent years. Given their important role in delivering essential services to their communities, it is important for local councils to effectively plan so that they can continue operations through natural disasters and other disruptions.
Business continuity plans are a widespread mechanism used by governments and private sector organisations to ensure they are prepared to respond effectively to disruptions. In New South Wales, business continuity plans are widely used by local councils to help ensure continuity of service delivery, safety and availability of staff, availability of information technology systems and other systems, financial management and governance. There are no current sector-wide requirements or policies for business continuity management issued by the Department of Planning and Environment (DPE)1 for NSW councils. As such, councils can develop their own business continuity management frameworks.
Our 'Report on Local Government 2020' considered the financial and governance impacts from recent natural disaster events on local councils in New South Wales. It also considered sector-wide trends in business continuity planning, including how many councils enacted or updated their business continuity plans in 2019–20.
The report found that all councils were impacted by emergency events, and that some councils changed their governance, policies, systems, and processes to respond to the emergency events. Sixty-five per cent of councils updated their business continuity plan as a response to recent emergency events, and 43 per cent of councils updated their disaster recovery plan.
This audit follows on from the 'Report on Local Government 2020' with a detailed examination of the effectiveness of business and service continuity arrangements for natural disasters in two councils.
The selected councils for this audit were Bega Valley Shire Council and Snowy Valleys Council. They were selected because they had been heavily impacted by the 2019–20 bushfires and other natural disaster events, such as storms and floods between December 2018 to December 2020.
The objective of this performance audit was to assess the effectiveness of the councils' approaches to business and service continuity arrangements for natural disasters. In making this assessment, we considered whether the selected councils:
- had documented approaches for identifying, mitigating, and responding to disaster-related risks to business and service continuity
- effectively implemented strategies to prepare for identified disaster-related impacts
- responses during selected disasters were effective in managing business and service continuity.
Conclusion - Bega Valley Shire Council
Bega Valley Shire Council has a documented approach to planning for business and service continuity that provides for clear decision-making processes and accountability.
Since 2018, the council has prepared for identified natural disaster risks to business and service continuity, but can do more to monitor how it has implemented controls responding to these risks.
Bega Valley Shire Council did not follow all aspects of its business continuity plan in responding to the 2019–20 bushfires.
The council can do more to ensure its business continuity management approach is regularly reviewed and updated, and that staff are regularly trained in its implementation.
Bega Valley Shire Council has a documented approach to business continuity management that is integrated with its broader approach to enterprise risk management and is supported by clear decision-making processes and accountability. This includes a business continuity plan (BCP), BCP subplans, and a business impact analysis (BIA). The council made changes to its BIA in 2019 following the 2018 Tathra bushfires within its local government area (LGA), but its BCP and BCP subplans have not been updated since 2016 and key information is out of date.
Bega Valley Shire Council has identified high-level controls and strategies to mitigate disaster-related risks and undertakes post incident reviews to capture lessons following a disaster, but many high-risk actions resulting from those reviews remain outstanding.
Bega Valley Shire Council identified risks, controls, and actions to prepare for natural disaster impacts between 2018 to 2020. However, the council has not effectively monitored implementation of the identified controls. Bega Valley Shire Council has only partially implemented the actions and recommendations from internal reviews that identified gaps in its business continuity management approach.
Bega Valley Shire Council did not follow all aspects of its business continuity plan in responding to the 2019–20 bushfires, instead relying on the local knowledge of its staff. The council has not provided BCP scenario training since 2015 and has not monitored completion rates of its online business continuity management training for staff.
Bega Valley Shire Council did not keep records of its decision of whether to enact its BCP during the 2019–20 bushfires, but advised its ability to follow the BCP was not possible due to the scale and impact of the bushfires surpassing the expectations included in its BCP and BCP subplans.
The council advised that essential council-led services were largely maintained during the disaster, sometimes with adaptation of services, and sometimes with support from other councils, NSW Government and Australian Government agencies.
As Bega Valley Shire Council did not maintain formal records of service disruptions for most services, did not follow all aspects of its BCP during the 2019–20 bushfires, and because it requested and received support from other agencies, we are unable to assess the impact of its planning and preparation activities on the continuity of services.
Bega Valley Shire Council took actions during the 2019–20 bushfires to communicate key service changes to staff, residents, and stakeholders, and regularly sought feedback on residents' experiences.
Bega Valley Shire Council could improve the effectiveness of its business continuity management approach by undertaking regular staff training (including scenario training) and ensuring that its business continuity management framework is routinely updated to reflect current practice and current staff.
Conclusion - Snowy Valleys Council
Snowy Valleys Council did not have a finalised approach to ensure business and service continuity until October 2020. Now in place, this approach identifies governance, assigns roles and responsibilities and includes procedures to retain or resume services. That said, the council has not adequately documented key elements of its business continuity management approach.
Snowy Valleys Council's risk register identifies that natural disasters may impact its ability to deliver services, but the council has not identified controls to respond to these risks.
During the 2019–20 bushfires, in the absence of a business continuity plan (BCP) or BCP subplans, the council relied on the local knowledge of its staff to manage service continuity in line with directions from the Local Emergency Operations Controller and the combat agency (the Rural Fire Service).
Snowy Valleys Council did not have a finalised BCP, BCP subplans, or BIA until after the 2019–20 bushfires. The council finalised most of its business continuity management framework in late 2020 and this framework now establishes governance, including assigning roles and responsibilities, and identifies contingencies and procedures to retain or resume critical services.
There are gaps in how Snowy Valleys Council has documented key elements of its business continuity management approach. The council advised it has completed a BIA, but has not retained the completed version of this document as it was not managed under Snowy Valleys Council's record management procedures. Some of the council's BCP subplans have gaps in process information and contact details which means BCP subplan owners and other potential users may not have access to accurate, up to date information when responding to a disruption event.
The council advised it provided BCP scenario training in 2016, 2018, and 2021, but was unable to provide any evidence of the 2018 training. As the current BCP and BCP subplans were only finalised in 2021, the 2016 and 2018 training were based on the previous BCP framework, developed under the former Tumut Shire Council. Additionally, the council advised it has developed BCP awareness training for staff as part of induction training, but has not provided a clear timeframe for implementing this training.
The council undertakes post incident reviews after most service disruption events, but has not undertaken a post incident review of the 2019–20 bushfires, despite its significant impact within the Snowy Valleys Council LGA.
Snowy Valleys Council advised that it identifies and mitigates or controls for disaster related risks within broader enterprise-wide risk assessments. Snowy Valleys Council’s strategic risk register identifies the risk of natural disasters to service delivery, but does not identify preventative controls or resilience strategies to mitigate these risks. The council monitors and improves the resilience of some assets as part of its regular operations of maintaining assets but does not clearly link such actions to how they contribute to reducing the risk of natural disaster related impacts. Snowy Valleys Council advises it works with other agencies, such as the Rural Fire Service and the local Bush Fire Management Committee, to plan for bushfire risks.
In the absence of a BCP or BCP subplans, Snowy Valleys Council relied on individual team members to manage service continuity during the 2019–20 bushfires based on directions by the local Emergency Operations Controller, and the Rural Fire Service. The council advised that the delivery of essential council-led services was largely maintained during the 2019–20 bushfires, sometimes with adaptation and support from other NSW Government and Australian Government agencies. Snowy Valleys Council took actions during the 2019–20 bushfires to communicate key service changes to staff, residents, and stakeholders, and regularly sought feedback on residents' experiences.
As Snowy Valleys Council did not maintain formal records of any service disruptions and did not have a finalised business continuity management approach in place to guide its response during the 2019–20 bushfires, we are unable to assess the impact of its planning and preparation activities on the continuity of services.
Appendix one – Responses from councils and the Department of Planning and Environment
Appendix two – Emergency management arrangements for local councils
Appendix three – About the audit
Appendix four – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #362 - released 17 February 2022.
Actions for Machinery of government changes
Machinery of government changes
What the report is about
The term ‘machinery of government’ refers to the way government functions and responsibilities are organised.
The decision to make machinery of government changes is made by the Premier. Changes may be made for a range of reasons, including to support the policy and/or political objectives of the government of the day.
Larger machinery of government changes typically occur after an election or a change of Premier.
This report assessed how effectively the Department of Planning, Industry and Environment (DPIE) and the Department of Regional NSW (DRNSW) managed their 2019 and 2020 machinery of government changes, respectively. It also considered the role of the Department of Premier and Cabinet (DPC) and NSW Treasury in overseeing machinery of government changes.
What we found
The anticipated benefits of the changes were not articulated in sufficient detail and the achievement of benefits has not been monitored. The costs of the changes were not tracked or reported.
DPC and NSW Treasury provided principles to guide implementation but did not require departments to collect or report information about the benefits or costs of the changes.
The implementation of the machinery of government changes was completed within the set timeframes, and operations for the new departments commenced as scheduled.
Major implementation challenges included negotiation about the allocation of corporate support staff and the integration of complex corporate and ICT systems.
What we recommended
DPC and NSW Treasury should:
- consolidate existing guidance on machinery of government changes into a single document that is available to all departments and agencies
- provide guidance for departments and agencies to use when negotiating corporate services staff transfers as a part of machinery of government changes, including a standard rate for calculating corporate services requirements
- progress work to develop and implement common processes and systems for corporate services in order to support more efficient movement of staff between departments and agencies.
Fast facts
- $23.7m is the estimated minimum direct cost of the 2019 DPIE changes to date, noting additional ICT costs will be incurred
- $4.0m is the estimated minimum direct cost of the 2020 DRNSW changes, with an estimated $2.7 million ongoing annual cost
- 40+ NSW Government entities affected by the 2019 machinery of government changes
The term ‘machinery of government’ refers to the way government functions and responsibilities are allocated and structured across government departments and agencies. A machinery of government change is the reorganisation of these structures. This can involve establishing, merging or abolishing departments and agencies and transferring functions and responsibilities from one department or agency to another.
The decision to make machinery of government changes is made by the Premier. These changes may be made for a range of reasons, including to support the policy and/or political objectives of the government of the day. Machinery of government changes are formally set out in Administrative Arrangements Orders, which are prepared by the Department of Premier and Cabinet, as instructed by the Premier, and issued as legislative instruments under the Constitution Act 1902.
The heads of agencies subject to machinery of government changes are responsible for implementing them. For more complex changes, central agencies are also involved in providing guidance and monitoring progress.
The NSW Government announced major machinery of government changes after the 2019 state government election. These changes took place between April and June 2019 and involved abolishing five departments (Industry; Planning and Environment; Family and Community Services; Justice; and Finance, Services and Innovation) and creating three new departments (Planning, Industry and Environment; Communities and Justice; and Customer Service). This also resulted in changes to the 'clusters' associated with departments. The NSW Government uses clusters to group certain agencies and entities with related departments for administrative and financial management. Clusters do not have legal status. Most other departments that were not abolished had some functions added or removed as a part of these machinery of government changes. For example, the functions relating to regional policy and service delivery in the Department of Premier and Cabinet were moved to the new Department of Planning, Industry and Environment.
Our Report on State Finances 2019, tabled in October 2019, outlined these changes and identified several issues that can arise from machinery of government changes if risks are not identified early and properly managed. These include: challenges measuring the costs and benefits of machinery of government changes; disruption to services due to unclear roles and responsibilities; and disruption to control environments due to staff, system and process changes.
In April 2020, the Department of Regional NSW was created in a separate machinery of government change. This involved moving functions and agencies related to regional policy and service delivery from the Department of Planning, Industry and Environment into a standalone department.
This audit assessed how effectively the Department of Planning, Industry and Environment (DPIE) and the Department of Regional NSW (DRNSW) managed their 2019 and 2020 machinery of government changes, respectively. It also considered the role of the Department of Premier and Cabinet and NSW Treasury in overseeing machinery of government changes. The audit investigated whether:
- DPIE and DRNSW have integrated new responsibilities and functions in an effective and timely manner
- DPIE and DRNSW can demonstrate the costs of the machinery of government changes
- The machinery of government changes have achieved or are achieving intended outcomes and benefits.
It is unclear whether the benefits of the machinery of government changes that created the Department of Planning, Industry and Environment (DPIE) and the Department of Regional NSW (DRNSW) outweigh the costs. The anticipated benefits of the changes were not articulated in sufficient detail and the achievement of directly attributable benefits has not been monitored. The costs of the changes were not tracked or reported. The benefits and costs of the machinery of government changes were not tracked because the Department of Premier and Cabinet (DPC) and NSW Treasury did not require departments to collect or report this information. The implementation of the machinery of government changes was completed within the set timeframes, and operations for the new departments commenced as scheduled. This was achieved despite short timelines and no additional budget allocation for the implementation of the changes.
The rationale for establishing DPIE was not documented at the time of the 2019 machinery of government changes and the anticipated benefits of the change were not defined by the government or the department. For DRNSW, the government’s stated purpose was to provide better representation and support for regional areas, but no prior analysis was conducted to quantify any problems or set targets for improvement. Both departments reported some anecdotal benefits linked to the machinery of government changes. However, improvements in these areas are difficult to attribute because neither department set specific measures or targets to align with these intended benefits. Since the machinery of government changes were completed, limited data has been gathered to allow comparisons of performance before and after the changes.
DPC and NSW Treasury advised that they did not define the purpose and benefits of the machinery of government changes, or request affected departments to do so, because these were decisions of the government and the role of the public service was to implement the decisions.
We have attempted to quantify some of the costs of the DPIE and DRNSW changes based on the information the audited agencies could provide. This information does not capture the full costs of the changes because some costs, such as the impact of disruption on staff, are very difficult to quantify, and the costs of ICT separation and integration work may continue for several more years. Noting these limitations, we estimate the initial costs of these machinery of government changes are at least $23.7 million for DPIE and $4.0 million for DRNSW. For DPIE, this is predominantly made up of ICT costs and redundancy payments made around the time of the machinery of government change. For DRNSW it includes ICT costs and an increase in senior executive costs for a standalone department, which we estimate is an ongoing cost of at least $1.9 million per year.
For the DPIE machinery of government change, there were risks associated with placing functions and agencies that represent potentially competing policy interests within the same 'cluster', such as environment protection and industry. We did not see evidence of plans to manage these issues being considered by DPIE as a part of the machinery of government change process.
The efficiency of machinery of government changes could be improved in several ways. This includes providing additional standardised guidance on the allocation of corporate functions and resources when agencies are being merged or separated, and consolidating guidance on defining, measuring and monitoring the benefits and costs of machinery of government changes.
Appendix one – Response from agencies
Appendix two – About the audit
Appendix three – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #359 - released (17 December 2021).
Actions for Health 2021
Health 2021
This report analyses the results of our audits of the Health cluster agencies for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no outstanding matters relating to audits in the Health cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.
What the report is about
The results of Health cluster (the cluster) agencies' financial statements audits for the year ended 30 June 2021.
What we found
Unmodified audit opinions were issued for the financial statements of all Health cluster agencies.
The COVID-19 pandemic increased the complexity and number of accounting matters faced by the cluster. The total gross value of corrected misstatements in 2020–21 was $250.2 million, of which $226.0 million were pandemic related.
A qualified audit opinion was issued on the Annual Prudential Compliance Statement. The basis of the qualification related to 19 instances (18 in 2018–19) of non-compliance relating to three of the 20 prudential requirements across five aged care facilities.
What the key issues were
The total number of matters we reported to management across the cluster increased from 112 in 2019–20 to 116 in 2020–21. Of the 116 issues raised in 2020–21, three were high risk (one in 2019–20) and 57 were moderate risk (47 in 2019–20). Nearly one half of the issues were repeat issues.
The three new high-risk issues identified were:
Hotel Quarantine (HQ) fees
The absence of a tailored debt recovery strategy, data integrity issues and uncertainties around future HQ arrangements increased risks around the recoverability of HQ fees from travellers.
COVID-19 inventories
Data errors and anomalies in the impairment model and difficulties forecasting key factors impacting the management of Personal Protective Equipment (PPE) increased uncertainty associated with the valuation and impairment of COVID-19 inventories.
COVID-19 vaccines
The Commonwealth did not provide information about the cost of vaccines provided to NSW free of charge, which required the performance of internal valuations to reflect the consumption of vaccines in the financial statements.
What we recommended
Hotel Quarantine (HQ) fees
Develop a tailored assessment methodology to estimate recoverability of HQ fees and work with Revenue NSW to develop a tailored debt recovery strategy.
COVID-19 inventories
Review the current stocktaking and impairment methodology to incorporate validation of data key to the management of COVID-19 related PPE.
COVID-19 vaccines
Work with the Commonwealth to obtain primary price information on COVID-19 vaccines.
Fast facts
The Health cluster, comprising 15 local health districts, five pillars agencies, two specialty health networks and six shared state-wise services agencies, deliver health services to the people of New South Wales.
- 100% unqualified audit opinions were issued on agencies' 30 June 2021 financial statements
- 24 monetary misstatements were reported in 2020–21
- 3 high risk management letter findings were identified
- 47.4% of reported issues were repeat issues
- $23.5b property, plant and equipment as at 30 June 2021
- $26.8b total expenditure incurred in 2020–21
This report provides Parliament and other users of the Health cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely. This chapter outlines our audit observations related to the financial reporting of agencies in the Health cluster (the cluster) for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making. This chapter outlines our observations and insights from our financial statement audits of agencies in the Health cluster.
Section highlights
|
Findings reported to management
The number of findings reported to management has increased, with 47.4 per cent of all issues being repeat issues
Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of cluster agencies. The Audit Office does this through our management letters, which include observations, implications, recommendations and risk ratings.
In 2020–21, there were 116 findings raised across the cluster (112 in 2019–20). 47.4 per cent of all issues were repeat issues (38.4 per cent in 2019–20).
A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.
The table below describes the common issues identified across the cluster by category and risk rating.
Risk rating | Issue |
Information technology | |
Moderate2 |
We identified the need for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with:
Repeat issues included:
|
Low1 |
|
Internal control deficiencies or improvements | |
High3 1 new, 0 repeat |
We identified internal control weaknesses across key business processes, including new issues relating to:
Repeat issues included:
|
Moderate2 |
|
Low1 |
|
Financial reporting | |
High3 2 new, |
We identified weaknesses with respect to financial reporting in relation to the:
|
Moderate2 |
|
Low1 |
|
Governance and oversight | |
Moderate2 9 new, 5 repeat |
We identified opportunities for agencies to improve governance and oversight processes, including:
Repeat issues include:
|
Low1 2 new, 2 repeat |
|
Non-compliance with key legislation and/or central agency policies | |
Moderate2 1 new, 7 repeat |
We identified the need for agencies to improve compliance with key legislation and central agency policies, with new findings including:
Repeat issues include:
|
Low1 5 new, 13 repeat |
4Extreme risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
3 High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
1 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
Note: Management letter findings are based either on final management letters issued to agencies, or draft letters where findings have been agreed with management.
Complexities arising from the COVID-19 response
The 2020–21 audit identified three new high-risk findings
COVID-19 has presented the cluster with several new accounting challenges. New and evolving matters arose from changes to operating conditions, which characterised the 2020–21 financial reporting period. Issues with a high degree of estimation uncertainty will require ongoing attention as the strategies employed to deal with the COVID-19 pandemic evolve.
Expected rate of recovery of outstanding Hotel Quarantine invoices
The estimation of the amount likely to be recovered is complicated not only by the uncertainties that exist regarding the assumptions those estimations rely upon, but also the debt collection processes and strategies put into place to manage the accumulated debtors' balance. Debt collection is not administered by the cluster, but rather Revenue NSW. We observed an absence of a methodology to assess the likelihood of recovery. Instead, Sydney Local Health District was relying on Revenue NSW to develop and execute on a collection strategy. Sydney Local Health District was using the same approach to hotel quarantine debts as it did to other Health receivables. As the approach to managing international borders evolves over time, so too will the cluster's need to develop robust estimation models to assess the likely collectability of debtors.
Procurement, management and impairment of COVID-19 inventories
$656.2 million of COVID-19 inventories were procured in 2020–21, with $220.2 million consumed; $558.7 million impaired and a further $217.1 million written off. Estimates of the degree to which inventories are expired, not fit for purpose or are faulty is often based on management judgement at all stages in the procurement cycle.
With respect to the stocktaking methodology applied, the following issues were identified:
- discrepancies noted in the stock bin listing provided for audit
- discrepancies in the recount sheet generated
- inconsistent application of the stocktake methodology
- inconsistent labelling of quarantined stock
- a lack of an approach for validating stock expiry dates, which is a key input to the impairment calculations.
Although management had developed processes and a methodology to count as well as to assess the level of inventory that was not fit for purpose, ongoing attention to the operating environment that emerges post pandemic will be important in assessing the degree to which existing COVID-19 inventories can be integrated into a ‘business as usual’ model going forward. Further refinement of the key elements of the stocktaking methodology will also be required to ensure that key inputs upon which management relies to calculate the year-end inventory impairment provision can be appropriately validated.
Valuation and recognition of COVID-19 vaccines received from the Commonwealth Government
The 2020–21 financial reporting period saw the Commonwealth acquire COVID-19 vaccines and provide these to state jurisdictions to dispense to their communities. The vaccines, although provided free of charge require recognition. However, Health entities were not responsible for acquiring the vaccines and data on the vaccines' cost was not shared by the Commonwealth. Management undertook a valuation using publicly available data to estimate the value to attribute to the vaccine inventory; developed new systems and leveraged existing pharmacy systems to track physical quantities received from the Commonwealth and ultimately distributed to NSW citizens. As the response to the pandemic evolves, larger quantities, and new lines of vaccine stock will be dealt with, and policy settings will need to adapt when patterns of distribution of those vaccines (e.g., timing of third booster shots) emerge. The Ministry of Health will need to ensure that the valuations applied to the prices of inventory distributed and held in stock are as accurate as possible. This can be done through further refinement of the existing valuation methodology, obtaining price information from the Commonwealth and engaging specialist pharmaceutical valuers.
Emerging trends
Recognition of provisions without sufficient support
Several NSW Health entities raised accruals and provisions in 2020–21, which did not have an appropriate basis for recognition. Liabilities can only be recognised where there is a present obligation to make a payment arising from a past event. A number of these errors remain uncorrected in the financial statements of those entities as they are not material, individually or in aggregate to the financial statements as a whole. Increased training and guidance are required to ensure that treatment within the cluster is consistent and reflects events that have occurred and give rise to obligations.
Treatment of Commonwealth funding
In the 2020–21 and 2019–20 financial reporting periods, we observed prior period errors arising from the treatment of Commonwealth funding. These errors related to recognising revenue under funding agreements entered into with the Commonwealth in the incorrect period. The conditions of these funding arrangements, the transactional information requiring validation and the circumstances when revenue should be recognised are not always clear and can be complex. Early and continuous engagement with the Commonwealth is required to ensure that revenue recognition principles are consistently applied across the cluster.
Key repeat issues
Management of excessive annual leave
NSW Treasury guidelines stipulate annual leave balances exceeding 30 days are considered excess annual leave balances. Managing excess annual leave balances has been reported as an issue for the cluster for more than five years, with the average percentage of employees with excessive leave balances over the last five years being 36.1 per cent (35.5 per cent over five years covering 2015–16 to 2019–20).
The operational demands required to manage the COVID-19 pandemic have presented new challenges for the cluster in trying to manage its excessive leave balances. 39.2 per cent of employees now have excess leave balances at 30 June 2021 (35.4 per cent at 30 June 2020).
The state's leave policy C2020-12 Managing Accrued Recreation Leave Balances requires agencies to manage excessive leave balances to 30 days or less to maintain their workforces physical and mental health.
Accurate time recording
Forced-finalisation of time records by system administrators within HealthRoster remains an issue and we continue to observe time records forced-finalised by system administrators so pay runs can be finalised on a timely basis. During 2020–21, a total of two million (2.2 million in 2019–20) time records were force approved, which represents 5.7 per cent of total time records (6.9 per cent in 2019–20).
Existence, completeness and accuracy of key agreements
Delivery of major capital projects
Health Infrastructure (a division of the Health Administration Corporation) is responsible for the delivery of major capital projects with a budgeted spend of more than $10.0 million. Health Infrastructure oversee the planning, design, procurement, and construction phases. Capital works in progress are recognised in the financial statements of the health entity that intends to use those assets upon completion. The health entities recognise both the capital work in progress and the revenue associated with the capital funding from the Ministry for the construction of the assets. Capital funding is currently agreed with health entities as part of the annual Service Agreement. The assumption that the health entities control the assets during their construction is consistent with Health Infrastructure's role as an agent for the health entity and the Ministry's policy directive PD2020-033 'Management and control of Health Administration Corporation owned Real Property'.
We continued to observe a lack of clarity regarding agreements between Health Infrastructure, the Ministry and the cluster agency that will eventually receive the completed asset. This can lead to confusion and uncertainty around the rights and obligations of each party to the transaction.
Cross border patient funding arrangements
When patients require medical care in a jurisdiction where they are not generally domiciled, there are arrangements in place to provide funding to support cross border patient treatments. We have previously observed that agreements between NSW and other jurisdictions have not been finalised, and this continues to be the case. In the case of Victoria, no agreement has been finalised for the past seven years.
We continue to note that the cluster has long outstanding receivables and payables with other states. The absence of formal agreements between the states hampers the settlement of the debts relating to the treatment of cross border patients. The following table shows the status of Cross Border Agreements between NSW and other jurisdictions:
States | 2014–15 | 2015–16 | 2016–17 | 2017–18 | 2018–19 | 2019–20 | 2020–21 |
Queensland | Signed | Signed | Signed | Signed | Signed | Not finalised | Not finalised |
Victoria | Not finalised | Not finalised | Not finalised | Not finalised | Not finalised | Not finalised | Not finalised |
Australian Capital Territory | Signed | Signed | Signed | Signed | Signed | Signed | Not finalised |
South Australia | Signed | Signed | Signed | Signed | Signed | Signed | Not finalised |
Tasmania | Signed | Signed | Signed | Signed | Signed | Signed | Not finalised |
Northern Territory | Signed | Signed | Signed | Signed | Signed | Signed | Not finalised |
Western Australia | Signed | Signed | Signed | Signed | Signed | Signed | Not finalised |
Albury Base Hospital
Albury Base hospital is located on the border of NSW and Victoria and services residents of both states. Documentation supporting the extension of the expired Intergovernmental Agreement 2009–2017 between NSW and Victoria in relation to the integration of health services in Wodonga and Albury could not be located.
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for COVID Intensive Learning Support Program
COVID Intensive Learning Support Program
What the report is about
This audit examined a state-wide program to provide small-group tuition to students disadvantaged by the move to learning from home during 2020.
The audit assessed the design and implementation of the program.
What we found
The program design was based on research and data showing learning loss during 2020.
The department rapidly planned and developed the policy design and guidelines for schools.
Governance arrangements matured during program delivery.
The department changed the models for funding schools but did not clearly explain the reasons for doing so.
Government schools with over 900 students were disadvantaged by the funding model compared to smaller schools.
Guidelines, resources and professional learning helped schools implement the program.
Staff eligibility for the program was expanded after reported difficulties in recruiting qualified teachers in some areas.
Online tuition and third-party provider options were developed throughout the program.
There were issues with the quality and timeliness of data used to monitor school progress.
Evaluation arrangements were developed early in the program.
Data limitations mean the evaluation will not be able to fully assess all program objectives.
What we recommended
- Distributing funds between schools more equitably and improving communication of the funding methods.
- Clearer communication about the intended targeted group of students.
- Reviewing the time needed to administer the program.
- Improve support for educators other than qualified teachers.
- Offer the online tuition program to more schools.
- Analysis of the effects of learning from home during 2021 across equity groups and geographic areas.
- Working with universities to increase use of pre-service teachers in the program.
The report also identifies lessons learned for future programs.
Fast facts
- $337m in total program funding. $289 million for government schools and $31 million for non government schools
- 12 days to develop the policy and provide costings to Treasury
- 290,000 targeted students in government schools and 31,000 in non government schools
- 80% of schools were providing small group tuition by the target start date of Week 6, Term 1
- 2–4 months was the estimated student learning loss from the move to learning from home during 2020
- 7,600 tutors engaged in the program as at September 2021.
The NSW Government announced the COVID Intensive Learning Support Program on 10 November 2020, as part of the 2020–21 NSW Budget. The primary goal of the $337 million program was to deliver intensive small group tuition for students who were disadvantaged by the move to remote and/or flexible learning, helping to close the equity gap. It included:
- $306 million to provide small-group tuition for eligible students across every NSW Government primary, secondary and special purpose school
- $31.0 million for around 400 non-government schools to provide small-group tuition to students with the greatest levels of need.
The objective of this audit was to assess the effectiveness of the design and implementation of the COVID Intensive Learning Support Program (the program). To address this objective, the audit assessed whether the Department of Education (the department):
- effectively designed the program and supporting governance arrangements
- is effectively implementing the program.
This audit focuses on activities between October 2020 and August 2021, which aimed to address the first session of learning from home in New South Wales. From August to October 2021, students in many areas of New South Wales were learning from home again, but this second period has not been a focus of this audit. On 18 October 2021, the NSW Government announced the program would be extended into 2022.
Conclusion
The COVID Intensive Learning Support Program was effectively designed to help students catch up on learning loss due to the interruptions to schooling caused by COVID-19. The department rapidly stood up a taskforce to implement the program and then developed supporting governance arrangements during implementation.
Most students in New South Wales were required to learn from home for at least seven weeks during 2020 due to the impact of the Novel-Coronavirus (COVID-19). The department researched, analysed and advised government on several options to address the learning loss that resulted. It recommended small group tuition as the preferred option as it was supported by available evidence and could be rolled out at scale with speed. It identified risks of ensuring an adequate supply of educators and options to address those risks. Consistent with its analysis of where the impact of the learning loss was most severe, the department proposed to direct funding to schools with higher concentrations of students from the most disadvantaged backgrounds.
The department established a cross-functional taskforce to conduct detailed planning and support program implementation. Short timeframes meant the taskforce initially sought approval for key decisions from the program sponsor and existing oversight bodies on an as-needed basis before dedicated program governance arrangements were formalised. Once established, the governance body met regularly to oversee program delivery.
The COVID Intensive Learning Support Program is being effectively implemented. The department has refined the program during rollout to respond to risks, issues and feedback from schools. Issues with how schools enter data into department systems have affected the timeliness and accuracy of program monitoring information.
The department provided schools with guidelines, example models of delivery, systems to record student progress and professional learning. Around 80 per cent of schools had begun delivering tuition under the program by the target date. Schools reported issues with sourcing qualified teachers as a key reason they were unable to start the program by the expected date. In response, the department expanded the type of staff schools could employ, developed an online tuition program, and allowed schools to engage third-party providers to help schools that had difficulty finding qualified teachers for the program.
The department used existing systems to monitor school progress in implementing the program. This reduced the administrative burden on schools, but there were several issues with data quality and timeliness. The program included a mid-year review point to check whether schools were on track to spend their funding. This helped focus schools on ensuring funding would be spent and allowed for redistribution between schools.
The department considered program evaluation early in policy design and planning. It embedded an evaluator on the taskforce and expanded a key assessment program to help provide evidence of impact. A process and outcome evaluation is underway which will help inform future delivery. The evaluation will examine educational impacts for students participating in the program but it has not established methods to reliably assess the extent to which the program has met a goal to help 'close the equity gap' for students.
This chapter considers how effectively the COVID Intensive Learning Support Program (the program) was designed and planned for implementation.
This chapter considers how effectively the COVID Intensive Learning Support Program was implemented over our period of review (Terms 1 and 2, 2021).
Appendix one – Response from agency
Appendix two – About the audit
Appendix three – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #358 - released (15 December 2021).
Actions for Premier and Cabinet 2021
Premier and Cabinet 2021
This report analyses the results of our audits of the Premier and Cabinet cluster agencies for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no outstanding matters relating to audits in the Premier and Cabinet cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.
What the report is about
The results of the Premier and Cabinet cluster (the cluster) agencies' financial statement audits for the year ended 30 June 2021.
What we found
Unmodified audit opinions were issued for all Premier and Cabinet cluster agencies.
The number of monetary misstatements decreased from 49 in 2019–20 to 38 in 2020–21.
The Library Council of New South Wales corrected a prior period error of $325 million. In 2017, the council split its collection assets into six asset classes, but not the related asset revaluation reserves. To correct this error, some revaluation decrements previously recognised in asset revaluation reserves were reclassified to accumulated funds.
Eight agencies did not complete all of the mandatory early close procedures.
What the key issues were
The Premier and Cabinet cluster was impacted by three Machinery of Government (MoG) changes during 2020–21.
The changes resulted in the transfer of activities and functions in and out of the cluster and the creation of a new entity - Investment NSW.
The transferor entities continued to provide services to Investment NSW subsequent to 30 June 2021. There were no formal service level agreements in place for the provision of these services.
The New South Wales Electoral Commission (the Commission) and Sydney Opera House Trust obtained letters of financial support from their relevant Minister and/or NSW Treasury in 2020–21. The postponement of local government elections impacted the Commission's operations due to increased planned expenditure to support a COVID-safe election. Sydney Opera House Trust's ability to generate revenue was impacted due to the closure of the Concert Hall partly due to COVID-19 and planned renovations.
The number of repeated audit issues raised with management and those charged with governance increased from 22 in 2019–20 to 24 in 2020–21.
There were 47 moderate risk and 28 low risk findings identified. Of the total findings there were 24 repeat issues.
What we recommended
Investment NSW should ensure services received from other agencies are governed by service level agreements.
Fast facts
The Department of Premier and Cabinet supports the Premier and Cabinet to deliver the government's objectives, infrastructure, preparedness for disaster, incident recovery, arts and culture.
- $11.9b of property, plant and equipment as at 30 June 2021
- $4.4b total expenditure incurred in 2020-21
- 100% unqualified audit opinions were issued on agencies' 30 June 2021 financial statements
- 47 moderate risk findings were reported to management
- 38 monetary misstatements were reported in 2020-21
- 32% of all reported issues were repeat issues.
This report provides Parliament and other users of the Premier and Cabinet’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Premier and Cabinet cluster (the cluster) for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Premier and Cabinet cluster.
Section highlights
|
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Education 2021
Education 2021
This report analyses the results of our audits of the Education cluster agencies for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no outstanding matters relating to audits in the Education cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.
What the report is about
The results of the Education cluster (the cluster) agencies' financial statements audits for the year ended 30 June 2021.
What we found
Unmodified audit opinions were issued on the Department of Education (the department), the NSW Education Standards Authority and the NSW Skills Board's financial statements.
An 'other matter' paragraph was included in the Technical and Further Education Commission's (the TAFE Commission) audit opinion drawing attention to legislative non-compliance concerning financial delegations during the reporting year.
The number of misstatements identified in the financial statements of cluster agencies decreased from 14 in 2019–20 to seven.
What the key issues were
The department and the TAFE Commission revalued their land assets this year, recognising collective increases of $863.8 million.
The department and the TAFE Commission are not scheduled to perform comprehensive revaluations of their buildings until 2022–23. Construction costs, which are a key input in their current replacement cost valuation methodologies for buildings, may have increased by an estimated nine per cent since the last comprehensive revaluation in 2017–18 based on broad based indices used by the department and the TAFE Commission. While the estimated index increase indicates the fair value of buildings may exceed the carrying values, the use of such high-level indicators has a degree of estimation uncertainty due to the specialised nature of the assets. Therefore, both agencies did not adjust the values of their buildings.
The number of issues we reported to management decreased. Fifty per cent of issues were repeated from prior years.
Of the 11 newly identified moderate rated issues, seven related to internal control deficiencies, with six identified in procurement and payroll controls.
What we recommended
The department and the TAFE Commission reconsider policy settings governing the frequency of revaluations; and refine and consider the outcomes of interim fair value assessments to ensure asset carrying values reflect fair value at each balance date.
Cluster agencies should prioritise and action recommendations to address internal control deficiencies.
Fast facts
The Education cluster, comprising four agencies, administers and delivers education and training services for NSW students, workers and industry.
- $38.6b property, plant and equipment as at 30 June 2021
- $21.2b total expenditure incurred in 2020–21
- 100% unqualified audit opinions were issued on agencies’ 30 June 2021 financial statements
- 22 moderate risk management letter findings were identified and reported to management
- 7 monetary misstatements were reported in 2020–21
- 50% of reported issues were repeat issues
This report provides Parliament and other users of the Education cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster (the cluster) for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Education cluster.
Section highlights
|
Findings reported to management
The number of findings reported to management has decreased. Fifty per cent of all issues were repeat issues
Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.
In 2020–21, there were 28 findings raised across the cluster (33 in 2019–20). Fifty per cent of all issues were repeat issues (45 per cent in 2019–20).
The most common repeat issues related to weaknesses in controls over information technology general controls, application controls, and identified deficiencies in procurement and payroll practices.
A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.
The table below describes the common issues identified across the cluster by category and risk rating.
Risk rating | Issue |
Information technology | |
Moderate2 |
The financial audits identified areas for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of note were deficiencies identified in:
|
Low1 |
|
Internal control deficiencies or improvements | |
Moderate2 |
The financial audits identified internal control weaknesses across key business processes relevant to financial reporting. Of note were deficiencies identified in:
|
Low1 |
|
Financial reporting | |
Moderate2 |
The financial audits identified:
|
Low1 |
3 High risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
2 Moderate risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
1 Low risk from the consequence and/or likelihood of an event that has had, or may have a negative impact on the entity.
The department continues to address recommendations to improve monitoring of privileged user access
Privileged users have higher levels of access to systems, and in some instances, may include access that can bypass segregation of duty controls. If reviews of access logs are not fully embedded in the control environment, the risk of unauthorised transactions occurring and not being detected in a timely manner is elevated.
In 2019–20 a high-risk issue was reported at the department relating to the inadequate monitoring and follow up of privileged user activity in its enterprise resource planning system – SAP. This year the department has largely addressed our findings by initiating a review of the identified instances of privileged user activity and establishing periodic oversight controls. There remains a need to improve the timeliness and completeness of these newly implemented controls.
Data analytics identified the root cause of internal control deficiencies in procurement and payroll
Our 2020–21 agency management letters identified seven new moderate risk internal control deficiency matters, of which six related to payroll and procurement.
To enhance our financial statement audit of the department we applied data analytics over elements of the department's procurement and payroll control processes. Our procedures, conducted over periods across the financial year, helped identify the following:
- a low level of compliance with procurement practices requiring the creation of purchase orders before invoices are received. The root cause was a lack of understanding by agency staff of the procurement processes
- transactions related to previous years being recorded in the current year. The root cause was a lack of understanding of the three-way matching process and the goods received/not invoiced facilities within SAP
- negative payments in fortnightly pay runs, predominantly representing deductions to recover salary payments made in error. The root cause was the lack of timeliness in notifying payroll for cessation of employment, or for employees undertaking secondments who should have been classified as being on leave without pay.
Recommendation
We recommend cluster agencies prioritise and action recommendations to address the internal control deficiencies outlined above.
Appendix one – Early close procedures
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.