Reports
Enterprise, Investment and Trade 2023
What this report is about
Results of the Enterprise, Investment and Trade portfolio of financial statement audits for the year ended 30 June 2023.
What we found
Unqualified audit opinions were issued for all completed Enterprise, Investment and Trade portfolio agencies.
An 'other matter' paragraph was included in the Jobs for NSW Fund's 30 June 2022 independent auditor's report to reflect the non-compliance with the Jobs for NSW Act 2015 (the Act). The Act requires the board to consist of seven members that include the Secretary of the Treasury, the Secretary of the Premier's Department, and five ministerial appointments. The board has consisted of two secretaries since 24 May 2019 when the independent members resigned. The remaining five members have not been appointed by the ministers as required by section 5(2) of the Act.
Financial statements were not prepared for the Responsible Gambling Fund, a special deposit account. Financial statements should be prepared unless NSW Treasury releases a Treasurer's Direction under section 7.8 of the GSF Act that will exempt the SDA from financial reporting requirements.
What the key issues were
The number of issues reported to management decreased from 65 in 2021–22 to 44 in 2022–23. Forty-six per cent of issues were repeated from the prior year.
Two high-risk issues were identified across the portfolio. One was a repeat issue where the Jobs for NSW Fund did not comply with legislation. The other high-risk issue was first identified in 2022–23 when the Department for Enterprise, Investment and Trade incorrectly recorded grants that did not meet the requirements of Australian Accounting Standards.
What we recommended
The Department should develop a robust model to ensure it only provides for grants that meet the eligibility criteria.
This report provides Parliament and other users of the Enterprise, Investment and Trade portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Enterprise, Investment and Trade portfolio of agencies (the portfolio) for 2023.
Section highlights
- Unqualified audit opinions were issued on all completed portfolio agencies’ 2022–23 financial statements.
- An ‘other matter’ paragraph was included for the Jobs for NSW Fund’s 30 June 2022 financial report to reflect non-compliance with the Jobs for NSW Act 2015.
- The Act requires the board to consist of seven members that include the Secretary of the Treasury, the Secretary of the Department of Premier and Cabinet (or their nominees) and five ministerial appointments, one of whom is to be appointed as Chair of the board. The board has consisted of the two secretaries since 24 May 2019 when the independent members resigned. The remaining five members have not been appointed by the ministers as required by section 5(2) of the Act.
- An ‘emphasis of matter’ paragraph was included in the Jobs for NSW Fund’s 30 June 2022 financial report to draw attention to the financial report being prepared for the purpose of fulfilling the Jobs for NSW Fund’s financial reporting responsibilities as requested by the Treasurer’s delegate.
- The total number of errors (including corrected and uncorrected) in the financial statements increased by 12% compared to the prior year.
- The Responsible Gambling Fund (Special Deposit Account) did not prepare financial statements for the year ended 30 June 2023. Financial statements should be prepared unless NSW Treasury releases a Treasurer’s Direction under section 7.8 of the GSF Act that will exempt the Fund from financial reporting requirements.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Enterprise, Investment and Trade portfolio.
Section highlights
- The audits identified two high-risk and 20 moderate risk issues across the portfolio. Of these, one was a high-risk repeat issue and ten were moderate-risk repeat issues.
- One of the high-risk matters related to the Jobs for NSW Fund audit for the year ended 30 June 2022.
- The other high-risk matter related to overstating grants relating to the Jobs Plus Program as the criteria to pay the grant was not met at 30 June 2023.
- The total number of findings decreased from 65 to 44 with 2022–23 findings mainly related to deficiencies in accounting for property, plant and equipment and agencies having outdated policies.
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Premier and Cabinet 2023
What this report is about
Results of the Premier and Cabinet portfolio of agencies' financial statement audits for the year ended 30 June 2023.
What we found
Unqualified audit opinions were issued for all Premier and Cabinet portfolio agencies.
What the key issues were
The Administrative Arrangements Orders, effective 1 July 2023, changed the name of the Department of Premier and Cabinet to the Premier's Department and transferred parts of Department of Premier and Cabinet to The Cabinet Office.
The number of monetary misstatements identified in our audits decreased from 15 in 2021–22 to 12 in 2022–23.
The total number of management letter findings across the portfolio of agencies increased from ten in 2021–22 to 20 in 2022–23.
Thirty per cent of all issues were repeat issues. The most common repeat issues related to deficiencies in controls over financial reporting.
What we recommended
Portfolio agencies should:
- ensure any changes to employee entitlements are assessed for their potential financial statements impact under the relevant Australian Accounting Standards
- prioritise and address internal control deficiencies identified in Audit Office management letters.
This report provides Parliament and other users of the Premier and Cabinet portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Premier and Cabinet portfolio of agencies (the portfolio) for 2023.
Section highlights
- Unqualified audit opinions were issued on all the portfolio agencies 2022–23 financial statements.
- The total number of errors (including corrected and uncorrected) in the financial statements decreased compared to the prior year.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Premier and Cabinet portfolio.
Section highlights
- The 2022–23 audits identified eight moderate risk issues across the portfolio of agencies. Of these, two were repeat issues, and related to password and security configuration and management of excessive annual leave.
- The total number of findings increased from ten to 20, which mainly related to deficiencies in controls over financial reporting and governance and oversight.
- The most common repeat issues related to weaknesses in controls over financial reporting.
Appendix one – Early close procedures
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Customer Service 2023
What this report is about
Result of the Customer Service portfolio agencies' financial statement audits for the year ended 30 June 2023.
What we found
Unmodified audit opinions were issued for all completed 30 June 2023 financial statements audits of Customer Service portfolio agencies. Two audits are ongoing.
What the key issues were
The total number of misstatements in the financial statements and findings reported to management decreased compared to the prior year.
For the first time since its establishment in 2015, GovConnect NSW received unqualified audit opinions for business process internal controls and information technology general controls managed by service providers.
The department controls Finance Co Trust (Fin Co), a special purpose trust created as part of its project to replace flammable cladding for eligible residential apartment buildings. Fin Co did not prepare financial statements which is a breach of the Government Sector Finance Act 2018 (GSF Act).
The department's land titling database was overstated by $42.5 million due to errors in the valuation model.
The New South Wales Government Telecommunications Authority corrected a prior period error of $10.2 million overstatement of property, plant and equipment.
A high-risk finding was reported to Service NSW regarding gaps in policies, systems and processes for administering and financial reporting on grant programs.
Recommendations were made to address these deficiencies.
This report provides Parliament and other users of the Customer Service portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Customer Service portfolio of agencies (the portfolio) for 2023.
Section highlights
- Unqualified audit opinions were issued on all completed 30 June 2023 financial statements audits of the portfolio agencies. Two audits are ongoing.
- The total number of errors (including corrected and uncorrected) in the financial statements decreased compared to the prior year.
- Financial statements were not prepared for Finance Co Trust (Fin Co), a special purpose trust created by the department as part of its project to replace flammable cladding for eligible residential apartment buildings. This is a breach of the Government Sector Finance Act 2018 (GSF Act).
- The department overstated the value of its land titling database, a service concession asset by $42.5 million. This was due to errors in the valuation data and calculation errors in the valuation model.
- Service NSW’s late resolution of the accounting assessment of grant programs funding resulted in delays to financial reporting and audit.
- The New South Wales Government Telecommunications Authority (the authority) corrected a prior period error retrospectively to write off assets that could not be physically verified.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Customer Service portfolio.
Section highlights
- The 2022–23 audits identified one high risk and 26 moderate risk issues across the portfolio.
- The high-risk matter was related to Service NSW’s revenue assessment of its grant programs.
- The total number of findings decreased from 64 to 41, which mainly related to deficiencies in financial reporting, information technology, payroll and purchasing controls.
- Fifty-one per cent of the issues were repeat issues. Many repeat issues related to weakness in information technology (IT) controls around access to systems and data and disaster recovery testing.
- For the first time since its establishment in 2015, GovConnect NSW received unqualified audit opinions for business processes internal controls and information technology general controls managed by service providers.
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Natural disasters
What this report is about
This report draws together the financial impact of natural disasters on agencies integral to the response and impact of natural disasters during 2021–22.
What we found
Over the 2021–22 financial year $1.4 billion from a budget of $1.9 billion was spent by the NSW Government in response to natural disasters.
Total expenses were less than the budget due to underspend in the following areas:
- clean-up assistance, including council grants
- anticipated temporary accommodation support
- payments relating to the Northern Rivers Business Support scheme for small businesses.
Natural disaster events damaged council assets such as roads, bridges, waste collection centres and other facilities used to provide essential services. Additional staff, contractors and experts were engaged to restore and repair damaged assets and minimise disruption to service delivery.
At 30 June 2022, the estimated damage to council infrastructure assets totalled $349 million.
Over the first half of the 2022–23 financial year, councils experienced further damage to infrastructure assets due to natural disasters. NSW Government spending on natural disasters continued with a further $1.1 billion spent over this period.
Thirty-six councils did not identify climate change or natural disaster as a strategic risk despite 22 of these having at least one natural disaster during 2021–22.
Section highlights
|
Section highlights
|
Enterprise, Investment and Trade 2022
What the report is about
Result of the Enterprise, Investment and Trade cluster agencies' financial statement audits for the year ended 30 June 2022.
What we found
The Machinery of Government changes within the Enterprise, Investment and Trade cluster resulted in the creation of the Department of Enterprise, Investment and Trade and the transfer of $1.0 billion of net assets into the new department.
Unmodified audit opinions were issued for all completed cluster agencies' 2021–22 financial statements audits. Two audits are ongoing.
An 'Other Matter' paragraph was included in the audit opinion for the Jobs for NSW Fund's 30 June 2021 financial report to reflect the non-compliance with the Jobs for NSW Act 2015 (the Act) and Government Sector Finance Act 2018. The Act requires the board to consist of seven members that include the Secretary of the Treasury, the Secretary of the Department of Premier and Cabinet, and five ministerial appointments. The board has consisted of two secretaries since 24 May 2019 when the independent members resigned. The remaining five members have not been appointed by the ministers as required by section 5(2) of the Act.
Three cluster agencies accepted changes to their office leasing arrangements managed by Property NSW. This has resulted in the collective derecognition of $24.8 million of right-of-use assets and $26.7 million in lease liabilities, and recognition of $1.9 million of other gains.
What the key issues were
The number of issues we reported to management decreased from 108 in 2020–21 to 103 in 2021–22. Thirty per cent of issues were repeated from the prior year.
Six high-risk issues were identified across the cluster related to the quality and timeliness of financial reporting, governance processes and internal controls.
Recommendations were made to address these deficiencies.
This report provides Parliament and other users of the Enterprise, Investment and Trade cluster's financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Enterprise, Investment and Trade cluster (the cluster) for 2022.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Enterprise, Investment and Trade cluster.
Section highlights
|
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Customer Service 2022
What the report is about
Result of the Customer Service cluster agencies' financial statement audits for the year ended 30 June 2022.
What we found
Unmodified audit opinions were issued for Customer Service cluster agencies.
What the key issues were
The number and size of Service NSW's administered grant programs have increased significantly in response to emergency events. Improvements are required to address gaps in Service NSW's policies, systems and processes in administering and financial reporting of grant programs.
The Department of Customer Service (the department) reported a retrospective correction of a prior period error of $33.3 million understatement of the land titling database, which is a service concession asset managed by a private operator.
The 2021–22 audits identified five high-risk issues across the cluster:
- the department:
- control weaknesses in user access to GovConnect systems
- significant control deficiencies in information technology change management controls
- Rental Bond Board:
- legislation amendment required to better support the accounting treatment of rental bonds
- no delegation instrument to government officers authorising them to approve expenditures
- Service NSW:
- improvements required in the timeliness and quality of grant administration revenue assessment and controls over the recovery of grant administration costs.
Recommendations were made to address these deficiencies.
This report provides Parliament and other users of the Customer Service cluster's financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Customer Service cluster (the cluster) for 2022.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Customer Service cluster.
Section highlights
|
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Premier and Cabinet 2022
What the report is about
Result of the Premier and Cabinet cluster financial statement audits for the year ended 30 June 2022.
What we found
Unmodified audit opinions were issued for all Premier and Cabinet cluster agencies.
The machinery of government changes within the Premier and Cabinet cluster resulted in the transfer of net assets of $1 billion from the Department of Premier and Cabinet.
The Department of Premier and Cabinet, Public Service Commission and Parliamentary Counsel's Office accepted changes to their office leasing arrangements managed by Property NSW. These changes resulted in the collective de-recognition of $167.3 million of right-of-use assets, $225.1 million in lease liabilities and recognition of $47.8 million of other gains/losses.
What the key issues were
The number of issues we reported to management decreased.
Forty per cent of issues were repeated from the prior year.
Four moderate risk issues were reported in the management letters for Department of Premier and Cabinet and New South Wales Electoral Commission. Three out of the four moderate risk issues were repeat issues.
The repeat issues related to internal control deficiencies in agencies' including lack of updated procurement policies and procedures and information technology general controls.
Fast facts
The Premier and Cabinet cluster comprises seven agencies, delivering the government's objectives and facilitating stewardship of the public service.
- $0.2b property, plant and equipment as at 30 June 2022
- $3b total expenditure incurred in 2021–22
- 100% unqualified audit opinions issued on agencies’ 30 June 2022 financial statements
- 4 moderate risk findings identified
- 15 monetary misstatements reported in 2021–22
- 40% of reported issues were repeat issues
This report provides Parliament and other users of the Premier and Cabinet’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Premier and Cabinet cluster for 2022.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Premier and Cabinet cluster.
Section highlights
|
Appendix one – Early close procedures
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
COVID-19: response, recovery and impact
What the report is about
This report draws together the financial impact of COVID-19 on the agencies integral to responses across the state government sector of New South Wales.
What we found
Since the COVID-19 pandemic hit NSW in January 2020, and until 30 June 2021, $7.5 billion was spent by state government agencies for health and economic stimulus. The response was largely funded by borrowings.
The key areas of spending since the start of COVID-19 in NSW to 30 June 2021 were:
- direct health response measures – $2.2 billion
- personal protective equipment – $1.4 billion
- small business grants – $795 million
- quarantine costs – $613 million
- increases in employee expenses and cleaning costs across most agencies
- vaccine distribution, including vaccination hubs – $71 million.
The COVID-19 pandemic significantly impacted the financial performance and position of state government agencies.
Decreases in revenue from providing goods and services were offset by increases in appropriations, grants and contributions, for health and economic stimulus funding in response to the pandemic.
Most agencies had expense growth, due to additional operating requirements to manage and respond to the pandemic along with implementing new or expanded stimulus programs and initiatives.
Response measures for COVID-19 have meant the NSW Government is unlikely to meet targets in the Fiscal Responsibility Act 2012 being:
- annual expense growth kept below long-term average revenue growth
- elimination of State’s unfunded superannuation liability by 2030.
Fast facts
- First COVID-19 case in NSW on 25 January 2020
- COVID-19 vaccinations commenced on 21 February 2021
- By 31 December 2021, 25.2 million PCR tests had been performed in NSW and 13.6 million vaccines administered, with 93.6% of the 16 and over population receiving two doses
- During 2020–21, NSW Health employed an extra 4,893 full-time staff and incurred $28 million in overtime mainly in response to COVID-19
- During 2020–21, $1.2 billion was spent on direct health COVID-19 response measures and $532 million was spent on quarantine for incoming international travellers
Section highlights
|
Section highlights
|
Customer Service 2021
This report analyses the results of our audits of the Customer Service cluster agencies for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the ‘Report on State Finances’ focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the ‘Report on State Finances’ has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no outstanding matters relating to audits in the Customer Service cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.
What the report is about
The results of Customer Service cluster agencies' financial statement audits for the year ended 30 June 2021.
What we found
Unmodified audit opinions were issued for all Customer Service cluster agencies.
The number of monetary misstatements decreased from 48 in 2019–20 to 46 in 2020–21.
Seven out of eight agencies did not complete all mandatory early close procedures.
What the key issues were
Upon the implementation of AASB 1059 'Service Concession Arrangements: Grantors', the Department of Customer Service (the department) recognised a service concession asset, the land titling database, totalling $845 million for the first time at 1 July 2019.
The department reported several retrospective corrections of prior period errors.
The 2020–21 audits identified three high-risk and 59 moderate risk issues across the cluster. The high-risk issues were related to:
- the Department of Customer Service – internal control qualifications and control deviations in GovConnect service providers
- the Department of Customer Service – significant control deficiencies in information technology change management controls
- Rental Bond Board – uncertainties in the accounting treatment of rental bonds.
The percentage of repeat issues we report to management and those charged with governance in management letters increased from 29 per cent in prior year to 42 per cent in 2020–21 while the number of items decreased from 94 to 93.
The magnitude and number of internal control exceptions in GovConnect service providers increased resulting in additional audit procedures to address the risks of fraud and errors in the financial statements.
What we recommended
The department should improve the validation process of key valuation assumptions and inputs provided by the private operator NSW Land Registry Services. It should revisit its accounting treatment of new land titling records.
The department should ensure GovConnect service providers prioritise the remediation of control deficiencies in information technology services.
The department should continue to improve controls in cyber security management.
Cyber Security NSW and NSW Government agencies need to prioritise improvements to their cyber security resilience as a matter of urgency.
The New South Wales Government Telecommunications Authority should improve its fixed assets management and financial reporting process to accommodate its growing fixed assets profile.
Fast factsThe Customer Service cluster aims to plan, prioritise, fund and drive digital transformation and customer service across every cluster in the NSW Government.
|
This report provides Parliament and other users of the Customer Service cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Customer Service cluster (the cluster) for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Customer Service.
Section highlights
|
Findings reported to management
Forty-two per cent of findings reported to management were repeat issues
Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues were reported to management and those charged with governance of agencies. The Audit Office does this through management letters, which include observations, related implications, recommendations and risk ratings.
In 2020–21, there were 93 findings raised across the cluster (94 in 2019–20). Forty-two per cent of all issues were repeat issues (29 per cent in 2019–20).
The most common repeat issues related to weaknesses in controls over information technology user access administration.
A delay in implementing audit recommendations increases the risk of intentional and accidental errors in processing information, producing management reports and generating financial statements. This can impair decision-making, affect service delivery and expose agencies to fraud, financial loss and reputational damage. Poor controls may also mean agency staff are less likely to follow internal policies, inadvertently causing the agency not to comply with legislation, regulation and central agency policies.
The table below describes the common issues identified across the cluster by category and risk rating.
| Risk rating | Issue |
| Information technology | |
| High3 1 new, 1 repeat |
The financial audits identified the need for agencies to improve information technology processes and controls that support the integrity of financial data used to prepare agencies' financial statements. Of particular concern are issues associated with:
High-risk issues are discussed later in the chapter. |
|
Moderate2 |
|
|
Low1 |
|
| Internal control deficiencies or improvements | |
|
Moderate2 |
The financial audits identified internal control weaknesses across key business processes, including:
|
|
Low1 |
|
| Financial reporting | |
|
High3 |
The financial audits identified opportunities for agencies to strengthen financial reporting, including:
High-risk issues are discussed later in the chapter. |
|
Moderate2 |
|
|
Low1 |
|
| Governance and oversight | |
| Moderate2 10 new, 3 repeat |
The financial audits identified opportunities for agencies to improve governance and oversight processes, including:
|
| Low1 3 new |
|
| Non-compliance with key legislation and/or central agency policies | |
| Moderate2 4 new, 4 repeat |
The financial audits identified the need for agencies to improve its compliance with key legislation and central agency policies, including:
|
| Low1 1 repeat |
|
2020–21 audits identified three high-risk findings
High-risk findings, including repeat findings, were reported at the following cluster agencies. One of the 2019–20 high-risk findings were not resolved.
| Agency | Description |
| 2020–21 findings | |
| Department of Customer Service Repeat finding: Qualifications and control deviations in GovConnect NSW controls assurance reports |
The GovConnect information technology general controls (ITGC) provided by the department, Infosys and Unisys were qualified in 2020–21. The key controls over user access, system changes and batch process failed in all ITGC reports. Most of these deviations were not mitigated or sufficiently mitigated to address the risk of unauthorised user access. The control deficiencies in ITGC increase:
The role of the department has changed significantly from a coordinating agency on behalf of GovConnect customers to a GovConnect IT service provider. It is leading a new IT operating model called ‘Service Integration and Application Management’ (SIAM) to strengthen governance and improve performance of GovConnect service providers. The Department is responsible for the remediation of control deficiencies and continuous improvement in the GovConnect environment. This matter was assessed as high-risk, if not adequately addressed, it had the potential to result in material fraud and error in the department's financial statements and reputation damages. This issue is further discussed later in this chapter. |
| 2020–21 findings | |
| Department of Customer Service New finding: Change management significant control deficiencies |
Revenue NSW, a division of the department has a key role in managing the State’s finances. It administers State taxes, manages fines, recovers State debt and administers grants and subsidies. The audit team found significant control deficiencies in change management controls:
We have included this matter as a high-risk management letter finding, as the audit team could not identify mitigating controls. The system activity of these developers was also not being independently logged and monitored. This increases the risk of unauthorised system change. This can significantly affect the integrity of tax calculation, business process approvals, invalid changes to bank accounts, unauthorised refunds and write-offs. The audit team conducted a risk analysis over the relevant business processes affected by this issue and performed additional audit procedures to address the audit risk. |
| Rental Bond Board Repeat finding: Accounting treatment of rental bonds held in trust |
The Rental Bond Board (the Board) holds rental bonds totalling $1.7 billion at 30 June 2021. The Board treated the rental bonds off-balance sheet and disclosed the rental bonds as ‘trust funds’. This treatment is based on management’s judgement that the Board does not have control of these funds. Previously the Board obtained advices from the Crown Solicitors who stated that in their view the rental bond funds held in the rental bond account were not moneys held in trust and the Residential Tenancies Act 2010 (the Act) should be reviewed and amended to better support its accounting treatment of rental bonds. The Board has initiated the need to amend the Act, however the implementation of the legislative amendments is still pending. This matter was assessed as high-risk, if not adequately supported, it had the potential to result in material misstatements in the Board's financial statements. |
The number of moderate risk findings increased from prior year
Fifty-nine moderate risk findings were reported in 2020–21, which was a 11.3 per cent increase from 2019–20. Of these, 26 were repeat findings, and 33 were new issues.
Moderate risk findings include:
- weaknesses in user access management, such as untimely access removal for terminated staff, and a lack of periodic user access review
- accounting for leases such as the review of extension options, assessing indicators of impairment and reviewing the lease reports for completeness and accuracy
- formalising arrangements between agencies including corporate service arrangements, funding arrangements, leases, use of SAP system and computer assets
- use of purchasing cards where our data analytics performed indicated potential gaps and controls and non-compliance with government policies.
The magnitude and number of internal control exceptions in GovConnect service providers have increased
In 2015, the NSW Government selected Unisys Australia Pty Limited’s (Unisys) as an information technology (IT) outsourced service provider and Infosys Limited (Infosys) as a business process outsourced service provider. The outsourced services arrangement was branded GovConnect NSW (GovConnect). The Department of Customer Service (the department) is the contract authority for the NSW Government. In 2019, the NSW Government transitioned a number of Unisys’ IT services progressively to the department and ceased all Unisys's IT services in May 2021. In 2020-21, Infosys, Unisys and the Department were co-providers of business processes and information technology services that constitute the GovConnect environment.
The role of the department has changed significantly from a coordinating agency on behalf of GovConnect customers to a GovConnect IT service provider. The department is responsible for the remediation of control deficiencies and continuous improvement in GovConnect internal control environment.
The department leads the project management of GovConnect services, including the arrangement to provide internal control assurance reports to customers in 2020–21. It engages an independent service auditor (service auditor) from the private sector to perform annual assurance reviews of controls at GovConnect service providers in accordance with Australian Standard on Assurance Engagements 3402 'Assurance Reports on Controls at a Service Organisation' (ASAE 3402). The service auditor reports on the internal controls at a service organisation, which are relevant to a user entity's internal control environment.
The service auditor issued eight ASAE 3402 reports covering business processes controls and information technology general controls (ITGC) provided by the service providers. Four out of eight reports were qualified, a significant increase from previous years.
The table below shows the service auditor's ASAE 3402 opinions issued in various business processes and information technology services provided by service providers for the last five years.
| ASAE 3402 controls report# | 2015–16^ | 2016–17 | 2017–18 | 2018–19 | 2019–20 | 2020–21 |
| Infosys Accounts receivable | Qualified | Unqualified | Unqualified | Unqualified | Unqualified | Qualified |
| Infosys Accounts payable | Qualified | Qualified | Unqualified | Unqualified | Unqualified | Unqualified |
| Infosys Fixed assets | Qualified | Unqualified | Unqualified | Unqualified | Unqualified | Unqualified |
| Infosys General ledger | Qualified | Qualified | Unqualified | Unqualified | Unqualified | Unqualified |
| Infosys Payroll | Adverse | Qualified | Unqualified | Unqualified | Unqualified | Unqualified |
| Infosys ITGC | Qualified | Qualified | Unqualified | Unqualified | Unqualified | Qualified |
| Unisys ITGC | Qualified | Unqualified | Qualified | Qualified | Unqualified | Qualified |
| The department ITGC* | -- | -- | -- | -- | Qualified | Qualified |
| ServiceFirst** | Disclaimer | -- | -- | -- | -- | -- |
In 2020–21, the information technology services controls reports issued to the department, Infosys and Unisys were qualified. Infosys' accounts receivable business process controls report was also qualified. The audit qualifications were because:
- the service auditor did not get access to the complete set of records processed during the financial year for several ITGC controls. The system that stored these records was hosted at Unisys. From December 2019 to 28 May 2021, the services at Unisys were progressively migrated to the department's IT environment but this system could not be migrated to the department in the required format, resulting in audit scope limitation for service auditors
- of the deviations identified during sample testing of ITGC controls
- the monthly follow up of outstanding receivables was not performed regularly, which was the only key control to address the timely collection of accounts receivable.
Internal control exceptions in GovConnect information and technology services require urgent remediations
The relevant controls over user access, system changes and password controls failed in all three ASAE 3402 GovConnect ITGC reports. These control failures can lead to unauthorised system access, system and configuration changes (workflow approvals, three-way match, etc.) and modifications to key reports. It increases the risk of:
- fraud and error in the financial statements
- ineffective segregation of duties controls
- accuracy and completeness of system generated reports for the agencies using the SAPConnect system.
The table shows the number of ITGC control deviations compared to prior year:
| Year ended 30 June | 2021 | 2020 | ||
| Total controls tested | Total number of control deviations and findings | Total controls tested | Total number of control deviations and findings | |
| Infosys ITGC | 41 | 16 | 35 | 8 |
| Unisys ITGC | 25 | 11 | 33 | 4 |
| DCS ITGC | 31 | 9 | 10 | 5 |
Most of these deviations were not mitigated or sufficiently mitigated to address the risk of unauthorised user access.
The service auditor identified significant areas for remediation:
- governance arrangement of the IT services
- user access management controls
- SAP database controls
- logical access
- incident management.
In response to the internal control qualifications, the audit teams performed data analytics over payroll and accounts payable. The data analytics identified several terminated employees that were paid long after their termination dates which resulted in salary overpayments during 2020–21. While management had put processes in place to recover these overpayments, the payroll processing controls need to be improved to prevent such overpayments.
The Department of Customer Service advised that it established a ‘Control Reframe Project’ (the project) to address the internal control exceptions at GovConnect service providers. The objective of the project is to ensure the GovConnect assurance model is aligned with clear lines of responsibility and remediation actions are in place to support the delivery of services and achieve an improved outcome for future years.
Recommendation
We recommend the Department of Customer Service:
- improve governance and internal control environment over the information technology services
- ensure GovConnect service providers prioritise remediation actions to address internal control exceptions
- perform a post-implementation review of the transition of the Unisys arrangement to identify lessons learnt and continuous improvement
- develop data analytics to help analyse and identify high-risk patterns and anomalies in GovConnect key transaction systems, augmenting their existing monitoring and detective controls.
The NSW Public Sector's cyber security resilience needs urgent attention
The 2020 'Central Agencies' Report to Parliament highlighted the need for Cyber Security NSW, a business unit within the Department of Customer Service, and NSW Government agencies to prioritise improvements to their cyber security resilience as a matter of urgency. A status update of the 2020 recommendation is included in Appendix five of this report.
The Audit Office's Annual Work Program identifies cyber security as a focus area for the Audit Office in 2021–24. It outlines a three-pronged approach to auditing cyber security in this period:
- considering how agencies are responding to the risks associated with cyber security across our financial audits across the NSW public sector
- examining the effectiveness of cyber security planning and governance arrangements for large NSW state government agencies for our Internal Controls and Governance report
- conducting deep-dive performance audits of the effectiveness of specific agency activities in preparing for, and responding to cyber security risks.
A performance audit 'Managing cyber risks' was tabled in Parliament in July 2021. The audit made several recommendations to audited agencies to uplift their cyber security management. It also recommended the Department of Customer Service to:
- clarify the requirement of the NSW Cyber Security Policy (CSP) reporting to all systems
- require agencies to report the target level of maturity for each mandatory requirement.
A compliance audit 'Compliance with the NSW Cyber Security Policy' was tabled in October 2021. The audit examined whether agencies are complying with the NSW Cyber Security Policy to ensure all NSW Government departments and public service agencies are managing cyber security risks to their information and systems.
The report found that key elements to strengthen cyber security governance, controls and culture are not sufficiently robust and not consistently applied. There has been insufficient progress to improve cyber security safeguards across NSW Government agencies. The poor levels of cyber security maturity are a significant concern. Improvement requires dedicated leadership and resourcing. To comply with some elements of the government’s policy agencies will have to invest in technical uplift and some measures may take time to implement. However, other elements of the policy do not require any investment in technology. They simply require leadership and management commitment to improve cyber literacy and culture. And they require accountability and transparency. Transparent reporting of performance is a key means to improve performance.
The report noted that the CSP was not achieving the objective of improved cyber governance, controls and culture. The compliance audit made several recommendations to Cyber Security NSW and other NSW Government agencies.
The 2021 maturity self-assessment results against the Australian Cyber Security Centre Essential 8 for the 25 largest NSW State Government agencies are reported in the 2021 'Internal Control and Governance' Report to Parliament.
Repeat recommendation
Cyber Security NSW and NSW Government agencies need to prioritise improvements to their cyber security resilience as a matter of urgency.
Management of cyber security risk
Our 2020-21 financial audit assessed whether cyber security risks represent a risk of material misstatement to the department's own financial statements. A request performance audit 'Service NSW's handling of personal information' was tabled on 18 December 2020. The audit followed two cyber security incidents that resulted in data breaches of customer information. As part of our audit procedures, we obtained an understanding of the controls the department has in place to address the risk of cyber security incidents and respond to any incidences which may have occurred during the year, including its impact on the audit.
Our assessment of the department’s own cyber risk management shows that:
- an approved security incident response plan was not in place during the reporting period. There was a lack of testing over incident detection and monitoring process
- a formal process over patch management that includes assessment, determining relevance and priority, timely rollout and escalation and reporting of long outstanding patches to senior management is being established.
The department provides information security services including cyber security management to cluster agencies. We found that there were insufficient communications within the Customer Service cluster over the controls and assurance over cyber security risk management. Some cluster agencies had put in place limited controls over cyber security risk management.
Recommendation
We recommend the Department of Customer Service:
- establish an approved security incident response plan and formal process over patch management
- improve communications with cluster agencies over the controls and assurance in cyber security management.
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Appendix five – Status of 2020 recommendations
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Premier and Cabinet 2021
This report analyses the results of our audits of the Premier and Cabinet cluster agencies for the year ended 30 June 2021.
Our preferred approach is to table the ‘Report on State Finances’ in Parliament before any other cluster report. This is because the 'Report on State Finances' focuses on the audit results and observations relating to the Total State Sector Accounts, in effect a consolidation of all government agencies. This year the 'Report on State Finances' has been delayed due to significant accounting issues being considered in the Total State Sector Accounts and which may impact the Treasury and Transport clusters.
As there are no outstanding matters relating to audits in the Premier and Cabinet cluster impacting the Total State Sector Accounts we have decided to break with normal practice and table this cluster report ahead of the ‘Report on State Finances’.
What the report is about
The results of the Premier and Cabinet cluster (the cluster) agencies' financial statement audits for the year ended 30 June 2021.
What we found
Unmodified audit opinions were issued for all Premier and Cabinet cluster agencies.
The number of monetary misstatements decreased from 49 in 2019–20 to 38 in 2020–21.
The Library Council of New South Wales corrected a prior period error of $325 million. In 2017, the council split its collection assets into six asset classes, but not the related asset revaluation reserves. To correct this error, some revaluation decrements previously recognised in asset revaluation reserves were reclassified to accumulated funds.
Eight agencies did not complete all of the mandatory early close procedures.
What the key issues were
The Premier and Cabinet cluster was impacted by three Machinery of Government (MoG) changes during 2020–21.
The changes resulted in the transfer of activities and functions in and out of the cluster and the creation of a new entity - Investment NSW.
The transferor entities continued to provide services to Investment NSW subsequent to 30 June 2021. There were no formal service level agreements in place for the provision of these services.
The New South Wales Electoral Commission (the Commission) and Sydney Opera House Trust obtained letters of financial support from their relevant Minister and/or NSW Treasury in 2020–21. The postponement of local government elections impacted the Commission's operations due to increased planned expenditure to support a COVID-safe election. Sydney Opera House Trust's ability to generate revenue was impacted due to the closure of the Concert Hall partly due to COVID-19 and planned renovations.
The number of repeated audit issues raised with management and those charged with governance increased from 22 in 2019–20 to 24 in 2020–21.
There were 47 moderate risk and 28 low risk findings identified. Of the total findings there were 24 repeat issues.
What we recommended
Investment NSW should ensure services received from other agencies are governed by service level agreements.
Fast facts
The Department of Premier and Cabinet supports the Premier and Cabinet to deliver the government's objectives, infrastructure, preparedness for disaster, incident recovery, arts and culture.
- $11.9b of property, plant and equipment as at 30 June 2021
- $4.4b total expenditure incurred in 2020-21
- 100% unqualified audit opinions were issued on agencies' 30 June 2021 financial statements
- 47 moderate risk findings were reported to management
- 38 monetary misstatements were reported in 2020-21
- 32% of all reported issues were repeat issues.
This report provides Parliament and other users of the Premier and Cabinet’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Premier and Cabinet cluster (the cluster) for 2021.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Premier and Cabinet cluster.
Section highlights
|
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
