Image
Refine search
Reports
Published
Local Government 2023
Local Government
Asset valuation
Cyber security
Financial reporting
Fraud
Information technology
Internal controls and governance
What this report is about
Results of the local government sector financial statement audits for the year ended 30 June 2023.
Findings
Unqualified audit opinions were issued for 85 councils, eight county councils and 12 joint organisations.
Qualified audit opinions were issued for 36 councils due to non-recognition of rural firefighting equipment vested under section 119(2) of the Rural Fires Act 1997.
The audits of seven councils, one county council and one joint organisation remain in progress at the date of this report due to significant accounting issues.
Fifty councils, county councils and joint organisations missed the statutory deadline of submitting their financial statements to the Office of Local Government, within the Department of Planning, Housing and Infrastructure, by 31 October.
Audit management letters included 1,131 findings with 40% being repeat findings and 91 findings being high-risk. Governance, asset management and information technology continue to represent 65% of the key areas for improvement.
Fifty councils do not have basic governance and internal controls to manage cyber security.
Recommendations
To improve quality and timeliness of financial reporting, councils should:
- adopt early financial reporting procedures, including asset valuations
- ensure integrity and completeness of asset source records
- perform procedures to confirm completeness, accuracy and condition of vested rural firefighting equipment.
To improve internal controls, councils should:
- track progress of implementing audit recommendations, and prioritise high-risk repeat issues
- continue to focus on cyber security governance and controls.
Pursuant to the Local Government Act 1993 I am pleased to present my Auditor-General’s report on Local Government 2023. My report provides the results of the 2022–23 financial audits of 121 councils, eight county councils and 12 joint organisations. It also includes the results of the 2021–22 audits for two councils and two joint organisations which were completed after tabling of the Auditor-General’s report on Local Government 2022. The 2022–23 audits for eight councils, one county council and one joint organisation remain in progress due to significant accounting issues.
This will be my last consolidated report on local councils in NSW as my term as Auditor-General ends in April. Without a doubt, the change in mandate to make me the auditor of the local government sector has been the biggest challenge in my term. Challenging for councils as they adjust to consistent audit arrangements and for the staff of the Audit Office of NSW as they learn about the issues facing NSW councils.
The change in mandate aimed to improve the quality of financial management and reporting across the sector. This will take time. But this report does show some ‘green shoots’ with more councils submitting financial reports to the Office of Local Government by 31 October and more councils having Audit, Risk and Improvement Committees.
I also want to acknowledge that councils face significant challenges responding to and recovering from emergency events whilst cost and resourcing pressures have been persistent.
The findings from our audits identify opportunities to further improve timeliness and quality of financial reporting and integrity of systems and processes. The recommendations in this report are also intended to improve financial management and reporting capability, encourage sound governance, and boost cyber resilience.
Margaret Crawford PSM
Auditor-General for New South Wales
Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines audit observations related to the financial reporting audit results of councils, county councils and joint organisations.
A strong system of internal controls enables councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations, and support ethical government.
This chapter outlines the overall trends in governance and internal controls across councils, county councils and joint organisations in 2022–23.
Financial audits focus on key governance matters and internal controls supporting the preparation of councils’ financial statements. Breakdowns and weaknesses in internal controls increase the risk of fraud and error. Deficiencies in internal controls, matters of governance interest and unresolved issues are reported to management and those charged with governance through audit management letters. These letters include our observations with risk ratings, related implications, and recommendations.
Appendix two – NSW Crown Solicitor’s advice
Appendix three – Status of previous recommendations
Appendix four – Status of audits
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Published
Cyber security in local government
Local Government
Cyber security
Information technology
Internal controls and governance
Management and administration
Risk
What this report is about
NSW local councils provide a wide range of essential services and infrastructure to their communities and are increasingly reliant on digital technologies.
Councils need to manage cyber security risks to ensure their information, data and systems are appropriately safeguarded. Councils also need to be prepared to detect, respond and recover when a cyber security incident occurs.
The audit assessed how effectively three selected councils identified and managed cyber security risks.
The audit also included the Department of Planning, Housing and Infrastructure (Office of Local Government) and Department of Customer Service (Cyber Security NSW), due to their roles in providing guidance and support to local councils.
Audit findings
The audit found that the selected councils are not effectively identifying and managing cyber security risks. Each of the councils undertook activities to improve their cyber security during the audit period, but this audit found significant gaps in their cyber security risk management and cyber security processes.
Such gaps result in unmitigated risks to the security of information and assets which, if compromised, could impact their local communities, service delivery and public infrastructure.
Cyber Security NSW and the Office of Local Government recommend that councils adopt requirements in the Cyber Security Guidelines for Local Government, but could do more to monitor whether the Guidelines are enabling better cyber security risk management in the sector.
Audit recommendations
In summary, the councils should:
- integrate assessment and monitoring of cyber security risks into corporate governance processes
- self-assess their performance against Cyber Security NSW's guidelines for local government
- develop and implement a risk-based cyber security improvement plan and program of activities
- develop, implement and test a cyber incident response plan.
Cyber Security NSW and the Office of Local Government should regularly consult on cyber security risks facing local government, and review the effectiveness of guidelines and related resources for the sector.
While this report focuses on the performance of the selected councils, the findings and recommendations should be considered by all councils to better understand their risks and challenges relevant to managing cyber security risks.
Local councils in New South Wales (NSW) provide a wide range of essential services and infrastructure to their communities and are increasingly reliant on digital technologies for this.
Councils use various information systems and software to manage significant amounts of information and data relevant to their corporate functions, infrastructure and service delivery. This may include sensitive information about residents, customers and staff.
Audit Office of New South Wales reports to Parliament have highlighted gaps in councils' cyber security risk management approaches since 2020. The Local Government 2023 report, tabled in March 2024, found that 50 councils were yet to implement cyber security governance frameworks and related internal controls.
The threat from cyber security incidents continues to rise. Such incidents can harm local government service delivery and may include the theft of information, denial of access to critical technology, or even the hijacking of systems for profit or malicious intent.
It is important that councils are effectively identifying and managing cyber security risks to:
- protect their information, data and systems
- be prepared to detect, respond to and recover from cyber security incidents
- ensure confidence in the services they are providing for their communities.
This report outlines important findings and recommendations from a performance audit of three councils: City of Parramatta Council, Singleton Council and Warrumbungle Shire Council. This audit report has deidentified findings for each council, but the specific findings have been directly shared with each council to enable them to remediate and improve cyber safeguards. The findings and recommendations in this report are likely to be relevant to most local councils in NSW and councils are encouraged to ensure they have sufficient cyber safeguards.
This audit assessed how effectively the selected councils identified and managed cyber security risks. The audit considered whether the councils:
- effectively identify and plan for cyber security risks
- have controls in place to effectively manage identified cyber security risks
- have processes in place to detect, respond to, and recover from cyber security incidents.
This audit also included the Department of Customer Service and the Office of Local Government (OLG) within the Department of Planning and Environment (DPE) due to their roles in providing guidance and support to local government.1
Cyber Security NSW, part of the Department of Customer Service, supports local councils to improve their cyber resilience through a range of services and guidance, including the Cyber Security Guidelines – Local Government issued in December 2022.
The OLG is responsible for strengthening the sustainability, performance, integrity, transparency and accountability of the local government sector.
ConclusionThe three councils are not effectively identifying and managing cyber security risks. As a result, councils' information and systems are exposed to significant risks, which could have consequences for their communities and infrastructure. Ineffective cyber security risk management can result in unmitigated risks to the security of information and assets which, if compromised, could impact the councils' local communities, service delivery and public infrastructure. Poor management of cyber security can lead to consequences including theft of information or money, service interruptions, costs of repairing affected systems, and reputational damage. Each council undertook activities to improve their cyber security during the audit period, but there were significant gaps in the councils' risk management processes and controls meaning the councils are not effectively identifying and managing cyber security risks. Key findings include:
None of the councils have up to date plans and processes to support effective detection, response and recovery from cyber security incidents. Councils need to be prepared to identify when a cyber incident occurs, and be able to respond to cyber incidents to contain any compromises and minimise the impact. This is even more important for councils with low levels of maturity in their preventative cyber security controls. Key findings include:
Cyber Security NSW and the OLG recommend that councils adopt requirements set out in the Cyber Security Guidelines for Local Government, but could do more to monitor whether the Guidelines are enabling better cyber security risk management in the sector. Cyber Security NSW and the OLG recommend that local councils implement the Cyber Security Guidelines for Local Government. However, while the roles of both Cyber Security NSW and the OLG involve identifying and responding to specific sector risks, neither is monitoring the uptake of the Guidelines by local councils to identify whether they are enabling better cyber security risk management. Cyber Security NSW and the OLG did not ensure that their roles, responsibilities and actions relevant to cyber security management were coordinated and complementary during the audit period. Cyber Security NSW's Local Government Engagement Plan was updated in November 2023 to include information about its approach to stakeholder collaboration to support a cyber secure NSW Government, including through engagement with the OLG. |
1 The OLG was part of DPE up to 1 January 2024, when DPE was abolished and the OLG became part of the Department of Planning, Housing and Infrastructure (DPHI).
Local councils in New South Wales (NSW) provide a wide range of essential services and infrastructure to their communities. In doing so, councils use a range of information technology (IT) systems, assets, and digital services.
This audit follows several audit reports by the Audit Office of New South Wales that have considered how effectively NSW Government entities, including local councils have managed cyber security risks (see Appendix three).
The Audit Office of New South Wales has reported on how councils have managed cyber security risks since 2020. In the Local Government 2023 report, tabled in March 2024, gaps in cyber security frameworks and related internal controls were reported in 50 councils.
This chapter includes a summary of thematic key findings for the selected councils.
Cyber Security NSW is responsible for supporting local councils to improve their cyber resilience through a range of services and guidance and published its Local Government Engagement Plan in 2023 (discussed below).
The Office of Local Government (OLG) is responsible for strengthening the sustainability, performance, integrity, transparency and accountability of the local government sector. It does this through a range of activities including monitoring sector-wide and council-specific risks, issuing guidance, engaging with councils to build capacity and supporting the Minister for Local Government’s discretionary intervention powers.
Appendix one - Response from entities Cyber security in LG
Appendix two - Glossary- Cyber security in local government
Appendix five – About the audit- Cyber security in local government
Appendix six – Performance auditing -Cyber security in local government
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #392- released 26 March 2024
Published
Regulation insights
Environment
Finance
Health
Local Government
Whole of Government
Compliance
Cyber security
Internal controls and governance
Management and administration
Procurement
Regulation
Risk
What this report is about
In this report, we present findings and recommendations relevant to regulation from selected reports between 2018 and 2024.
This analysis includes performance audits, compliance audits and the outcomes of financial audits.
Effective regulation is necessary to ensure compliance with the law as well as to promote positive social and economic outcomes and minimise risks with certain activities.
The report is a resource for public sector leaders. It provides insights into the challenges and opportunities for more effective regulation.
Audit findings
The analysis of findings and recommendations is structured around four key themes related to effective regulation:
- governance and accountability
- processes and procedures
- data and information management
- support and guidance.
The report draws from this analysis to present insights for agencies to promote effective regulation. It also includes relevant examples from recent audit reports.
In this report, we also draw out insights for agencies that provide a public sector stewardship role.
The report highlights the need for agencies to communicate a clear regulatory approach. It also emphasises the need to have a consistent regulatory approach, supported by robust information about risks and accompanied with timely and proportionate responses.
The report highlights the need to provide relevant support to regulated parties to facilitate compliance and the importance of transparency through reporting of meaningful regulatory information.
I am pleased to present this report, Regulation insights. This report highlights themes and generates insights about effective regulation from the last six years of audit.
Effective regulation is necessary to ensure compliance with the law. Effective regulation also promotes social, economic, and environmental outcomes, and minimises risks or negative impacts associated with certain activities. But regulation can be challenging and costly for governments to implement. It can also involve costs and impact on the regulated parties, including other public sector and private entities, and individuals. As such, effective regulation needs to be administered efficiently, and with integrity.
Having a clearly articulated and communicated regulatory approach is essential to achieving this outcome, particularly when this promotes voluntary compliance and sets performance standards that are informed by community expectations. A consistent approach to exercising regulatory powers is important: it should be supported by robust information about regulatory risks and issues, and accompanied with timely, proportionate responses. Providing relevant support to the regulated parties and coordinating activities to facilitate compliance and performance can generate efficiencies.
Finally, transparency matters. It matters so that government has oversight of and can be held accountable for its leadership of public sector compliance, and in regulating the activities of third parties. Transparency also matters because it can provide insights into the effective exercise of government power. To achieve this, meaningful regulatory information needs to be reported.
While these issues are most pertinent for government agencies that exercise traditional regulatory functions, they are also relevant to lead government agencies that provide a stewardship role in promoting compliance and performance by other government agencies in relation to particular areas of risk.
Over the past six years, our audit work has found many common and repeat performance gaps, creating risks, inefficiencies, and limiting outcomes of regulatory activities. In considering these gaps, this report provides public sector leaders with insights into the challenges and opportunities they may encounter when aiming for more effective regulation, including the good governance of regulatory activities. This includes insights for lead agencies that provide a public sector stewardship role. Through applying these insights and maximising regulatory effectiveness, unintended impacts on the people and sectors government serves and protects can be avoided or at the very least minimised.
Margaret Crawford PSM
Auditor-General for NSW
This report brings together key findings and recommendations relevant to regulation from selected performance and compliance audits between 2018 and early 2024 (19 in total), and from two reports that summarise results of financial audits during the same period. It aims to provide insights into the challenges and opportunities the public sector may encounter when aiming to enhance regulatory effectiveness.
The report is structured in two sections, each setting out insights from relevant audits and providing summaries as illustrative examples.
Section 3 is focused on insights from audits of agencies that administer regulatory powers and functions over other entities or activities (typically known as 'regulators'). The powers and functions of regulators are defined in law, and often relate to issuing approvals (e.g., licensing) for certain activities, and/or monitoring allowable activities within certain limits. Regulators often have compliance and enforcement powers that can be exercised in particular circumstances, such as when a regulated entity has not complied with relevant requirements.
Agencies may be primarily established as regulators or perform regulatory activities alongside other functions. Depending on the context, the regulated activity may relate to other state agencies, local government entities, non-government entities or individuals.
Section 4 summarises insights from a selection of audits of agencies that provide a stewardship role in promoting compliance by and performance of other state agencies and local government entities in relation to specific regulations or policies. These policies may or may not be mandatory and, unlike a more traditional regulator, the coordinating agency may not have enforcement powers to ensure compliance.
These policies, and accompanying guidelines and frameworks, are typically issued by ‘central agencies’ such as the Premier's Department that have a public sector stewardship role. They can also be issued by agencies with a leadership role in particular policy areas ('lead agencies'). While individual agencies and local government entities implementing these policies are responsible for their own compliance and performance, lead and central agencies have an oversight role including by promoting accountability and coordinating activities towards achieving compliance and performance outcomes across the public sector.
Readers are encouraged to view the full reports for further information. Links to versions published on our website are provided throughout this document, and a full list is in Appendix one. An overview of the rationale for selecting these audits and the approach to developing this report is in Appendix two.
The status of agencies' responses to audit recommendations
Findings from the audits referred to in this report were current at the time each respective report was published. In many cases, agencies accepted audit recommendations, as reflected in the letters from agency heads that are included in the appendix of each audit report.
The Public Accounts Committee of the NSW Parliament has a role in reporting on and ensuring that agencies respond appropriately to audit recommendations. Readers are encouraged to review the Public Accounts Committee's inquiries on agencies' implementation of audit recommendations, which can be found on the Committee's website.
Published
Flood housing response
Planning
Whole of Government
Community Services
Premier and Cabinet
Internal controls and governance
Management and administration
Procurement
Project management
Risk
Service delivery
Shared services and collaboration
What this report is about
Extreme rainfall across eastern Australia in 2021 and 2022 led to a series of major flood events in New South Wales.
This audit assessed how effectively the NSW Government provided emergency accommodation and temporary housing in response to the early 2022 Northern Rivers and late 2022 Central West flood events.
Responsible agencies included in this audit were the Department of Communities and Justice, NSW Reconstruction Authority, the former Department of Planning and Environment, the Department of Regional NSW and the Premier’s Department.
Findings
The Department of Communities and Justice rapidly provided emergency accommodation to displaced persons immediately following these flood events.
There was no plan in place to guide a temporary housing response and agencies did not have agency-level plans for implementing their responsibilities.
The NSW Government rapidly procured and constructed temporary housing villages. However, the amount of temporary housing provided did not meet the demand.
There is an extensive waitlist for temporary housing and the remaining demand in the Northern Rivers is unlikely to be met. The NSW Reconstruction Authority has not reviewed this list to confirm its accuracy.
Demobilisation plans for the temporary housing villages have been developed, but there are no long-term plans in place for the transition of tenants out of the temporary housing.
Agencies are in the process of evaluating the provision of emergency accommodation and temporary housing.
The findings from the 2022 State-wide lessons process largely relate to response activities.
Audit recommendations
The NSW Reconstruction Authority should:
- Develop a plan for the provision of temporary housing.
- Review the temporary housing waitlist.
- Determine a timeline for demobilising the temporary housing villages.
- Develop a strategy to manage the transition of people into long-term accommodation.
- Develop a process for state-wide recovery lessons learned.
All audited agencies should:
- Finalise evaluations of their role in the provision of emergency accommodation and temporary housing.
- Develop internal plans for implementing their roles under state-wide plans.
Extreme rainfall across eastern Australia in 2021 and 2022 led to a series of major flood events in New South Wales. In response, the NSW Government declared each of these events a natural disaster and made available a wide range of support for affected individuals and businesses. The flooding experienced by the State was widespread and its severity caused significant destruction in communities across the State. Some of the most significant damage occurred in the Northern Rivers and Central West regions of New South Wales.
Whilst areas of the Northern Rivers are prone to regular flooding, the scale of flooding in 2022 had not been experienced in the region before. On 28 February 2022, the Wilsons River in Lismore reached a height of 14.4 metres, approximately 2.3 metres higher than the previous record. A second flood occurred on 30 March 2022, with the river reaching 11.4 metres. The flooding in the region was extensive, affecting towns including Lismore, Coraki, Woodburn and Ballina. Between late February and early April 2022, 13 lives were lost in the Northern Rivers floods. In addition, 4,055 properties were deemed uninhabitable, and a further 10,849 properties were assessed as damaged. Approximately 4,000 people had to be evacuated from Lismore alone during this period, with thousands displaced from their homes across the region.
In the Central West, on 14 November 2022, the Lachlan River at Forbes peaked at 10.6 metres and was categorised as major flooding due to the inundation of extensive rural areas with properties, villages and towns isolated. On the same day in Eugowra, the Mandagery Creek peaked at 9.8 metres, passing the previous record of 9.6 metres in 1950. Flooding occurred in other areas of the Central West including Parkes, Molong, Cowra and Canowindra. Two lives were lost in the town of Eugowra with 80% of homes and businesses in the town damaged.
This audit assessed the following two areas of NSW Government support provided in response to these flood events:
- Provision of emergency accommodation: short-term accommodation provided to displaced persons unable to return to their own home in an emergency situation.
- Provision of temporary housing provided in the form of temporary pods and caravans.
The Department of Communities and Justice (DCJ) is responsible for the provision of emergency accommodation and other welfare services in response to a disaster event. With regards to temporary housing, the following agencies were involved in this audit:
- Resilience NSW was the lead agency responsible for recovery and led the implementation of the temporary housing program under the oversight of the Chair, Housing Taskforce (HTF) from July 2022. On 16 December 2022, Resilience NSW was abolished, with some staff transferred to the NSW Police Force, Department of Premier and Cabinet (DPC) and DCJ. The remaining staff were transitioned to the newly established NSW Reconstruction Authority.
- The Department of Planning and Environment (DPE) chaired the HTF until July 2022 and led the process for the identification and evaluation of temporary housing village sites. On 1 January 2024, DPE was abolished and the DPE functions discussed in this report now form part of the Department of Planning, Housing and Infrastructure.
- NSW Public Works (NSWPW), a branch of the Department of Regional NSW (DRNSW) procured and managed the construction of the pods used in this program, and procured the caravans used as part of the temporary housing response.
The then DPC (now Premier’s Department (PD)) was responsible for whole-of-government policy advice, convening the Crisis Policy Committee of Cabinet, and whole-of-government communications.
This audit assessed how effectively the NSW Government provided emergency and temporary housing in response to the early 2022 Northern Rivers and late 2022 Central West flood events. We addressed this objective by examining whether the audited agencies:
- effectively planned for the provision of emergency accommodation and temporary housing prior to the flood events
- provided emergency accommodation and temporary housing to meet the needs of affected communities in response to the flood events
- are effectively capturing lessons learned in relation to their provision of emergency accommodation and temporary housing as part of the flood response.
There is a State-level plan in place to guide the approach to emergency accommodation
The Welfare Services Functional Area Supporting Plan (WSFASP, the plan) is a supporting plan to the New South Wales Emergency Management Plan (EMPLAN). The plan outlines the responsibilities of the Department of Communities and Justice (DCJ) for the coordination and delivery of disaster welfare services in New South Wales. This includes the provision of emergency accommodation services. The plan in place during the flood events outlined the responsibilities of DCJ and the former Office of Emergency Management (OEM), some responsibilities of which have since transitioned to the NSW Reconstruction Authority (the Reconstruction Authority). The plan sets out a framework for government and non-government organisations to coordinate to provide key welfare services during an emergency, and outlines agreed roles and responsibilities. The plan outlines preparedness measures and arrangements for the provision of key welfare services during the response to and recovery from emergencies in New South Wales.
The plan details the organisations and key positions involved in welfare services, including their overall roles and responsibilities, and a basic structure for the delivery of disaster welfare services. For example, the plan states that both the former Department of Families and Communities Services and the not-for-profit Adventist Development and Relief Agency (ADRA) are responsible for emergency accommodation but does not clarify the detailed responsibilities associated with this role. These provide a State-wide, though not detailed, approach to emergency accommodation and welfare services in a disaster recovery context.
There was no plan in place to guide the temporary housing response, despite the NSW Government utilising this type of response in a previous emergency event
The State-level emergency planning documents do not contemplate the need for temporary housing as a government disaster response. Although there was a temporary housing response to the Black Summer bushfires in 2019–20, albeit on a smaller scale, no specific plans were in place to guide this response or the flood events in 2021–22. The NSW Government therefore had to develop its approach to addressing demand for temporary housing whilst responding to the flood emergency as it was occurring.
A partnership was established between the NSW Government and the Minderoo Foundation in 2020 to provide 100 pods to people whose homes were destroyed in the Black Summer bushfires. The initial rollout consisted of four-person pods, however the need for greater capacity was identified, with larger, family-sized pods developed for up to six people. The implementation of this program did not include formalising the work completed in documented plans for future use in response to other emergency events.
A plan that sets out how temporary housing should be used is in place in Queensland. The Queensland Government released a Temporary Emergency Accommodation (TEA) plan in 2021 which describes the arrangements, roles and responsibilities of key organisations critical to supporting displaced community members after the closure of an evacuation centre. The TEA plan outlines the five phases in the provision of accommodation support which includes temporary housing recovery. This demonstrates that a plan for the use of temporary accommodation would not be unprecedented.
Without plans in place to respond to all aspects of an emergency, decision makers are forced to be reactive in their decision making or to develop these plans while also responding to the events. In this specific instance, the government was forced to develop governance structures and perform tasks such as options analysis and site selection for temporary housing during the immediate aftermath of the flood events.
The Reconstruction Authority has acknowledged the need for a formalised plan for temporary housing responses and has started work to develop this in preparation for future flood events. It advised that the Housing Taskforce (HTF) has begun this work by performing assessments and reviews of high-risk areas and engaging with local councils and community groups. The Reconstruction Authority is also developing a Recovery Readiness Checklist, which will include preparedness for the provision of temporary housing in an emergency. Pre-event recovery planning specific to Local Government Areas (LGAs) is also underway, with the Reconstruction Authority developing tailored checklists which cover the provision of temporary housing. These tools will form part of the State's recovery response under the NSW Recovery Plan, which the Reconstruction Authority is currently in the process of updating. The Reconstruction Authority advises that this update will include identifying responsibilities in relation to the temporary housing response and recovery more broadly.
The WSFASP in place during the flood events had not been reviewed and updated in line with its planning requirements
Plans which outline the coordination and delivery of services in response to an emergency are imperative to ensure all required activities are completed, and the needs of affected communities are met. Plans also serve as a common reference point for decision making. Out of date plans can result in unclear roles and responsibilities, requiring agencies to make improvised decisions due to the urgent nature of emergency response. This creates a risk of key activities not being fulfilled and community needs going unmet.
The WSFASP in place during the flood response was last updated and endorsed by the State Emergency Management Committee (SEMC) in June 2018. As part of the planning requirements outlined in the plan, the State Welfare Services Functional Area Coordinator (WelFAC) is required to ensure the plan is reviewed every five years, or when relevant aspects require review following emergency operations or changes to legislation. The State WelFAC is an officer from DCJ responsible for the monitoring, support and coordination of disaster welfare services in New South Wales.
In 2020, a machinery of government change was implemented which established Resilience NSW as a public service executive agency and transferred persons employed in OEM to Resilience NSW. Despite these legislative changes, the plan had not been updated in line with its requirements to reflect these and subsequent changes, as OEM was still listed as one of the two agencies responsible for the coordination and delivery of disaster welfare services. Similarly, the plan had not been updated to reflect emergency operations changes with ADRA listed as the responsible coordinator for the provision of emergency accommodation services, despite no longer being responsible for this service.
The WSFASP has since been updated to reflect these changes and was endorsed by the SEMC in September 2023. The current WSFASP aligns with the welfare services responsibilities following the transfer of the welfare services functional area to DCJ in 2023. This includes the role of DCJ as the lead agency for the WSFASP, and DCJ and the Housing Contact Centre (HCC) within DCJ as the coordinator of emergency accommodation. The updated plan also provides an outline of the key welfare services that are delivered by the functional area, including emergency accommodation, personal support, essential food and grocery items, and transition from emergency accommodation. The outline provides a description of each service and the agency, team or non-government organisation responsible for coordinating the service.
Agencies did not have agency-level plans in place for implementing their responsibilities under State-level emergency accommodation and temporary housing plans
The State EMPLAN establishes a framework for sub plans, supporting plans and related policy instruments and guidelines. It states that a supporting plan should describe the support which is to be provided to the controlling or coordinating authority during emergency operations and be an action plan which describes how an agency or functional area is to be coordinated in order to fulfill the roles and responsibilities allocated. Without this more detailed guidance being in place, there is no common reference point for individuals within an agency to refer to when implementing the broader State-level plans, such as the WSFASP.
The WSFASP defines emergency accommodation and outlines the government and non-government organisations responsible for its provision. It does not provide a detailed description of the specific roles and responsibilities related to its provision. DCJ does not have an agency-level plan in place that specifies these in more detail, and did not have any standard operating procedures (SOPs) in place to guide the process of housing displaced persons in emergency accommodation.
The absence of SOPs to guide this process can increase the chance of inconsistent implementation of the WSFASP, with a reliance on the experience of staff to complete tasks to house people in emergency accommodation. For example, at the onset of an emergency, staff in the HCC contact local accommodation venues such as hotels and motels to determine availability in the area. They may also book blocks of rooms in preparation for housing displaced persons. At the time of the flood events, there was no documentation which detailed the process for DCJ staff to follow and these tasks were not recorded anywhere as requiring completion before a disaster occurred.
DCJ has advised that they have since developed internal processes which form part of the training program for Disaster Welfare staff. In addition to this, the HCC has developed a guide which steps out the various processes relating to the provision of emergency accommodation, as well as outlining the different roles and responsibilities within the HCC in relation to these processes.
As noted, there is no State-level plan in place to guide the temporary housing response. As a result, there is no framework to guide this process at an agency level for the Reconstruction Authority. The absence of both State and agency-level plans guiding the provision of temporary housing at the time of the flood events meant that agencies were required to develop a process to follow at the same time as responding to the flood events.
Appropriate governance structures were established quickly and changed as needed to reflect recovery needs
The State Recovery Committee (SRC) was activated following the 2019–20 bushfires and was still operating at the time of the 2022 floods. As part of this, the SRC had a terms of reference which included responsibilities of the SRC and a membership list. The responsibilities of the SRC in the terms of reference are to:
- provide strategic direction in relation to disaster recovery
- oversee reconstruction and recovery efforts in disaster impacted areas
- provide senior leadership to facilitate whole-of-government coordination
- monitor and report to the Premier, Deputy Premier and Cabinet on the progress of recovery efforts in disaster impacted areas.
Once the flood events commenced on 28 February 2022, the SRC increased its meeting frequency to every two days initially, for a total of 13 meetings in March. The SRC continued to meet at least twice a week from mid-April until the end of May, at which point it reduced gradually in frequency to weekly and then fortnightly. The SRC continued to meet throughout all of 2022 and 2023.
The SRC established a range of subcommittees to assist with recovery efforts. These subcommittees were operational from March 2022 onwards. Subcommittees had terms of reference setting out their role and were chaired by appropriate agencies with operational responsibilities that aligned with those roles. The Health and Wellbeing subcommittee was established as part of this and initially had responsibility for the provision of both emergency accommodation and temporary housing. This subcommittee was chaired by a relevant Senior Executive in DCJ.
As noted above, none of the whole-of-government plans prior to the flood events allocated responsibility to an agency or subcommittee for constructing and managing temporary housing. Although temporary housing had been utilised by the government previously in response to the 2019–20 bushfires, its provision had never been implemented on the scale required in response to the flood events.
In early March, the SRC created a new subcommittee: the Housing Taskforce (HTF). The HTF contained key staff from a wide variety of agencies, as well as other key stakeholders like local councils where appropriate, and was chaired by a Senior Executive from the Planning Branch of the Department of Planning and Environment (DPE). A terms of reference was quickly developed for the subcommittee. The HTF’s initial purpose included developing a strategy for identifying locations and pathways for temporary housing. This allowed the Health and Wellbeing subcommittee and the HTF to provide more focus on their particular areas of responsibility.
The SRC helped to manage issues but did not provide strategic risk management
Subcommittees regularly reported to the SRC throughout the flood response period. The SRC was able to manage issues with these programs as they arose, often by connecting relevant staff and providing a forum for these issues to be resolved across agencies. In this way, the SRC was able to manage issues, which aligns with its role in facilitating whole-of-government coordination.
Given that all relevant agencies were represented on the SRC, it was uniquely placed to provide strategic risk management across all aspects of the recovery effort including provision of accommodation and housing following the floods. This would fall within the SRC’s role of providing strategic direction in relation to disaster recovery. Strategic risk management involves addressing external risks, including those which may impact the government’s ability to achieve its objectives. The SRC did not undertake strategic risk management to proactively identify issues that could hinder the recovery effort, such as through developing risk registers and assigning mitigation strategies to agencies or specific individuals.
In regards to the flood temporary housing response, this may have included identifying and mitigating risks that could impact on the quantity of housing provided, risks to the overall flood recovery budget, and risks related to further flood events occurring that might hinder flood recovery. While the SRC did not consider this work during the flood response, Resilience NSW and the Reconstruction Authority both documented some whole-of-government risks to the delivery of the response to natural disasters as part of their enterprise risk management processes, including throughout 2022. However, this work was not undertaken specifically in relation to the unfolding flood events, but was instead done as part of the agency's regular review of its enterprise risks. Given that only one agency was involved in this risk identification, it was not a substitute for whole-of-government risk identification through the SRC.
The HTF did undertake some separate risk identification for the temporary housing response in the Northern Rivers, but not until October 2022. The HTF had been in operation since March 2022 without undertaking formal risk assessments to determine key risks to the provision of temporary housing that required mitigation. Some of the risks identified included expenditure on temporary housing exceeding its allocated budget, temporary housing sites failing to deliver agreed outcomes, and that there would be inappropriate or ineffective engagement with Aboriginal communities. This risk identification from the HTF was also reflected in Resilience NSW's and the Reconstruction Authority’s enterprise risk registers, where it is identified that there is a risk that the agencies do not effectively deliver on short and medium term housing.
The SRC provided oversight of the work of subcommittees
As noted above, one of the roles of the SRC is to oversee reconstruction and recovery efforts in disaster impacted areas. To fulfil this role of providing oversight, the SRC received updates on the activities of each subcommittee at each meeting.
In March 2022, each subcommittee developed a 100-Day Flood Action Plan that set out actions that would be completed in the first 30, 60 and 100 days. Each subcommittee was required to update its Flood Action Plan and report progress on implementation to the SRC every two weeks. The SRC received this regular reporting from each subcommittee, which included the status of each item, actions undertaken to date, and the next steps that each subcommittee was undertaking. This served to provide the SRC with oversight of the actions of each group to supplement the subcommittee updates with greater detail.
The quality of reporting from the HTF to the SRC reduced throughout August and September 2022. At this time the updates from the subcommittee included either only a verbal update or only statistical updates on the temporary housing response. This means that throughout this period, the SRC was providing only limited oversight of the temporary housing response. From October 2022, the HTF provided more detailed updates to the SRC, providing data on the temporary housing villages including the number of dwellings, estimated capacity and the status of each of the village sites (whether operational or estimated date of construction completion).
DCJ adapted its usual procedures to house a large number of people in emergency accommodation following the Northern Rivers flood event
The HCC, a branch within DCJ, is responsible for arranging emergency accommodation during a disaster, although this responsibility was not outlined in a specific emergency accommodation plan or procedure at the time of the flood events. Once a disaster is declared, the HCC is activated for a disaster welfare response. The team is required to estimate the number of people who will be displaced by the disaster and may seek emergency accommodation. The team is also required to contact local accommodation providers such as hotels, motels and caravan parks to determine vacancy information, as well as obtain information about the facilities such as wheelchair accessibility and pet-friendly rooms. The HCC team will then make direct contact with staff at evacuation centres and facilitate bookings based on the demand. A central internal database is utilised by the HCC, which enables them to see providers and book within the system.
In following these procedures, DCJ housed 788 people in the two weeks following the initial flood event by utilising the standard local accommodation providers. On 27 April 2022, 1,440 people were reported as staying at local accommodation providers as part of the emergency accommodation response. Exhibit 5 shows the number of people housed in emergency accommodation across the North Coast from March 2022 to early April 2023.
Governance structures continued to operate as previously established in response to the Central West flood event
The governance structures established in response to the 2019–20 bushfires and the flood event in the Northern Rivers mostly operated in the same capacity for the management of the Central West flood event. In October 2022, the meeting frequency for the SRC reduced to fortnightly, following the same structure with subcommittee updates discussed as part of the agenda. There was no increase in meeting frequency during or in the immediate aftermath of the response to the Central West flood event.
Resilience NSW continued to document whole-of-government risks to the delivery of the response to natural disasters during the response to the Central West flood event, and this work was continued by the Reconstruction Authority once established. Resilience NSW also continued to develop risk dashboard heatmaps each quarter, monitoring any changes in the residual risk rating of these risks, as well as outlining issues identified, and any new and emerging risks.
DCJ housed displaced persons in the Central West quickly, considering additional needs during the process
DCJ, through the HCC, advised that it followed its standard process outlined above for the provision of emergency accommodation during the Central West flood event. The evacuation order for Eugowra was made on 15 November 2022, and by 8 December 2022, DCJ had housed 93 people from the community in emergency accommodation. The HCC was able to utilise alternative accommodation such as rooms at Charles Sturt University to meet the increasing demand for emergency accommodation in the Central West.
Through the initial consultation process conducted with displaced persons at evacuation centres, the HCC was also able to consider their additional needs and meet these where possible. For example, companion animals were supported by Local Land Services and the Royal Society for the Prevention of Cruelty to Animals through the provision of boarding services. DCJ advised that local needs were also considered as part of the intake process. For example, displaced persons were accommodated as close to their hometown as possible. Those evacuated from Forbes were given priority for emergency accommodation in Forbes. This did impact evacuees from other towns. Ordinarily, those displaced in Eugowra would also be housed in Forbes, but due to limited accommodation options, they were evacuated to Orange instead. Other considerations made for displaced persons included level access and accessible rooms for those with disabilities, and baby care items, such as cots, where required.
The At-home Caravans program was implemented as immediate shelter for displaced persons awaiting pods on their property in the Central West
By 28 November 2022, Resilience NSW made the decision to activate the At-home Caravans program in the Central West, with applications from displaced persons being taken within a week after the flood event in Eugowra. Caravans were temporarily set up on private properties in Eugowra. Displaced persons are able to live in these caravans while waiting for a pod to be installed on their property. By 10 January 2023, 102 caravans had been delivered to the Central West and started to be located on private properties. At 30 May 2023, Resilience NSW had delivered 124 out of the 129 required caravans to properties. A plan was implemented to provide immediate shelter in the community through the caravans, organise medium-term housing in the form of pods, and support displaced persons to repair or rebuild their homes. Caravans were provided to households where properties required demolition, those that were damaged but reparable, and rental properties with owner’s consent.
Other options for immediate shelter were considered but not progressed. Placing caravans on site at showgrounds or caravan parks was considered, however a NSWPW assessment found that 95% of impacted homes could accommodate caravans on property. Caravans on property require less ongoing case management, site works and utilities. Private farm house rental accommodation was also considered, however extremely low availability of these in the area resulted in the decision to not progress this option.
Resilience NSW was able to meet the demand for housing in the Central West by placing temporary housing on people’s property
Resilience NSW conducted early analysis of potential temporary housing village sites in the aftermath of the floods in the Central West. However, after reviewing the situation in Eugowra and the relatively larger blocks, it was decided a more appropriate solution would be to place temporary pods on private property. Part of this decision was the impact a centralised village located in Eugowra would have on displaced persons from other affected towns. At 30 May 2023, 59 out of 100 pods had been installed on private properties. These pods replaced caravans initially installed on private properties, although at the time of the audit some disaster-affected persons were still living in caravans while they wait for pod installation on their property.
Resilience NSW was able to utilise the excess pods from the Northern Rivers to reduce the wait time for displaced persons to move into the pod from the caravan located on their property. Once their eligibility had been confirmed, the resident met with NSWPW and the builders contracted to install the pods. The resident confirmed where they would like the pod placed and the size needed. Applicants were then prioritised by Resilience NSW and pods installed in order of this prioritisation. NSWPW engaged the same third-party contractor used in the Northern Rivers construction to expedite the installation process.
Resilience NSW used measures to adapt the pods for suitable use in the Central West, as well as configuring them to meet mobility needs of residents. Cabonne Shire and Forbes Shire Councils required pods to be built at a height of 1.5 metres. The pods were therefore installed on scaffolding to raise their height. As the pods were designed and constructed for the Northern Rivers climate, insulation was installed on the base of the pods to ensure the inside temperature was appropriate for residents in the Central West. The raised height of the pods also impacted their accessibility, so the contractor was also engaged to install ramps instead of stairs where needed.
The first demobilisation of a pod occurred on 7 August 2023, after the resident’s home had been repaired and it was suitable for them to move back home. The Reconstruction Authority advised that as pods continue to be demobilised, they will be cleaned, any required repairs completed, and then moved onto the next property as needed. There was no long-term plan initially developed for the transition of tenants out of temporary housing, although the Reconstruction Authority has advised that the newly developed Temporary Housing Plan will include these considerations to inform processes at the end of the lease period. There has been consideration for returning the pods to the Northern Rivers once the work in the Central West is complete.
The Reconstruction Authority advised that due to the delays residents are facing in accessing trades and payment of insurance claims, the HTF is currently seeking the support of councils to extend the placement of pods beyond the two years that were initially planned.
There was no clear process in place to support displaced persons in emergency accommodation who were ineligible for temporary housing in the Central West
The WSFASP in place during the flood events did not outline a transition plan for displaced persons staying in emergency accommodation. Resilience NSW took over responsibility for the transition of displaced persons from emergency accommodation to temporary housing. It was not always possible to house rental tenants by placing a pod on the property they were occupying because they were unable to obtain landowner permission. It was necessary to find an alternative property to install these pods, usually on property owned by a family member. This was able to address most tenants’ issues.
It was unclear which agency was responsible for the support of renting households in the medium to long-term. The lack of a documented process for the provision of emergency accommodation created a gap in relation to the support for displaced persons. The WSFASP has since been updated to include provision for coordinated case management support to assist people in emergency accommodation with longer-term housing needs.
DCJ maintained a list of displaced persons who had been staying in emergency accommodation and were unable to exit without assistance. This list was provided to Resilience NSW weekly. Resilience NSW provided updates to DCJ on the status of those who were being transitioned into temporary housing, but no assistance was provided by Resilience NSW to those who were ineligible for temporary housing. DCJ was therefore required to provide case management to these people to assist in their transition to more stable housing.
Agencies learned and applied lessons from the Northern Rivers floods to the Central West flood event, but most have not formalised these for future consideration
Agencies involved in the provision of emergency accommodation and temporary housing learned key lessons from the Northern Rivers floods that could be applied in the Central West response. These lessons included the Reconstruction Authority rapidly standing up the At-home Caravans Program to provide immediate accommodation to displaced persons, and instigating a community reference group to provide feedback on the proposed housing response plan. These lessons learned were largely undocumented, with many staff being involved across both the Northern Rivers and Central West flood response, and able to directly apply lessons learned from their experience in the earlier response. It is good practice to formalise lessons learned to ensure that future responses may have access to contemporary information to learn from both positive and negative experiences in previous situations.
DCJ and Premier’s Department (PD) have not yet documented any lessons learned from their roles in the flood events. Some lessons were documented by Resilience NSW in April 2022 as part of a process to identify emerging insights. These lessons covered a broad range of activities, including findings relevant to the provision of temporary housing.
In June 2023, the Reconstruction Authority formally documented its own lessons learned from the provision of temporary housing. This includes identifying actions to avoid repeating some of the negative experiences, such as Aboriginal communities not being consulted at the appropriate time, and not having adequate program design processes in place for the temporary housing program. In addition, NSWPW has commissioned an evaluation of its work in the construction and provision of temporary housing, which includes a formal lessons learned component.
External reviews have also been conducted and have captured interim lessons learned, including the 2022 NSW Flood Inquiry and the ‘Response to major flooding across New South Wales in 2022’ Parliamentary Inquiry.
Agencies are in the process of evaluating the provision of emergency accommodation and temporary housing
Agencies have commenced the process of evaluating their role in the provision of emergency accommodation and temporary housing. DCJ advised that an external evaluation would commence shortly and that it was in the process of engaging a consultancy firm to conduct this. NSWPW has also commenced an external review of its provision of temporary housing. DPE and PD have not commenced a review, although PD has established a new unit for strategic communications during disasters in response to the agency's involvement in crisis communications during the flood events. This unit has been developed to deliver overarching whole-of-government messaging during disaster events.
Similarly, the Reconstruction Authority advised that an evaluation was planned for the provision of temporary housing. In addition, Resilience NSW commissioned an evaluation of the use of the Minderoo Foundation pods in response to the 2019–20 bushfires. This review reported in November 2022, though it had limited consideration of the role of the Minderoo Foundation pods as a source of temporary housing in the Northern Rivers. This report made 19 recommendations to the Reconstruction Authority and the Minderoo Foundation, and found that the Minderoo pods had largely been delivered in line with the original intended objectives.
There is no State-wide process in place to capture lessons learned from all agencies involved in recovery
Each year, the SEMC conducts a State-wide lessons learned exercise, incorporating learnings from all of the emergency events in the previous year. This exercise has commenced for the 2022 emergency events, however at the time of the audit it was in draft and not yet formally endorsed by the SEMC.
The agencies involved in the State lessons learned process are agencies with emergency response responsibilities. The findings largely relate to these response activities, with very few lessons learned relating to recovery. Only a limited number of agencies are involved in this activity, and the 2022 review did not incorporate the views of a number of agencies that were involved in the recovery phase of the Northern Rivers and Central West flood events.
While it is important that lessons are learned from the response phase of an emergency, it is equally important that State-wide lessons are learned from the recovery phase to ensure that appropriate State-wide changes can be made, or positive experiences can be continued. There is currently no process in place to capture these lessons learned from the recovery phase from all agencies involved in the recovery phase.
Appendix one – Responses from entities
Appendix two – About the audit
Appendix three – Performance auditing
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #389 - released 22 February 2024
Published
State Finances 2023
Treasury
Whole of Government
Asset valuation
Compliance
Cyber security
Financial reporting
Infrastructure
Internal controls and governance
Management and administration
Regulation
What this report is about
Results of the audit of the Consolidated State Financial Statements of the New South Wales General Government Sector (GGS) and Total State Sector (TSS) for the year ended 30 June 2023.
Findings
The audit opinion on the 2022–23 Consolidated State Financial Statements was qualified in relation to two issues and included an emphasis of matter.
The first qualification matter is a continuation of the prior year limitation of scope on the audit relating to the Catholic Metropolitan Cemeteries Trust (CMCT), a controlled state entity, who continued to deny access to its management, books and records for the purposes of a financial audit. As a result, the Audit Office was unable to obtain sufficient appropriate audit evidence to support the assets, liabilities, income and expenses relating to CMCT recorded in the TSS and the equity investment recognised in the GGS relating to the net assets of CMCT.
The second qualification matter relates to the limitations on the accuracy and reliability of financial information relating to Statutory Land Managers (SLMs) and Common Trust entities (CTs) controlled by the State and were either exempted from requirements to prepare financial reports, or who were required to submit financial reports and have not done so. The Audit Office was unable to obtain sufficient appropriate audit evidence to determine the impact on the value of non-land assets and liabilities, income and expenses that should be recognised in the 2022–23 Consolidated State Financial Statements and which have not been recorded in the Consolidated State Financial Statements.
The independent audit opinion also includes an emphasis of matter drawing attention to key decisions made by the NSW Government regarding the future of the Transport Asset Holding Entity of New South Wales (TAHE).
Recommendations
The report includes recommendations for NSW Treasury to address several high-risk findings, including:
- ensuring accurate and reliable financial information is available to recognise the non-land balances of SLMs and CTs
- ensuring the CMCT, SLMs and CTs meet their statutory reporting obligations
- conducting a broader review of the financial reporting exemption framework
- continued monitoring of TAHE's control over its assets
- providing timely guidance to the sector relating to legislative or policy changes that impact financial reporting
- developing an accounting policy for the reimbursement of unsuccessful tender bid cost contributions.
Read the PDF report
Published
Internal controls and governance 2023
Whole of Government
Compliance
Cyber security
Information technology
Internal controls and governance
Management and administration
Regulation
Workforce and capability
What this report is about
This report analyses the internal controls and governance of the 25 largest agencies in the NSW public sector, excluding state owned corporations and public financial corporations, for the year ended 30 June 2023.
Findings
Internal control trends
The proportion of control deficiencies identified as high-risk this year decreased to 4.5% (8.2% in 2022).
Repeat findings of control deficiencies represent 38% of all findings (48% in 2022).
Information technology
Over half of the agencies reviewed have deficiencies in managing user access to their information systems. Over a third of agencies had deficiencies in their controls over privileged user accounts within their information technology environments.
Cyber security
Over 80% of assessments for maturity levels against the NSW Cyber Security Policy have reported one or more self-assessed Mandatory Requirements are not practiced on a consistent and regular basis.
Essential Eight cyber controls have not improved, and they need to.
Governance framework
Deficiencies were noted in agencies' governance and risk management frameworks, namely: outdated risk management policies, lack of risk appetite statements, and internal audit functions not being externally evaluated.
Payroll and work health and safety (WHS)
Overtime expenses increased by 40% between 2020 and 2023, compared to salaries and wages which increased by 16% over the same period.
Five agencies have WHS policies that do not reflect current WHS regulations.
Recommendations
Several important recommendations were made for agencies to prioritise efforts to improve cyber security controls and cyber resilience measures.
It was also recommended that agencies periodically review their risk management maturity and implement action plans, and ensure their WHS policies and procedures reflect current legislation requirements including the need to manage psychosocial risks.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies found across agencies.
For consistency and comparability, we have adjusted the 2022 results to incorporate additional audit findings that were reported after the date of the Internal controls and governance 2022 report. Therefore, the 2022 figures will not necessarily align with those reported in our 2022 report.
Section highlights
- The Audit Office identified 12 high-risk findings, compared to 23 last year, with eight repeated from last year. Eleven of the high-risk findings related to financial controls while one related to other (governance) controls.
- The proportion of repeat deficiencies has decreased from 48% in 2021–22 to 38% in 2022–23.
This chapter outlines our audit observations, conclusions and recommendations arising from our review of agency controls to manage key financial systems.
Section highlights
- Over half of the agencies reviewed have deficiencies in managing user access.
- Thirty-six per cent of agencies had deficiencies in their controls over privileged accounts.
- Weaknesses were identified in how agencies manage service providers or other organisations which have access to their systems and data.
- Inadequate records were kept to demonstrate approvals for key system implementation milestones, including successful data migration testing and approval for go-live.
- Thirty-two per cent of agencies had not implemented segregations of duties over key payroll functions.
This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' cyber security.
Section highlights
- Eighty-three per cent of maturity assessments have reported one or more Mandatory Requirements below level three, which is the level at which the requirement is self-assessed and considered to be practiced on a consistent and regular basis.
- Essential Eight maturity levels have remained unchanged or have declined, and may not be suitable for the level of risk agencies face.
- All 25 agencies reviewed have a cyber incident response plan and all but two newly created agencies tested their plan.
- Systems to detect cyber incidents across agencies could improve.
- There is a risk of under reporting cyber incidents at six agencies that kept insufficient records to support their cyber incident classifications.
- Overall, agencies need to increase their focus and prioritise efforts to ensure effective cyber security and resilience measures are in place.
Governance in the context of the NSW public service refers to the structures, processes, and mechanisms by which government departments and agencies are held to account when they make decisions and implement policies and programs in the service of the public interest. It also includes the principles and practices that guide how these agencies work together.
This chapter outlines our audit observations, conclusions and recommendations from our review of agencies' governance frameworks and practices, with consideration of NSW Treasury issued policies and best practices. It focuses on two key areas: governance arrangements and risk management.
Section highlights
- Whilst agencies have generally adopted governance and risk management frameworks that align with Treasury issued policies and best practices, we noted deficiencies, including:
- 20% of governing boards operated without a board charter
- 16% of agencies had risk management policies that were beyond their scheduled review date
- 16% of agencies did not have a risk appetite statement
- 28% of agency internal audit functions have not been externally evaluated in the last five years.
- Agencies should perform periodic assessments/reviews of their risk maturity and implement action plans where required.
This chapter outlines our audit observations, conclusions and recommendations arising from our review of agencies' payroll controls and management of work health and safety (WHS).
Section highlights
- Agencies should improve their controls around payroll masterfile maintenance, such as enforcing segregation of duties in system access levels and ensuring changes to data are reviewed by an independent officer.
- On average, overtime expenses represented three per cent of total salaries and wages in 2023 and have increased by 40.2% since 2020, compared to salaries and wages which increased by 16.3% over the same period.
- Five agencies have outdated WHS policies, which do not reflect changes to WHS regulations. Sixteen per cent of agencies have not included psychosocial hazards in their WHS procedures or risk assessment process.
Published
Health 2023
Health
Whole of Government
Asset valuation
Compliance
Financial reporting
Information technology
Internal controls and governance
Project management
Regulation
Risk
Shared services and collaboration
Workforce and capability
What this report is about
Results of the Health portfolio of agencies' financial statement audits for the year ended 30 June 2023.
The audit found
Unmodified audit opinions were issued for all Health portfolio agencies' financial statements.
The number of monetary misstatements increased in 2022–23, driven by key accounting issues, including the first-time recognition of paid parental leave and plant and equipment fair value adjustments.
The key audit issues were
NSW Health identified errors regarding the recognition and calculation of long service leave entitlements for employees with ten or more years of service that had periods of part time service in the first ten years, resulting in prior period restatements.
Comprehensive revaluation of buildings at the Graythwaite Charitable Trust found errors in the previous year's valuation, resulting in prior period restatements.
New parental leave legislation increased employee liabilities for portfolio agencies. The Ministry of Health corrected the consolidated financial statements to record parental leave liabilities for all agencies within the Health portfolio.
A repeat high-risk issue relates to processing time records by administrators that have not been reviewed prior to running the pay cycle.
Thirty per cent of reported issues were repeat issues.
The audit recommended
Portfolio agencies should ensure any changes to employee entitlements are assessed for their potential financial statements impact under the relevant Australian Accounting Standards.
Portfolio agencies should address deficiencies that resulted in qualified reports on:
- the design and operation of shared service controls
- prudential non-compliance at residential aged care facilities.
This report provides Parliament and other users of the Health portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Health portfolio of agencies (the portfolio) for 2023.
Section highlights
- Unqualified audit opinions were issued for all portfolio agencies required to prepare general purpose financial statements.
- The total number of errors (including corrected and uncorrected) in the financial statements increased compared to the prior year.
- The Ministry of Health retrospectively corrected an $18.9 million adjustment in its financial statements relating to long service leave entitlements for certain employees.
- Graythwaite Charitable Trust retrospectively corrected a $4.2 million adjustment in its financial statements related to prior period valuations.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines observations and insights from our financial statement audits of agencies in the Health portfolio.
Section highlights
- The 2022–23 audits identified one high-risk and 57 moderate risk issues across the portfolio.
- The high-risk matter related to the forced-finalisation of time records.
- The total number of findings increased from 67 to 111 in 2022–23.
- Thirty per cent of the issues were repeat issues. Most repeat issues related to internal control deficiencies or non-compliance with key legislation and/or central agency policies.
- Forced-finalisation of time records, accounting for the new paid parental leave provision and user access review deficiencies were the most commonly reported issues.
- Qualified Assurance Practitioner's reports were issued on:
- the design and operation of controls as documented by HealthShare NSW
- the Ministry's Annual Prudential Compliance Statements in relation to residential aged care facilities.
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Published
Transport 2023
Transport
Whole of Government
Asset valuation
Compliance
Financial reporting
Information technology
Infrastructure
Internal controls and governance
Management and administration
Procurement
Risk
What this report is about
Result of the Transport portfolio of agencies' financial statement audits for the year ended 30 June 2023.
The audit found
Unqualified audit opinions were issued for all Transport portfolio agencies.
An 'emphasis of matter' paragraph was included in the Transport Asset Holding Entity of New South Wales' (TAHE) independent auditor's report, which draws attention to management's disclosure regarding proposed changes to TAHE's operating model.
Government's decision to convert TAHE into a non-commercial Public Non-Financial Corporation may impact the future valuation and the control of TAHE's assets.
Transport for NSW's valuation of roads and bridges resulted in a net increase to its asset value by $15.7 billion.
Transport for NSW and Sydney Metro have capitalised over $300 million of tender bid costs paid to unsuccessful tender bidders relating to significant infrastructure projects. Whilst NSW Treasury policy provides clarity on the reimbursement of unsuccessful bidders' costs, clearer guidance on how to account for these costs in agency's financial statements is required.
The key audit issues were
The number of issues reported to management decreased from 53 in 2021–22 to 49 in 2022–23.
High-risk findings include:
- gaps in how Sydney Metro manages its contractors and how conflicts of interest are recorded and managed
- future financial reporting implications to account for government's proposed changes to TAHE's future operating model, including asset valuations and control assessments of assets and operations
- Parramatta Park Trust's tree assets' valuation methodology needs to be addressed.
Recommendations were made to address the identified deficiencies.
This report provides Parliament and other users of the Transport portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Transport portfolio of agencies (the portfolio) for 2023.
Section highlights
- Unqualified audit opinions were issued on all the portfolio agencies’ 30 June 2023 financial statements.
- An 'Emphasis of Matter' paragraph was included in the Transport Asset Holding Entity of New South Wales’ (TAHE) Independent Auditor's Report to draw attention to management's disclosure regarding the proposed changes to TAHE's future operating model.
- The total number of errors (including corrected and uncorrected) in the financial statements increased by 59% compared to the prior year.
- The recent government's decision to convert TAHE into a non-commercial Public Non-Financial Corporation may impact the future valuation and the control of TAHE’s assets.
- Transport for NSW needs to further improve its quality assurance processes over comprehensive valuations, in particular, ensuring key inputs used in the valuations are properly supported and verified.
- Transport for NSW and Sydney Metro capitalised over $300 million of bid costs paid to unsuccessful bidders. NSW Treasury’s Bid Cost Contributions Policy does not contemplate how these costs should be recognised in agency’s financial statements. Transport agencies should work with NSW Treasury to develop an accounting policy for the bid cost contributions to ensure consistent application across the sector.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Transport portfolio.
Section highlights
- The 2022–23 audits identified four high risks and 28 moderate risk issues across the portfolio. Thirty-nine per cent of issues were repeat findings.
- Four high risk findings include:
- TAHE’s asset valuations (new)
- TAHE’s control of assets and operations (new)
- Sydney Metro’s management of contractors and conflicts of interest (new)
- Parramatta Park Trust’s valuation of trees (repeat).
- The total number of findings decreased from 53 in 2021–22 to 49 in 2022–23. Many repeat findings related to control weaknesses over the asset valuation, payroll processes, conflicts of interest and information technology user access administration.
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Published
Planning and Environment 2023
Planning
Environment
Industry
Asset valuation
Compliance
Financial reporting
Information technology
Infrastructure
Internal controls and governance
Management and administration
Risk
Shared services and collaboration
What this report is about
Results of the Planning and Environment portfolio financial statement audits for the year ended 30 June 2023.
The audit found
Unqualified audit opinions were issued for all completed Planning and Environment portfolio agencies. Seven audits are ongoing.
The Catholic Metropolitan Cemeteries Trust (CMCT) did not comply with its obligations under the Government Sector Finance Act 2018 (GSF Act) to prepare and submit financial statements for audit.
The Department of Planning and Environment (the department) has not yet provided their assessment of the financial reporting requirements for the 579 Category 2 Statutory Land Managers (SLMs) for 2022–23.
One-hundred-and-nineteen Commons Trusts are non-compliant with the GSF Act as they have not submitted their financial statements for audit.
We issued unqualified opinions on the Water Administration Ministerial Corporation's 2020–21, 2021–22 and 2022–23 financial statements.
The number of monetary misstatements identified in our audits decreased from 59 in 2021–22 to 51 in 2022–23, however the gross value of misstatements increased.
The key audit issues were
The former Resilience NSW and NSW Reconstruction Authority (the Authority) re-assessed the accounting implications arising from contractual agreements relating to temporary housing assets associated with the Northern Rivers Temporary Homes Program. This resulted in adjustments to recognise the associated assets and liabilities.
We continue to identify significant deficiencies in NSW Crown land information records.
The department has not been effective in addressing the differing practices for the financial reporting of rural firefighting equipment vested to councils under section 119 (2) of the Rural Fires Act 1997.
The number of findings across the portfolio reported to management increased from 132 in 2021–22 to 140 in 2022–23. Thirty per cent of issues were repeated from the prior year.
Seven high-risk issues were identified. These related to the findings outlined above, deficiencies in quality reviews of asset valuations, internal control processes and IT general controls.
The audit recommended
Recommendations were made to the department and portfolio agencies to address these deficiencies.
This report provides Parliament and other users of the Planning and Environment portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
-
financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment portfolio of agencies (the portfolio) for 2023.
Section highlights
-
Unqualified audit opinions were issued on all completed 30 June 2023 financial statements audits of portfolio agencies. Seven audits are ongoing.
-
We have been unable to commence audits of the Catholic Metropolitan Cemeteries Trust (CMCT). NSW Treasury's position remains that the Catholic CMCT is a controlled entity of the State for financial reporting purposes. This means CMCT is a Government Sector Finance (GSF) agency and is obliged under Section 7.6 of the Government Sector Finance Act 2018 (GSF Act) to prepare financial statements and submit them to the Auditor-General for audit. To date, CMCT has not met its statutory obligations under the GSF Act.
-
The Department of Planning and Environment has not yet provided their assessment against the reporting exemption requirements in the Government Sector Finance Regulation 2018 (GSF Regulation) for the estimated 579 Category 2 Statutory Land Managers (SLMs) or 119 Commons Trusts for 2022–23 and no Category 2 SLM or Commons Trust has submitted its 2022–23
financial statements for audit. Consequently, the lack of compliance with reporting requirements by these 698 agencies presents a challenge to obtaining reliable financial data for these agencies for the purposes of consolidation to the Total State Sector Accounts.
-
The audits of the Water Administration Ministerial Corporation's (WAMC) financial statements for the years ended 30 June 2021 and 30 June 2022 were completed in June 2023 and unqualified audit opinions issued. The 30 June 2023 audit was completed and an unqualified audit opinion was issued on 12 October 2023.
-
The number of reported corrected misstatements decreased from 46 in 2021–22 to 36, however the gross value of misstatements increased from $73 million in 2021–22 to $491.8 million in 2022–23.
-
Portfolio agencies met the statutory deadline for submitting their 2022–23 early close financial statements and other mandatory procedures.
-
A change to the NSW paid parental leave scheme, effective October 2023, created a new legal obligation that needed to be recognised by impacted government agencies. Impact to the agencies' financial statements were not material.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the portfolio.
Section highlights
-
The number of findings across the portfolio reported to management increased from 132 in 2021–22 to 140 in 2022–23 and 30% were repeat issues (34% in 2021–22).
-
The 2022–23 audits identified seven high-risk and 76 moderate risk issues across the portfolio. Four of the high-risk issues were repeat issues, one was a repeat issue with the risk rating reassessed to high-risk in the current year and two were new findings in 2022–23.
-
The former Resilience NSW and NSW Reconstruction Authority had previously assessed that they did not control the temporary housing assets associated with the administration of the Northern Rivers Temporary Homes Program, under relevant accounting standards. A re-assessment of the agreements was made subsequent to the submission of the Authority’s 2022–23 financial statements for audit, which determined that the Authority was the appropriate NSW Government agency to recognise these assets and associated liabilities not previously recognised by the Authority or the former Resilience NSW.
-
There continues to be significant deficiencies in Crown land records. The department should continue to implement their data strategy and action plan to ensure the Crown land database is complete and accurate.
-
Since 2017, the Audit Office has recommended that the department, through OLG should address the differing practices for the financial reporting of rural firefighting equipment vested to councils under section 119 (2) of the Rural Fires Act 1997. The department has not been effective in resolving this issue. In 2023, twenty-six of 108 completed audits of councils received qualified audit opinions on their 2023 financial statements (43 of 146 completed audits in 2022). Six councils had their qualifications for not recognising vested rural firefighting equipment removed in 2022–23.
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Published
Regional NSW 2023
Industry
Environment
Planning
Whole of Government
Asset valuation
Compliance
Cyber security
Financial reporting
Fraud
Information technology
Infrastructure
Procurement
Regulation
Risk
Service delivery
Shared services and collaboration
What this report is about
Results of the Regional NSW financial statements audits for the year ended 30 June 2023.
What we found
Unqualified audit opinions were issued on all completed audits in the Regional NSW portfolio agencies.
The number of monetary misstatements identified in our audits increased from 28 in 2021–22 to 30 in 2022–23.
What the key issues were
Effective 1 July 2023, staff employed in the Northern Rivers Reconstruction Corporation Division of the Department of Regional NSW transferred to the NSW Reconstruction Authority Staff Agency.
The Regional NSW portfolio agencies were migrated into a new government wide enterprise resourcing planning system.
The total number of audit management letter findings across the portfolio of agencies decreased from 36 to 23.
A high risk matter was raised for the NSW Food Authority to improve the internal controls in the information technology environment including monitoring and managing privilege user access.
What we recommended
Local Land Services should prioritise completing all mandatory early close procedures.
Portfolio agencies should:
- ensure any changes to employee entitlements are assessed for their potential financial statements impact under the relevant Australian Accounting Standards
- prioritise and address internal control deficiencies identified in audit management letters.
This report provides Parliament and other users of the Regional NSW portfolio of agencies financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Regional NSW portfolio of agencies (the portfolio) for 2023.
Section highlights
- Unqualified audit opinions were issued on all completed 30 June 2023 financial statements audits of the portfolio agencies. Two audits are ongoing.
- The total number of errors (including corrected and uncorrected) in the financial statements increased compared to the prior year.
- Portfolio agencies met the statutory deadline for submitting their 2022–23 early close financial statements and other mandatory procedures.
- Portfolio agencies continue to provide financial assistance to communities affected by natural disasters.
- A change to the NSW paid parental leave scheme, effective October 2023, created a new legal obligation that needed to be recognised by impacted government agencies. Impact to the agencies' financial statements were not material.
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.
This chapter outlines our observations and insights from our financial statement audits of agencies in the Regional NSW portfolio.
Section highlights
- The 2022–23 audits identified one high risk and nine moderate risk issues across the portfolio. Of these, one was a moderate risk repeat issue.
- The total number of findings decreased from 36 to 23 which mainly related to deficiencies in internal controls.
- The high risk matter relates to the monitoring and managing of privilege user access at NSW Food Authority.
Appendix one – Misstatements in financial statements submitted for audit
Appendix two – Early close procedures
Appendix three – Timeliness of financial reporting
Appendix four – Financial data
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
