Reports
Actions for Internal Controls and Governance 2019
Internal Controls and Governance 2019
This report covers the findings and recommendations from the 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector. The 40 agencies selected for this report constitute around 84 per cent of total expenditure for all NSW public sector agencies.
The report provides insights into the effectiveness of controls and governance processes across the NSW public sector. It evaluates how agencies identify, mitigate and manage risks related to:
- financial controls
- information technology controls
- gifts and benefits
- internal audit
- contingent labour
- sensitive data.
The Auditor-General recommended that agencies do more to prioritise and address vulnerabilities in their internal controls and governance. The Auditor-General also recommended agencies increase the transparency of their management of gifts and benefits by publishing their registers on their websites.
This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2019.
1. Internal control trends
New, repeat and high risk findings |
There was an increase in internal control deficiencies of 12 per cent compared to last year. The increase is predominately due to a 100 per cent increase in repeat financial and IT control deficiencies. Some agencies attributed the delay in actioning repeat findings to the diversion of staff from their regular activities to implement and operationalise the recent Machinery of Government changes. As a result, actions to address audit recommendations have been deferred or re prioritised, as the changes are implemented. Agencies need to ensure they are actively managing the risks associated with having these vulnerabilities in internal control systems unaddressed for extended periods of time. |
Common findings |
A number of findings were common to multiple agencies. These findings often related to areas that are fundamental to good internal control environments and effective organisational governance, such as:
|
2. Information technology controls
IT general controls |
We examined information security controls over key financial systems that support the preparation of agency financial statements. We found:
We also found 20 per cent of agencies had deficient IT program change controls, mainly related to segregation of duties in approval and authorisation processes, and user acceptance testing of program changes prior to deployment into production environments. User acceptance testing helps identify potential issues with software incompatibility, operational workflows, absent controls and software issues, as well as areas where training or user support may be required. |
3. Gifts and benefits
Gifts and benefits registers |
All agencies had a gifts and benefits policy and 90 per cent of agencies maintain a gifts and benefits register. However, 51 per cent of the gifts and benefits registers we examined contained incomplete declarations, such as missing details for the approving officer, value of the gift and/or benefit offered and reasons supporting the decision. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate, compliant with policy and were not direct or indirect inducements to the recipients to favour suppliers or service providers. Agencies should ensure their gifts and benefits register includes all key fields specified in the Public Service Commission's minimum standards for gifts and benefits. Agencies should also perform regular reviews of the register to ensure completeness and ensure any gift or benefit accepted by a staff member meets the public's expectations for ethical behaviour. |
Managing gifts and benefits |
We found opportunities to improve gifts and benefits processes and enhance transparency. For example, only three per cent of agencies publish their gifts and benefits registers on their websites. Agencies can improve management of gifts and benefits by:
|
Reporting and monitoring |
Only 35 per cent of agencies reported trends in the number and nature of gifts and benefits recorded in their registers to the agency's senior executive management and/or a governance committee. Agencies should regularly report to the agency executive or other governance committee on trends in the offer and acceptance of gifts and benefits. |
4. Internal audit
Obtaining value from the internal audit function |
Agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value. For example, only 73 per cent of CAEs regularly attend meetings of the agency board or executive management committee. Internal audit functions can add greater value by involving the CAE more extensively in executive forums as an observer. Internal audit functions should also consider producing an annual report on internal audit. An annual report allows the internal audit function to report on their performance and add value by drawing to the attention of audit and risk committees and senior management strategic issues, thematic trends and emerging risks. |
Role of the Chief Audit Executive |
Forty-five per cent of agencies assigned responsibilities to the Chief Audit Executive (CAE) that were broader than internal audit, but 17 per cent of these had not documented safeguards to protect the independence of the CAE. The reporting lines and status of the CAE at some agencies also needs review. At two agencies, the CAE reported to the CFO. Agencies should ensure:
|
Quality assurance and improvement program |
Thirty-five per cent of agencies did not have a documented quality assurance and improvement program for its internal audit function. The policy and the International Standards for the Professional Practice of Internal Auditing require agencies to have a documented quality assurance and improvement program. The results of this program should be reported annually. Agencies should ensure there is a documented and operational Quality Assurance and Improvement Program for the internal audit function that covers both internal and external assessments. |
5. Managing contingent labour
Obtaining value for money from contingent labour |
According to NSW Procurement data, spend on contingent labour has increased by 75 per cent over the last five years, to $1.5 billion in 2018–19. Improvements in internal processes and a renewed focus on agency monitoring and oversight of contingent labour can help ensure agencies get the best value for money from their contingent workforces. Agencies can improve their management of contingent labour by:
We also found 57 per cent of the 23 agencies we examined with contingent labour spend of more than $5 million in 2018–19 have implemented the government's vendor management system and service provider 'Contractor Central'. |
6. Managing sensitive data
Identifying and assessing sensitive data |
Sixty-eight per cent of agencies maintain an inventory of their sensitive data and where it resides. However, these inventories are not always complete and risks may be overlooked. Agencies can improve processes to manage sensitive data by:
|
Managing data breaches |
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents. Agencies should maintain a data breach register to effectively manage the actions undertaken to contain, evaluate and remediate each data breach. |
This report covers the findings and recommendations from our 2018–19 financial audits that relate to internal controls and governance at 40 of the largest agencies (refer to Appendix three) in the NSW public sector. The 40 agencies selected for this volume constitute around 84 per cent of total expenditure for all NSW public sector agencies.
Although the report includes several agencies that have changed as a result of the Machinery of Government changes that were effective from 1 July 2019, its focus on sector wide issues and insights means that its findings remain relevant to NSW public sector agencies, including newly formed agencies that have assumed the functions of abolished agencies.
This report offers insights into internal controls and governance in the NSW public sector
This is the third report dedicated to internal controls and governance at NSW State Government agencies. The report provides insights into the effectiveness of controls and governance processes in the NSW public sector by:
- highlighting the potential risks posed by weaknesses in controls and governance processes
- helping agencies benchmark the adequacy of their processes against their peers
- focusing on new and emerging risks, and the internal controls and governance processes that might address those risks.
Without strong governance systems and internal controls, agencies increase the risks associated with effectively managing their finances and delivering services to citizens. For example, if they do not have strong information technology controls, sensitive information may be at risk of unauthorised access and misuse.
Areas of specific focus of the report have changed since last year
Last year's report topics included transparency and performance reporting, management of purchasing cards and taxi use, and fraud and corruption control. We are reporting on new topics this year and re-visiting agency management of gifts and benefits, which we first covered in our 2017 report. Re-visiting topics from prior years provides a baseline to show the NSW public sectors’ progress implementing appropriate internal controls and governance processes to mitigate existing, new and emerging risks in the public sector.
Our audits do not review all aspects of internal controls and governance every year. We select a range of measures and report on those that present heightened risks for agencies to mitigate. This year the report focusses on:
- internal control trends
- information technology controls, including access to agency systems
- protecting sensitive information held within agencies
- managing large and diverse workforces (controls around employing and managing contingent workers)
- maintaining an ethical culture (management of gifts and benefits)
- effectiveness of internal audit function and its oversight by Audit and Risk Committees.
The findings in this report should not be used to draw conclusions on the effectiveness of individual agency control environments and governance arrangements. Specific financial reporting, internal controls and audit observations are included in the individual 2019 cluster financial audit reports, which will be tabled in parliament from November to December 2019.
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.
Key conclusions and sector wide learnings
- out of date policies or an absence of policies to guide appropriate decisions
- poor record keeping and document retention
- incomplete or inaccurate centralised registers or gaps in these registers.
Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage gifts and benefits.
Key conclusions and sector wide learnings
We found most agencies have implemented the Public Service Commission's minimum standards for gifts and benefits. All agencies had a gifts and benefits policy and 90 per cent of agencies maintained a gifts and benefits register and provided some form of training to employees on the treatment of gifts and benefits.
Based on our analysis of agency registers, we found some areas where opportunities existed to make processes more effective. In some cases, gaps in recorded information meant the basis for decisions around gifts and benefits was not always clear, making it difficult to determine whether decisions in those instances were appropriate and compliant with policy. Fifty-one per cent of the gifts and benefits registers reviewed contained declarations where not all fields of information had been completed. Seventy-seven per cent of agencies that maintained a gifts and benefits register did not include all key fields suggested by the minimum standards.
Areas where agencies can improve their management of gifts and benefits include:
- ensuring agency policies comprehensively cover the elements necessary to make it effective in an operational environment, such as identifying risks specific to the agency and actions that will be taken in the event of a policy breach
- establishing and publishing a statement of business ethics on the agency's website to clearly communicate expected behaviours to clients, customers,suppliers and contractors
- updating gifts and benefits registers to include all key fields suggested by the minimum standards, as well as performing regular reviews of the register to ensure completeness
- providing on-going training, awareness activities and support to employees, not just at induction
- regularly reporting gifts and benefits to executive management and/or a governance committee such as the audit and risk committee, focussing on trends in the number and types of gifts and benefits offered to and accepted by agency staff
- publishing their gifts and benefits registers on their websites to demonstrate a commitment to a transparently ethical environment.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency internal audit functions.
Key conclusions and sector wide learnings
We found agencies have established and maintained internal audit functions to provide assurance on the effectiveness of agency controls and governance systems as required by TPP15-03 'Internal Audit and Risk Management Policy for the NSW Public Sector'. However, we identified areas where agencies' internal audit functions could improve their processes to add greater value, including:
- documenting and implementing safeguards to address conflicting roles performed by the Chief Audit Executive (CAE)
- ensuring the reporting lines for the CAE comply with the NSW Treasury policy, and the CAE reports neither functionally or administratively to the finance function or other significant recipients of internal audit services
- involving the CAE more extensively in executive forums as an observer
- documenting a Quality Assurance and Improvement Program for the internal audit function and performing both internal and external performance assessments to identify opportunities for continuous improvement
- reporting against key performance indicators or a balanced scorecard and producing an annual report on internal audit to bring to the attention of the audit and risk committee and senior management strategic issues, thematic trends and emerging risks that may require further attention or resources.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to on-board, manage and off-board contingent labour.
Key conclusions and sector wide learnings
Agencies have implemented controls to manage contingent labour and most agencies have some level of reporting and oversight of contingent labour at an executive level. However, the increasing trend in spend on contingent labour warrants a renewed focus on agency monitoring and oversight of their use of contingent labour. Over the last five years spend on contingent labour has increased by 75 per cent, to $1.5 billion in 2018–19.
There are also some key gaps that limit the ability of agencies to effectively manage contingent labour. Key areas where agencies can improve their management of contingent labour include:
- preparing workforce plans to inform their resourcing strategy, and confirm prior to engaging contingent labour, that this solution aligns with the strategy and best meets business needs
- involving agency human resources units in decisions about engaging contingent labour
- regularly reporting on contingent labour use to agency executive teams, particularly in terms of trends in agency spend, tenure and compliance with policies and procedures
- strengthening on-boarding and off-boarding processes, including establishing checklists to on-board and off-board contingent labour, making provisions for knowledge transfer, and assessing, documenting and capturing performance information.
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of governance and processes in relation to the management of sensitive data.
Key conclusions and sector wide learnings
Information technology risks are rapidly increasing. More interfaces between agencies and greater connectivity means the amounts of data agencies generate, access, store and share continue to increase. Some of this information is sensitive information, which is protected by the Privacy Act 1988.
It is important that agencies understand what sensitive data they hold, the risks associated with the inadvertent release of this information and how they are mitigating those risks. We found that agencies need to continue to identify and record their sensitive data, as well as expand the methods they use to identify sensitive data. This includes data held in unstructured repositories, such as network shared drives and by agency service providers.
Eighty-eight per cent of agencies have established policies to respond to potential data breaches when they are identified and 70 per cent of agencies maintain a register to record key information in relation to identified data breach incidents.
Key areas where agencies can improve their management of sensitive data include:
- identifying sensitive data, based on a comprehensive and structured process and maintaining an inventory of the data
- assessing the criticality and sensitivity of the data so that the protection of high risk data can be prioritised
- developing comprehensive data breach management policies to ensure data breaches are appropriately managed
- maintaining a data breach incident register to record key information in relation to identified data breaches incidents, including the estimated cost of the breach
- providing on-going training and awareness activities to employees in relation to sensitive data and managing data breaches.
Appendix one – List of 2019 recommendations
Appendix two – Status of 2018 recommendations
Appendix three – In-scope agencies
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Actions for Workforce reform in three amalgamated councils
Workforce reform in three amalgamated councils
The Inner West Council and the Snowy Monaro and Queanbeyan-Palerang Regional Councils have all made progress towards efficient organisational structures following the amalgamation of their former council areas in 2016, according to a report released today by the Auditor-General of New South Wales.
All three councils are now operating with a single workforce and have largely achieved the milestones they planned for the first stage of their amalgamations. None have finished reviewing and aligning services across their former council areas nor integrated their ICT systems. They need to do this to be in a position to implement an optimal structure.
On 12 May 2016, the NSW Government announced the amalgamation of 42 councils into 19 new councils. This followed a period of 18 months during which the NSW Independent Pricing and Regulatory Tribunal (IPART) had assessed councils' ‘fitness for the future’, and communities were consulted about proposed mergers. A further amalgamated council was created on 9 September 2016.
Upon amalgamation, existing elected councils were abolished, interim General Managers appointed, and Administrators engaged to undertake the role of the previously elected councils until Local Government elections were held 18 months later. During the period of administration, councils were asked to report on the progress of their amalgamations to the Department of Premier and Cabinet (DPC).
Council amalgamations not only require a re-drawing of boundaries, but re-establishment of local representation, decisions about alignment of services across the former council areas, and establishment of an amalgamated workforce.
The objective of this audit was to assess whether three councils, Inner West Council, Queanbeyan-Palerang Regional Council and Snowy Monaro Regional Council, are effectively reforming their organisation structures to realise efficiency benefits from amalgamation and managing the impact on staff.
Following amalgamation, all three councils developed detailed plans to bring their former workforces together, review positions and salaries, amalgamate salary structures and align human resources policies. All three councils have largely achieved the milestones included in these plans.
Benefits realisation plans show that councils did not expect to achieve material savings or efficiencies from workforce reform within the first three years of amalgamation.
Administrators at all three councils endorsed lower savings targets than the NSW Government’s early analysis suggested may be possible. All three councils have plans or strategies to progress and achieve benefits from the amalgamation. However, Inner West Council and Snowy Monaro Regional Council could more clearly link their reform initiatives with expected benefits and include this in public reporting.
Amalgamations represent a substantial period of change for affected communities and amalgamated councils should be routinely reporting to their communities about the costs and benefits of amalgamation.
Councils have not yet determined their future service offerings and service levels nor completed integration of ICT systems. These decisions need to be made before an optimal organisation structure can be implemented.
Before amalgamated councils can implement an optimal organisation structure, they need to review and confirm their customer service offerings and service levels in consultation with their communities. This work is underway but is not yet complete in any of the councils.
Progress towards an efficient structure has been slowed by staff protections in the Local Government Act 1993 (the Act) and a range of logistical and administrative issues associated with amalgamation. These include multiple IT systems and databases that need to be integrated and different working conditions, policies and practices in the former councils that are not yet fully
harmonised.
The councils implemented legislated staff protections and focused on the people side of change but cannot reliably measure the impact of their change management efforts.
The Act provides protections that reduce the impact of amalgamations on staff. Beyond implementing these protections, the councils have communicated with staff, sought to prepare them for change, and involved staff in key decisions. All councils have conducted staff surveys over time. However, at this stage these staff surveys have not provided an effective or reliable measure of the impact of change management efforts.
Appendix one - Response from councils and Office of Local Government
Appendix two - Compliance with staff protections in the Local Government Act 1993
Appendix three - About the audit
Appendix four - Performance auditing
Parliamentary Reference: Report number #317 - released 1 May 2019
Actions for Planning and Environment 2017
Planning and Environment 2017
The following report highlights results of financial audits of agencies in the Planning and Environment cluster. The report focuses on key observations and findings from the most recent audits of these agencies.
The audits were completed for most agencies in the cluster and unqualified audit opinions issued. Issues identified during the financial statement audits of seven small agencies delayed their finalisation beyond the statutory deadline, and six of these remain incomplete. Apart from these small agencies, the quality of financial reporting across the cluster remained at a high standard.
This report provides Parliament and others with the audit results, observations and recommendations for Planning and Environment cluster agencies. The report has been structured into two chapters focussing on financial reporting and controls and service delivery.
The Planning and Environment cluster plays a role in ensuring each community across New South Wales receives the services and infrastructure it needs.
This chapter outlines our audit observations and recommendations related to financial reporting and controls of Planning and Environment cluster agencies for 2016–17.
Observation | Conclusion or recommendation |
2.1 Quality of financial reporting |
|
Unqualified audit opinions were issued for 39 of the 45 cluster agencies' financial statements. |
Issues identified during the financial statement audits of seven smaller agencies delayed their completion. Six audits remain incomplete at the date of this report. Apart from these seven small agency audits, the quality of financial reporting across the cluster remained at a high standard. |
2.2 Timeliness of financial reporting |
|
Seven agencies' financial statement audits were not completed by the statutory deadline with six audits incomplete at the date of this report. |
Issues identified during the financial statement audits of seven smaller agencies delayed their finalisation beyond the statutory deadline. These agencies would benefit from performing additional early close procedures in future reporting periods. |
2.3 Financial and sustainability analysis |
|
Water and Electricity utility agencies continue to operate with low liquidity ratios. |
A liquidity ratio below one is an indicator that an entity may not be able to pay its debts as and when they fall due. Whilst liquidity ratios were below one, utility agencies demonstrated they can continue to support ongoing operations due to:
|
2.5 Internal controls |
|
One in six internal control weaknesses reported in 2016–17 were repeat issues. |
Delays in implementing audit recommendations can prolong the risk of fraud and error. Recommendation (repeat issue): anagement letter recommendations to address internal control weaknesses should be actioned promptly, with a focus on addressing repeat issues. |
Nine of these internal control weaknesses related to the creation, modification, deletion and review of user access to financial systems. |
These control weaknesses may compromise the integrity and security of financial data. Recommendation (repeat issue): Management of user administration over financial systems should be strengthened to prevent inappropriate access to financial information. |
This chapter outlines our audit observations, conclusions and recommendations relating to service delivery for 2016–17.
Observation | Conclusion or recommendation |
3.1 Premier's and State priorities |
|
The Planning and Environment cluster is responsible for delivering five Premier's and State priorities. |
One priority target was achieved in 2016–17, two targets are on track to be achieved and progress towards one target slowed. Progress against one target cannot be determined. |
3.2 Planning |
|
Housing Completion |
|
There were 63,506 housing completions in 2016–17. This was 4.1 per cent above the Premier’s priority target of delivering 61,000 housing completions per year. |
The Australian Bureau of Statistics data shows the housing completions target was achieved in 2016–17. |
Housing supply |
|
The number of approvals for new houses in 2016–17 was 72,472 against the State priority target of more than 50,000 approvals per year. |
The Australian Bureau of Statistics data indicates the housing approvals target was achieved in 2016–17. |
Major project assessment |
|
State significant developments are not clearly defined for the purposes of reporting against the State priority target. | The Department of Planning and Environment will clarify with the Department of Premier and Cabinet which developments are captured by the State priority target. |
The Department of Planning and Environment’s data shows the time taken to assess complex State significant developments increased by 16 per cent in 2016–17 while the time taken to assess less complex developments reduced by 20 per cent. | The Department of Planning and Environment considers it is on track to meet the State priority target of halving the time taken to assess State significant developments, despite uncertainty over the target measure. |
Housing acceleration fund |
|
Program business cases were not developed for projects in Housing Acceleration Fund Rounds 1 to 4. The Department advised a program business case will be developed for Housing Acceleration Fund Round 5 projects. |
A program business case is necessary to ensure related projects are evaluated, managed and coordinated effectively. |
A benefit realisation review process has not yet been approved for Housing Acceleration Fund projects. The Department of Planning and Environment advised it is developing a benefit realisation review process. |
A benefit realisation review process is necessary to determine whether funded projects achieved intended outcomes. |
Greater Sydney Commission |
|
The Greater Sydney Commission forecasts a further 725,000 dwellings in the greater Sydney region will be required up to 2036 to meet housing demand. | In response to population growth, the Commission has set a five-year housing supply target of 189,100 houses across the five Greater Sydney Commission districts. |
ePlanning system |
|
The Department of Planning and Environment did not perform a benefit realisation review for phase one of the ePlanning project. It has committed to performing a benefit realisation review after completion of phase two in 2018. | It cannot be determined if phase one of the project delivered expected outcomes as a benefit realisation review was not performed. |
3.3. Environment and Heritage |
|
Litter volume in New South Wales was 6.6 litres per 1,000 square metres in 2016–17, an increase of 16 per cent from the prior year. This is above the Premier's priority litter volume target of 4.2 litres per 1,000 square metres by 2020. | The Environment Protection Authority's data indicates the progress towards the target of reducing the volume of litter by 40 per cent by 2020 has slowed. |
The NSW Government plans to invest $240 million to facilitate strategic biodiversity conservation on private land. | Performance measures have not yet been developed for the private land conservation program. |
3.4 Water |
|
IPART reduced water usage charges for most Sydney Water Corporation customers in 2016–17. | Water usage prices in New South Wales compare favourably to larger water utilities in other jurisdictions. |
Hunter Water Corporation's water recycling and water conservation performance has been stable over recent years. The volume of Sydney Water Corporation’s recycled water reduced by 12 per cent in 2016–17 compared to the previous year. |
Sydney Water Corporation experienced reduced industry demand for recycled water. Several large industrial customers relocated away from Sydney. |
3.5 Arts and culture |
|
A State priority target is to increase overall attendance at cultural venues and events in New South Wales by 15 per cent from 2014–15 levels by 2019. | The Department of Planning and Environment's data indicates overall attendance increased by 16 per cent in 2015–16, although attendance fluctuated across individual venues and events. This indicates progress towards achieving the overall target by 2019. |
Actions for Mining Rehabilitation Security Deposits
Mining Rehabilitation Security Deposits
The Department of Planning and Environment requires mining companies to rehabilitate sites according to conditions set in the mining development approval. The Department holds mining rehabilitation security deposits that are meant to cover the full cost of rehabilitation if a mining company defaults on its rehabilitation obligations.
Parliamentary reference - Report number #285 - released 11 May 2017
Actions for 2016 - An overview
2016 - An overview
This report focuses on key observations and findings from 2016 audits and highlights key areas of focus for financial and performance audits in 2017.
Financial reporting | |
Observation | Conclusion |
Only one qualified audit opinion was issued on the 2015–16 financial statements of NSW public sector agencies, compared to two in 2014–15. | The quality of financial reporting continued to improve across the NSW public sector. |
More 2015–16 financial statements and audit opinions were signed within three months of the year end. | Timely financial reporting was facilitated by more agencies resolving significant accounting issues early, completing asset valuations on time and compiling sufficient evidence to support financial statement balances. |
NSW Treasury’s early close procedures in 2015–16 were again successful in improving the quality and timeliness of financial reporting, largely facilitated by the early resolution of accounting issues. For 2016–17, NSW Treasury has narrowed the scope of mandatory early close procedures. |
The narrowed scope of mandatory early close procedures may diminish the good performance in ensuring the quality and timeliness of financial reporting achieved in recent years. To mitigate this risk, NSW Treasury has mandated that agencies perform non-financial asset valuations and prepare proforma financial statements in their early close procedures. It also encourages them to continue with the good practices embedded in recent years. |
Although most agencies complied with NSW Treasury’s early close asset revaluation procedures we identified areas where they can improve. | Asset revaluations need to commence early enough to ensure all assets are identified and the results are analysed, recorded and reflected accurately in the early close financial statements. |
Number of misstatements | |||||
Year ended 30 June | 2015-16 | 2014-15 | 2013-14 | 2012-13 | 2011-12 |
Total reported misstatements | 298 | 396 | 459 | 661 | 1,077 |
All material misstatements identified by agencies and audit teams were corrected before the financial statements and audit opinions were signed. A material misstatement relates to an incorrect amount, classification, presentation or disclosure in the financial statements that could reasonably be expected to influence the economic decisions of users.
Significant matters reported to the portfolio Minister, Treasurer and Agency Head
In 2015–16, we reported the following significant matters to the portfolio Minister, Treasurer and agency head in our Statutory Audit Reports:
Appropriate financial controls help ensure the efficient and effective use of resources and the implementation and administration of agency policies. They are essential for quality and timely decision making.
In 2015–16, our audit teams made the following key observations on the financial controls of NSW public sector agencies.
Financial controls | |
Observation | Conclusion |
More needs to be done to implement audit recommendations on a timely basis. We found 212 internal control issues identified in previous audits had not been adequately addressed by 30 June 2016. |
Delays in implementing audit recommendations can impact the quality of financial information and the effectiveness of decision making. Agencies need to ensure they have action plans, timeframes and assigned responsibilities to address recommendations in a timely manner. |
Agencies continue to face challenges managing information security. Most information technology issues we identified related to poor IT user administration in areas like password controls and inappropriate access. | Agencies should review the design and effectiveness of information security controls to ensure data is adequately protected. |
We found shared service provider agreements did not always adequately address information security requirements. |
Where agencies use shared service providers they should consider whether the service level arrangements adequately address information security. |
Thirteen of 108 agencies required to attest to having a minimum set of information security controls did not do so in their 2015 annual reports. | The 'NSW Government Digital Information Security Policy' recognises the growing need for effective information security. With cyber security threats continuing to increase as digital services expand we plan to look at cyber security as part of our 2017–18 performance audit program. |
We identified instances where service level agreements with shared service providers were outdated, signed too late or did not exist. | Corporate and shared service arrangements are more effective when service level arrangements are negotiated and signed in time, clearly detail rights and responsibilities and include meaningful KPIs, fee arrangements and dispute resolution processes. |
Internal controls at GovConnect, the private sector provider of transactional and information technology services to many NSW public sector agencies were ineffective in 2015–16. We found mitigating actions taken to manage transition risks from ServiceFirst to GovConnect were ineffective in ensuring effective control over client transactions and data. | The Department of Finance, Services and Innovation should ensure GovConnect addresses the control deficiencies. It should also examine the breakdowns in the transition of the shared service arrangements and apply the learnings to other services being transitioned to the private sector. |
Maintenance backlogs exist in several NSW public sector agencies, including Roads and Maritime Services, Sydney Trains, NSW Health, the Department of Education and the Department of Justice. | To address backlog maintenance it is important for agencies to have asset lifecycle planning strategies that ensure newly built and existing assets are funded and maintained to a desired service level. |
Actions for Assessing major development applications
Assessing major development applications
The Planning Assessment Commission (the Commission) has improved its decision-making processes for major development applications in recent years. The Commission has improved how it consults the public and manages conflicts of interest, and now also publishes records of its meetings with applicants and stakeholders.
The Planning Assessment Commission (the Commission) is an independent body established in 2008 under the Environmental Planning and Assessment Act 1979 (the EP&A Act). It makes decisions on major development applications in New South Wales. Along with the Department of Planning and Environment (the Department) and the Land and Environment Court, it is one of three bodies that have a role in making decisions on these applications.
The Department refers development applications to the Commission where 25 or more objections have been received from the community, a local council objects to the proposal, or the applicant has donated to a political party.
These applications are often complex and controversial, and can attract a high level of public interest. This may mean that, regardless of the process, not all stakeholders are satisfied with the outcome.
The Commission is required to take into account section 79C of the EP&A Act when making decisions. Section 79C includes consideration of the likely environmental, social and economic impacts of the development.
This audit assessed the extent to which the Commission’s decisions on major development applications are made in a consistent and transparent manner. To assist us in making this assessment, we asked whether the Commission:
- has sound processes in place to help it make decisions on major development applications that are informed and made in a consistent manner
- ensures its decisions are free from bias and transparent to stakeholders and the public.
Conclusion
Over the last two years, the Commission has improved its decision-making process. It has improved how it consults the public and manages conflicts of interest, and now also publishes records of its meetings with applicants and stakeholders.
However, there are still some vital issues to be addressed to ensure it makes decisions in a consistent and transparent manner. Most importantly, the Commission was not able to show in every decision we reviewed how it met its statutory obligation to consider the matters in section 79C of the EP&A Act.
Despite improved probity measures put in place by the Commission, there is a perception among some stakeholders that it is not independent of the Department. The reasons for some of these concerns are outside of the Commission’s control. For example, the Commission becomes involved after the Department has prepared an assessment report which recommends whether a development should proceed. This creates the perception that the Commission is acting on the recommendation of the Department. The Department’s assessment report should state whether an application meets relevant legislative and policy requirements, but not recommend whether a development should be approved or not.
More can also be done to improve transparency in decision-making and the public’s perception of the independence of Commissioners. The Commission should continue to improve how it communicates the reasons for its decisions and also publish on its website a summary of Commissioners’ conflict of interest declarations for each development application.
Decision-making processes have improved but some key aspects need to be addressed
Although not articulated in one document, there is a framework in place to assist Commissioners make decisions on major development applications. This includes setting out the information to be considered, who to consult, and that a report is to be prepared. The Commission has recently improved how it conducts public meetings and the level of support provided to Commissioners to ensure they understand the decision-making process. The Commissioners we interviewed all showed a good understanding of their role.
As a consent authority, the Commission is required to consider the matters in section 79C of the EP&A Act when making a decision. However, it was not able to show how it met this requirement in every decision we reviewed. We found some evidence of these considerations in six of the nine cases we reviewed, for example in meeting notes or in its report on a decision. Of these six cases, the degree to which the Commission considered all matters under section 79C varied considerably. The larger, more complex applications were more likely to address these considerations. To demonstrate compliance with the EP&A Act, the Commission must be able to show how it considers all matters in section 79C for each decision it makes.
We found that the Commission has access to relevant information to make a decision and consults stakeholders for their views of the development. The level of consultation depends on the size and complexity of an application. If Commissioners decide they need more information to make a decision, they consult local councils, the community, other government agencies and experts as needed.
The Commission’s public meetings are a valuable part of the decision-making process, where new perspectives or issues are often raised. However, some aspects could be improved. For example, many stakeholders thought the five minutes allowed for individual speakers was insufficient. The Commission could be more flexible with this timeframe. Identifying new ways to notify the public of its meetings, other than advertisements on its website and in newspapers, would also ensure it reaches as many interested parties as possible.
Improved transparency and probity but the Commission is not seen by some as impartial
The Commission has sound processes in place to ensure that its decisions are impartial and transparent to the community. It has improved its probity measures over the last two years, following a review by the NSW Ombudsman in 2014. We found that the Commission:
- has probity policies and procedures which are available on its website
- has improved its record keeping of some processes, such as meetings with applicants and stakeholders
- publishes its decision and supporting documentation, such as meeting notes, on its website.
Conflicts of interest are a significant risk for the Commission because they could lead to corruption, abuse of public office, and affect the public’s view of its independence. The Commission manages this risk well. It has a policy in place to address potential, perceived or actual conflicts. Commissioners update their conflicts of interest records annually, and declare any conflicts when the Commission assigns them to a development application. Unlike the Commission’s probity polices, Commissioners’ conflict of interest declarations are not available on its website. Providing a summary of this information on its website when Commissioners are allocated to a development application would further improve transparency around conflicts of interest.
The Commission has been improving how it communicates its decisions to the public. It now produces fact sheets for its decisions on matters that attract a high level of public interest. Its reports on decisions for complex applications also discuss issues raised by the community. However, the level of detail varied in the decisions we reviewed, and it was not always clear how conditions placed on a development would resolve identified issues. Similarly, the reports did not clearly address the matters under section 79C of the EP&A Act. Reporting this would further improve the transparency of its decisions, and clearly demonstrate compliance with the EP&A Act.
While we did not find any issues that would make us question the integrity or independence of Commissioners, there remains a perception among some stakeholders that the Commission is not impartial. Some of these concerns are within the Commission’s control to fix, such as allowing individual speakers at public meetings extra time to discuss their issues, therefore avoiding perceptions of bias.
Other perceptions, such as the Commission being part of the Department and not an independent decision making authority, are outside the Commission’s immediate control. For example, the Commission receives applications at the end of the assessment process, after the Department has prepared an assessment report recommending whether the application should be approved. This means there are effectively two reports on an application; the Department’s assessment report and the Commission’s report on its decision. However, there is only one decision-maker: the Commission. This may cause community confusion about the roles of the Department and the Commission in the decision-making process. Clearer separation of their roles in assessing applications and preparing reports is needed.
To minimise the perception that the Commission is simply ‘rubber stamping’ the Department’s recommendations, assessment reports should not recommend whether or not a project be approved. Instead, they should provide the Department’s views on whether a project meets relevant legislative and policy requirements. The Commission should also be involved earlier in the process, so it can establish key facts and identify relevant issues sooner. It should request that the Department’s assessment report covers matters Commissioners consider particularly important when assessing projects under section 79C. Earlier referral of applications should also help the Commission to plan its work in assessing applications, and may reduce the time taken to reach a decision.
Unless these issues are addressed, stakeholders will continue to believe the Commission does not act in a transparent and impartial manner, which could erode public confidence in the Commission.
The Planning Assessment Commission
The Planning Assessment Commission (the Commission) is a planning authority established in 2008 under the Environmental Planning and Assessment Act 1979 (the EP&A Act). One of its functions is to make decisions on major development applications.
The Commission is independent of the Department of Planning and Environment (the Department) and the Minister for Planning. This means its decisions are not subject to the direction or control of the Department or the Minister.
The Department refers applications for major development to the Commission, including state significant development and infrastructure applications. These projects are generally initiated by the private sector. Applications are referred to the Commission when one or more of the following criteria are met:
- more than 25 objections are received about the proposal
- the local council objects to the proposal
- the applicant has donated $1,000 or more to a political party or member of parliament.
These applications are often controversial and may attract a high level of public interest. Of the 29 development applications the Commission received in 2015–16, almost 40 per cent were in the mining and energy sectors, and another 40 per cent related to urban development.
Section 79C of the EP&A Act outlines the matters the Commission must consider when making decisions about major development applications. These include:
- any relevant environmental and planning instruments
- likely environmental, social and economic impacts of the development
- suitability of the site for the development
- submissions received about the application
- the public interest.
In addition to making decisions about major development applications, the Commission also reviews major developments as part of the planning process, and provides independent expert advice to the government on planning and development matters. Since the Commission’s inception, it has provided advice on 76 matters, conducted 39 reviews, and made 444 decisions on development applications.
Process for approving major development applications
The Commission is one of three bodies that have a role in the planning and approval process for major development applications in New South Wales, as seen in Exhibit 1. The other two bodies are the Department of Planning and Environment, and the Land and Environment Court.
The Department determines the outcomes of major development applications. When an application meets one of the criteria listed above, it refers these to the Commission to make the decision. In certain circumstances, the Land and Environment Court hears appeals against decisions made by either the Department or the Commission.
A Memorandum of Understanding between the Commission and the Department sets out timeframes the Commission must meet when making a decision, specifically:
- two weeks where no stakeholder meetings are required
- three weeks where stakeholder meetings are required
- six weeks when a public meeting is required.
Parliamentary reference - Report number #279 - released 19 January 2017